log-attend /var/log/openvpn.log
local 127.0.0.1
port 1194
proto tcp
dev tun
ca ca.crt /etc/openvpn/server
cert server.crt /etc/openvpn/server
key server.key /etc/openvpn/server
dh dh.pem /etc/openvpn/server
auth SHA512
tls-crypt tc.key /etc/openvpn/server
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
2020.12.27 22:07:13 LOG5[ui]: stunnel 5.56 on x86_64-pc-linux-gnu platform
2020.12.27 22:07:13 LOG5[ui]: Compiled with OpenSSL 1.1.1c 28 May 2019
2020.12.27 22:07:13 LOG5[ui]: Running with OpenSSL 1.1.1f 31 Mar 2020
2020.12.27 22:07:13 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
2020.12.27 22:07:13 LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf
2020.12.27 22:07:13 LOG5[ui]: UTF-8 byte order mark not detected
2020.12.27 22:07:13 LOG5[ui]: FIPS mode disabled
2020.12.27 22:07:13 LOG5[ui]: Configuration successful
2020.12.27 22:07:19 LOG5[0]: Service [openvpn] accepted connection from 37.215.48.74:19946
2020.12.27 22:07:19 LOG3[0]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
2020.12.27 22:07:19 LOG3[0]: No more addresses to connect
2020.12.27 22:07:19 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2020.12.27 22:07:25 LOG5[1]: Service [openvpn] accepted connection from 37.215.48.74:49432
2020.12.27 22:07:25 LOG3[1]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
2020.12.27 22:07:25 LOG3[1]: No more addresses to connect
2020.12.27 22:07:25 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2020.12.27 22:07:30 LOG5[2]: Service [openvpn] accepted connection from 37.215.48.74:29946
2020.12.27 22:07:30 LOG3[2]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
2020.12.27 22:07:30 LOG3[2]: No more addresses to connect
2020.12.27 22:07:30 LOG5[2]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2020.12.27 22:07:35 LOG5[3]: Service [openvpn] accepted connection from 37.215.48.74:52121
2020.12.27 22:07:35 LOG3[3]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
2020.12.27 22:07:35 LOG3[3]: No more addresses to connect
2020.12.27 22:07:35 LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2020.12.27 22:07:41 LOG5[4]: Service [openvpn] accepted connection from 37.215.48.74:55350
2020.12.27 22:07:41 LOG3[4]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
2020.12.27 22:07:41 LOG3[4]: No more addresses to connect
2020.12.27 22:07:41 LOG5[4]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2020.12.27 22:07:51 LOG5[5]: Service [openvpn] accepted connection from 37.215.48.74:24912
2020.12.27 22:07:51 LOG3[5]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
2020.12.27 22:07:51 LOG3[5]: No more addresses to connect
2020.12.27 22:07:51 LOG5[5]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2020.12.27 22:14:24 LOG5[main]: Terminated
2020.12.27 22:14:24 LOG5[main]: Terminating 1 service thread(s)
2020.12.27 22:14:24 LOG5[main]: Service threads terminated
2020.12.27 22:14:24 LOG7[ui]: Clients allowed=500
2020.12.27 22:14:24 LOG5[ui]: stunnel 5.56 on x86_64-pc-linux-gnu platform
2020.12.27 22:14:24 LOG5[ui]: Compiled with OpenSSL 1.1.1c 28 May 2019
2020.12.27 22:14:24 LOG5[ui]: Running with OpenSSL 1.1.1f 31 Mar 2020
2020.12.27 22:14:24 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
2020.12.27 22:14:24 LOG7[ui]: errno: (*__errno_location ())
2020.12.27 22:14:24 LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf
2020.12.27 22:14:24 LOG5[ui]: UTF-8 byte order mark not detected
2020.12.27 22:14:24 LOG5[ui]: FIPS mode disabled
2020.12.27 22:14:24 LOG7[ui]: Compression disabled
2020.12.27 22:14:24 LOG7[ui]: No PRNG seeding was required
2020.12.27 22:14:24 LOG6[ui]: Initializing service [openvpn]
2020.12.27 22:14:24 LOG7[ui]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2020.12.27 22:14:24 LOG7[ui]: TLSv1.3 ciphersuites: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
2020.12.27 22:14:24 LOG7[ui]: TLS options: 0x02100004 (+0x00000000, -0x00000000)
2020.12.27 22:14:24 LOG6[ui]: Loading certificate from file: /etc/stunnel/stunnel.pem
2020.12.27 22:14:24 LOG6[ui]: Certificate loaded from file: /etc/stunnel/stunnel.pem
2020.12.27 22:14:24 LOG6[ui]: Loading private key from file: /etc/stunnel/key.pem
2020.12.27 22:14:24 LOG6[ui]: Private key loaded from file: /etc/stunnel/key.pem
2020.12.27 22:14:24 LOG7[ui]: Private key check succeeded
2020.12.27 22:14:24 LOG6[ui]: DH initialization not needed
2020.12.27 22:14:24 LOG7[ui]: ECDH initialization
2020.12.27 22:14:24 LOG7[ui]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384
2020.12.27 22:14:24 LOG5[ui]: Configuration successful
2020.12.27 22:14:24 LOG7[ui]: Binding service [openvpn]
2020.12.27 22:14:24 LOG7[ui]: Listening file descriptor created (FD=9)
2020.12.27 22:14:24 LOG7[ui]: Setting accept socket options (FD=9)
2020.12.27 22:14:24 LOG7[ui]: Option SO_REUSEADDR set on accept socket
2020.12.27 22:14:24 LOG6[ui]: Service [openvpn] (FD=9) bound to 104.131.22.85:443
2020.12.27 22:14:24 LOG7[main]: Created pid file /var/run/stunnel4.pid
2020.12.27 22:14:24 LOG7[cron]: Cron thread initialized
2020.12.27 22:14:24 LOG6[cron]: Executing cron jobs
2020.12.27 22:14:24 LOG6[cron]: Cron jobs completed in 0 seconds
2020.12.27 22:14:24 LOG7[cron]: Waiting 86400 seconds
2020.12.27 22:17:49 LOG7[main]: Found 1 ready file descriptor(s)
2020.12.27 22:17:49 LOG7[main]: FD=4 events=0x2001 revents=0x0
2020.12.27 22:17:49 LOG7[main]: FD=9 events=0x2001 revents=0x1
2020.12.27 22:17:49 LOG7[main]: Service [openvpn] accepted (FD=3) from 37.215.48.74:42129
2020.12.27 22:17:49 LOG7[0]: Service [openvpn] started
2020.12.27 22:17:49 LOG7[0]: Setting local socket options (FD=3)
2020.12.27 22:17:49 LOG7[0]: Option TCP_NODELAY set on local socket
2020.12.27 22:17:49 LOG5[0]: Service [openvpn] accepted connection from 37.215.48.74:42129
2020.12.27 22:17:49 LOG6[0]: Peer certificate not required
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): before SSL initialization
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): before SSL initialization
2020.12.27 22:17:49 LOG7[0]: SNI: no virtual services defined
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS read client hello
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS write server hello
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS write change cipher spec
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): TLSv1.3 write encrypted extensions
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS write certificate
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): TLSv1.3 write server certificate verify
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS write finished
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): TLSv1.3 early data
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): TLSv1.3 early data
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS read finished
2020.12.27 22:17:49 LOG7[0]: 1 server accept(s) requested
2020.12.27 22:17:49 LOG7[0]: 1 server accept(s) succeeded
2020.12.27 22:17:49 LOG7[0]: 0 server renegotiation(s) requested
2020.12.27 22:17:49 LOG7[0]: 0 session reuse(s)
2020.12.27 22:17:49 LOG7[0]: 0 internal session cache item(s)
2020.12.27 22:17:49 LOG7[0]: 0 internal session cache fill-up(s)
2020.12.27 22:17:49 LOG7[0]: 0 internal session cache miss(es)
2020.12.27 22:17:49 LOG7[0]: 0 external session cache hit(s)
2020.12.27 22:17:49 LOG7[0]: 0 expired session(s) retrieved
2020.12.27 22:17:49 LOG7[0]: Generate session ticket callback
2020.12.27 22:17:49 LOG7[0]: Deallocating application specific data for session connect address
2020.12.27 22:17:49 LOG7[0]: New session callback
2020.12.27 22:17:49 LOG6[0]: No peer certificate received
2020.12.27 22:17:49 LOG6[0]: Session id: 59EC1FDB78EA57F76384956D7C95330BECDA935221ACACBFA0B8F9DC087445CC
2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS write session ticket
2020.12.27 22:17:49 LOG7[0]: Deallocating application specific data for session connect address
2020.12.27 22:17:49 LOG7[0]: Generate session ticket callback
2020.12.27 22:17:49 LOG7[0]: Deallocating application specific data for session connect address
2020.12.27 22:17:49 LOG7[0]: New session callback
2020.12.27 22:17:49 LOG6[0]: No peer certificate received
systemctl status stunnel4.service
sudo systemctl status openvpn
openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2020-12-24 12:32:21 UTC; 16s ago
Process: 39834 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 39834 (code=exited, status=0/SUCCESS)
Dec 24 12:32:21 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Starting OpenVPN service...
Dec 24 12:32:21 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Finished OpenVPN service.
stunnel4.service - LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons)
Loaded: loaded (/etc/init.d/stunnel4; generated)
Active: active (running) since Thu 2020-12-24 12:36:01 UTC; 4s ago
Docs: man:systemd-sysv-generator(8)
Process: 39907 ExecStart=/etc/init.d/stunnel4 start (code=exited, status=0/SUCCESS)
Tasks: 2 (limit: 1137)
Memory: 1.8M
CGroup: /system.slice/stunnel4.service
└─39933 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: Compiled with OpenSSL 1.1.1c 28 May 2019
Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: Running with OpenSSL 1.1.1f 31 Mar 2020
Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf
Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: UTF-8 byte order mark not detected
Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: FIPS mode disabled
Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG4[ui]: Insecure file permissions on /etc/stunnel/stunnel.pem
Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: Configuration successful
Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel4[39907]: Starting TLS tunnels: /etc/stunnel/stunnel.conf: started (no pid=pidfile specified!)
Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Started LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons).
В обоих конфигах openvpn для файлов ключей нужны полные пути. Это опции:
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-crypt tc.key
STUNNEL CLIENT
cert = clientcert.pem
key = clientkey.pem
[openvpn]
client = yes
accept = 1194
connect = 104.131.22.85:443
cert = stunnel.pem
<code>
STUNNEL LOG CLIENT
2020.12.24 00:46:52 LOG5[main]: stunnel 5.57 on x64-pc-mingw32-gnu platform
2020.12.24 00:46:52 LOG5[main]: Compiled/running with OpenSSL 1.1.1h 22 Sep 2020
2020.12.24 00:46:52 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2020.12.24 00:46:52 LOG5[main]: Reading configuration from file stunnel.conf
2020.12.24 00:46:52 LOG5[main]: UTF-8 byte order mark detected
2020.12.24 00:46:52 LOG4[main]: Service [openvpn] needs authentication to prevent MITM attacks
2020.12.24 00:46:52 LOG5[main]: Configuration successful
2020.12.24 00:47:06 LOG5[main]: Reading configuration from file stunnel.conf
2020.12.24 00:47:06 LOG5[main]: UTF-8 byte order mark detected
2020.12.24 00:47:06 LOG4[main]: Service [openvpn] needs authentication to prevent MITM attacks
2020.12.24 00:47:06 LOG5[main]: Configuration successful
2020.12.24 00:50:57 LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:1369
2020.12.24 00:50:57 LOG5[0]: s_connect: connected 104.131.22.85:443
2020.12.24 00:50:57 LOG5[0]: Service [openvpn] connected remote server from 192.168.100.2:1370
2020.12.24 00:50:58 LOG3[0]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054)
2020.12.24 00:50:58 LOG5[0]: Connection reset: 56 byte(s) sent to TLS, 0 byte(s) sent to socket
2020.12.24 00:51:03 LOG5[1]: Service [openvpn] accepted connection from 127.0.0.1:1371
2020.12.24 00:51:03 LOG5[1]: s_connect: connected 104.131.22.85:443
2020.12.24 00:51:03 LOG5[1]: Service [openvpn] connected remote server from 192.168.100.2:1372
2020.12.24 00:51:03 LOG3[1]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054)
2020.12.24 00:51:03 LOG5[1]: Connection reset: 56 byte(s) sent to TLS, 0 byte(s) sent to socket
2020.12.24 00:51:08 LOG5[2]: Service [openvpn] accepted connection from 127.0.0.1:1373
2020.12.24 00:51:08 LOG5[2]: s_connect: connected 104.131.22.85:443
2020.12.24 00:51:08 LOG5[2]: Service [openvpn] connected remote server from 192.168.100.2:1374
2020.12.24 00:51:09 LOG3[2]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054)
2020.12.24 00:51:09 LOG5[2]: Connection reset: 56 byte(s) sent to TLS, 0 byte(s) sent to socket</code>
<code>
STUNNEL SERVER
cert = /etc/stunnel/cert.pem
key = /etc/stunnel/key.pem
[openvpn]
accept = 104.131.22.85:443
connect = 127.0.0.1:1194
cert = /etc/stunnel/stunnel.pem
</code>
OPEN VPN CLIENT
client
dev tun
proto tcp
remote 127.0.0.1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
OPEN VPN SERVER
local 127.0.0.1
port 1194
proto tcp
dev tun
ca ca.crt /etc/openvpn/server
cert server.crt /etc/openvpn/server
key server.key /etc/openvpn/server
dh dh.pem /etc/openvpn/server
auth SHA512
tls-crypt tc.key /etc/openvpn/server
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
OPENPVN LOG CLIENT
2020-12-24 00:50:57 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2020-12-24 00:50:57 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2020-12-24 00:50:57 Windows version 6.1 (Windows 7) 64bit
2020-12-24 00:50:57 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2020-12-24 00:50:57 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2020-12-24 00:50:57 Need hold release from management interface, waiting...
2020-12-24 00:50:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2020-12-24 00:50:57 MANAGEMENT: CMD 'state on'
2020-12-24 00:50:57 MANAGEMENT: CMD 'log all on'
2020-12-24 00:50:57 MANAGEMENT: CMD 'echo all on'
2020-12-24 00:50:57 MANAGEMENT: CMD 'bytecount 5'
2020-12-24 00:50:57 MANAGEMENT: CMD 'hold off'
2020-12-24 00:50:57 MANAGEMENT: CMD 'hold release'
2020-12-24 00:50:57 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-12-24 00:50:57 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-12-24 00:50:57 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-12-24 00:50:57 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-12-24 00:50:57 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
2020-12-24 00:50:57 Socket Buffers: R=[8192->8192] S=[8192->8192]
2020-12-24 00:50:57 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
2020-12-24 00:50:57 MANAGEMENT: >STATE:1608763857,TCP_CONNECT,,,,,,
2020-12-24 00:50:57 TCP connection established with [AF_INET]127.0.0.1:1194
2020-12-24 00:50:57 TCP_CLIENT link local: (not bound)
2020-12-24 00:50:57 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
2020-12-24 00:50:57 MANAGEMENT: >STATE:1608763857,WAIT,,,,,,
2020-12-24 00:50:58 Connection reset, restarting [-1]
2020-12-24 00:50:58 SIGUSR1[soft,connection-reset] received, process restarting
2020-12-24 00:50:58 MANAGEMENT: >STATE:1608763858,RECONNECTING,connection-reset,,,,,
2020-12-24 00:50:58 Restart pause, 5 second(s)
2020-12-24 00:51:03 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-12-24 00:51:03 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-12-24 00:51:03 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-12-24 00:51:03 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-12-24 00:51:03 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
2020-12-24 00:51:03 Socket Buffers: R=[8192->8192] S=[8192->8192]
2020-12-24 00:51:03 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
2020-12-24 00:51:03 MANAGEMENT: >STATE:1608763863,TCP_CONNECT,,,,,,
2020-12-24 00:51:03 TCP connection established with [AF_INET]127.0.0.1:1194
2020-12-24 00:51:03 TCP_CLIENT link local: (not bound)
2020-12-24 00:51:03 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
2020-12-24 00:51:03 MANAGEMENT: >STATE:1608763863,WAIT,,,,,,
2020-12-24 00:51:03 Connection reset, restarting [-1]
2020-12-24 00:51:03 SIGUSR1[soft,connection-reset] received, process restarting
2020-12-24 00:51:03 MANAGEMENT: >STATE:1608763863,RECONNECTING,connection-reset,,,,,
2020-12-24 00:51:03 Restart pause, 5 second(s)
2020-12-24 00:51:08 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-12-24 00:51:08 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-12-24 00:51:08 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-12-24 00:51:08 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-12-24 00:51:08 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
2020-12-24 00:51:08 Socket Buffers: R=[8192->8192] S=[8192->8192]
2020-12-24 00:51:08 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
2020-12-24 00:51:08 MANAGEMENT: >STATE:1608763868,TCP_CONNECT,,,,,,
2020-12-24 00:51:08 TCP connection established with [AF_INET]127.0.0.1:1194
2020-12-24 00:51:08 TCP_CLIENT link local: (not bound)
2020-12-24 00:51:08 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
2020-12-24 00:51:08 MANAGEMENT: >STATE:1608763868,WAIT,,,,,,
2020-12-24 00:51:09 Connection reset, restarting [-1]
2020-12-24 00:51:09 SIGUSR1[soft,connection-reset] received, process restarting
2020-12-24 00:51:09 MANAGEMENT: >STATE:1608763869,RECONNECTING,connection-reset,,,,,
2020-12-24 00:51:09 Restart pause, 5 second(s)
2020-12-24 00:51:13 SIGTERM[hard,init_instance] received, process exiting
2020-12-24 00:51:13 MANAGEMENT: >STATE:1608763873,EXITING,init_instance,,,,,
[openvpn]
client = no
accept = 104.236.32.200:443
connect = 127.0.0.1:1194
cert = /etc/stunnel/stunnel.pem
[openvpn]
client = yes
accept = 127.0.0.1:1194
connect = 104.236.32.200:443
cert = stunnel.pem
2020.12.23 02:03:28 LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:5667
2020.12.23 02:03:28 LOG5[0]: s_connect: connected 104.236.32.200:443
2020.12.23 02:03:28 LOG5[0]: Service [openvpn] connected remote server from 192.168.100.2:5668
2020.12.23 02:03:54 LOG3[0]: SSL_write: Connection reset by peer (WSAECONNRESET) (10054)
2020.12.23 02:03:54 LOG5[0]: Connection reset: 27088 byte(s) sent to TLS, 4004 byte(s) sent to socket
2020.12.23 02:04:02 LOG5[1]: Service [openvpn] accepted connection from 127.0.0.1:5686
2020.12.23 02:04:05 LOG3[1]: s_connect: connect 104.236.32.200:443: Software caused connection abort (WSAECONNABORTED) (10053)
2020.12.23 02:04:05 LOG3[1]: No more addresses to connect
2020.12.23 02:04:05 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2020-12-23 02:03:26 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2020-12-23 02:03:26 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2020-12-23 02:03:26 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2020-12-23 02:03:26 Windows version 6.1 (Windows 7) 64bit
2020-12-23 02:03:26 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2020-12-23 02:03:26 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2020-12-23 02:03:26 Need hold release from management interface, waiting...
2020-12-23 02:03:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2020-12-23 02:03:27 MANAGEMENT: CMD 'state on'
2020-12-23 02:03:27 MANAGEMENT: CMD 'log all on'
2020-12-23 02:03:27 MANAGEMENT: CMD 'echo all on'
2020-12-23 02:03:27 MANAGEMENT: CMD 'bytecount 5'
2020-12-23 02:03:27 MANAGEMENT: CMD 'hold off'
2020-12-23 02:03:27 MANAGEMENT: CMD 'hold release'
2020-12-23 02:03:27 MANAGEMENT: CMD 'proxy NONE '
2020-12-23 02:03:28 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-12-23 02:03:28 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-12-23 02:03:28 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
2020-12-23 02:03:28 Socket Buffers: R=[8192->8192] S=[8192->8192]
2020-12-23 02:03:28 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
2020-12-23 02:03:28 MANAGEMENT: >STATE:1608681808,TCP_CONNECT,,,,,,
2020-12-23 02:03:28 TCP connection established with [AF_INET]127.0.0.1:1194
2020-12-23 02:03:28 TCP_CLIENT link local: (not bound)
2020-12-23 02:03:28 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
2020-12-23 02:03:28 MANAGEMENT: >STATE:1608681808,WAIT,,,,,,
2020-12-23 02:03:28 MANAGEMENT: >STATE:1608681808,AUTH,,,,,,
2020-12-23 02:03:28 TLS: Initial packet from [AF_INET]127.0.0.1:1194, sid=eea428a2 ab16462b
2020-12-23 02:03:28 VERIFY KU OK
2020-12-23 02:03:28 Validating certificate extended key usage
2020-12-23 02:03:28 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-12-23 02:03:28 VERIFY EKU OK
2020-12-23 02:03:28 VERIFY OK: depth=0, CN=server
2020-12-23 02:03:28 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2020-12-23 02:03:28 [server] Peer Connection Initiated with [AF_INET]127.0.0.1:1194
2020-12-23 02:03:30 MANAGEMENT: >STATE:1608681810,GET_CONFIG,,,,,,
2020-12-23 02:03:30 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2020-12-23 02:03:30 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2020-12-23 02:03:30 OPTIONS IMPORT: timers and/or timeouts modified
2020-12-23 02:03:30 OPTIONS IMPORT: --ifconfig/up options modified
2020-12-23 02:03:30 OPTIONS IMPORT: route options modified
2020-12-23 02:03:30 OPTIONS IMPORT: route-related options modified
2020-12-23 02:03:30 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2020-12-23 02:03:30 OPTIONS IMPORT: peer-id set
2020-12-23 02:03:30 OPTIONS IMPORT: adjusting link_mtu to 1627
2020-12-23 02:03:30 OPTIONS IMPORT: data channel crypto options modified
2020-12-23 02:03:30 Data Channel: using negotiated cipher 'AES-256-GCM'
2020-12-23 02:03:30 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-12-23 02:03:30 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-12-23 02:03:30 interactive service msg_channel=280
2020-12-23 02:03:30 ROUTE_GATEWAY 192.168.100.1/255.255.255.0 I=15 HWADDR=00:24:1d:d4:fe:a9
2020-12-23 02:03:30 open_tun
2020-12-23 02:03:30 tap-windows6 device [OpenVPN TAP-Windows6] opened
2020-12-23 02:03:30 TAP-Windows Driver Version 9.24
2020-12-23 02:03:30 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
2020-12-23 02:03:30 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {189A30FA-7E70-4EB6-9B6F-0D2223246E28} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
2020-12-23 02:03:30 Successful ARP Flush on interface [25] {189A30FA-7E70-4EB6-9B6F-0D2223246E28}
2020-12-23 02:03:30 MANAGEMENT: >STATE:1608681810,ASSIGN_IP,,10.8.0.2,,,,
2020-12-23 02:03:30 IPv4 MTU set to 1500 on interface 25 using service
2020-12-23 02:03:30 Blocking outside dns using service succeeded.
2020-12-23 02:03:35 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
2020-12-23 02:03:35 C:\Windows\system32\route.exe ADD 127.0.0.1 MASK 255.255.255.255 192.168.100.1
2020-12-23 02:03:35 Route addition via service succeeded
2020-12-23 02:03:35 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
2020-12-23 02:03:35 Route addition via service succeeded
2020-12-23 02:03:35 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
2020-12-23 02:03:35 Route addition via service succeeded
2020-12-23 02:03:35 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2020-12-23 02:03:35 Initialization Sequence Completed
2020-12-23 02:03:35 MANAGEMENT: >STATE:1608681815,CONNECTED,SUCCESS,10.8.0.2,127.0.0.1,1194,127.0.0.1,5667
2020-12-23 02:03:54 Connection reset, restarting [-1]
2020-12-23 02:03:54 Unblocking outside dns using service succeeded.
2020-12-23 02:03:54 SIGUSR1[soft,connection-reset] received, process restarting
2020-12-23 02:03:54 MANAGEMENT: >STATE:1608681834,RECONNECTING,connection-reset,,,,,
2020-12-23 02:03:54 Restart pause, 5 second(s)
2020-12-23 02:04:02 MANAGEMENT: CMD 'proxy NONE '
2020-12-23 02:04:02 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-12-23 02:04:02 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-12-23 02:04:02 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
2020-12-23 02:04:02 Socket Buffers: R=[8192->8192] S=[8192->8192]
2020-12-23 02:04:02 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
2020-12-23 02:04:02 MANAGEMENT: >STATE:1608681842,TCP_CONNECT,,,,,,
2020-12-23 02:04:02 TCP connection established with [AF_INET]127.0.0.1:1194
2020-12-23 02:04:02 TCP_CLIENT link local: (not bound)
2020-12-23 02:04:02 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
2020-12-23 02:04:02 MANAGEMENT: >STATE:1608681842,WAIT,,,,,,
2020-12-23 02:04:05 C:\Windows\system32\route.exe DELETE 127.0.0.1 MASK 255.255.255.255 192.168.100.1
2020-12-23 02:04:05 Route deletion via service succeeded
2020-12-23 02:04:05 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.1
2020-12-23 02:04:05 Route deletion via service succeeded
2020-12-23 02:04:05 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.1
2020-12-23 02:04:05 Route deletion via service succeeded
2020-12-23 02:04:05 Closing TUN/TAP interface
2020-12-23 02:04:05 TAP: DHCP address released
2020-12-23 02:04:05 Unblocking outside dns using service succeeded.
2020-12-23 02:04:05 SIGTERM[hard,] received, process exiting
2020-12-23 02:04:05 MANAGEMENT: >STATE:1608681845,EXITING,SIGTERM,,,,,
sudo service stunnel4 start
после этой команды ничего не просиходит это норма?client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote 127.0.0.1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE-----
[openvpn]
client = yes
accept = 1194
connect = server_ip:443
cert = /etc/stunnel/stunnel.pem
Не сложно. У него есть шаблонный конфиг для сервера и клиента с коментариями для наиболее употребимых опций. Как правило туда достаточно 2-3 изменения внести (не считая файлов ключей) и все работает.
root@ubuntu-s-1vcpu-1gb-nyc3-01:~# sudo systemctl status openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor prese>
Active: inactive (dead)
lines 1-3/3 (END)...skipping...
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: inactive (dead)
root@ubuntu-s-1vcpu-1gb-nyc3-01:~# sudo systemctl status openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor prese>
Active: active (exited) since Tue 2020-12-22 15:18:34 UTC; 4s ago
Process: 35001 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 35001 (code=exited, status=0/SUCCESS)
Dec 22 15:18:34 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Starting OpenVPN service>
Dec 22 15:18:34 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Finished OpenVPN service.
lines 1-8/8 (END)...skipping...
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2020-12-22 15:18:34 UTC; 4s ago
Process: 35001 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 35001 (code=exited, status=0/SUCCESS)
Dec 22 15:18:34 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Starting OpenVPN service...
Dec 22 15:18:34 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Finished OpenVPN service.
Пора уже конфиги вручную редактировать. Не нужны скрипты, вы же не знаете что конкретно они делают, может помимо конфига openvpn он еще что-то делает.в плане?в рчную опен поднимать сложно, я пробовал ,не фурычит на половине,мануала,а кофниги да я в ручную меняю
root@ubuntu-s-1vcpu-1gb-nyc3-01:~# sudo systemctl status openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor prese>
Active: inactive (dead)
lines 1-3/3 (END)...skipping...
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: inactive (dead)
port 1194
proto tcp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem