Search code examples
centoscentos7vpnopenvpnopenvpn-connect

Configure Open VPN on a local Centos 7 serer

I applied the configuration listed in this Website https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7

I was able to run the VPN server and it stay running, but not able to connect from the client after trying to connect as shown in the picture below enter image description here

Logs after checking the server status:

openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-05-25 21:32:46 CST; 13min ago
 Main PID: 18741 (openvpn)
   Status: "Initialization Sequence Completed"
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─18741 /usr/sbin/openvpn --cd /etc/openvpn/ --config server.conf

May 25 21:32:46 localhost.localdomain openvpn[18741]: Thu May 25 21:32:46 2023 IFCONFIG POOL LIST
May 25 21:32:46 localhost.localdomain openvpn[18741]: Thu May 25 21:32:46 2023 Initialization Sequence Completed
May 25 21:32:48 localhost.localdomain openvpn[18741]: Thu May 25 21:32:48 2023 192.168.0.148:62830 TLS: Initial packet from [AF_INET]192.168.0.148:62830, sid=7bccaacb 8595effe
May 25 21:32:49 localhost.localdomain openvpn[18741]: Thu May 25 21:32:49 2023 192.168.0.148:62831 TLS: Initial packet from [AF_INET]192.168.0.148:62831, sid=1c641459 f17d5fad
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 TLS Error: TLS handshake failed
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 SIGUSR1[soft,tls-error] received, client-instance restarting
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 TLS Error: TLS handshake failed
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 SIGUSR1[soft,tls-error] received, client-instance restarting
[root@localhost ~]#

The client configuration are:

tls-client
ca ca.crt
cert client.crt
key client.key
tls-crypt myvpn.tlsauth
remote-cert-eku "TLS Web Client Authentication"
proto udp
remote SERVER_IP_ADDRESS 1194 udp
dev tun
topology subnet
pull
user nobody
group nobody

enter image description here

Solution

  • I changed the client configuration to the following and was able to connect

    client
proto udp
remote SERVER_IP_ADDRESS 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
tls-crypt myvpn.tlsauth
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
dhcp-option DNS 8.8.8.8
verb 3
redirect-gateway def1

    Configuration details: https://docs.google.com/document/d/1fMisf1bCRzyIDX4Dtisb7DT173rJBzDQBshafsR2QWo/edit?usp=sharing