Eu tenho uma nova configuração OpenVPN que executa Ok no servidor, mas o cliente não consegue se conectar com o seguinte erro:
Erro de opções: Opção não reconhecida ou parâmetro (s) ausente (s) em / Library / Application Support / Tunnelblick / Users / Mark / markhorrocks.tblk / Contents / Resources / config.ovpn: 28: tls-crypt (2.3.17)
Log do Tunnelblick:
*Tunnelblick: OS X 10.12.5; Tunnelblick 3.7.2beta03 (build 4840); prior version 3.7.2beta02 (build 4830) 2017-07-06 23:54:08 *Tunnelblick: Attempting connection with markhorrocks using shadow copy; Set nameserver = 771; monitoring connection 2017-07-06 23:54:08 *Tunnelblick: openvpnstart start markhorrocks.tblk 1337 771 0 1 0 1065264 -ptADGNWradsgnw 2.3.17-openssl-1.0.2k 2017-07-06 23:54:08 *Tunnelblick:
Could not start OpenVPN (openvpnstart returned with status #251)
Contents of the openvpnstart log: *Tunnelblick: openvpnstart log: Warning: Tunnelblick is using 'openvpn-down-root.so', so the route-pre-down script will not be used. You can override this by providing a custom route-pre-down script (which may be a copy of Tunnelblick's standard route-pre-down script) in a Tunnelblick VPN Configuration. However, that script will not be executed as root unless the 'user' and 'group' options are removed from the OpenVPN configuration file. If the 'user' and 'group' options are removed, then you don't need to use a custom route-pre-down script.OpenVPN returned with status 1, errno = 0: Undefined error: 0
Command used to start OpenVPN (one argument per displayed line): /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn --daemon --log /Library/Application Support/Tunnelblick/Logs/-SUsers-SMark-SLibrary-SApplicationSupport-STunnelblick-SConfigurations-Smarkhorrocks.tblk-SContents-SResources-Sconfig.ovpn.771_0_1_0_1065264.1337.openvpn.log --cd /Library/Application Support/Tunnelblick/Users/Mark/markhorrocks.tblk/Contents/Resources --verb 3 --config /Library/Application Support/Tunnelblick/Users/Mark/markhorrocks.tblk/Contents/Resources/config.ovpn --verb 3 --cd /Library/Application Support/Tunnelblick/Users/Mark/markhorrocks.tblk/Contents/Resources --management 127.0.0.1 1337 --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw --plugin /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn-down-root.so /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
Contents of the OpenVPN log: Options error: Unrecognized option or missing parameter(s) in /Library/ApplicationSupport/Tunnelblick/Users/Mark/markhorrocks.tblk/Contents/Resources/config.ovpn:28: tls-crypt (2.3.17) Use --help for more information.
More details may be in the Console Log's "All Messages"================================================================================
Arquivo de configuração completa "Sanitized"
client
proto udp
dev tun
remote vpn.mydomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-GCM
tls-version-min 1.2
tls-client
ping 15
ping-restart 120
route 10.0.0.0 255.0.0.0
route-nopull
daemon
# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
<tls-crypt>
[Security-related line(s) omitted]
</tls-crypt>
O OpenVPN adicionou a funcionalidade tls-crypt na versão 2.4+. O padrão do Tunnelblick é usar o OpenVPN 2.3.7 nas configurações por algum motivo, mesmo nos últimos lançamentos (pelo que eu experimentei). Então, basta atualizar a versão 'OpenVPN' no menu 'Configurações' do Tunnelblick para 2.4+ e você deve estar pronto!