Развернул OpenVPN на своём Ubuntu server 16.04, сделал всё по инструкции, служба работает, в ifconfig появился tun0, но клиент под windows не соеденяется. По разному менял настройки, всё равно результата нет.
Конфиг сервера
port 1194
proto udp
dev tun
user nobody
group nogroup
cd /etc/openvpn
persist-key
persist-tun
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
crl-verify /etc/openvpn/keys/01.pem
;tls-server
tls-auth /etc/openvpn/keys/ta.key 0
tls-timeout 120
auth SHA512
cipher BF-CBC
server 10.0.0.0 255.255.255.0
push "dhcp-option DNS 10.15.0.1"
route 10.15.0.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
client-to-client
topology subnet
max-clients 5
comp-lzo
keepalive 10 120
status /var/log/openvpn/openvpn-status.log 1
status-version 3
log-append /var/log/openvpn/openvpn-server.log
verb 3
mute 20
Конфиг клиента
client
dev tun
proto udp
# Внеший IP, на или за которым находится ваш сервер OpenVPN и порт (на сервере или роутере, за которым стоит сервер)
remote xxx.xxx.xx.xxx 1194
# необходимо для DynDNS
resolv-retry infinite
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
auth SHA512
cipher BF-CBC
remote-cert-tls server
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
mute 20
Лог сервера
Mon Oct 3 04:12:42 2016 event_wait : Interrupted system call (code=4)
Mon Oct 3 04:12:42 2016 /sbin/ip route del 10.15.0.0/24
RTNETLINK answers: Operation not permitted
Mon Oct 3 04:12:43 2016 ERROR: Linux route delete command failed: external program exited with error status: 2
Mon Oct 3 04:12:43 2016 Closing TUN/TAP interface
Mon Oct 3 04:12:43 2016 /sbin/ip addr del dev tun0 10.0.0.1/24
RTNETLINK answers: Operation not permitted
Mon Oct 3 04:12:43 2016 Linux ip addr del failed: external program exited with error status: 2
Mon Oct 3 04:12:43 2016 SIGTERM[hard,] received, process exiting
Mon Oct 3 04:12:43 2016 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016
Mon Oct 3 04:12:43 2016 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Mon Oct 3 04:12:43 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Mon Oct 3 04:12:43 2016 Diffie-Hellman initialized with 1024 bit key
Mon Oct 3 04:12:43 2016 WARNING: file '/etc/openvpn/keys/ta.key' is group or others accessible
Mon Oct 3 04:12:43 2016 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Mon Oct 3 04:12:43 2016 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Oct 3 04:12:43 2016 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Oct 3 04:12:43 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Oct 3 04:12:43 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp2s4 HWADDR=00:16:17:b6:a0:cd
Mon Oct 3 04:12:43 2016 TUN/TAP device tun0 opened
Mon Oct 3 04:12:43 2016 TUN/TAP TX queue length set to 100
Mon Oct 3 04:12:43 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Oct 3 04:12:43 2016 /sbin/ip link set dev tun0 up mtu 1500
Mon Oct 3 04:12:43 2016 /sbin/ip addr add dev tun0 10.0.0.1/24 broadcast 10.0.0.255
Mon Oct 3 04:12:43 2016 /sbin/ip route add 10.15.0.0/24 via 10.0.0.2
Mon Oct 3 04:12:43 2016 GID set to nogroup
Mon Oct 3 04:12:43 2016 UID set to nobody
Mon Oct 3 04:12:43 2016 UDPv4 link local (bound): [undef]
Mon Oct 3 04:12:43 2016 UDPv4 link remote: [undef]
Mon Oct 3 04:12:43 2016 MULTI: multi_init called, r=256 v=256
Mon Oct 3 04:12:43 2016 IFCONFIG POOL: base=10.0.0.2 size=252, ipv6=0
Mon Oct 3 04:12:43 2016 Initialization Sequence Completed
Mon Oct 3 04:12:46 2016 217.118.78.105:54617 TLS: Initial packet from [AF_INET]217.118.78.105:54617, sid=b123424e 0c2faab5
Mon Oct 3 04:12:46 2016 217.118.78.105:54617 CRL: cannot read: /etc/openvpn/keys/01.pem
Mon Oct 3 04:12:46 2016 217.118.78.105:54617 TLS_ERROR: BIO read tls_read_plaintext error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Mon Oct 3 04:12:46 2016 217.118.78.105:54617 TLS Error: TLS object -> incoming plaintext read error
Mon Oct 3 04:12:46 2016 217.118.78.105:54617 TLS Error: TLS handshake failed
Mon Oct 3 04:12:46 2016 217.118.78.105:54617 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Oct 3 04:14:32 2016 217.118.78.105:54617 TLS: Initial packet from [AF_INET]217.118.78.105:54617, sid=4e941033 4901a5be
Mon Oct 3 04:14:32 2016 217.118.78.105:54617 CRL: cannot read: /etc/openvpn/keys/01.pem
Mon Oct 3 04:14:32 2016 217.118.78.105:54617 TLS_ERROR: BIO read tls_read_plaintext error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Mon Oct 3 04:14:32 2016 217.118.78.105:54617 TLS Error: TLS object -> incoming plaintext read error
Mon Oct 3 04:14:32 2016 217.118.78.105:54617 TLS Error: TLS handshake failed
Mon Oct 3 04:14:32 2016 217.118.78.105:54617 SIGUSR1[soft,tls-error] received, client-instance restarting
Лог клиента
Mon Oct 03 04:14:32 2016 OpenVPN 2.3.12 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 23 2016
Mon Oct 03 04:14:32 2016 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Oct 03 04:14:32 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Enter Management Password:
Mon Oct 03 04:14:32 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Oct 03 04:14:32 2016 Need hold release from management interface, waiting...
Mon Oct 03 04:14:32 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Oct 03 04:14:33 2016 MANAGEMENT: CMD 'state on'
Mon Oct 03 04:14:33 2016 MANAGEMENT: CMD 'log all on'
Mon Oct 03 04:14:33 2016 MANAGEMENT: CMD 'hold off'
Mon Oct 03 04:14:33 2016 MANAGEMENT: CMD 'hold release'
Mon Oct 03 04:14:33 2016 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Oct 03 04:14:33 2016 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Oct 03 04:14:33 2016 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Oct 03 04:14:33 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Oct 03 04:14:33 2016 UDPv4 link local (bound): [undef]
Mon Oct 03 04:14:33 2016 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
Mon Oct 03 04:14:33 2016 MANAGEMENT: >STATE:1475457273,WAIT,,,
Mon Oct 03 04:14:33 2016 MANAGEMENT: >STATE:1475457273,AUTH,,,
Mon Oct 03 04:14:33 2016 TLS: Initial packet from [AF_INET]xxx.xxx.xx.xxx:1194, sid=816536c0 a22eb352
Mon Oct 03 04:14:33 2016 VERIFY OK: depth=1, C=RU, ST=LO, L=SaintP, O=EvilCorp, OU=MyOrganizationalUnit, CN=EvilCorp CA, name=EasyRSA, emailAddress=abc@mail.ru
Mon Oct 03 04:14:33 2016 Validating certificate key usage
Mon Oct 03 04:14:33 2016 ++ Certificate has key usage 00a0, expects 00a0
Mon Oct 03 04:14:33 2016 VERIFY KU OK
Mon Oct 03 04:14:33 2016 Validating certificate extended key usage
Mon Oct 03 04:14:33 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Oct 03 04:14:33 2016 VERIFY EKU OK
Mon Oct 03 04:14:33 2016 VERIFY OK: depth=0, C=RU, ST=LO, L=SaintP, O=EvilCorp, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, emailAddress=abc@mail.ru
Mon Oct 03 04:15:05 2016 SIGTERM[hard,] received, process exiting
Mon Oct 03 04:15:05 2016 MANAGEMENT: >STATE:1475457305,EXITING,SIGTERM,,
Клиентские ключи, а так же ca.crt и ta.key в папке конфига клиента, серверные понятное дело на месте.
ipv4_forwarding включен
сервер за роутером, порт 1194 переброшен
openssl не трогал.
Если можно объясните попроще что не так, пользуюсь ubuntu меньше месяца,поэтому даже не понимаю в чём может быть проблема, помимо неправильных конфигов.