No momento, estou tentando configurar um servidor OpenVPN no meu computador Debian 9 e estou tendo problemas de conexão com o cliente. Atualmente, o servidor está fisicamente conectado ao cliente (executando o Windows) pela ethernet através de um switch, mas o cliente não consegue estabelecer uma conexão com o servidor (o servidor aparece como tun0 no ifconfig). Acredito que isso seja um problema de configuração em algum lugar, mas não consigo descobrir onde.
Eu também estou atrás de uma rede NAT, se isso faz diferença. Também desativei temporariamente o firewall em ambos os computadores para fins de depuração.
Existe alguma solução sobre por que não consigo estabelecer uma conexão? Agradecemos antecipadamente.
Estou seguindo as instruções nesta página (também uso o script de shell fornecido):
OpenVPN_Debian_9
Isso é server.conf:
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
auth SHA512
tls-auth /etc/openvpn/ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
Este é o client.conf:
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
log do cliente
Tue Aug 01 09:33:40 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)][LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
Tue Aug 01 09:33:40 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Aug 01 09:33:40 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Tue Aug 01 09:33:40 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Aug 01 09:33:40 2017 Need hold release from management interface, waiting...
Tue Aug 01 09:33:40 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'state on'
Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'log all on'
Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'echo all on'
Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'hold off'
Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'hold release'
Tue Aug 01 09:33:40 2017 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Aug 01 09:33:40 2017 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Aug 01 09:33:40 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.8.0.1:1194
Tue Aug 01 09:33:40 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Aug 01 09:33:40 2017 UDP link local: (not bound)
Tue Aug 01 09:33:40 2017 UDP link remote: [AF_INET]10.8.0.1:1194
Tue Aug 01 09:33:40 2017 MANAGEMENT: >STATE:1501594420,WAIT,
Tue Aug 01 09:34:40 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Aug 01 09:34:40 2017 TLS Error: TLS handshake failed
Tue Aug 01 09:34:40 2017 SIGUSR1[soft,tls-error] received, process restarting
Tue Aug 01 09:34:40 2017 MANAGEMENT: >STATE:1501594480,RECONNECTING,tls-error
Tue Aug 01 09:34:40 2017 Restart pause, 5 second(s)
Tue Aug 01 09:34:45 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.8.0.1:1194