OpenVPN client is not connecting to the server, what is wrong?

On the server Ubuntu 14.04.3 LTS (x86_64)

server config:

local *.*.*.* #my server ip port 443 # TCP or UDP server? proto tcp dev tun0 ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh2048.pem server 192.168.14.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.1.0 255.255.255.0" push "route 192.168.35.0 255.255.255.0" route 192.168.14.0 255.255.255.252 push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" keepalive 10 120 tls-server tls-auth ta.key 0 # This file is secret tls-timeout 120 cipher AES-256-CBC # AES auth SHA512 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 9 mute 20

client config:

 client remote *.*.*.* 443 tcp # Адрес и порт OpenVPN сервера proto udp # Протокол, должен совпадать с сервером dev tun # Устройство # Сертификаты и ключи ca ca.crt dh dh2048.pem cert client2.crt key client2.key tls-auth ta.key 1 cipher AES-256-CBC #Алгоритм шифрования, должен совпадать с серверным auth SHA512 verb 6 mute 20 keepalive 10 120 remote-cert-tls server comp-lzo persist-key persist-tun resolv-retry infinite nobind

client log:

 2015-12-22 17:42:08 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08 2015-12-22 17:42:09 *Tunnelblick: Established communication with OpenVPN 2015-12-22 17:42:09 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2015-12-22 17:42:09 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2015-12-22 17:42:09 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file 2015-12-22 17:42:09 Attempting to establish TCP connection with [AF_INET]*.*.*.*:443 [nonblock] 2015-12-22 17:42:10 TCP connection established with [AF_INET]*.*.*.*:443 2015-12-22 17:42:10 TCPv4_CLIENT link local: [undef] 2015-12-22 17:42:10 TCPv4_CLIENT link remote: [AF_INET]*.*.*.*:443 2015-12-22 17:42:11 Connection reset, restarting [-1] 2015-12-22 17:42:11 SIGUSR1[soft,connection-reset] received, process restarting 2015-12-22 17:42:11 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2015-12-22 17:42:11 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2015-12-22 17:42:11 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file 2015-12-22 17:42:11 Attempting to establish TCP connection with [AF_INET]*.*.*.*:443 [nonblock] 2015-12-22 17:42:12 TCP connection established with [AF_INET]*.*.*.*:443 2015-12-22 17:42:12 TCPv4_CLIENT link local: [undef] 2015-12-22 17:42:12 TCPv4_CLIENT link remote: [AF_INET]*.*.*.*:443 2015-12-22 17:42:14 Connection reset, restarting [-1] 2015-12-22 17:42:14 SIGUSR1[soft,connection-reset] received, process restarting 2015-12-22 17:42:14 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2015-12-22 17:42:14 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2015-12-22 17:42:14 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file 2015-12-22 17:42:14 Attempting to establish TCP connection with [AF_INET]*.*.*.*:443 [nonblock] 2015-12-22 17:42:15 TCP connection established with [AF_INET]*.*.*.*:443 2015-12-22 17:42:15 TCPv4_CLIENT link local: [undef] 2015-12-22 17:42:15 TCPv4_CLIENT link remote: [AF_INET]*.*.*.*:443 2015-12-22 17:42:15 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed 2015-12-22 17:42:15 *Tunnelblick: Disconnecting using 'kill' 2015-12-22 17:42:15 event_wait : Interrupted system call (code=4) 2015-12-22 17:42:15 SIGTERM[hard,] received, process exiting 2015-12-22 17:42:17 *Tunnelblick: No 'post-disconnect.sh' script to execute 2015-12-22 17:42:17 *Tunnelblick: Expected disconnection occurred.
  • proto udp # The protocol should match the server - you have a hint written right in the comments - aleksandr barakin
  • 443 port case Apache or nginks does not take? - Alexey Prisyazhnyy

2 answers 2

Decide on the protocol to use. Or

 proto tcp

or

 proto udp

On the server and the client, it must match.

and remove tcp from the line

 remote *.*.*.* 443 tcp
  • Changed but still not connecting client remote *.*.*.* 443 proto tcp - oneperson
  • And what is written in the server logs? try to change SHA512 to SHA256. Confusing entry WARNING: No server certificate verification method has been enabled. - Monoceros
  • and from the provider side can openvpn (udp, tcp) be blocked port? just worked for me in another server and now it doesn't work there either ... - oneperson

And I have a problem! Does not want to connect.

The bottom line is that VMWare Workstation is on your computer and there is a CentOS 6.7 server in it with OpenVPN deployed in it.

When connecting via a client, it displays the following log:

 Fri Apr 08 11:19:45 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016 Fri Apr 08 11:19:45 2016 Windows version 6.2 (Windows 8 or greater) Fri Apr 08 11:19:45 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09 Fri Apr 08 11:19:45 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Fri Apr 08 11:19:45 2016 Need hold release from management interface, waiting... Fri Apr 08 11:19:46 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Fri Apr 08 11:19:46 2016 MANAGEMENT: CMD 'state on' Fri Apr 08 11:19:46 2016 MANAGEMENT: CMD 'log all on' Fri Apr 08 11:19:46 2016 MANAGEMENT: CMD 'hold off' Fri Apr 08 11:19:46 2016 MANAGEMENT: CMD 'hold release' Fri Apr 08 11:19:46 2016 Socket Buffers: R=[65536->65536] S=[65536->65536] Fri Apr 08 11:19:46 2016 UDPv4 link local: [undef] Fri Apr 08 11:19:46 2016 UDPv4 link remote: [AF_INET]192.168.150.100:1194 Fri Apr 08 11:19:46 2016 MANAGEMENT: >STATE:1460103586,WAIT,,,