ubuntu 16.04 OpenVPN Server / Client
Reference site: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-18-04
OpenVPN 설치전 시스템 의 모든 패키지를 업데이트 합니다.
test@ubuntu-vpn:~$ sudo apt upgrade -y
OpenVPN 설치
test@ubuntu-vpn:~$ sudo apt install -y openvpn
EasyRSA 을 다운 받고 압축을 해제 합니다.
test@vpn-test:~$ wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz test@vpn-test:~$ tar xvf EasyRSA-3.0.4.tgz test@vpn-test:~$ cd EasyRSA-3.0.4/
vars 파일 을 카피 하고 수정 합니다.
test@ubuntu-vpn:~$ cd EasyRSA-3.0.4/ test@ubuntu-vpn:~/EasyRSA-3.0.4$ cp vars.example vars test@ubuntu-vpn:~/EasyRSA-3.0.4$ vi vars ~중략 set_var EASYRSA_REQ_COUNTRY "US" set_var EASYRSA_REQ_PROVINCE "California" set_var EASYRSA_REQ_CITY "San Francisco" set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" set_var EASYRSA_REQ_EMAIL "me@example.net" set_var EASYRSA_REQ_OU "My Organizational Unit"
수정된 vars 를 이용하여 ca 를 생성합니다.
pki 디렉토리 생성
test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa init-pki Note: using Easy-RSA configuration from: ./vars init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /home/test/EasyRSA-3.0.4/pki test@ubuntu-vpn:~/EasyRSA-3.0.4$
nopass 옵션사용시 비밀번호 없이 설정을 진행 합니다.
test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa build-ca nopass Note: using Easy-RSA configuration from: ./vars Generating a 2048 bit RSA private key ......................+++ ....................................................................................................+++ writing new private key to '/home/test/EasyRSA-3.0.4/pki/private/ca.key.kMZbbLCFHN' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name (eg: your user, host, or server name) [Easy-RSA CA]: CA creation complete and you may now import and sign cert requests. Your new CA certificate file for publishing is at: /home/test/EasyRSA-3.0.4/pki/ca.crt test@ubuntu-vpn:~/EasyRSA-3.0.4$
Server 인증서 만들기
test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa gen-req server nopass Note: using Easy-RSA configuration from: ./vars Generating a 2048 bit RSA private key ...............+++ .........................................................+++ writing new private key to '/home/test/EasyRSA-3.0.4/pki/private/server.key.smJLxpp4h4' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name (eg: your user, host, or server name) [server]: Keypair and certificate request completed. Your files are: req: /home/test/EasyRSA-3.0.4/pki/reqs/server.req key: /home/test/EasyRSA-3.0.4/pki/private/server.key test@ubuntu-vpn:~/EasyRSA-3.0.4$
server.key 파일 복사
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/private/server.key /etc/openvpn/
server.crt 파일 생성 yes 로 설정을 마무리 합니다.
yes 를 입력
test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa sign-req server server
Note: using Easy-RSA configuration from: ./vars
You are about to sign the following certificate.
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.
Request subject, to be signed as a server certificate for 3650 days:
subject=
commonName = server
Type the word 'yes' to continue, or any other input to abort.
Confirm request details: yes
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'server'
Certificate is to be certified until Nov 3 08:59:07 2028 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Certificate created at: /home/test/EasyRSA-3.0.4/pki/issued/server.crt
test@ubuntu-vpn:~/EasyRSA-3.0.4$
crt 파일을 복사 합니다.
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/issued/server.crt /etc/openvpn/ test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/ca.crt /etc/openvpn/
Diffie-Hellman key 생성
test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa gen-dh Note: using Easy-RSA configuration from: ./vars Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time ......................+ ~중략 DH parameters of size 2048 created at /home/test/EasyRSA-3.0.4/pki/dh.pem test@ubuntu-vpn:~/EasyRSA-3.0.4$
ta.key 를 생성
test@ubuntu-vpn:~/EasyRSA-3.0.4$ openvpn --genkey --secret ta.key test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp ta.key /etc/openvpn/ test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/dh.pem /etc/openvpn/
openvpn-config 디렉토리 생성 및 디렉토리 권한 설정
test@ubuntu-vpn:~/EasyRSA-3.0.4$ mkdir -p ~/openvpn-config/key test@ubuntu-vpn:~/EasyRSA-3.0.4$ chmod -R 700 ~/openvpn-config
Client 인증서 생성
test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa gen-req user01 nopass Note: using Easy-RSA configuration from: ./vars Generating a 2048 bit RSA private key ..................................................................................................................................................................+++ ..................+++ writing new private key to '/home/test/EasyRSA-3.0.4/pki/private/user01.key.xoi765b604' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name (eg: your user, host, or server name) [user01]: Keypair and certificate request completed. Your files are: req: /home/test/EasyRSA-3.0.4/pki/reqs/user01.req key: /home/test/EasyRSA-3.0.4/pki/private/user01.key test@ubuntu-vpn:~/EasyRSA-3.0.4$
user01.key 를 카피 합니다.
test@ubuntu-vpn:~/EasyRSA-3.0.4$ cp pki/private/user01.key ~/openvpn-config/key/test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa sign-req client user01
Note: using Easy-RSA configuration from: ./vars
You are about to sign the following certificate.
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.
Request subject, to be signed as a client certificate for 3650 days:
subject=
commonName = user01
Type the word 'yes' to continue, or any other input to abort.
Confirm request details: yes
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'user01'
Certificate is to be certified until Nov 3 09:06:29 2028 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Certificate created at: /home/test/EasyRSA-3.0.4/pki/issued/user01.crt
test@ubuntu-vpn:~/EasyRSA-3.0.4$
user01 crt 파일 복사
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/issued/user01.crt ~/openvpn-config/key/ test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp ta.key ~/openvpn-config/key/ test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp /etc/openvpn/ca.crt ~/openvpn-config/key/
server.conf.gz 파일 카피 및 압축해제
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo gzip -d /etc/openvpn/server.conf.gz
server.conf 설정
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo vi /etc/openvpn/server.conf tls-auth ta.key 0 # This file is secret key-direction 0 cipher AES-128-CBC # AES auth SHA256 ;dh dh2048.pem dh dh.pem user nobody group nogroup push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"
sysctl.conf 설정
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo vi /etc/sysctl.conf net.ipv4.ip_forward=1 test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo sysctl -p net.ipv4.ip_forward = 1
UFW 설정
Default G/W 로 사용되는 Nic Device 를 확인 합니다.
test@ubuntu-vpn:~$ ip route |grep default default via 192.168.0.2 dev ens33
ufw 를 설정 합니다.
test@ubuntu-vpn:~$ sudo vi /etc/ufw/before.rules # ufw-before-forward # # Don't delete these required lines, otherwise there will be errors # START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # ens33 MASQUERADE Settins -A POSTROUTING -s 10.8.0.0/8 -o ens33 -j MASQUERADE COMMIT # END OPENVPN RULES #
/etc/default/ufw 설정
DROP => ACCEPT 로 변경 합니다.
test@ubuntu-vpn:~$ sudo vi /etc/default/ufw #DEFAULT_FORWARD_POLICY="DROP" DEFAULT_FORWARD_POLICY="ACCEPT"
ufw Service 추가
test@ubuntu-vpn:~$ sudo ufw allow 1194/udp Rules updated Rules updated (v6) test@ubuntu-vpn:~$ sudo ufw allow OpenSSH Rules updated Rules updated (v6) test@ubuntu-vpn:~$ sudo ufw disable Firewall stopped and disabled on system startup test@ubuntu-vpn:~$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup test@ubuntu-vpn:~$
openvpn Server 활성화 및 구동
test@ubuntu-vpn:~$ sudo systemctl enable openvpn@server Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn@server.service to /lib/systemd/system/openvpn@.service. test@ubuntu-vpn:~$ sudo systemctl start openvpn@server
ifconfig 확인시 tun0 Device 를 확인 할수 있습니다.
test@ubuntu-vpn:~$ ifconfig
ens33 Link encap:Ethernet HWaddr 00:0c:29:18:c3:ea
inet addr:192.168.0.12 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe18:c3ea/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3098 errors:0 dropped:0 overruns:0 frame:0
TX packets:4223 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:729938 (729.9 KB) TX bytes:531750 (531.7 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:176 errors:0 dropped:0 overruns:0 frame:0
TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:13296 (13.2 KB) TX bytes:13296 (13.2 KB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
test@ubuntu-vpn:~$
base.conf 설정
test@ubuntu-vpn:~$ mkdir ~/openvpn-config/files test@ubuntu-vpn:~$ cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/openvpn-config/base.conf test@ubuntu-vpn:~$ vi ~/openvpn-config/base.conf remote 192.168.0.12 1194 user nobody group nogroup #ca ca.crt #cert client.crt #key client.key cipher AES-256-CBC auth SHA256 key-direction 1 # 최하단 ;mute 20 # script-security 2 # up /etc/openvpn/update-resolv-conf # down /etc/openvpn/update-resolv-conf
make_config.sh 스크립트 작성
test@ubuntu-vpn:~$ vi ~/openvpn-config/make_config.sh
#!/bin/bash
# First argument: Client identifier
KEY_DIR=~/openvpn-config/key
OUTPUT_DIR=~/openvpn-config/files
BASE_CONFIG=~/openvpn-config/base.conf
cat ${BASE_CONFIG} \
<(echo -e '<ca>') \
${KEY_DIR}/ca.crt \
<(echo -e '</ca>\n<cert>') \
${KEY_DIR}/${1}.crt \
<(echo -e '</cert>\n<key>') \
${KEY_DIR}/${1}.key \
<(echo -e '</key>\n<tls-auth>') \
${KEY_DIR}/ta.key \
<(echo -e '</tls-auth>') \
> ${OUTPUT_DIR}/${1}.ovpn
test@ubuntu-vpn:~$ chmod 700 ~/openvpn-config/make_config.sh
user01 계정 생성
test@ubuntu-vpn:~$ cd openvpn-config/ test@ubuntu-vpn:~/openvpn-config$ sudo ./make_config.sh user01 test@ubuntu-vpn:~/openvpn-config$ cd files/ test@ubuntu-vpn:~/openvpn-config/files$ sudo cp ../key/ta.key . test@ubuntu-vpn:~/openvpn-config/files$ sudo chmod 644 ta.key
접속시 필요한 파일은 ~/openvpn-config/files 에 있습니다.
test@ubuntu-vpn:~$ ls -al openvpn-config/files/ total 24 drwxrwxr-x 2 test test 4096 Nov 6 18:19 . drwx------ 4 test test 4096 Nov 6 18:17 .. -rw-r--r-- 1 root root 636 Nov 6 18:19 ta.key -rw-r--r-- 1 root root 11545 Nov 6 18:18 user01.ovpn test@ubuntu-vpn:~$
Ubuntu OpenVPN Client
openvpn 설치
test@ubuntu-client:~$ sudo apt update test@ubuntu-client:~$ sudo apt install -y openvpn test@ubuntu-client:~$ sudo snap install easy-openvpn
user01 인증서 복사
test@ubuntu-vpn:~/openvpn-config/files$ scp user01.ovpn test@192.168.0.14:/home/test/openvpn/ test@ubuntu-vpn:~/openvpn-config/files$ scp ta.key test@192.168.0.14:/home/test/openvpn/
접속 테스트
test@ubuntu-client:~/openvpn$ sudo openvpn --config user01.ovpn ~중략 option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' Wed Nov 7 15:56:52 2018 OPTIONS IMPORT: timers and/or timeouts modified Wed Nov 7 15:56:52 2018 OPTIONS IMPORT: --ifconfig/up options modified Wed Nov 7 15:56:52 2018 OPTIONS IMPORT: route options modified Wed Nov 7 15:56:52 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Wed Nov 7 15:56:52 2018 ROUTE_GATEWAY 192.168.0.2/255.255.255.0 IFACE=ens33 HWADDR=00:0c:29:0f:e7:2a Wed Nov 7 15:56:52 2018 TUN/TAP device tun0 opened Wed Nov 7 15:56:52 2018 TUN/TAP TX queue length set to 100 Wed Nov 7 15:56:52 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Wed Nov 7 15:56:52 2018 /sbin/ip link set dev tun0 up mtu 1500 Wed Nov 7 15:56:52 2018 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5 Wed Nov 7 15:56:52 2018 /sbin/ip route add 192.168.0.12/32 dev ens33 Wed Nov 7 15:56:52 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5 Wed Nov 7 15:56:52 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5 Wed Nov 7 15:56:52 2018 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5 Wed Nov 7 15:56:52 2018 GID set to nogroup Wed Nov 7 15:56:52 2018 UID set to nobody Wed Nov 7 15:56:52 2018 Initialization Sequence Completed
정상적으로 vpn 에 접속시 tun0 Device 를 확인 할수 있습니다.
test@ubuntu-client:~$ ifconfig
ens33 Link encap:Ethernet HWaddr 00:0c:29:0f:e7:2a
inet addr:192.168.0.14 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe0f:e72a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:918 errors:0 dropped:0 overruns:0 frame:0
TX packets:763 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:102521 (102.5 KB) TX bytes:155757 (155.7 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:176 errors:0 dropped:0 overruns:0 frame:0
TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:13296 (13.2 KB) TX bytes:13296 (13.2 KB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
test@ubuntu-client:~$
systemd 에 추가
test@ubuntu-client:~/openvpn$ sudo vi /lib/systemd/system/openvpn-client.service [Unit] Description=test.com OpenVPN Kr Service After=multi-user.target [Service] Type=idle ExecStart=/usr/sbin/openvpn --config /home/test/openvpn/user01.ovpn [Install] WantedBy=multi-user.target test@ubuntu-client:~/openvpn$ sudo chmod 644 /lib/systemd/system/openvpn-client.service
systemd 활성화 및 실행
test@ubuntu-client:~/openvpn$ sudo systemctl daemon-reload
test@ubuntu-client:~/openvpn$ sudo systemctl enable openvpn-client
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn-client.service to /lib/systemd/system/openvpn-client.service.
test@ubuntu-client:~/openvpn$ sudo systemctl start openvpn-client
test@ubuntu-client:~/openvpn$ sudo systemctl status openvpn-client
● openvpn-client.service - test.com OpenVPN Kr Service
Loaded: loaded (/lib/systemd/system/openvpn-client.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-11-07 16:02:04 KST; 32s ago
Main PID: 2034 (openvpn)
Tasks: 1
Memory: 828.0K
CPU: 35ms
CGroup: /system.slice/openvpn-client.service
└─2034 /usr/sbin/openvpn --config /home/test/openvpn/user01.ovpn
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov 7 16:02:06 2018 ERROR: Linux route add command failed: external program exited
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov 7 16:02:06 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov 7 16:02:06 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov 7 16:02:06 2018 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov 7 16:02:06 2018 GID set to nogroup
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov 7 16:02:06 2018 UID set to nobody
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov 7 16:02:06 2018 Initialization Sequence Completed
시스템 리부팅 및 동작 확인
test@ubuntu-client:~/openvpn$ sudo init 6
test@ubuntu-client:~$ ifconfig
ens33 Link encap:Ethernet HWaddr 00:0c:29:0f:e7:2a
inet addr:192.168.0.14 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe0f:e72a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:152 errors:0 dropped:0 overruns:0 frame:0
TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30427 (30.4 KB) TX bytes:33460 (33.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:176 errors:0 dropped:0 overruns:0 frame:0
TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:13296 (13.2 KB) TX bytes:13296 (13.2 KB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:1216 (1.2 KB)
test@ubuntu-client:~$ systemctl status openvpn-client
● openvpn-client.service - test.com OpenVPN Kr Service
Loaded: loaded (/lib/systemd/system/openvpn-client.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-11-07 16:04:43 KST; 7min ago
Main PID: 1312 (openvpn)
Tasks: 1
Memory: 1.7M
CPU: 157ms
CGroup: /system.slice/openvpn-client.service
└─1312 /usr/sbin/openvpn --config /home/test/openvpn/user01.ovpn
Nov 07 16:10:59 ubuntu-client openvpn[1312]: Wed Nov 7 16:10:59 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modifi
Nov 07 16:10:59 ubuntu-client openvpn[1312]: Wed Nov 7 16:10:59 2018 Preserving previous TUN/TAP instance: tun0
Nov 07 16:10:59 ubuntu-client openvpn[1312]: Wed Nov 7 16:10:59 2018 Initialization Sequence Completed
Nov 07 16:11:09 ubuntu-client openvpn[1312]: Wed Nov 7 16:11:09 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:20 ubuntu-client openvpn[1312]: Wed Nov 7 16:11:20 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:30 ubuntu-client openvpn[1312]: Wed Nov 7 16:11:30 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:40 ubuntu-client openvpn[1312]: Wed Nov 7 16:11:40 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:51 ubuntu-client openvpn[1312]: Wed Nov 7 16:11:51 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:12:01 ubuntu-client openvpn[1312]: Wed Nov 7 16:12:01 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:12:10 ubuntu-client openvpn[1312]: Wed Nov 7 16:12:10 2018 Authenticate/Decrypt packet error: cipher final failed
test@ubuntu-client:~$
Authenticate/Decrypt packet error: cipher final failed 메시지 발생시 설정 확인 필요.