Проблема с подключением к OpenVPN

Question

[verified]

Тестирую OpenVPN на удаленном VPS, не могу подключиться. Настраивал по этому туториалу . Подскажите, в чем может быть проблема?

log подключения

Fri Mar 28 12:48:47 2014 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri Mar 28 12:48:50 2014 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Mar 28 12:48:50 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Mar 28 12:48:50 2014 LZO compression initialized
Fri Mar 28 12:48:50 2014 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Mar 28 12:48:50 2014 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Mar 28 12:48:50 2014 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Mar 28 12:48:50 2014 Local Options hash (VER=V4): 'd3a7571a'
Fri Mar 28 12:48:50 2014 Expected Remote Options hash (VER=V4): '5b1533a2'
Fri Mar 28 12:48:50 2014 UDPv4 link local: [undef]
Fri Mar 28 12:48:50 2014 UDPv4 link remote: *ip*:1194
Fri Mar 28 12:49:04 2014 TLS: Initial packet from *ip*:1194, sid=dc12be0a 9daee0c4
Fri Mar 28 12:49:04 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Mar 28 12:49:37 2014 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
Fri Mar 28 12:49:37 2014 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=server/name=changeme/emailAddress=mail@host.domain
Fri Mar 28 12:49:50 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Mar 28 12:49:50 2014 TLS Error: TLS handshake failed
Fri Mar 28 12:49:50 2014 TCP/UDP: Closing socket
Fri Mar 28 12:49:50 2014 SIGUSR1[soft,tls-error] received, process restarting

var/log/messages

Mar 28 12:22:57 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Mar 28 12:22:57 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS Error: TLS object -> incoming plaintext read error
Mar 28 12:22:57 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS Error: TLS handshake failed
Mar 28 12:22:57 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT SIGUSR1[soft,tls-error] received, client-instance restarting
Mar 28 12:23:57 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS: Initial packet from [AF_INET]MY_IP:PORT, sid=6ee022fb cf324eca
Mar 28 12:24:57 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mar 28 12:24:57 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS Error: TLS handshake failed
Mar 28 12:24:57 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT SIGUSR1[soft,tls-error] received, client-instance restarting
Mar 28 12:32:43 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS: Initial packet from [AF_INET]MY_IP:PORT, sid=b95a9146 f3028138
Mar 28 12:33:04 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Mar 28 12:33:04 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS Error: TLS object -> incoming plaintext read error
Mar 28 12:33:04 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS Error: TLS handshake failed
Mar 28 12:33:04 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT SIGUSR1[soft,tls-error] received, client-instance restarting
Mar 28 12:33:44 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS: Initial packet from [AF_INET]MY_IP:PORT, sid=6db967fe 9f5adbd3
Mar 28 12:34:06 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Mar 28 12:34:06 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS Error: TLS object -> incoming plaintext read error
Mar 28 12:34:06 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS Error: TLS handshake failed
Mar 28 12:34:06 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT SIGUSR1[soft,tls-error] received, client-instance restarting
Mar 28 12:34:46 4dfd147a-abd5-4bde-9511-00a1cc04ec56 openvpn[21023]: MY_IP:PORT TLS: Initial packet from [AF_INET]MY_IP:PORT, sid=90e5468a 0d86403b

server.conf

dev tun

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

server 10.8.0.0 255.255.255.0
fconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120
comp-lzo

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log
verb 3

server.ovpn

client
dev tun
proto udp
remote *IP* 1194
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
reneg-sec 0
verb 3

Answer 1

[portfelio]

У вас в клиенте прописана авторизация по логину и паролю, в серверной же части ничего такого НЕТ! Либо авторизуйтесь сертификатом, либо делайте на сервере скрипт, проверяющий верность логина и пароля.

Answer 2

[zorgingyaringen]

Ребят, подскажите что обозначает надпись при подключении к OpenVPN
"WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html#mitm for more info."