Ubuntu Sever 22.04. OpenVPN cannot connect as a client

Question

I use Ubuntu Server 22.04 and OpenVPN 2.5.5. Openvpn cannot connect to the server as a client. Error:

2023-04-26 10:24:45 [63f5fa33cce5bccbc9d69630] Inactivity timeout (--ping-restart), restarting
2023-04-26 10:24:45 SIGUSR1[soft,ping-restart] received, process restarting
2023-04-26 10:24:50 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:24:50 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:24:50 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:24:50 Attempting to establish TCP connection with [AF_INET]xx.xxx.xx.xx:9028 [nonblock]
2023-04-26 10:24:54 TCP: connect to [AF_INET]xx.xxx.xx.xx:9028 failed: Connection timed out

I tried to reinstall openvpn but it had not helped. My configuration:

setenv UV_ID ce541b0ab0874d91b205333c39209154
setenv UV_NAME winter-forest-1668
client
dev tun
dev-type tun
remote xx.xxx.xx.xx 9028 tcp-client
nobind
persist-tun
cipher AES-128-CBC
data-cipher AES-128-CBC
auth SHA256
verb 2
mute 3
push-peer-info
ping 10
ping-restart 60
hand-window 70
server-poll-timeout 4
reneg-sec 2592000
sndbuf 393216
rcvbuf 393216
remote-cert-tls server
comp-lzo no
key-direction 1
<ca>
</ca>
<tls-auth>
</tls-auth>
<cert>
</cert>
<key>
</key>

How fix it?

iptables:

Chain INPUT (policy ACCEPT 26815 packets, 133M bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   180 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:9028
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 18017 packets, 1677K bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-after-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-after-input (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-after-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-after-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-after-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-after-output (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-before-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-before-input (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-before-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-before-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-before-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-before-output (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-reject-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-reject-input (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-reject-output (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-track-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-track-input (0 references)
 pkts bytes target     prot opt in     out     source               destination
Chain ufw-track-output (0 references)
 pkts bytes target     prot opt in     out     source               destination

Full log openvpn client:

2023-04-26 10:46:30 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-04-26 10:46:30 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-04-26 10:46:30 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:46:30 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:46:30 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:46:30 Attempting to establish TCP connection with [AF_INET]xx.xxx.xx.xx:9028 [nonblock]
2023-04-26 10:46:30 TCP connection established with [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:46:30 TCP_CLIENT link local: (not bound)
2023-04-26 10:46:30 TCP_CLIENT link remote: [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:46:30 VERIFY OK: depth=1, O=63f5fa32cce5bccbc9d69626, CN=63f5fa32cce5bccbc9d6962b
2023-04-26 10:46:30 VERIFY KU OK
2023-04-26 10:46:30 Validating certificate extended key usage
2023-04-26 10:46:30 NOTE: --mute triggered...
2023-04-26 10:46:30 4 variation(s) on previous 3 message(s) suppressed by --mute
2023-04-26 10:46:30 [63f5fa33cce5bccbc9d69630] Peer Connection Initiated with [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:46:30 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-04-26 10:46:30 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:46:30 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-04-26 10:46:30 NOTE: --mute triggered...
2023-04-26 10:46:30 1 variation(s) on previous 3 message(s) suppressed by --mute
2023-04-26 10:46:30 TUN/TAP device tun0 opened
2023-04-26 10:46:30 net_iface_mtu_set: mtu 1500 for tun0
2023-04-26 10:46:30 net_iface_up: set tun0 up
2023-04-26 10:46:30 net_addr_v4_add: 192.168.223.8/24 dev tun0
2023-04-26 10:46:30 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-04-26 10:46:30 Initialization Sequence Completed
2023-04-26 10:47:31 [63f5fa33cce5bccbc9d69630] Inactivity timeout (--ping-restart), restarting
2023-04-26 10:47:31 SIGUSR1[soft,ping-restart] received, process restarting
2023-04-26 10:47:36 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:47:36 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:47:36 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xx:9028
2023-04-26 10:47:36 Attempting to establish TCP connection with [AF_INET]xx.xxx.xx.xx:9028 [nonblock]
2023-04-26 10:47:40 TCP: connect to [AF_INET]xx.xxx.xx.xx:9028 failed: Connection timed out
2023-04-26 10:47:40 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2023-04-26 10:47:45 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:47:45 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-04-26 10:47:45 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xx:9028
etc....

Telnet (ping port):

telnet xx.xxx.xx.xx 9028
Trying xx.xxx.xx.xx...
Connected to xx.xxx.xx.xx.
Escape character is '^]'.

Other OpenVPN clients (Windows, Android, HarmonyOS) works correctly.

The solution from this post didn't work.

Ubuntu Sever 22.04. OpenVPN cannot connect as a client

0 Answers0