JW0914 wrote:Please post server and client configs
Client
config openvpn 'ABC' option enable '1' option client '1' option remote '' option port '' option proto 'udp' option dev 'tun0' option ca '' option cert '' option key '' option tls_auth '' option comp_lzo 'yes' option keepalive '10 120' option mssfix '1400' option fragment '0' option status '/tmp/openvpn.status' option verb '4' option persist-key '1' option persist-tun '1' option cipher 'AES-192-CBC'[/quote]
Server
dev tun0 proto udp port ABC mode server tls-server cipher AES-192-CBC dh /path/ ca /path/ cert /path/ key /path/ tls-auth /path/ status /path/ log /path/ server IP 255.255.255.0 keepalive 10 120 fragment 0 mssfix 1400 user openvpn group openvpn max-clients 5 comp-lzo persist-key persist-tun verb 4
Try replacing your Server and Client configs with these:
Server
# --- Protocol ---#
##-tls-server may not (shouldn't) be needed, however it's unclear why some have to add it-##
tls-server
dev tun
dev tun0
topology subnet
proto udp
port xxxx
#--- Routes ---#
server 10.x.x.0 255.255.255.x
#--- Client Config ---#
# ccd-exclusive
# ifconfig-pool-persist /etc/openvpn/clients/ipp.txt
# client-config-dir etc/openvpn/clients/
ifconfig 10.x.x.1 255.255.255.x
##-max-clients can be better set via ccd directives & a subnet mask (255.255.255.248 hosts 6 clients)-##
max-clients 5
#--- Pushed Routes ---#
push route 192.168.x.0 255.255.255.x
push dhcp-option DNS 192.168.x.1
push dhcp-option WINS 192.168.x.1
push dhcp-option DNS 8.8.8.8
push dhcp-option DNS 8.8.4.4
push dhcp-option NTP 129.6.15.30
#--- Encryption ---#
cipher AES-192-CBC
dh /etc/openvpn/keys/dhxxxx.pem
##-If using a PKCS12 (p12) cert, the next 3 aren't needed-##
# pkcs12 /etc/openvpn/keys/server.p12
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
tls-auth /etc/openvpn/keys/ta.key 0
#--- Logging ---#
log /tmp/openvpn.log
status /tmp/openvpn-status.log
verb 7
#--- Connection Options ---#
keepalive 10 120
comp-lzo
#--- Connection Reliability ---#
##-client-to-client allows clients to connect to each other-##
client-to-client
persist-key
persist-tun
#--- Connection Speed ---#
sndbuf 393216
rcvbuf 393216
fragment 0
mssfix 0
tun-mtu 24000
#--- Pushed Buffers ---#
push sndbuf 393216
push rcvbuf 393216
#--- Permissions ---#
user nobody
group nogroup
Client
config openvpn 'xxx'
option enable '1'
#--- Protocol ---#
option client '1'
option dev 'tun'
option dev 'tun0'
option proto 'udp'
option port 'xxxx'
#--- Routes ---#
option remote 'your.ddns.com'
#--- Encryption ---#
option auth-nocache '1'
option cipher 'AES-192-CBC'
##-If using a PKCS12 (p12) cert, the next 3 aren't needed-##
# option pkcs12 '/etc/openvpn/keys/client.p12'
option ca '/etc/openvpn/keys/ca.crt'
option cert '/etc/openvpn/keys/client.crt'
option key '/etc/openvpn/keys/client.key'
option remote-cert-tls 'server'
option tls_auth '/etc/openvpn/keys/ta.key 1'
#--- Logging ---#
option status '/tmp/openvpn.status'
option verb '5'
#--- Connection Reliability ---#
option keepalive '10 120'
option comp_lzo 'yes'
option float '1'
option nobind '1'
option resolv-retry 'infinite'
#--- Connection Speed ---#
option persist-key '1'
option persist-tun '1'
option fragment '0'
option mssfix '0'
option tun_mtu '24000'
(Last edited by JW0914 on 14 Jul 2015, 05:26)