# Openvpn server



## beren (Mar 13, 2017)

I set up openvpn
But clients do not connect
I did so:
1) pkg install openvpn
2) easyrsa init-pki
3) easyrsa gen-dh
4) easyrsa build-ca nopass
5) easyrsa build-server-full _server_ nopass
6) easyrsa build-client-full _client5 _nopass
7) cd /usr/local/share/easy-rsa/pki
8) openvpn --genkey --secret ta.key
9) mkdir /usr/local/etc/openvpn
10) cp ca.crt dh.pem ta.key issued/server.crt private/server.key /usr/local/etc/openvpn
11) mkdir /usr/local/etc/openvpn/ccd
In /usr/local/etc/openvpn
ca.crt             dh.pem             server.conf       
ccd                easy-rsa               
ipp.txt            server.crt         
client5.crt        openvpn-status.log server.key
client5.key        openvpn.log        ta.key

In /usr/local/etc/openvpn/ccd/cliennt5.conf

```
client
dev tun
proto udp
nobind
persist-key
persist-tun
ca ca.crt
cert client5.crt
key client5.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
```
In

```
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.1 255.255.255.0"
client-config-dir ccd
route 10.8.0.0 255.255.255.252
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 3
explicit-exit-notify 1
```

In C:\Program Files\OpenVPN\config
ca.crt
client5.crt
dh.pem
openvpn.opvpn
ta.key
In openvpn.opvpn

```
dev tun
proto udp
remote my wan
port 1194
client
resolv-retry infinite
ca ca.crt
cert client5.crt
key client5.key
tls-client
tls-auth ta.key 1
auth MD5
cipher AES-256-CBC
ns-cert-type server
comp-lzo
persist-key
persist-tun
verb 3
```
When connecting

```
Mon Mar 13 18:59:04 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Mon Mar 13 18:59:04 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Mar 13 18:59:04 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Mon Mar 13 18:59:04 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Mar 13 18:59:04 2017 Need hold release from management interface, waiting...
Mon Mar 13 18:59:04 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Mar 13 18:59:05 2017 MANAGEMENT: CMD 'state on'
Mon Mar 13 18:59:05 2017 MANAGEMENT: CMD 'log all on'
Mon Mar 13 18:59:05 2017 MANAGEMENT: CMD 'hold off'
Mon Mar 13 18:59:05 2017 MANAGEMENT: CMD 'hold release'
Mon Mar 13 18:59:05 2017 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Mon Mar 13 18:59:05 2017 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Mon Mar 13 18:59:05 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]212.248.86.155:1194
Mon Mar 13 18:59:05 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Mar 13 18:59:05 2017 UDP link local (bound): [AF_INET][undef]:1194
Mon Mar 13 18:59:05 2017 UDP link remote: [AF_INET]212..............:1194
Mon Mar 13 18:59:05 2017 MANAGEMENT: >STATE:1489420745,WAIT,,,,,,
```


----------

