OVPN + cert + RADIUS

Раздел для тех, кто начинает знакомиться с MikroTik
Правила форума
Как правильно оформить вопрос.
Прежде чем начать настройку роутера, представьте, как это работает. Попробуйте почитать статьи об устройстве интернет-сетей. Убедитесь, что всё, что Вы задумали выполнимо вообще и на данном оборудовании в частности.
Не нужно изначально строить Наполеоновских планов. Попробуйте настроить простейшую конфигурацию, а усложнения добавлять в случае успеха постепенно.
Пожалуйста, не игнорируйте правила русского языка. Отсутствие знаков препинания и неграмотность автора топика для многих гуру достаточный повод проигнорировать топик вообще.

1. Назовите технологию подключения (динамический DHCP, L2TP, PPTP или что-то иное)
2. Изучите темку "Действия до настройки роутера".
viewtopic.php?f=15&t=2083
3. Настройте согласно выбранного Вами мануала
4. Дочитайте мануал до конца и без пропусков, в 70% случаев люди просто не до конца читают статью и пропускают важные моменты.
5. Если не получается, в Winbox открываем терминал и вбиваем там /export hide-sensitive. Результат в топик под кат, интимные подробности типа личных IP изменить на другие, пароль забить звездочками.
6. Нарисуйте Вашу сеть, рисунок (схему) сюда. На словах может быть одно, в действительности другое.
Ответить
propeller25
Сообщения: 18
Зарегистрирован: 25 сен 2013, 12:46

Доброго времени. Не могу настроить связку Openvpn client + mikrotik

Серты сгенерил на линухе скриптом

Код: Выделить всё

#!/bin/bash

# First step is to build the CA private key and CA certificate pair:

openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -subj "/c=ru/st=moscow/l=moscow/o=admin/ou=it/cn=crmguru.ru/emailaddress=admin@crmguru.ru"

# Now create private-key/certificate pair for the server:

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr -subj "/C=RU/ST=Moscow/L=Moscow/O=CRMGURU, llc/ou=it/cn=mikrotik.crmgu.ru/emailaddress=admin@crmguru.ru"
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt


# Client key/certificate pair creation
openssl genrsa -out client.key 4096
openssl req -new -key client.key -out client.csr -subj "/C=RU/ST=Moscow/L=Moscow/O=CRMGURU, llc/ou=it/cn=mikrotik.crmgu.ru/emailaddress=admin@crmguru.ru"
openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
В конфиге OVPN:

Код: Выделить всё

dev tun
persist-key
persist-tun
remote ***.9.76.111 1194 tcp

tls-client
client
auth SHA1
cipher AES-128-CBC
#nobind
#pull
#redirect-gateway
persist-key
persist-tun
ping 10
ping-restart 60
#auth-user-pass
remote-cert-tls server

Код: Выделить всё

<ca>
-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIJAP1ygky576ghMA0GCSqGSIb3DQEBCwUAMAAwHhcNMjAw
NDE2MTExNTI5WhcNMzAwNDE0MTExNTI5WjAAMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA1v95tIDiZ+We0h/yCyGMJqr7P/KQUP31G+PCctSUPmbxfbwm
XlbsQE4XRGdBgXivjtuYHuyJpk6n/LiTW9RSgTuhJzJOnjtQtkgBO0of7slnw0e2
itS+IVmhiwYL9KKAVsd4m2xyVruKVxH22AYJI653LUoCuD+RCjGSR0h/X+wVzTAc
z5EvmOWCQz9qPRFx1C6M6I2PZM1az0Y3OpPbgNskflnGzzNGLpWZuT6PgCV+k4RT
TbyIHdBlbtBs3CDrszY/py3E02M7ZE1oQ74vk9QdzLKH6L3l1nPMONLom9GKHSbp
cfc+daEIpiNy8MouPUeJyFRQBIWgwIYgrGJZ6tox0o+19n8/dR2pOxx/FbAwzwQo
kW+PONB0F78KYr1CssgFHp7GpJE6JSV0sSOjcIyiNC3A4J2gxJw8DlpkOoY5Yi8A
ZRzvURIJi8SnLVeYxUJXwo8k5RcZ7+3Y06DuzyY9NKN29HgfMVjsakI0DaGomPZm
tDaXmd16fZEmrvfkOApJjtO3t2AWZ/OuGy/ujiY6p3A8SVbd0Ldk6R1yptUesvX3
2zjfVjRECaZ4LXStzMytaQv0Lw3DHTNBEsInYm6rI1QzyHsVXkoYBBh/ENA1a8EI
4vFkf5PxpbRCjtHxGlsWGcHqCrKa6wRsMYtRv5Ms19xmjEa+Auvsf65MLFsCAwEA
AaNQME4wHQYDVR0OBBYEFITmaNbkp79tZOgkl0a8EO9m6z4lMB8GA1UdIwQYMBaA
FITmaNbkp79tZOgkl0a8EO9m6z4lMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggIBAKkKxOIeGVok4LubmyaRhaTh7VOeYcWsD+B64S8Hg52bhcst0jjctn/o
d2nQQxMAIbPDFetVbOjXP+vmn0grvh5hSNu1ZoB+EBrcSZNPl51I3WJlvssHgYFL
9ZFXIyXW9Plm13uOJzfGIXdlV9hbzYWz9ADH95HxjdZm7Idy8rYu30aCd+7qohHO
FKLaHAiu+gbvY04eSouC8wLkvooYAbKV8FY0/fDg3n4KbjTc5am6HoLFOA9sE1Rj
kzWB/RTX6IPFZdFm0JTKEGTvRzzoB/gTDfo266glrnvj+5yzDBXwMGNkVftSw/mL
/WfLOPDY2RNPkxU8YNcCBGaBUyoN4exeSowcxkpd1yTxH8ORUE8y1eaY6yhSeqYP
c4sN3cJjQjgusyWHX2X4T6EdO2GnoiXaimR83/uLilPYkmAVNo2/JPJyAg3dtWv/
nvS9dC+bxNLeJ/CY1a3xMXiVllDV7Bm5hEwLGm+v4NeoFuNaqwCZV6O3MzjnP3Wc
9sFh9F1vNAQqy03CkJzG+ufPI+TeUIl85gDl1YT0Mj6KUJtX8zDuWF6fz+qJiYzo
UPVX3QHLTzFn1cbUUOMPOWEetoVeGTcyJ6Ep1TirLXNtqIb9UmYUHPbegBZxPVde
6vDylSJLKxWzU3TWqekvqeYG2zabQchmJElmq9gwnAQjgFYb/k+i
-----END CERTIFICATE-----
</ca>

Код: Выделить всё

<cert>
-----BEGIN CERTIFICATE-----
MIIEujCCAqICAQEwDQYJKoZIhvcNAQELBQAwADAeFw0yMDA0MTYxMTE1MjlaFw0z
MDA0MTQxMTE1MjlaMEYxCzAJBgNVBAYTAlJVMQ8wDQYDVQQIDAZNb3Njb3cxDzAN
BgNVBAcMBk1vc2NvdzEVMBMGA1UECgwMQ1JNR1VSVSwgbGxjMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEArIYVtLGZwa69Q9jPml8F84Mv5mpTBn5MtX4k
VZbPnOhuOkYNmLZvkbixq72Q0+wjt4JBqpI8ePAH/EJBh471DgcUGb7blMyV7ziF
Prx2bBcLHDla3wvKl5bEMqf6JOmKcxjO4REj0DkWjNCh4HtckVJM/Z8jjm2txXsJ
VmHkFBys2u7gf1Cz9Gdrl+gZlWibW7MKIXq8+3cZ6RB33uYvPHIe0BbAEUZjlEG0
25pKr4FCQ6vn9rQkQc20taq/K76cHkQeHFuQznhyQ7PSgcZOfBnvkqR76OCib5jg
SKE8orAjBe23RCJu3z9DvVIB8f4rNCc2zfvQeeW5siT8KvekESePK/BmEpg12Xbl
NQ8L8UYn6G5twEu/r39rq3wfk/V7+uPkSuSOi8uCJ8unbM+RU5HLOi2SdqaJ7T7a
lsRkRo70dgNzdAZ1mgV53GWhriKypqTvwlgjDhF63FKHZSplwyRSLPv5msVelng0
9WD7rgszSF36W6pCtRfoPJ2R90ec+q9rbMhSyjY1mGEC14ZWXRbu1DxnV13Ay0eT
dYpx3iLcXahZ4GLSdv+YEBkdTsnqUOU5ofOZ2zTHx2nifCNLhTaCy2X8Ejwsf3o4
Y0Vzx5GXy+0iHk6dNHlwnl3GLHT1e7jiKVU9xZADGq9EusPqjzr/Cm3NEsK5Etdr
lkOl9NkCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAor4md24YPWKwZlunkh/DcqT4
sYy4uHCTrLAKgGv5zXnw35t+thKiFwl1kSkgYxTp0BdvspS0WslsXP3b5bgFvy8h
0z/jO7pjRSsXXXAELGjwqSdNZQM4xiwv1vwMLxeAY6shpjb7cvUIT1gC0LFUZSSO
adrHqqBTTiEu8fk9XK1LZetSeFY4AjT6FEf1S3r+nK4glEH3VT+iLbM4FsTlTvfl
pjolOABp2O2ZhVXyUFDxojYrZ/ybH2gnrKB8sMkibLhQk1c2TIsSVOhNdyhyqO4O
t1J14kOhUPUzjSkCLuWIDjk/yfP6KjvHlIqEOAtw2AsM2H7oeb6UOkYM/mn279Zd
/wfwFCZab6oEAyD/9G4X8erXVRwl+mIHM+sINjIRE7p61eePU3TLpDOQBelzwXtu
b5ZihxMIASi/4rgwNPypFDl1U5IOWz8OmfGyS7u8Pv0a07pGCIBhD3f0w7vqXjyE
ipVt53PjFkKbNT41oNPVP1+48jXTYF4WrVOswNGe+J6sWvDKXrj/9KZCahcS+dh1
QCW+YwwRFo763mXDkI9VAsGScLC++8FDu59uV66BHRSXYA0JzB/lWoMeViKPQnKf
37WFKrAb4wBIOHDqVsSauEQDwYtv2bHbTXGOAL+N2chx6yp1GXpPxpA2yqK9Ns4w
zipkRgMfAb0ZsR7e8as=
-----END CERTIFICATE-----
</cert>

Код: Выделить всё

<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEujCCAqICAQEwDQYJKoZIhvcNAQELBQAwADAeFw0yMDA0MTYxMTE1MzBaFw0z
MDA0MTQxMTE1MzBaMEYxCzAJBgNVBAYTAlJVMQ8wDQYDVQQIDAZNb3Njb3cxDzAN
BgNVBAcMBk1vc2NvdzEVMBMGA1UECgwMQ1JNR1VSVSwgbGxjMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEAuC/9lxxMrXAHJsIIUVOVyo8wqYdit9BgrM24
EX/USYRbjx2cDOkZHUOK6JR/820vUUqq7k4IpRZHvlvKKGym96CizcVRB4rrQ2AQ
U7ElZrX2tSea63qREIQ2vFn1ozYYwbWIk1bdrQ49BVE0fuSlEjxL8lcWOnFD+3wJ
mmEKgks9iXui5qHo6NrgvgxJL7B4vf2S4j+IcU8NG8eirpqOL3UFqrYltLky2jea
g+J5+76A0/uSgyCIiqCp7JnfbTUelpxu5l35N7jNdQqNkAvn1b8tnC8IYuGYWzU8
rEn2H5KXsrqUCtR/YTsyw+AD4RobtkmqV9LWiN0gQFL0Xxf30GdIsLMXchUFfq8F
TDgFwDmUqn7AbpCQ0yVmjW3Ocz85b1Uf+xIW4lQ3MRf8nWJaNYO0JE5X+s0FP6l7
qgryZ37vOYH3k0TEnvqs2V58LbqAQCC2BvJID0ZQhz9b35W/yaZTJu2WGDdoXjbl
9FacknTX1tIydvQg1Kam/yflqUv2mOnqc6hFrza7eLPUmafLOwrNyGKO+Sj2KZpO
a6yf3A29P3mHk/yZEZwVIgUfgIdE69n9c3MZPdZ5bL43Zzwllki7onkLggAI5reD
ImbrST6+5CxAi7d64aoNYhQJGFiX+j3XYq3nFcDAPhJ7ubKIthgK/FicOZZWvS7C
6tT1l0ECAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAoZlKDkU6QZktgEY6NXQpnuFK
jDcHZ5cgGcCmcTS7JBv1dZl/8E5VYfnNQblz8bcSo7++Vs2PG8aR5l9kCdHxjFrT
Bi/CF033AsF+SwDlmXSTZkMGmIO27yRM08gM/K8NVfgk42eFJYBLtyXXS9kQt9rO
DO0+VX3RxRADeLZyHSPr5r8EwvPvsiNfE2TneKrteg67MWpCtCP9qc5RLZERwGVR
CIYNqTRi6UsESRnZ821+T+jDktvvFcyZP2DX3hq2jGrvefzlVIdggWfz+Az1Vbov
E47N+cHZxsx9fMJ/Z0DhiFHOqm7Tv5OFcGAF6c82C69gu4EjjY/uJ/ynREkzEZg6
s4974dmUBR6yEgwUIefW+u4s8wy6eYI/Zadu1TLHGLimxVLS7EqcSge50b26p9Ek
sLO7AAYbdqWtgsAEX/nbE191jhv1T/Jjza9pb2WLt0gUrzbvX3T9Yj7CMaKcCYqQ
5F7SJK4AGiH9e3IxZjajhycaCbuLBEYS3AjX03F5fv+cqTSKDD//32po0ckeKZL2
TiBmMIRgfU1t1WX6upY7OkF3v1cTjV4gvmyzBnC6R9zNNKeoEn6Uf1CcUrt5FSk5
1IyU3zTZfVnlsX+4n+8XWQINOLklEb6HASumz7qpJ239T+rm88n7TAklIt6Mk9sn
Gf5jjA+mFBmCtshNypM=
-----END RSA PRIVATE KEY-----
</key>

В логах ovpn на винде вижу

Код: Выделить всё

Mon Apr 20 13:40:12 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Mon Apr 20 13:40:12 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Apr 20 13:40:12 2020 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10
Enter Management Password:
Mon Apr 20 13:40:12 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:40:17 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:40:22 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:40:27 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:40:32 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:40:42 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:41:02 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:41:42 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:43:03 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting


Не могу понять, почему не нравятся ключи...


Вернуться к началу
wolodyawggu
Сообщения: 180
Зарегистрирован: 30 дек 2019, 16:47

propeller25 писал(а): 20 апр 2020, 09:47 Доброго времени. Не могу настроить связку Openvpn client + mikrotik

Серты сгенерил на линухе скриптом

Код: Выделить всё

#!/bin/bash

# First step is to build the CA private key and CA certificate pair:

openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -subj "/c=ru/st=moscow/l=moscow/o=admin/ou=it/cn=crmguru.ru/emailaddress=admin@crmguru.ru"

# Now create private-key/certificate pair for the server:

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr -subj "/C=RU/ST=Moscow/L=Moscow/O=CRMGURU, llc/ou=it/cn=mikrotik.crmgu.ru/emailaddress=admin@crmguru.ru"
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt


# Client key/certificate pair creation
openssl genrsa -out client.key 4096
openssl req -new -key client.key -out client.csr -subj "/C=RU/ST=Moscow/L=Moscow/O=CRMGURU, llc/ou=it/cn=mikrotik.crmgu.ru/emailaddress=admin@crmguru.ru"
openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
В конфиге OVPN:

Код: Выделить всё

dev tun
persist-key
persist-tun
remote ***.9.76.111 1194 tcp

tls-client
client
auth SHA1
cipher AES-128-CBC
#nobind
#pull
#redirect-gateway
persist-key
persist-tun
ping 10
ping-restart 60
#auth-user-pass
remote-cert-tls server

Код: Выделить всё

<ca>
-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIJAP1ygky576ghMA0GCSqGSIb3DQEBCwUAMAAwHhcNMjAw
NDE2MTExNTI5WhcNMzAwNDE0MTExNTI5WjAAMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA1v95tIDiZ+We0h/yCyGMJqr7P/KQUP31G+PCctSUPmbxfbwm
XlbsQE4XRGdBgXivjtuYHuyJpk6n/LiTW9RSgTuhJzJOnjtQtkgBO0of7slnw0e2
itS+IVmhiwYL9KKAVsd4m2xyVruKVxH22AYJI653LUoCuD+RCjGSR0h/X+wVzTAc
z5EvmOWCQz9qPRFx1C6M6I2PZM1az0Y3OpPbgNskflnGzzNGLpWZuT6PgCV+k4RT
TbyIHdBlbtBs3CDrszY/py3E02M7ZE1oQ74vk9QdzLKH6L3l1nPMONLom9GKHSbp
cfc+daEIpiNy8MouPUeJyFRQBIWgwIYgrGJZ6tox0o+19n8/dR2pOxx/FbAwzwQo
kW+PONB0F78KYr1CssgFHp7GpJE6JSV0sSOjcIyiNC3A4J2gxJw8DlpkOoY5Yi8A
ZRzvURIJi8SnLVeYxUJXwo8k5RcZ7+3Y06DuzyY9NKN29HgfMVjsakI0DaGomPZm
tDaXmd16fZEmrvfkOApJjtO3t2AWZ/OuGy/ujiY6p3A8SVbd0Ldk6R1yptUesvX3
2zjfVjRECaZ4LXStzMytaQv0Lw3DHTNBEsInYm6rI1QzyHsVXkoYBBh/ENA1a8EI
4vFkf5PxpbRCjtHxGlsWGcHqCrKa6wRsMYtRv5Ms19xmjEa+Auvsf65MLFsCAwEA
AaNQME4wHQYDVR0OBBYEFITmaNbkp79tZOgkl0a8EO9m6z4lMB8GA1UdIwQYMBaA
FITmaNbkp79tZOgkl0a8EO9m6z4lMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggIBAKkKxOIeGVok4LubmyaRhaTh7VOeYcWsD+B64S8Hg52bhcst0jjctn/o
d2nQQxMAIbPDFetVbOjXP+vmn0grvh5hSNu1ZoB+EBrcSZNPl51I3WJlvssHgYFL
9ZFXIyXW9Plm13uOJzfGIXdlV9hbzYWz9ADH95HxjdZm7Idy8rYu30aCd+7qohHO
FKLaHAiu+gbvY04eSouC8wLkvooYAbKV8FY0/fDg3n4KbjTc5am6HoLFOA9sE1Rj
kzWB/RTX6IPFZdFm0JTKEGTvRzzoB/gTDfo266glrnvj+5yzDBXwMGNkVftSw/mL
/WfLOPDY2RNPkxU8YNcCBGaBUyoN4exeSowcxkpd1yTxH8ORUE8y1eaY6yhSeqYP
c4sN3cJjQjgusyWHX2X4T6EdO2GnoiXaimR83/uLilPYkmAVNo2/JPJyAg3dtWv/
nvS9dC+bxNLeJ/CY1a3xMXiVllDV7Bm5hEwLGm+v4NeoFuNaqwCZV6O3MzjnP3Wc
9sFh9F1vNAQqy03CkJzG+ufPI+TeUIl85gDl1YT0Mj6KUJtX8zDuWF6fz+qJiYzo
UPVX3QHLTzFn1cbUUOMPOWEetoVeGTcyJ6Ep1TirLXNtqIb9UmYUHPbegBZxPVde
6vDylSJLKxWzU3TWqekvqeYG2zabQchmJElmq9gwnAQjgFYb/k+i
-----END CERTIFICATE-----
</ca>

Код: Выделить всё

<cert>
-----BEGIN CERTIFICATE-----
MIIEujCCAqICAQEwDQYJKoZIhvcNAQELBQAwADAeFw0yMDA0MTYxMTE1MjlaFw0z
MDA0MTQxMTE1MjlaMEYxCzAJBgNVBAYTAlJVMQ8wDQYDVQQIDAZNb3Njb3cxDzAN
BgNVBAcMBk1vc2NvdzEVMBMGA1UECgwMQ1JNR1VSVSwgbGxjMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEArIYVtLGZwa69Q9jPml8F84Mv5mpTBn5MtX4k
VZbPnOhuOkYNmLZvkbixq72Q0+wjt4JBqpI8ePAH/EJBh471DgcUGb7blMyV7ziF
Prx2bBcLHDla3wvKl5bEMqf6JOmKcxjO4REj0DkWjNCh4HtckVJM/Z8jjm2txXsJ
VmHkFBys2u7gf1Cz9Gdrl+gZlWibW7MKIXq8+3cZ6RB33uYvPHIe0BbAEUZjlEG0
25pKr4FCQ6vn9rQkQc20taq/K76cHkQeHFuQznhyQ7PSgcZOfBnvkqR76OCib5jg
SKE8orAjBe23RCJu3z9DvVIB8f4rNCc2zfvQeeW5siT8KvekESePK/BmEpg12Xbl
NQ8L8UYn6G5twEu/r39rq3wfk/V7+uPkSuSOi8uCJ8unbM+RU5HLOi2SdqaJ7T7a
lsRkRo70dgNzdAZ1mgV53GWhriKypqTvwlgjDhF63FKHZSplwyRSLPv5msVelng0
9WD7rgszSF36W6pCtRfoPJ2R90ec+q9rbMhSyjY1mGEC14ZWXRbu1DxnV13Ay0eT
dYpx3iLcXahZ4GLSdv+YEBkdTsnqUOU5ofOZ2zTHx2nifCNLhTaCy2X8Ejwsf3o4
Y0Vzx5GXy+0iHk6dNHlwnl3GLHT1e7jiKVU9xZADGq9EusPqjzr/Cm3NEsK5Etdr
lkOl9NkCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAor4md24YPWKwZlunkh/DcqT4
sYy4uHCTrLAKgGv5zXnw35t+thKiFwl1kSkgYxTp0BdvspS0WslsXP3b5bgFvy8h
0z/jO7pjRSsXXXAELGjwqSdNZQM4xiwv1vwMLxeAY6shpjb7cvUIT1gC0LFUZSSO
adrHqqBTTiEu8fk9XK1LZetSeFY4AjT6FEf1S3r+nK4glEH3VT+iLbM4FsTlTvfl
pjolOABp2O2ZhVXyUFDxojYrZ/ybH2gnrKB8sMkibLhQk1c2TIsSVOhNdyhyqO4O
t1J14kOhUPUzjSkCLuWIDjk/yfP6KjvHlIqEOAtw2AsM2H7oeb6UOkYM/mn279Zd
/wfwFCZab6oEAyD/9G4X8erXVRwl+mIHM+sINjIRE7p61eePU3TLpDOQBelzwXtu
b5ZihxMIASi/4rgwNPypFDl1U5IOWz8OmfGyS7u8Pv0a07pGCIBhD3f0w7vqXjyE
ipVt53PjFkKbNT41oNPVP1+48jXTYF4WrVOswNGe+J6sWvDKXrj/9KZCahcS+dh1
QCW+YwwRFo763mXDkI9VAsGScLC++8FDu59uV66BHRSXYA0JzB/lWoMeViKPQnKf
37WFKrAb4wBIOHDqVsSauEQDwYtv2bHbTXGOAL+N2chx6yp1GXpPxpA2yqK9Ns4w
zipkRgMfAb0ZsR7e8as=
-----END CERTIFICATE-----
</cert>

Код: Выделить всё

<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEujCCAqICAQEwDQYJKoZIhvcNAQELBQAwADAeFw0yMDA0MTYxMTE1MzBaFw0z
MDA0MTQxMTE1MzBaMEYxCzAJBgNVBAYTAlJVMQ8wDQYDVQQIDAZNb3Njb3cxDzAN
BgNVBAcMBk1vc2NvdzEVMBMGA1UECgwMQ1JNR1VSVSwgbGxjMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEAuC/9lxxMrXAHJsIIUVOVyo8wqYdit9BgrM24
EX/USYRbjx2cDOkZHUOK6JR/820vUUqq7k4IpRZHvlvKKGym96CizcVRB4rrQ2AQ
U7ElZrX2tSea63qREIQ2vFn1ozYYwbWIk1bdrQ49BVE0fuSlEjxL8lcWOnFD+3wJ
mmEKgks9iXui5qHo6NrgvgxJL7B4vf2S4j+IcU8NG8eirpqOL3UFqrYltLky2jea
g+J5+76A0/uSgyCIiqCp7JnfbTUelpxu5l35N7jNdQqNkAvn1b8tnC8IYuGYWzU8
rEn2H5KXsrqUCtR/YTsyw+AD4RobtkmqV9LWiN0gQFL0Xxf30GdIsLMXchUFfq8F
TDgFwDmUqn7AbpCQ0yVmjW3Ocz85b1Uf+xIW4lQ3MRf8nWJaNYO0JE5X+s0FP6l7
qgryZ37vOYH3k0TEnvqs2V58LbqAQCC2BvJID0ZQhz9b35W/yaZTJu2WGDdoXjbl
9FacknTX1tIydvQg1Kam/yflqUv2mOnqc6hFrza7eLPUmafLOwrNyGKO+Sj2KZpO
a6yf3A29P3mHk/yZEZwVIgUfgIdE69n9c3MZPdZ5bL43Zzwllki7onkLggAI5reD
ImbrST6+5CxAi7d64aoNYhQJGFiX+j3XYq3nFcDAPhJ7ubKIthgK/FicOZZWvS7C
6tT1l0ECAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAoZlKDkU6QZktgEY6NXQpnuFK
jDcHZ5cgGcCmcTS7JBv1dZl/8E5VYfnNQblz8bcSo7++Vs2PG8aR5l9kCdHxjFrT
Bi/CF033AsF+SwDlmXSTZkMGmIO27yRM08gM/K8NVfgk42eFJYBLtyXXS9kQt9rO
DO0+VX3RxRADeLZyHSPr5r8EwvPvsiNfE2TneKrteg67MWpCtCP9qc5RLZERwGVR
CIYNqTRi6UsESRnZ821+T+jDktvvFcyZP2DX3hq2jGrvefzlVIdggWfz+Az1Vbov
E47N+cHZxsx9fMJ/Z0DhiFHOqm7Tv5OFcGAF6c82C69gu4EjjY/uJ/ynREkzEZg6
s4974dmUBR6yEgwUIefW+u4s8wy6eYI/Zadu1TLHGLimxVLS7EqcSge50b26p9Ek
sLO7AAYbdqWtgsAEX/nbE191jhv1T/Jjza9pb2WLt0gUrzbvX3T9Yj7CMaKcCYqQ
5F7SJK4AGiH9e3IxZjajhycaCbuLBEYS3AjX03F5fv+cqTSKDD//32po0ckeKZL2
TiBmMIRgfU1t1WX6upY7OkF3v1cTjV4gvmyzBnC6R9zNNKeoEn6Uf1CcUrt5FSk5
1IyU3zTZfVnlsX+4n+8XWQINOLklEb6HASumz7qpJ239T+rm88n7TAklIt6Mk9sn
Gf5jjA+mFBmCtshNypM=
-----END RSA PRIVATE KEY-----
</key>

В логах ovpn на винде вижу

Код: Выделить всё

Mon Apr 20 13:40:12 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Mon Apr 20 13:40:12 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Apr 20 13:40:12 2020 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10
Enter Management Password:
Mon Apr 20 13:40:12 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:40:17 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:40:22 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:40:27 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:40:32 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:40:42 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:41:02 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:41:42 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon Apr 20 13:43:03 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting


Не могу понять, почему не нравятся ключи...
У Вас параллельные совпадающие сессии, либо что то с подпиской, либо что то не так сгенерировали.

Код: Выделить всё

Mon Apr 20 13:43:03 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting


Вернуться к началу
Ответить

Вернуться в «FAQ (Для начинающих)»