Join Log in
Score:0
Range avatar Ubuntu

Ubuntu Sever 22.04. OpenVPN cannot connect as a client

za flag
Range

I use Ubuntu Server 22.04 and OpenVPN 2.5.5. Openvpn cannot connect to the server as a client. Error:

2023-04-26 10:24:45 [63f5fa33cce5bccbc9d69630] Inactivity timeout (--ping-restart), restarting
2023-04-26 10:24:45 SIGUSR1[soft,ping-restart] received, process restarting
2023-04-26 10:24:50 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:24:50 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:24:50 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:24:50 Attempting to establish TCP connection with [AF_INET]xx.xxx.xx.xx:9028 [nonblock]
2023-04-26 10:24:54 TCP: connect to [AF_INET]xx.xxx.xx.xx:9028 failed: Connection timed out

I tried to reinstall openvpn but it had not helped. My configuration:

setenv UV_ID ce541b0ab0874d91b205333c39209154
setenv UV_NAME winter-forest-1668
client
dev tun
dev-type tun
remote xx.xxx.xx.xx 9028 tcp-client
nobind
persist-tun
cipher AES-128-CBC
data-cipher AES-128-CBC
auth SHA256
verb 2
mute 3
push-peer-info
ping 10
ping-restart 60
hand-window 70
server-poll-timeout 4
reneg-sec 2592000
sndbuf 393216
rcvbuf 393216
remote-cert-tls server
comp-lzo no
key-direction 1
<ca>
</ca>
<tls-auth>
</tls-auth>
<cert>
</cert>
<key>
</key>

How fix it?

iptables:

Chain INPUT (policy ACCEPT 26815 packets, 133M bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   180 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:9028

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 18017 packets, 1677K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-after-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-before-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-reject-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-reject-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-reject-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-track-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-track-input (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain ufw-track-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Full log openvpn client:

2023-04-26 10:46:30 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-04-26 10:46:30 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-04-26 10:46:30 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:46:30 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:46:30 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:46:30 Attempting to establish TCP connection with [AF_INET]xx.xxx.xx.xx:9028 [nonblock]
2023-04-26 10:46:30 TCP connection established with [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:46:30 TCP_CLIENT link local: (not bound)
2023-04-26 10:46:30 TCP_CLIENT link remote: [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:46:30 VERIFY OK: depth=1, O=63f5fa32cce5bccbc9d69626, CN=63f5fa32cce5bccbc9d6962b
2023-04-26 10:46:30 VERIFY KU OK
2023-04-26 10:46:30 Validating certificate extended key usage
2023-04-26 10:46:30 NOTE: --mute triggered...
2023-04-26 10:46:30 4 variation(s) on previous 3 message(s) suppressed by --mute
2023-04-26 10:46:30 [63f5fa33cce5bccbc9d69630] Peer Connection Initiated with [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:46:30 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-04-26 10:46:30 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:46:30 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-04-26 10:46:30 NOTE: --mute triggered...
2023-04-26 10:46:30 1 variation(s) on previous 3 message(s) suppressed by --mute
2023-04-26 10:46:30 TUN/TAP device tun0 opened
2023-04-26 10:46:30 net_iface_mtu_set: mtu 1500 for tun0
2023-04-26 10:46:30 net_iface_up: set tun0 up
2023-04-26 10:46:30 net_addr_v4_add: 192.168.223.8/24 dev tun0
2023-04-26 10:46:30 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-04-26 10:46:30 Initialization Sequence Completed
2023-04-26 10:47:31 [63f5fa33cce5bccbc9d69630] Inactivity timeout (--ping-restart), restarting
2023-04-26 10:47:31 SIGUSR1[soft,ping-restart] received, process restarting
2023-04-26 10:47:36 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:47:36 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:47:36 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:47:36 Attempting to establish TCP connection with [AF_INET]xx.xxx.xx.xx:9028 [nonblock]
2023-04-26 10:47:40 TCP: connect to [AF_INET]xx.xxx.xx.xx:9028 failed: Connection timed out
2023-04-26 10:47:40 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2023-04-26 10:47:45 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:47:45 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:47:45 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xx:9028
etc....

Telnet (ping port):

telnet xx.xxx.xx.xx 9028
Trying xx.xxx.xx.xx...
Connected to xx.xxx.xx.xx.
Escape character is '^]'.

Other OpenVPN clients (Windows, Android, HarmonyOS) works correctly.

The solution from this post didn't work.

221
0 + 0
vpn
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.