search

OpenVPN / openvpn

OpenVPN is an open source VPN daemon
http://openvpn.net
Other
10.92k stars 3.01k forks source link

OpenVPN is not running properly on Ubuntu 20 #437

Open Pin80 opened 1 year ago

Pin80 commented 1 year ago

Hi, I faced with a issue when I made deploy of openvpn on ubuntu 20. If i made request for server's certificate according to this command: "./easyrsa gen-req server nopass" in order to get request for server's certificate then openvpn daemon with that certificate runs properly (port binding is successfull), but with command "./easyrsa gen-req server" (manual password setup) my openvpn is running, but port is not bound, also(in second case) i watch periodic request of password in console, but i have no port binding, when i prompt password. Could you advice me, where i'm wrong ? my server.conf:


port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/vpn-server.crt
key server.key  # This file should be kept secret
dh /etc/openvpn/dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
mode server
ifconfig-pool-persist /var/log/openvpn/ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
client-config-dir /etc/openvpn/ccd
route 10.8.0.0 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
;push "dhcp-option DNS 208.67.220.220"
client-to-client
;duplicate-cn
keepalive 10 120
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
comp-lzo
max-clients 5
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
log-append  /var/log/openvpn/openvpn.log
verb 10
;mute 20
explicit-exit-notify 1

openssl.cnf:


[ ca ]
default_ca = CA_default
[ CA_default ]
dir = /etc/openvpn
crl_dir = $dir
database = $dir/index.txt
new_certs_dir = $dir
certificate = $dir/ca.crt
serial = $dir
crl = $dir/crl.pem
private_key = $dir/server.key
RANDFILE = $dir/.rand
default_days = 3650
default_crl_days = 365
default_md = md5
unique_subject = yes
policy = policy_any
x509_extensions = user_extensions
[ policy_any ]
organizationName = match
organizationalUnitName = optional
commonName = supplied
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
x509_extensions = CA_extensions
[ req_distinguished_name ]
organizationName = Organization Name (must match CA)
organizationName_default = Company
organizationalUnitName = Location Name
commonName = Common User or Org Name
commonName_max = 64
[ user_extensions ]
basicConstraints = CA:FALSE
[ CA_extensions ]
basicConstraints = CA:TRUE
default_days = 3650
[ server ]
basicConstraints = CA:FALSE
nsCertType = server
ordex commented 6 months ago

Hi, I think this issue was never fully clear, this is why you got no reply whatsoever.

Would you have any chance to make steps explicit and give us a full example of what is wrong?