Ostatecznie certyfikaty wygenerowałem na komputerze następnie przerzuciłem do odpowiednich miejsc na routerze.
Jednak nie udało się nawiązać połączenia między routerem(serwer) a moim Windows 10(klient).
Poniżej załączam konfigurację:
/etc/openvpn/
ca.crt dh2048.pem serwer.crt serwer.csr serwer.key
/etc/config/network
config interface 'vpn'
option ifname 'tun0'
option proto 'none'
/etc/config/firewall
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'vpn'
config forwarding
option src 'vpn'
option dest 'wan'
config rule
option name 'OpenVPN'
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '5236'
/etc/config/openvpn
config openvpn 'home'
option enabled '1'
option dev 'tun0'
option port '5236'
option proto 'udp'
option log '/tmp/openvpn.log'
option verb '3'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/serwer.crt'
option key '/etc/openvpn/serwer.key'
option server '10.8.0.0 255.255.255.0'
option dh '/etc/openvpn/dh2048.pem'
Klient (Windows 10)
client2.ovpn
client
remote mojip 5236
dev tun0
proto udp
verb 3
ca ca.crt
cert client2.crt
key client2.key
tls-auth ta.key
W tej samej lokalizacji mam pliki: ca.crt, client2.crt, client2.key, ta.key
Teraz co pokazują logi:
Serwer:
Wed Feb 14 06:22:55 2018 OpenVPN 2.4.4 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Feb 14 06:22:55 2018 library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.10
Wed Feb 14 06:22:55 2018 WARNING: --keepalive option is missing from server config
Wed Feb 14 06:22:55 2018 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Wed Feb 14 06:22:55 2018 Diffie-Hellman initialized with 2048 bit key
Wed Feb 14 06:22:55 2018 TUN/TAP device tun0 opened
Wed Feb 14 06:22:55 2018 TUN/TAP TX queue length set to 100
Wed Feb 14 06:22:55 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Feb 14 06:22:55 2018 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Feb 14 06:22:55 2018 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Feb 14 06:22:55 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Feb 14 06:22:55 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Feb 14 06:22:55 2018 UDPv4 link local (bound): [AF_INET][undef]:5236
Wed Feb 14 06:22:55 2018 UDPv4 link remote: [AF_UNSPEC]
Wed Feb 14 06:22:55 2018 MULTI: multi_init called, r=256 v=256
Wed Feb 14 06:22:55 2018 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Feb 14 06:22:55 2018 Initialization Sequence Completed
Wed Feb 14 06:26:26 2018 31.0.87.218:7994 TLS: Initial packet from [AF_INET]31.0.87.218:7994, sid=59bb6d80 af3ddc23
Wed Feb 14 06:26:26 2018 31.0.87.218:7994 TLS Error: reading acknowledgement record from packet
Wed Feb 14 06:26:27 2018 31.0.87.218:7994 TLS Error: reading acknowledgement record from packet
Wed Feb 14 06:26:31 2018 31.0.87.218:7994 TLS Error: reading acknowledgement record from packet
Wed Feb 14 06:26:40 2018 31.0.87.218:7994 TLS Error: reading acknowledgement record from packet
Wed Feb 14 06:26:56 2018 31.0.87.218:7994 TLS Error: reading acknowledgement record from packet
Wed Feb 14 06:27:26 2018 31.0.87.218:7994 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Feb 14 06:27:26 2018 31.0.87.218:7994 TLS Error: TLS handshake failed
Wed Feb 14 06:27:26 2018 31.0.87.218:7994 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Feb 14 06:27:31 2018 31.0.87.218:7994 TLS: Initial packet from [AF_INET]31.0.87.218:7994, sid=a6ab9768 2317ec50
Wed Feb 14 06:27:31 2018 31.0.87.218:7994 TLS Error: reading acknowledgement record from packet
Wed Feb 14 06:27:33 2018 31.0.87.218:7994 TLS Error: reading acknowledgement record from packet
Wed Feb 14 06:27:37 2018 31.0.87.218:7994 TLS Error: reading acknowledgement record from packet
Wed Feb 14 06:27:45 2018 31.0.87.218:7994 TLS Error: reading acknowledgement record from packet
Wed Feb 14 06:28:01 2018 31.0.87.218:7994 TLS Error: reading acknowledgement record from packet
Wed Feb 14 06:28:31 2018 31.0.87.218:7994 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Feb 14 06:28:31 2018 31.0.87.218:7994 TLS Error: TLS handshake failed
Wed Feb 14 06:28:31 2018 31.0.87.218:7994 SIGUSR1[soft,tls-error] received, client-instance restarting
Na kliencie mam: TLS Error: cannot locate HMAC in incoming packet from mojip 5236
Będę wdzięczny za wszelkie podpowiedzi