0000302: Unified settings for OpenVpn clients site-to-site mode - DM

ID	Project	Category	View Status	Date Submitted	Last Update

0000302	Windows and other desktop OS	OpenVPN	public	2019-10-22 00:48	2023-12-05 05:39

Reporter	DigitalMy
Priority	normal	Severity	minor	Reproducibility	N/A
Status	progress	Resolution	open
Platform		OS	Windows server	OS Version	2008R2

Summary	0000302: Unified settings for OpenVpn clients site-to-site mode
Description	Installed to C:\OpenVPN\ folder client version 2.4.7. for tests. Use tun udp Windows OS server and client
Tags	No tags attached.

FinishDate
StartDate
WasteTime	0
PriorityIndex	5
LaboriousnessIndex	1

DigitalMy 2019-10-22 00:52 administrator ~0000847 Last edited: 2019-10-22 01:14 View 4 revisions	delete subfolders \doc\ and \sample-config\ after installation generate certificates on server for this unique client name and copy them to local \config\ folder Add outbound firewall rule for C:\OpenVPN\bin\openvpn.exe prepare \config\client.ovpn file

DigitalMy 2019-10-22 01:06 administrator ~0000848	client dev tun proto udp ca ca.crt cert client.crt key client.key

DigitalMy 2019-10-24 12:12 administrator ~0000850 Last edited: 2020-09-30 14:57 View 4 revisions	> make client certificates with .bat script from OpenSSL included to OpenVPN (easy-rsa): @echo off set NAME=client_name set HOME="C:\Program Files (x86)\OpenVPN\easy-rsa" set KEY_DIR=keys set KEY_CONFIG=openssl-1.0.0.cnf set PATH="C:\Program Files (x86)\OpenVPN\bin" set DH_KEY_SIZE=2048 set KEY_SIZE=4096 set KEY_COUNTRY=RU set KEY_PROVINCE=MS set KEY_CITY=Moscow set KEY_ORG=My set KEY_EMAIL=123@my.ru set KEY_CN=%NAME% set KEY_NAME=my.tk set KEY_OU=%NAME% set PKCS11_MODULE_PATH=%NAME% set PKCS11_PIN=123456 cd %HOME% "C:\Program Files (x86)\OpenVPN\bin\openssl.exe" req -days 3650 -nodes -new -keyout %KEY_DIR%\client-%NAME%.key -out %KEY_DIR%\client-%NAME%.csr -config %KEY_CONFIG% "C:\Program Files (x86)\OpenVPN\bin\openssl.exe" ca -days 3650 -out %KEY_DIR%\client-%NAME%.crt -in %KEY_DIR%\client-%NAME%.csr -config %KEY_CONFIG% del /q %KEY_DIR%\*.old (fix path to fit installation) each client name must be unique

DigitalMy 2020-09-28 23:38 administrator ~0003984 Last edited: 2021-12-06 00:50 View 3 revisions	client configurations are stored in folder \OpenVPN\config\client\ (not default client-config-dir ccd) iroute - use for remote network router only , specifies route from server to remote router network ifconfig-push - specify client own IP address , can be used instead of "ipp.txt" file record but cannot push route this way with error: OPTIONS IMPORT: reading client specific options from Options error: option 'route' cannot be used in this context According to official manual, only -push, --push-reset, --push-remove, --iroute, --ifconfig-push, and --config are allowed in these client configurations

DigitalMy 2020-09-30 14:40 administrator ~0003985 Last edited: 2021-12-06 00:46 View 2 revisions	first issue is that client configurations which are stored on server in \clinet\ subfolder (client-config-dir) they are not loaded at all, in case different names in file in log file there is CN of client in "quotes" , but for server - not ... so, this is issue with certificate - make CN without quotes - found this problem change \easy-rsa script - made new certificate with names without quotes , like: GS , not "GS" second, new version uses folder OpenVPN\config-auto\client for service

DigitalMy 2022-12-04 21:36 administrator ~0008201	Windows app OpenVPN GUI in case set Advanced - Configuration files - Folder same as OpenVPN\config will get error on each start There already exists a config file named *.ovpn Fix - set different path in "Folder" for user configurations (empty is fine).

DigitalMy 2022-12-20 06:11 administrator ~0008203	As for android OS client has got error tun_prop_route_error: route destinations other than vpn_gateway or net_gateway are not supported change to push "route 192.168.166.0 255.255.255.0" without gateway and metric...

DigitalMy 2022-12-20 07:25 administrator ~0008204 Last edited: 2023-07-25 10:56 View 3 revisions	Android client has Connection reset, restarting [0] SIGUSR1[soft,connection-reset] received, client-instance restarting every 30 second removed # ping 5 # ping-restart 10 Session invalidated KEEPALIVE_TIMEOUT added to client keepalive 600 1800 added to server: keepalive 600 3600

DigitalMy 2023-12-05 05:39 administrator ~0014248	Windows udp client config: client dev tun proto udp resolv-retry infinite nobind tls-client persist-key auth-nocache remote-cert-tls server keepalive 60 120 verb 4 pull explicit-exit-notify 1 do not use #persist-tun - because on provider network stuck - no route change (removal) happen, but it's necessary for second tun to use