it is a long time I try to solve this problem but, also trying all the suggestions found in this site, I didn't solve mi problem.
I installed OpenVPN on a CentOS server. This server works also with a squid proxy.
The installation went fine and when I start the service I can see the tun0 device in my ifconfig output:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
But, when I try to connect from a client, I get this log (with error):
Thu Dec 29 17:02:17 2016 us=212571 OpenVPN 2.3.14 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 7 2016
Thu Dec 29 17:02:17 2016 us=212571 Windows version 6.1 (Windows 7) 32bit
Thu Dec 29 17:02:17 2016 us=212571 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Enter Management Password:
Thu Dec 29 17:02:17 2016 us=213571 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Dec 29 17:02:17 2016 us=213571 Need hold release from management interface, waiting...
Thu Dec 29 17:02:17 2016 us=686598 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Dec 29 17:02:17 2016 us=787603 MANAGEMENT: CMD 'state on'
Thu Dec 29 17:02:17 2016 us=788603 MANAGEMENT: CMD 'log all on'
Thu Dec 29 17:02:17 2016 us=918611 MANAGEMENT: CMD 'hold off'
Thu Dec 29 17:02:17 2016 us=919611 MANAGEMENT: CMD 'hold release'
Thu Dec 29 17:02:17 2016 us=920611 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Dec 29 17:02:18 2016 us=124623 Control Channel Authentication: using 'tls.key' as a OpenVPN static key file
Thu Dec 29 17:02:18 2016 us=124623 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Dec 29 17:02:18 2016 us=124623 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Dec 29 17:02:18 2016 us=124623 Control Channel MTU parms [ L:1585 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Thu Dec 29 17:02:18 2016 us=124623 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Dec 29 17:02:18 2016 us=124623 Data Channel MTU parms [ L:1585 D:1450 EF:85 EB:12 ET:0 EL:3 ]
Thu Dec 29 17:02:18 2016 us=124623 Local Options String: 'V4,dev-type tun,link-mtu 1585,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client'
Thu Dec 29 17:02:18 2016 us=124623 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1585,tun-mtu 1500,proto UDPv4,keydir 0,cipher BF-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-server'
Thu Dec 29 17:02:18 2016 us=124623 Local Options hash (VER=V4): 'bb179ba9'
Thu Dec 29 17:02:18 2016 us=124623 Expected Remote Options hash (VER=V4): '046f7c73'
Thu Dec 29 17:02:18 2016 us=124623 UDPv4 link local: [undef]
Thu Dec 29 17:02:18 2016 us=124623 UDPv4 link remote: [AF_INET]xxx.xx.xxx.xxx:1194
Thu Dec 29 17:02:18 2016 us=124623 MANAGEMENT: >STATE:1483048938,WAIT,,,
Thu Dec 29 17:02:18 2016 us=125623 UDPv4 WRITE [86] to [AF_INET]xxx.xx.xxx.xxx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Thu Dec 29 17:02:18 2016 us=125623 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Thu Dec 29 17:02:20 2016 us=541761 UDPv4 WRITE [86] to [AF_INET]xxx.xx.xxx.xxx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Thu Dec 29 17:02:24 2016 us=165968 UDPv4 WRITE [86] to [AF_INET]xxx.xx.xxx.xxx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Thu Dec 29 17:02:32 2016 us=415440 UDPv4 WRITE [86] to [AF_INET]xxx.xx.xxx.xxx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Thu Dec 29 17:02:48 2016 us=947386 UDPv4 WRITE [86] to [AF_INET]xxx.xx.xxx.xxx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Thu Dec 29 17:03:18 2016 us=987104 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Dec 29 17:03:18 2016 us=987104 TLS Error: TLS handshake failed
Thu Dec 29 17:03:18 2016 us=988104 TCP/UDP: Closing socket
Thu Dec 29 17:03:18 2016 us=988104 SIGUSR1[soft,tls-error] received, process restarting
Thu Dec 29 17:03:18 2016 us=988104 MANAGEMENT: >STATE:1483048998,RECONNECTING,tls-error,,
On the server, the output of tcpdump is this:
12:02:47.276282 IP xxx.xx.xxx.xxx.25622 > 181.176.91.192.40013: tcp 144
0x0000: 4510 00b8 9c73 4000 4006 5575 ba40 7c96 E....s@.@.Uu.@|.
0x0010: b5b0 5bc0 6416 9c4d 24c2 7d0e 99e2 732d ..[.d..M$.}...s-
0x0020: 5018 46e0 48f2 0000 a5d6 0b6d 2b40 1773 P.F.H......m+@.s
0x0030: c860 d01c ee9f ae4b 5acb b2f5 ad22 c8c1 .`.....KZ...."..
0x0040: 529d 4fc8 e31a 5f11 dda7 238a db9e ffef R.O..._...#.....
0x0050: ba62 23a7 4bbe 460e e155 ffb1 ea38 2098 .b#.K.F..U...8..
0x0060: fd60 0313 5b76 3e38 802a e272 3b35 03d4 .`..[v>8.*.r;5..
0x0070: ef36 7ae5 0dfc b71a e989 8182 7420 be49 .6z.........t..I
0x0080: d1b3 2bf0 8c62 f28d c3b9 a59c d29a 51c3 ..+..b........Q.
0x0090: d77d 7c59 d45b e8e7 002e 0669 f28b 3c7f .}|Y.[.....i..<.
0x00a0: 7b66 ea6c a8ec 7f02 7a40 93e4 b754 6351 {f.l....z@...TcQ
0x00b0: 59da 9dbc 75e3 b9de Y...u...
12:02:47.284985 IP 181.176.91.192.40013 > xxx.xx.xxx.xxx.25622: tcp 0
0x0000: 4500 0028 bf4b 4000 7e06 f53c b5b0 5bc0 E..(.K@.~..<..[.
0x0010: ba40 7c96 9c4d 6416 99e2 732d 24c2 7d0e .@|..Md...s-$.}.
0x0020: 5010 faf0 bd57 0000 0000 0000 0000 P....W........
12:02:47.311158 IP 181.176.91.192.40013 > xxx.xx.xxx.xxx.25622: tcp 0
0x0000: 4500 0028 bf4c 4000 7e06 f53b b5b0 5bc0 E..(.L@.~..;..[.
0x0010: ba40 7c96 9c4d 6416 99e2 732d 24c2 7d9e .@|..Md...s-$.}.
0x0020: 5010 faf0 bcc7 0000 0000 0000 0000 P.............
12:02:52.439348 IP 181.176.91.192.35608 > xxx.xx.xxx.xxx.openvpn: UDP, length 86
0x0000: 4500 0072 335a 0000 7011 ced9 b5b0 5bc0 E..r3Z..p.....[.
0x0010: ba40 7c96 8b18 04aa 005e c61c 3843 856f .@|......^..8C.o
0x0020: 98f4 be31 60c3 dad2 9829 473c 43db d536 ...1`....)G<C..6
0x0030: bd2a adac a1c4 fbcf d137 a780 13cb b24a .*.......7.....J
0x0040: 6239 4d2b d845 f476 e144 7c65 4149 399b b9M+.E.v.D|eAI9.
0x0050: c537 17a4 883c 393d af65 1dbd bd43 357f .7...<9=.e...C5.
0x0060: 3fc3 865a 0700 0000 0158 6587 ea00 0000 ?..Z.....Xe.....
0x0070: 0000 ..
12:02:54.891441 IP 181.176.91.192.35608 > xxx.xx.xxx.xxx.openvpn: UDP, length 86
0x0000: 4500 0072 335c 0000 7011 ced7 b5b0 5bc0 E..r3\..p.....[.
0x0010: ba40 7c96 8b18 04aa 005e be98 3843 856f .@|......^..8C.o
0x0020: 98f4 be31 6034 88b5 52da 39db e3dd 55a0 ...1`4..R.9...U.
0x0030: cbb8 447f 63f2 da12 bafc 0814 4bde be64 ..D.c.......K..d
0x0040: 3adb ffe9 0fcf e9f1 343a 9c50 7d81 ff1e :.......4:.P}...
0x0050: 8e8a e2b8 6429 1522 7364 9f59 7158 32af ....d)."sd.YqX2.
0x0060: 3d71 9faf 3700 0000 0258 6587 ea00 0000 =q..7....Xe.....
0x0070: 0000 ..
12:02:58.539489 IP 181.176.91.192.35608 > xxx.xx.xxx.xxx.openvpn: UDP, length 86
0x0000: 4500 0072 335f 0000 7011 ced4 b5b0 5bc0 E..r3_..p.....[.
0x0010: ba40 7c96 8b18 04aa 005e f52f 3843 856f .@|......^./8C.o
0x0020: 98f4 be31 6001 d6d3 e7df a037 2c2a 0e00 ...1`......7,*..
0x0030: db6b 1389 45ef 9324 4938 d358 2d5c 5e8f .k..E..$I8.X-\^.
0x0040: 49e7 c9e3 15c4 4346 4843 de86 3613 c330 I.....CFHC..6..0
0x0050: 11e4 d240 350f 7ea3 c4ab 3adc 94e9 3066 ...@5.~...:...0f
0x0060: 8e61 f8ac f000 0000 0358 6587 ea00 0000 .a.......Xe.....
0x0070: 0000 ..
12:03:06.750443 IP 181.176.91.192.35608 > xxx.xx.xxx.xxx.openvpn: UDP, length 86
0x0000: 4500 0072 3362 0000 7011 ced1 b5b0 5bc0 E..r3b..p.....[.
0x0010: ba40 7c96 8b18 04aa 005e 4098 3843 856f .@|......^@.8C.o
0x0020: 98f4 be31 6018 0a6f 35fd 5ed8 7d5d 3f10 ...1`..o5.^.}]?.
0x0030: d233 40c3 96d0 654e 4745 9c68 e312 bc51 .3@...eNGE.h...Q
0x0040: dd28 dee1 4299 42ee 7a37 c32a 34ce 4622 .(..B.B.z7.*4.F"
0x0050: 844a 6d1b bba9 c3f1 3157 6a95 58a0 dd20 .Jm.....1Wj.X...
0x0060: ce2f 831e a200 0000 0458 6587 ea00 0000 ./.......Xe.....
0x0070: 0000 ..
12:03:24.534761 IP 181.176.91.192.35608 > xxx.xx.xxx.xxx.openvpn: UDP, length 86
0x0000: 4500 0072 3364 0000 7011 cecf b5b0 5bc0 E..r3d..p.....[.
0x0010: ba40 7c96 8b18 04aa 005e b8b4 3843 856f .@|......^..8C.o
0x0020: 98f4 be31 6099 8eaa c196 29e3 3f81 7710 ...1`.....).?.w.
0x0030: 7bf4 8fee a7fd a504 131a 8eb5 1ee5 abf8 {...............
0x0040: 6cee bc60 7e8c ccbf bc88 f958 b075 9524 l..`~......X.u.$
0x0050: f7b8 2700 20ee 8af6 1dbd 431d 645c 3cf1 ..'.......C.d\<.
0x0060: fd8d 626c 1100 0000 0558 6587 ea00 0000 ..bl.....Xe.....
0x0070: 0000 ..
12:03:55.333430 IP 181.176.91.192.20300 > xxx.xx.xxx.xxx.openvpn: UDP, length 86
0x0000: 4500 0072 33d3 0000 7011 ce60 b5b0 5bc0 E..r3...p..`..[.
0x0010: ba40 7c96 4f4c 04aa 005e 5c81 3863 bcab .@|.OL...^\.8c..
0x0020: df5b f2b7 6130 a9cf 64ea 96d8 87f8 e255 .[..a0..d......U
0x0030: 3c5b 8469 5def 25b8 b46f 7457 9315 02ae <[.i].%..otW....
0x0040: 725f 69e9 7ee9 efec 69df 31c4 3e05 d686 r_i.~...i.1.>...
0x0050: a289 7bbf 2ae3 4098 ac63 5e29 60a8 a793 ..{.*.@..c^)`...
0x0060: e403 9986 2700 0000 0158 6588 2800 0000 ....'....Xe.(...
0x0070: 0000 ..
12:03:55.967427 IP 181.176.91.192.40013 > xxx.xx.xxx.xxx.25622: tcp 64
0x0000: 4500 0068 33d4 0000 7006 ce74 b5b0 5bc0 E..h3...p..t..[.
0x0010: ba40 7c96 9c4d 6416 99e2 732d 24c2 7d9e .@|..Md...s-$.}.
0x0020: 5018 faf0 0443 0000 8314 35df cec3 f16d P....C....5....m
0x0030: e0d9 ee30 8c57 d8eb d737 7c86 7a0c 09d4 ...0.W...7|.z...
0x0040: 9dfc d4b6 f3e4 7349 80a3 4fd6 7cb0 e977 ......sI..O.|..w
0x0050: 22e4 c393 52d9 1f8e 2f5c bbf0 dae5 18da "...R.../\......
0x0060: 4dac 8148 e5b1 3613 M..H..6.
This is my test.ovpn file (client configuration):
client
dev tun
proto udp
remote xxx.xx.xxx.xxx 1194
resolv-retry infinite
nobind
ca ca.crt
cert test.crt
key test.key
tls-auth tls.key 1 # This file is secret
auth SHA512
verb 6
And this is my server.conf file:
port 1194
proto udp
dev tun
tls-server
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "route 192.168.4.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth tls.key 0 # This file is secret
auth SHA512
cipher AES-256-CBC
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 6
My iptables chains are:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 192.168.0.0/21 192.168.0.1 tcp spts:1024:65535 dpt:25622 state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 xxx.xx.xxx.xxx tcp spts:1024:65535 dpt:25622 state NEW,RELATED,ESTABLISHED
ACCEPT icmp -- 192.168.0.0/21 0.0.0.0/0 icmp type 8
ACCEPT udp -- 8.8.8.8 xxx.xx.xxx.xxx udp spt:53 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT udp -- 8.8.4.4 xxx.xx.xxx.xxx udp spt:53 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT udp -- 8.8.8.8 xxx.xx.xxx.xxx udp spt:53 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT udp -- 8.8.4.4 xxx.xx.xxx.xxx udp spt:53 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT udp -- 192.168.0.0/21 192.168.0.1 udp spts:1024:65535 dpt:53 state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.0.0/21 192.168.0.1 tcp spts:1024:65535 dpt:80 state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 xxx.xx.xxx.xxx multiport dports 1024:65535 multiport sports 80,443,7777,9443,8080,8081,2082 state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.0.0/21 192.168.0.1 tcp spts:1024:65535 dpt:3128 state NEW,RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:1194
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,ESTABLISHED /* Allow ftp connections on port 21 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:1024:65535 ctstate ESTABLISHED /* Allow passive inbound connections */
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.0.0/21 0.0.0.0/0 tcp spts:1024:65535 dpt:25622
ACCEPT tcp -- 0.0.0.0/0 192.168.0.0/21 tcp spt:25622 dpts:1024:65535
ACCEPT tcp -- 192.168.0.0/21 0.0.0.0/0 tcp spts:1024:65535 dpt:22
ACCEPT tcp -- 0.0.0.0/0 192.168.0.0/21 tcp spt:22 dpts:1024:65535
ACCEPT tcp -- 192.168.0.0/21 0.0.0.0/0 tcp spts:1024:65535 dpt:465
ACCEPT tcp -- 0.0.0.0/0 192.168.0.0/21 tcp spt:465 dpts:1024:65535
ACCEPT tcp -- 192.168.0.0/21 0.0.0.0/0 tcp spts:1024:65535 dpt:995
ACCEPT tcp -- 0.0.0.0/0 192.168.0.0/21 tcp spt:995 dpts:1024:65535
ACCEPT icmp -- 192.168.0.0/21 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 192.168.0.0/21
ACCEPT all -- 192.168.4.129 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.129
ACCEPT all -- 192.168.5.240 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.5.240
ACCEPT all -- 192.168.6.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.6.0/24
ACCEPT all -- 192.168.4.130 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.130
ACCEPT all -- 192.168.6.30 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.6.30
ACCEPT all -- 192.168.4.147 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.147
ACCEPT all -- 192.168.4.207 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.207
ACCEPT all -- 192.168.4.236 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.236
ACCEPT all -- 192.168.4.173 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.173
ACCEPT all -- 192.168.4.249 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.249
ACCEPT all -- 0.0.0.0/0 200.4.212.77
ACCEPT all -- 200.4.212.77 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.116.32.20
ACCEPT all -- 190.116.32.20 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.116.32.80
ACCEPT all -- 190.116.32.80 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 200.4.212.4
ACCEPT all -- 200.4.212.4 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.116.32.18
ACCEPT all -- 190.116.32.18 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.116.32.78
ACCEPT all -- 190.116.32.78 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 200.4.212.60
ACCEPT all -- 200.4.212.60 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.116.32.19
ACCEPT all -- 190.116.32.19 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.116.32.79
ACCEPT all -- 190.116.32.79 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 200.4.212.9
ACCEPT all -- 200.4.212.9 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.102.140.150
ACCEPT all -- 190.102.140.150 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 200.60.55.86
ACCEPT all -- 200.60.55.86 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.116.49.150
ACCEPT all -- 190.116.49.150 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 54.200.140.126
ACCEPT all -- 54.200.140.126 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.116.32.16
ACCEPT all -- 190.116.32.16 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.116.32.126
ACCEPT all -- 190.116.32.126 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 181.65.139.4
ACCEPT all -- 181.65.139.4 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.230.79.80
ACCEPT all -- 192.230.79.80 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 54.200.140.126
ACCEPT all -- 54.200.140.126 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 37.187.173.57
ACCEPT all -- 37.187.173.57 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 162.254.192.0/24
ACCEPT all -- 162.254.192.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 162.254.193.0/24
ACCEPT all -- 162.254.193.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 162.254.195.0/24
ACCEPT all -- 162.254.195.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 200.37.186.41
ACCEPT all -- 200.37.186.41 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 200.37.186.41
ACCEPT all -- 200.37.186.41 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 54.213.244.47
ACCEPT all -- 54.213.244.47 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 54.68.11.110
ACCEPT all -- 54.68.11.110 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 91.121.243.46
ACCEPT all -- 91.121.243.46 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 91.121.243.46
ACCEPT all -- 91.121.243.46 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 174.142.68.52
ACCEPT all -- 174.142.68.52 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 200.37.186.41
ACCEPT all -- 200.37.186.41 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 190.116.32.47
ACCEPT all -- 190.116.32.47 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 216.58.222.0/24
ACCEPT all -- 216.58.222.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 64.233.186.0/24
ACCEPT all -- 64.233.186.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 64.233.190.147
ACCEPT all -- 64.233.190.147 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 200.48.202.52
ACCEPT all -- 200.48.202.52 0.0.0.0/0
ACCEPT all -- 192.168.4.129 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.129
ACCEPT all -- 192.168.5.240 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.5.240
ACCEPT all -- 192.168.6.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.6.0/24
ACCEPT all -- 192.168.4.130 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.130
ACCEPT all -- 192.168.6.30 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.6.30
ACCEPT all -- 192.168.4.147 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.147
ACCEPT all -- 192.168.4.207 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.207
ACCEPT all -- 192.168.4.236 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.236
ACCEPT all -- 192.168.4.173 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.173
ACCEPT all -- 192.168.4.249 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.4.249
ACCEPT all -- 0.0.0.0/0 192.168.0.8
ACCEPT all -- 192.168.0.8 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.0.8
ACCEPT all -- 192.168.0.8 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.1.246
ACCEPT all -- 192.168.1.246 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 192.168.0.1 192.168.0.0/21 tcp spt:25622 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- xxx.xx.xxx.xxx 0.0.0.0/0 tcp spt:25622 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 192.168.0.0/21 icmp type 0
ACCEPT udp -- xxx.xx.xxx.xxx 8.8.8.8 udp spts:1024:65535 dpt:53 state NEW,RELATED,ESTABLISHED
ACCEPT udp -- xxx.xx.xxx.xxx 8.8.4.4 udp spts:1024:65535 dpt:53 state NEW,RELATED,ESTABLISHED
ACCEPT udp -- xxx.xx.xxx.xxx 8.8.8.8 udp spts:1024:65535 dpt:53 state NEW,RELATED,ESTABLISHED
ACCEPT udp -- xxx.xx.xxx.xxx 8.8.4.4 udp spts:1024:65535 dpt:53 state NEW,RELATED,ESTABLISHED
ACCEPT udp -- 192.168.0.1 192.168.0.0/21 udp spt:53 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.0.1 192.168.0.0/21 tcp spt:80 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- xxx.xx.xxx.xxx 0.0.0.0/0 multiport sports 1024:65535 multiport dports 80,443,7777,9443,8080,8081,2082 state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.0.1 192.168.0.0/21 tcp spt:3128 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,ESTABLISHED /* Allow ftp connections on port 21 */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:1024:65535 ctstate RELATED,ESTABLISHED /* Allow passive inbound connections */
Which may be the problem? Are days that I'm stuck with this and I'm going mad.
Thanks for any help.
EDIT: as suggested by Steffen Ullrich, I'm posting here my server file openvpn.log. The problem with this log is that doesn't log anything regarding the connection. This log is written on openvpn service start and doesn't change when I try to connect from the client:
Fri Dec 30 04:16:58 2016 us=153406 OpenVPN 2.3.13 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 3 2016
Fri Dec 30 04:16:58 2016 us=153428 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Fri Dec 30 04:16:58 2016 us=169851 Diffie-Hellman initialized with 2048 bit key
Fri Dec 30 04:16:58 2016 us=170840 Control Channel Authentication: using 'tls.key' as a OpenVPN static key file
Fri Dec 30 04:16:58 2016 us=170882 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Dec 30 04:16:58 2016 us=170905 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Dec 30 04:16:58 2016 us=170945 TLS-Auth MTU parms [ L:1601 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Fri Dec 30 04:16:58 2016 us=170992 Socket Buffers: R=[124928->124928] S=[124928->124928]
Fri Dec 30 04:16:58 2016 us=171938 TUN/TAP device tun0 opened
Fri Dec 30 04:16:58 2016 us=171991 TUN/TAP TX queue length set to 100
Fri Dec 30 04:16:58 2016 us=172020 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Dec 30 04:16:58 2016 us=172066 /sbin/ip link set dev tun0 up mtu 1500
Fri Dec 30 04:16:58 2016 us=174923 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Fri Dec 30 04:16:58 2016 us=176804 Data Channel MTU parms [ L:1601 D:1450 EF:101 EB:12 ET:0 EL:3 ]
Fri Dec 30 04:16:58 2016 us=176883 UDPv4 link local (bound): [undef]
Fri Dec 30 04:16:58 2016 us=176902 UDPv4 link remote: [undef]
Fri Dec 30 04:16:58 2016 us=176929 MULTI: multi_init called, r=256 v=256
Fri Dec 30 04:16:58 2016 us=176996 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Fri Dec 30 04:16:58 2016 us=177044 Initialization Sequence Completed
Best Answer
It doesn't solve at all my problem, but made it works. Simply opening the INPUT and OUTPUT chains op iptables, with
made me connect to the vpn. Still I don't understand which rule prevented me to connect, but now I can connect.