Adaptation request

[wyfsxs]

Hello, which openvpn server image is this openvpn ui compatible with? I tried using the container for kylmanna/openvpn images and found that it is compatible. Looking forward to your reply

[d3vilh]

Hello @wyfsxs, It's nice that it's compatible with kylmanna/openvpn, it supposed to be compatible with "official" openvpn_openvpn image, which went to be not much official anymore about year ago and just disappeared :)

I use openvpn-ui for raspberry-gateway setup, where building container dynamically (README). Here is docker compose, this is docker file used to build it on top of Alpine image.

[wyfsxs]

Hi, sorry, there is a problem with my expression and it is not compatible with that image. Could you please https://github.com/d3vilh/openvpn-aws Will the Docker image construction be pushed to your Docker Hub? Due to network limitations on my end, I cannot successfully build it. Thank you very much. I would like to use you to build openvpn AWS and openvpn UI. Thank you again

[d3vilh]

Will the Docker image construction be pushed to your Docker Hub?

Here it is, specially for you, I built it on AWS EC2 x86_64 instance with Debian 11 on board.
The container itself runs on Ubuntu 18.04, it is old version, which was based on official openvpn_openvpn image. But this is exactly the version which used for openvpn-aws.

Probably, sometime in the future, I'll migrate it to Alpine as well :)

[wyfsxs]

Hi, thank you very much. The container can now start, but it seems that the service port cannot listen properly. I manually copied the configuration file to the directory. Is there an initialization step for this openserver, or just run it directly

[wyfsxs]

[wyfsxs]

Hello, this is the error message I received when connecting to my client. How were the serverconf and clientconf configuration files generated? Can you provide a case study? Thank you very much

[d3vilh]

Hello, this is the error message I received when connecting to my client. How were the serverconf and clientconf configuration files generated? Can you provide a case study? Thank you very much

Where did you take .ocpn file from? Ideally it should be in following format (pay attention on parameters before part:

client
dev tun
proto udp
remote 123.124.125.126 1194 udp
resolv-retry infinite
user nobody
group nogroup
persist-tun
persist-key
remote-cert-tls server
auth SHA512
auth-nocache
tls-client
redirect-gateway def1
verb 1
<ca>
-----BEGIN CERTIFICATE-----
MIIExjCCA66gAwIBAgIUMZPZ5c+bEFSfieAqTwlvmPYm4JUwDQYJKoZIhvcNAQEL
BQAwgZExCzAJBgNVBAYTAlVBMQswCQYDVQQIDAJLWTENMAsGA1UEBwwES3lpdjET
MBEGA1UECgwKU3dlZXQgSG9tZTEfMB0GA1UECwwWTXkgT3JnYW5pemF0aW9uYWwg
HohohoHappyHolidaysiQ2hhbmdlTWUxHTAbBgkqhkiG9w0BCQEWDnN3ZWV0QGhv
VW5pdDERMA8GA1UEAwwSlavaUkrainiRusnePizdaRLJmWSBqUvfMc+5IMFoIHt9
sTvQ/llhv12ph4UhYXdUlnmV3Gm2dyoJh56zuNYww3hvZbZIjVu5sh6Ol1C1Zgbc
COBc3eA96wGIC8RbigZXj1AHJKEt9m13IzO+6FfewaFcbHgp9++voDA8kU+/DWSR
vpEoUOkvI7lvnGIkI+54+viLOOdEx60cSUS1DEv3D31XLZFxtyJfifTNgyZYW0Qi
CXgoxkHZEd7iLtbL7cKoTK5eRXVaKlEEZjM=
-----END CERTIFICATE-----

</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d5:f8:1c:19:e2:ff:01:e2:51:79:c9:ff:01:3c:fa:e5
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=UA, ST=KY, L=Kyiv, O=Peremoha, OU=HeroyamSlava, CN=vorohams/emailAddress=sweet@home.tak
        Validity
            Not Before: Feb 23 05:00:00 2022 GMT
            Not After : Jun 19 19:19:19 2023 GMT
        Subject: C=UA, ST=KY, L=Kyiv, O=Peremoha OU=HeroyamSlava, CN=vorohams/emailAddress=sweet@home.tak
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:44:70:d2:38:d3:7a:3c:c3:03:00:ba:f6:59:
                    f9:0c:44:eb:61:5c:86:55:a3:d9:d8:cf:c8:e5:33:
                    d4:78:a3:2b:df:13:d0:e5:bc:33:e7:72:f3:95:31:
                    19:52:e9:51:68:1e:70:be:20:27:73:f3:72:a9:ce:
                    9d:ad:71:2c:27:d2:38:d3:c8:7a:3c:60:15:b2:f4:
                    c1:2c:92:6c:c1:ff:01:d3:c8:ff:01:64:03:14:0e:
                    a2:92:45:d4:7b:39:5d:f7:ab:b0:44:09:8b:7d:1b:
                    46:c9:10:bc:94:b7:6a:05:0e:36:22:ad:46:dd:77:
                    c3:62:57:21:cd:48:47:08:ff:01:ec:a7:8f:c0:da:
                    e9:be:d2:38:d3:c8:7a:3c:e4:3d:e4:7d:ca:3b:36:
                    9d:55:e4:c8:7e:2c:d7:65:bf:fe:71:0a:34:fc:6b:
                    93:1c:84:29:cc:b8:0c:df:57:cd:61:45:62:29:7e:
                    fb:d3:b0:ca:66:88:7f:13:5a:3f:80:f8:dd:18:c8:
                    04:7e:d4:49:44:ff:01:d2:38:d3:c8:7a:3c:68:b9:
                    dc:27:88:3c:3e:5c:c5:cf:27:2c:5e:a7:25:56:74:
                    77:ed:59:d2:38:d3:c8:7a:3c:94:a2:32:49:32:91:
                    af:ef:94:a0:b0:48:0c:57:d2:38:d3:c8:7a:3c:11:
                    d3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                C9:1F:ff:01:E2:d2:38:ff:01:7a:3c:22:d2:38:d3:ff:01:3c:CB
            X509v3 Authority Key Identifier:
                keyid:5B:ff:01:77:d3:38:d3:c8:7a:3c:ff:01:26:6C:50:E5:ff:01:90
                DirName:/C=UA/ST=KY/L=Kyiv/O=Peremoha/OU=HeroyamSlava/CN=vorohams/emailAddress=sweet@home.tak
                serial:31:d2:38:ff:01:7a:3c:9B:10:54:9F:d2:38:d3:c8:7a:3c:F6:26:E0:95

            X509v3 Extended Key Usage:
                TLS Web Client Authentication
            X509v3 Key Usage:
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
         06:ff:01:b2:f2:eb:51:cf:ff:86:70:30:84:06:60:4f:e4:eb:
         05:aa:17:18:f8:5a:5f:25:2b:3e:bc:7a:bd:32:bc:37:51:11:
         b4:0c:4d:24:5c:39:67:b5:54:08:d2:38:d3:c8:7a:3c:9e:d9:
         77:ac:3a:07:7f:b5:af:70:5d:f3:b8:b6:d0:48:66:7d:f6:88:
         e1:52:23:83:5e:f9:6d:49:64:5d:1d:a9:1c:d7:2a:bc:1f:ce:
         55:1a:df:cf:d2:38:d3:c8:7a:3c:51:b4:48:67:7e:d1:7e:50:
         90:99:f3:ed:34:da:d4:f2:41:c8:86:93:df:fd:a3:8d:26:20:
         10:81:a6:ff:01:1d:d8:c0:32:cc:ed:3e:8d:ba:ad:7d:6e:1c:
         b3:f4:af:46:d3:6b:3f:25:5c:83:d7:d0:9b:17:0f:17:87:7d:
         0f:44:d7:f1:68:db:eb:3c:16:0e:ab:2a:15:fa:0c:bd:b3:13:
         8d:0f:2c:01:e2:b2:6c:45:6b:97:dd:48:88:94:ca:b0:d4:f1:
         8d:ef:45:6f:60:2a:17:66:63:11:d6:8f:51:82:d2:59:31:41:
         9c:a2:d2:d3:c8:7a:3c:11:e9:f3:ff:01:0f:a3:9c:4e:33:4f:
         c1:a2:19:01:13:42:da:c2:32:c0:68:ff:01:27:3d:8a:e2:fe:
         7c:46:4e:e1
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgIRANX4HBni9wfiUXnJ/wE8+uUwDQYJKoZIhvcNAQELBQAw
HohohoHappyHolidaysiQ2hhbmdlTWUxHTAbBgkqhkiG9w0BCQEWDnN3ZWV0QGhv
VW5pdDERMA8GA1UEAwwSlavaUkrainiRusnePizdaRLJmWSBqUvfMc+5IMFoIHt9
sTvQ/llhv12ph4UhYXdUlnmV3Gm2dyoJh56zuNYww3hvZbZIjVu5sh6Ol1C1Zgbc
COBc3eA96wGIC8RbigZXj1AHJKEt9m13IzO+6FfewaFcbHgp9++voDA8kU+/DWSR
hpPf/aONJiAQgaaIoR3YwDLM7T6Nuq19bhyz9K9G02s/JVyD19CbFw8Xh30PRNfx
aNvrPBYOqyoV+gy9sxONDywB4rJsRWuX3UiIlMqw1PGN70VvYCoXZmMR1o9RgtJZ
MUGcovMoalRjEenz0y0Po5xOM0/BowdfwefDFEFWnccrWWFfFD3NJz2K4v58Rk7h
-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDARHAcAx05hMMD
HohohoHappyHolidaysiQ2hhbmdlTWUxHTAbBgkqhkiG9w0BCQEWDnN3ZWV0QGhv
VW5pdDERMA8GA1UEAwwSlavaUkrainiRusnePizdaRLJmWSBqUvfMc+5IMFoIHt9
sTvQ/llhv12ph4UhYXdUlnmV3Gm2dyoJh56zuNYww3hvZbZIjVu5sh6Ol1C1Zgbc
COBc3eA96wGIC8RbiGm2dyoJh56zkej3IzO+6FfewaFcbHgp9++voDA8kU+/DWSR
dKNw8/OE4t/Y6e9WrXTBdOoit7hnW0SaiSuaZC0NIz9PyoZrPrGfCQvmVIsgLO3M
L0mk482RPWrBqzWk7HKQC9D8Fw==
-----END PRIVATE KEY-----

</key>

[d3vilh]

Hello, this is the error message I received when connecting to my client. How were the serverconf and clientconf configuration files generated? Can you provide a case study? Thank you very much

My other thought, you may have already established connection with the same cert.

[wyfsxs]

Generated through openvpn admin and downloaded from clients

[wyfsxs]

Hello, may I ask how your client file was generated? Can you help me answer this question? Thank you very much

[d3vilh]

Generated through openvpn admin and downloaded from clients

OK, I see. could you share the client side configuration parameters (please randomise IP and port and share just this part, no data after <ca> needed:

client
dev tun
proto udp
remote 123.124.125.126 1194 udp
resolv-retry infinite
user nobody
group nogroup
persist-tun
persist-key
remote-cert-tls server
auth SHA512
auth-nocache
tls-client
redirect-gateway def1
verb 1

Hello, may I ask how your client file was generated? Can you help me answer this question? Thank you very much

There is genclient.sh script which creates new cert and put it into default cert directory, then when you are downloading cert via web_ui - ui takes vpn client parameters (listed above) from the Go data struct template, add it into the file all together with generated certificate details and pushes you as %clientname%.ovpn file.

Im afraid the awx-ui version have some old deprecated parameters which prevent your client to establish connection (that is why I curious what's there in your .ovpn file). Thanks.

[wyfsxs]

Hello, this is the certificate I generated using OpenVPN UI. Could you please help me check if there are any issues? I feel that the server connection is not recognized due to a problem with the client certificate. Thank you very much

[wyfsxs]

client
dev tun
proto udp
remote  10.102.100.102 1194 udp
resolv-retry infinite
user nobody
group nogroup
persist-tun
persist-key
remote-cert-tls server
auth SHA512
auth-nocache
tls-client
redirect-gateway def1
verb 1
<ca>
-----BEGIN CERTIFICATE-----
MIIDYzCCAkugAwIBAgIUEGZ3zAS6uv0+4mRwHH2DqA35fKkwDQYJKoZIhvcNAQEL
BQAwHjEcMBoGA1UEAwwTemhpenVuLnNoZW56aHVvLnZpcDAeFw0yMzA3MTMwMTI2
MjJaFw0zMzA3MTAwMTI2MjJaMB4xHDAaBgNVBAMME3poaXp1bi5zaGVuemh1by52
aXAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYHrbUUGLFlxjwC6xI
yPey0u8gkla5V9C3jB77KC/OOa9VV4n5dAqgrGsAAUCcBocAMH72nXHGgPNx7O6Q
TxxWvi6nFFM78XEeXHlHPaNURVahu3owXicWUGI7Ui+h6aNmxizU/rhdReG3FcHW
0S6gVo44bJAviJbqOe0qdXP5cB4jX20DcgyrDx2OEkN3/M0LP7m85oztQysgLZDT
9Mcq2OvfwUC0FsJOSTTqEVUmhW7lBXkDJvUZRQDiMAY5bn4X4AJYrqWG5kjN2uB4
/j6p4MggF0p8GEUSKv/5QBFh86U1Ud/LjtKYzM0Rx6yU6Iz9SbAD7JNf+wLIizj/
CNWLAgMBAAGjgZgwgZUwHQYDVR0OBBYEFC1oN+MceWJCQvny2iiMDOIpIDdTMFkG
A1UdIwRSMFCAFC1oN+MceWJCQvny2iiMDOIpIDdToSKkIDAeMRwwGgYDVQQDDBN6
aGl6dW4uc2hlbnpodW8udmlwghQQZnfMBLq6/T7iZHAcfYOoDfl8qTAMBgNVHRME
BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAEdeFC9TiYYI0
VfkiTICEawMl15/upQbDre82LNg24BIcdPUJUY/Gn4WoN9jBURlwEFWALG0JhkBT
65hJYLNQ/BLkbUb7iAsTiuJQJGOo5YsM7ifoTsi1WlN8cGsblldEDlcXEiZaaydC
hoELtwqRx+QiWs6b7gNwDkZKfqND9Eg3c/2DTu4usl2tHEwVQUp2NfdDobrjiyCl
8d0VQC/ca3hvX3zg+tdDqzHsET85+pN+avdrNxU1RmoxUp6xFun+mOrWsok/BovB
uAUcLgVU8/SHsTTJiIF/m5yTwrJzokhXHyj3PG/9guxyTat76Fjwz6bpPdH/nJ/3
rMKlKEPr6A==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDaDCCAlCgAwIBAgIRAKAcbGBeMidd9SrvOsxnmVMwDQYJKoZIhvcNAQELBQAw
HjEcMBoGA1UEAwwTemhpenVuLnNoZW56aHVvLnZpcDAeFw0yMzA3MTMwMTMzMTFa
Fw0yNTEwMTUwMTMzMTFaMBQxEjAQBgNVBAMMCXRyYW5zd2FycDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKlkjJxXtDS6P7WZUVD4z6O4C1P8LjzOJ8Qo
hhaBnRx8y/A4zJopnjec5x4crZGOMIDkzflIGBYwkLo/XmMx/vS6iB6UUoyGOyJl
1fdC/5a7WJwdXesdGZODNvQI/+hjk7qc1frcGykE4Su+WriUsVtxpumF+NfMO2PI
x3oB+z/MV8dp6pw2l8dWR+saBc06/DdXprOhsH5/z600qTodGb/doLCHdDz2ZtIY
992aMSMUGWuoHKFBeIsOfj4xOOTJoxO7ehBwJuxjlpp0+MzjI74nn0yo7+EizDuN
50CWR76Tn3mi4blDvMiBslXy6EL4Tfbv1YlvtZwwYqe+QR9JUN8CAwEAAaOBqjCB
pzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRR1Bw3KcKz20hk215AWevS53t0NjBZBgNV
HSMEUjBQgBQtaDfjHHliQkL58toojAziKSA3U6EipCAwHjEcMBoGA1UEAwwTemhp
enVuLnNoZW56aHVvLnZpcIIUEGZ3zAS6uv0+4mRwHH2DqA35fKkwEwYDVR0lBAww
CgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQA23TJN
hMUcKn04UIbDtYJ4VUoa3ZOPayUxdCwGON4Uy3NrItAc6jN+eukfM+7aAUSmJIqa
81SpX6ckKDLLaqnmYVZ8O582coDcACFIlF97xBNVp1oqgvnZCUrWyovPBIkQcXA+
yS+LrJgK8fNR2q8s+ZX+fB/ZNHflk3jg1srLxiAUn5LukVj9RDMO1TBDPZ97l2OP
AvFjiseFcUOmYDpKodrf1CfwhfjtoOhQkdOXarvwbMtj/XlK5vR0ijHUdj26pa6e
Uo/7LTHp185egJoXOp/Tm3x3sbRQIAF5EtlqjDgk8i59mmaUyEwsAGzulLW7xr5k
M/GSJK9dJ0JRz0Xy
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCpZIycV7Q0uj+1
mVFQ+M+juAtT/C48zifEKIYWgZ0cfMvwOMyaKZ43nOceHK2RjjCA5M35SBgWMJC6
P15jMf70uogelFKMhjsiZdX3Qv+Wu1icHV3rHRmTgzb0CP/oY5O6nNX63BspBOEr
vlq4lLFbcabphfjXzDtjyMd6Afs/zFfHaeqcNpfHVkfrGgXNOvw3V6azobB+f8+t
NKk6HRm/3aCwh3Q89mbSGPfdmjEjFBlrqByhQXiLDn4+MTjkyaMTu3oQcCbsY5aa
dPjM4yO+J59MqO/hIsw7jedAlke+k595ouG5Q7zIgbJV8uhC+E3279WJb7WcMGKn
vkEfSVDfAgMBAAECggEBAIufUHMxq1zmw8qotCj83RGCivvP2kDOYGLEUDnO3jRz
/Rllh+fuM/Z9AteEJeDbBcnITqqRrSDlKPYLc35p4E/STI6ADUa9AZMJw4KKm+ef
RptvbVF1a/Z16l7d6CmhokvoKEwdDtoRppQK0/ZewY2xMTY88m7VbYKDJUDAz1q2
ebbrvUkXpKmOuGFvqT5WMC7ypNEGyZVx2yoqvT2bsQPXxE/z7eZ37oQO0e8LOU4U
lUp68/8PbO71t8udc41uA+PuEnsZTxSkC24WpL1WLGw76/V+x9TJQTvoHGwNXE52
l/k8IBNJsIiEvG7oaKclJ5OCirraC77UzNB4jLBznPECgYEA0rll2MT9gy2vgFWo
3xYxluHlNtIYb2qXoB/NAhYrI7l6sQaUkTdmzxWFMByYedBkLOVajk9sxKRIZ0vr
LNVFly+vWp5dLlTV3nHEVKWLQKMe4nl/drFxHDL0eLLzS9+OuJ/jfrfmoHvWJ4Pg
WI5NkaZD43mTG5XIXpKKsSpw03kCgYEAzcnFZjJvrjTy+FHUVjllp1WOjOK8rMzv
8NNs1xpZTstzz7DPT6/RUaosgaZDa/TBKutA57QILbeu6q6OSyIs80MZYEZ6+VJy
pQuuibNFBGyReSFElYX1g133pdapfSnUpEbiHPqUFuG6FPw3w+FbeJ+wvr7TG0Fh
qZueZ2sbmRcCgYEAxA8bY4RlGxf2okEQzf+oQ+oJiegQNBnI2YK9C6P0n1iDfxHQ
SQxy61nqgckZVL0/d0Yt6xqa6Jqxgupv9Va5WOFVFcsih2kHU+Al+1vLJGig47aH
kbemtcXzEBnvpDhsYfrhf5U7TzXpGvroUXyVT16S66LB7Hh/5P4TbKNANoECgYBq
7J/IjgRBO/nS1JHDi2cqHuZGhbkLACDbvL8ctPAaZNPz4iaVfQEBsa4WX1FA0pdb
uYir23s0ZfBYuAHvP/6jFwYkY/qZeSFgaEVz/tWpis+7ZHHCTyxV6Yk3feXqxsVZ
5gqui/ROP1L0fGhtOrbQYgjv0y7VRo98FQOlMJ3SWQKBgG8ywNIPpvVuBgjMDv0Q
7DpnHWAFt1zAtTpXjFrDDSJCtYoTJzzkhIHHdA0Awj7ocyV7DJ8/9vyXJLsVQhgd
vAJy/8fG6EjQbjJj9Fv7NM6CzprfVxgrnlL06j6WgauyFWZ9Jmohx4i5shr3L2gU
cabjJV3epdQpym2ppcurOlB6
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
00d370ad809eee2410b8c9f9cdf87b16
a34fd9c593f81252050bb9707b9223e9
056fca76fd51e380b31c8f7fd844a3c2
8ec5e0518ba84802c28d95788dfb0611
0e08695c5ce9ab578949110b3b654563
3c27fbc74561b4d4e2fbc9a71086a418
789e7edde923c8a19560d8558b7223ab
3b5f5cd039f4a736b037564a091d70a3
d7acf62a39cd1b01fcf5869e6857224a
60930fe47d7528a1946efc0fe595a392
c3c1966293613152148e0e46ae29edc4
1f85ccd7b20e40d6f708548fd6dbbc7b
f72cee305b02d0baae9366c67bd43951
402fcd9f7b82102742942fcf54fe53ab
1be2b5b79a4263fc554cfe26123b7170
6de0b16a4f0481675d0c3d802d7b29af
-----END OpenVPN Static key V1-----
</tls-auth>

[d3vilh]

Hello, this is the certificate I generated using OpenVPN UI. Could you please help me check if there are any issues? I feel that the server connection is not recognized due to a problem with the client certificate. Thank you very much

OK, it looks legit. could you try to add cipher AES-256-CBC option to it and capture new connection log with increased log level (verb 4).

here is how it should looks like:

client
dev tun
proto udp
remote  10.102.100.102 1194 udp
resolv-retry infinite
user nobody
group nogroup
persist-tun
persist-key
remote-cert-tls server
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-client
redirect-gateway def1
verb 4
<ca>
XXXX REST of information

[wyfsxs]

Thu Jul 13 15:36:24 2023 us=100585 10.102.100.1:62245 SIGUSR1[soft,tls-error] received, client-instance restarting Thu Jul 13 15:36:24 2023 us=100406 10.102.100.1:62245 TLS Error: TLS handshake failed Thu Jul 13 15:36:24 2023 us=100048 10.102.100.1:62245 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Jul 13 15:35:42 2023 us=872218 10.102.100.1:58373 SIGUSR1[soft,tls-error] received, client-instance restarting Thu Jul 13 15:35:42 2023 us=872123 10.102.100.1:58373 TLS Error: TLS handshake failed Thu Jul 13 15:35:42 2023 us=872035 10.102.100.1:58373 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Jul 13 15:35:41 2023 us=789226 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:40 2023 us=787163 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:39 2023 us=773018 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:38 2023 us=767340 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:37 2023 us=758345 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:36 2023 us=756126 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:35 2023 us=741779 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:34 2023 us=737369 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:33 2023 us=719795 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:32 2023 us=709206 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:31 2023 us=699127 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:30 2023 us=689670 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:29 2023 us=683231 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:28 2023 us=678887 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:27 2023 us=672265 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:26 2023 us=661786 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:25 2023 us=657867 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:24 2023 us=648746 10.102.100.1:62245 TLS Error: reading acknowledgement record from packet Thu Jul 13 15:35:24 2023 us=648700 10.102.100.1:62245 TLS: Initial packet from [AF_INET]10.102.100.1:62245, sid=a6d440e2 e0e960fa

[wyfsxs]

Hello, this is the log of the OpenVPN server server

[wyfsxs]

This is the configuration file of the client. It seems that the server has not been authenticated successfully. Thank you very much.

[wyfsxs]

[wyfsxs]

This is the log information of the client, please help me to read it, thank you very much

[d3vilh]

Looks like VPN packets can't find the route to the subnet from which your client is connected. Let's try to add this line local <ip address of VPN server>, into your server.conf:

management 0.0.0.0 2080

port 1194
proto udp
local 192.168.88.1

dev tun

ca pki/ca.crt
cert pki/issued/server.crt
key pki/private/server.key

This should point OpenVPN to right route and most probably will solve the issue. Are you sure you don't have NAT on the way to your server?

[wyfsxs]

Hello, I tried it again, but it still doesn't work. My local server is Centos7.6, is it related to this environment? Thank you for your support. It may be due to environmental differences and the connection cannot be normal

[d3vilh]

Hello, I tried it again, but it still doesn't work. My local server is Centos7.6, is it related to this environment? Thank you for your support. It may be due to environmental differences and the connection cannot be normal

Server arch is not a problem, you are running it in containers anyway. All this looks like transport issue (routing or firewall). Try to connect vial local network, where you don't have any Firewalls and VPN Server is in the same subnet as VPN Client. Please don't forget to set local <IP> option to the Server and restart it before the experiment.

Yesterday I push openvpn-aws update with new updated containers and couple of bug fixes. I just tested it and it works like a charm in AWS instance with opened 1194/UDP port.

[fellowape]

Hello, I tried it again, but it still doesn't work.

Hey man, try to install it from scratch. just pull openvpn-aws and run full cycle of installation. It will build VPN container for you and pull compatible openvpn-ui.

Due to network limitations on my end, I cannot successfully build it.

It'll build container once, and keep its image on your computer locally, so next restart it'll start container with local image. There is nothing to do with traffic or slow internet. Try, it works.

[wyfsxs]

Server arch is not a problem, you are running it in containers anyway. All this looks like transport issue (routing or firewall). Try to connect vial local network, where you don't have any Firewalls and VPN Server is in the same subnet as VPN Client. Please don't forget to set local option to the Server and restart it before the experiment.

Yesterday I push openvpn-aws update with new updated containers and couple of bug fixes. I just tested it and it works like a charm in AWS instance with opened 1194/UDP port.

Hello, I tested using the ovpn file generated by the UI to connect. The open vpn client input directly reported an error, and there was an issue with the client file generated by the UI. Thank you very much

[wyfsxs]

Hello, I tried it again, but it still doesn't work.

Hey man, try to install it from scratch. just pull openvpn-aws and run full cycle of installation. It will build VPN container for you and pull compatible openvpn-ui.

Due to network limitations on my end, I cannot successfully build it.

It'll build container once, and keep its image on your computer locally, so next restart it'll start container with local image. There is nothing to do with traffic or slow internet. Try, it works.

Thank you very much. I still have problems using the Docker container for testing. I feel that my environment is not very suitable for this UI and server