Eu verificaria se há uma regra de firewall no servidor para permitir o tráfego UDP correto.
Eu configurei um servidor openvpn em um computador e atualmente estou tentando conectar-me a ele com um cliente. O servidor parece iniciar corretamente (embora dê um aviso sobre a sub-rede comum 192.168.1.X). Ao executar o cliente, recebo uma negociação de chave TLS com falha, solicitando que eu verifique a conectividade de rede. Eu me certifiquei de que o gateway está configurado para encaminhar o tráfego UDP para o IP / porta correto, o que parece ser o problema mais comum neste caso.
A máquina cliente usada para testar a conexão está na mesma LAN (e sub-rede) que o servidor, se isso faz alguma diferença.
Saída do servidor init:
Tue Dec 08 14:17:05 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Tue Dec 08 14:17:05 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Tue Dec 08 14:17:05 2015 NOTE: your local LAN uses the extremely common subnet a ddress 192.168.0.x or 192.168.1.x. Be aware that this might create routing conf licts if you connect to the VPN server from public locations such as internet ca fes that use the same subnet.
Tue Dec 08 14:17:05 2015 Diffie-Hellman initialized with 2048 bit key
Tue Dec 08 14:17:05 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Dec 08 14:17:05 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Dec 08 14:17:05 2015 open_tun, tt->ipv6=0
Tue Dec 08 14:17:05 2015 TAP-WIN32 device [Ethernet 2] opened: \.\Global{77EC3 BE0-AE52-47D2-94D3-88E50868D948}.tap
Tue Dec 08 14:17:05 2015 TAP-Windows Driver Version 9.21
Tue Dec 08 14:17:05 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {77EC3BE0-AE52-47D2-94D3-88E50868D948} [D HCP-serv: 10.8.0.2, lease-time: 31536000]
Tue Dec 08 14:17:05 2015 Sleeping for 10 seconds...
Tue Dec 08 14:17:15 2015 Successful ARP Flush on interface [26] {77EC3BE0-AE52-4 7D2-94D3-88E50868D948}
Tue Dec 08 14:17:15 2015 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255 .255.0 10.8.0.2
Tue Dec 08 14:17:15 2015 ROUTE: route addition failed using CreateIpForwardEntry : The object already exists. [status=5010 if_index=26]
Tue Dec 08 14:17:15 2015 Route addition via IPAPI failed [adaptive]
Tue Dec 08 14:17:15 2015 Route addition fallback to route.exe
Tue Dec 08 14:17:15 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\W INDOWS\System32\Wbem
Tue Dec 08 14:17:15 2015 UDPv4 link local (bound): [undef]
Tue Dec 08 14:17:15 2015 UDPv4 link remote: [undef]
Tue Dec 08 14:17:15 2015 MULTI: multi_init called, r=256 v=256
Tue Dec 08 14:17:15 2015 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Tue Dec 08 14:17:15 2015 IFCONFIG POOL LIST
Tue Dec 08 14:17:15 2015 Initialization Sequence Completed
Saída do init do cliente (editado o IP do host):
Tue Dec 08 14:19:52 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Tue Dec 08 14:19:52 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Private Key Password:
Tue Dec 08 14:19:56 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Dec 08 14:19:56 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Dec 08 14:19:56 2015 UDPv4 link local: [undef]
Tue Dec 08 14:19:56 2015 UDPv4 link remote: [AF_INET]HOST IP:PORT
Tue Dec 08 14:20:56 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Dec 08 14:20:56 2015 TLS Error: TLS handshake failed
Tue Dec 08 14:20:56 2015 SIGUSR1[soft,tls-error] received, process restarting
Tue Dec 08 14:20:56 2015 Restart pause, 2 second(s)
Certifique-se de que a configuração do seu servidor (por exemplo, /etc/openvpn/server.conf) não use a mesma sub-rede da sua rede física. Tente usar algo incomum como:
server 192.168.123.1 255.255.255.0
ifconfig 192.168.123.1 192.168.123.2
Tags openvpn port-forwarding