Join Log in
Score:0
amiroof avatar Ubuntu

openvpn VERIFY OK: depth=0, CN=OpenVPN Server

ma flag
amiroof

im trying to get an openvpn server working. i used the official instructions for installing and using the web ui. but when a client tries to connect the output is:

2023-05-17 23:12:49 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2023-05-17 23:12:49 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-05-17 23:12:49 library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
2023-05-17 23:12:49 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:49 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:49 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:49 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:49 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:12:49 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:12:49 UDPv4 link local: (not bound)
2023-05-17 23:12:49 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:12:54 Server poll timeout, restarting
2023-05-17 23:12:54 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:12:54 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:54 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:54 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:54 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:54 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:12:54 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:12:54 UDPv4 link local: (not bound)
2023-05-17 23:12:54 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:12:58 Server poll timeout, restarting
2023-05-17 23:12:58 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:12:58 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:58 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:58 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:58 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:58 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:12:58 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-05-17 23:12:58 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:12:58 TCP connection established with [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:12:58 TCPv4_CLIENT link local: (not bound)
2023-05-17 23:12:58 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:12:58 TLS: Initial packet from [AF_INET]xxx.xxx.xx.xxx:443, sid=988cc1d5 c83db546
2023-05-17 23:12:58 net_route_v4_best_gw query: dst 0.0.0.0
2023-05-17 23:12:58 net_route_v4_best_gw result: via 192.168.1.1 dev eno1
2023-05-17 23:12:58 VERIFY OK: depth=1, CN=OpenVPN CA
2023-05-17 23:12:58 VERIFY KU OK
2023-05-17 23:12:58 Validating certificate extended key usage
2023-05-17 23:12:58 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-05-17 23:12:58 VERIFY EKU OK
2023-05-17 23:12:58 VERIFY OK: depth=0, CN=OpenVPN Server
2023-05-17 23:13:58 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-05-17 23:13:58 TLS Error: TLS handshake failed
2023-05-17 23:13:58 Fatal TLS error (check_tls_errors_co), restarting
2023-05-17 23:13:58 SIGUSR1[soft,tls-error] received, process restarting
2023-05-17 23:13:58 Restart pause, 5 second(s)
2023-05-17 23:14:03 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:03 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:03 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:03 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:03 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:03 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:03 UDPv4 link local: (not bound)
2023-05-17 23:14:03 UDPv4 link remote: [AF_INET]194.147.87.207:1194
2023-05-17 23:14:07 Server poll timeout, restarting
2023-05-17 23:14:07 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:07 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:07 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:07 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:07 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:07 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:07 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:07 UDPv4 link local: (not bound)
2023-05-17 23:14:07 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:11 Server poll timeout, restarting
2023-05-17 23:14:11 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:11 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:11 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:11 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:11 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:11 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:11 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:11 UDPv4 link local: (not bound)
2023-05-17 23:14:11 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:15 Server poll timeout, restarting
2023-05-17 23:14:15 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:15 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:15 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:15 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:15 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:15 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:15 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:15 UDPv4 link local: (not bound)
2023-05-17 23:14:15 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:19 Server poll timeout, restarting
2023-05-17 23:14:19 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:19 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:19 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:19 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:19 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:19 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:19 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:19 UDPv4 link local: (not bound)
2023-05-17 23:14:19 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:23 Server poll timeout, restarting
2023-05-17 23:14:23 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:23 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:23 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:23 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:23 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:23 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:23 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:23 UDPv4 link local: (not bound)
2023-05-17 23:14:23 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:27 Server poll timeout, restarting
2023-05-17 23:14:27 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:27 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:27 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:27 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:27 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:27 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:27 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:27 UDPv4 link local: (not bound)
2023-05-17 23:14:27 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:31 Server poll timeout, restarting
2023-05-17 23:14:31 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:31 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:31 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:31 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:31 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:31 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:14:31 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-05-17 23:14:31 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:14:31 TCP connection established with [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:14:31 TCPv4_CLIENT link local: (not bound)
2023-05-17 23:14:31 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:14:31 TLS: Initial packet from [AF_INET]xxx.xxx.xx.xxx:443, sid=35ede51a 08a28ffd
2023-05-17 23:14:31 net_route_v4_best_gw query: dst 0.0.0.0
2023-05-17 23:14:31 net_route_v4_best_gw result: via 192.168.1.1 dev eno1
2023-05-17 23:14:32 VERIFY OK: depth=1, CN=OpenVPN CA
2023-05-17 23:14:32 VERIFY KU OK
2023-05-17 23:14:32 Validating certificate extended key usage
2023-05-17 23:14:32 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-05-17 23:14:32 VERIFY EKU OK
2023-05-17 23:14:32 VERIFY OK: depth=0, CN=OpenVPN Server

and the output for ufw status on the server is:

--                         ------      ----
22                         ALLOW       Anywhere                  
1194                       ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
943                        ALLOW       Anywhere                  
945                        ALLOW       Anywhere                                 
22 (v6)                    ALLOW       Anywhere (v6)             
1194 (v6)                  ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
943 (v6)                   ALLOW       Anywhere (v6)             
945 (v6)                   ALLOW       Anywhere (v6)

and in the web ui when a clients tries to connect is registers as a connected client but after one minute it disapears. i dont know what im doing wrong. can anyone help?

154
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.