Конфиг клиент Openvpn

[rum]

Добрый день, пытаюсь настроить Openvpn для доступа к рабочей сети на ESR-1511 1.18.1 build . По самой настройке вопросов нет, но оно не работает. Сертификаты генерил по инструкции. Посдскажите пожалуйста, может в конфиге клиента я что то забыл.. Вот конфиги:

remote-access openvpn Ras
network 10.5.0.0/24
protocol tcp
tunnel ip
port 19795
route 10.0.0.0/16,172.16.0.0/16,10.10.0.0/24
dns-server 10.0.0.8,10.0.0.3
encryption algorithm aes256
certificate ca ca.crt
certificate dh dh.pem
certificate server-key server.key
certificate server-crt server.crt
certificate ta ta.key
security-zone Ras_VPN
enable
exit

client
dev tun
remote-cert-tls server
proto tcp
remote 10.10.0.100 19795
cipher AES-256-CBC
ca Key/ca.crt
cert Key/rum.crt
key Key/rum.key
dh Key/dh.pem
tls-client
tls-auth Key/ta.key 1
auth SHA256
verb 3

Логи:
2023-05-18 16:22:51 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-05-18 16:22:51 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
2023-05-18 16:22:51 WARNING: file 'Key/rum.key' is group or others accessible
2023-05-18 16:22:51 WARNING: file 'Key/ta.key' is group or others accessible
2023-05-18 16:22:51 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2023-05-18 16:22:51 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
2023-05-18 16:22:51 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:22:51 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:22:51 TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.0.100:19795
2023-05-18 16:22:51 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-05-18 16:22:51 Attempting to establish TCP connection with [AF_INET]10.10.0.100:19795 [nonblock]
2023-05-18 16:22:51 TCP connection established with [AF_INET]10.10.0.100:19795
2023-05-18 16:22:51 TCP_CLIENT link local: (not bound)
2023-05-18 16:22:51 TCP_CLIENT link remote: [AF_INET]10.10.0.100:19795
2023-05-18 16:22:51 Connection reset, restarting [0]
2023-05-18 16:22:51 SIGUSR1[soft,connection-reset] received, process restarting
2023-05-18 16:22:51 Restart pause, 5 second(s)
2023-05-18 16:22:56 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:22:56 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:22:56 TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.0.100:19795
2023-05-18 16:22:56 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-05-18 16:22:56 Attempting to establish TCP connection with [AF_INET]10.10.0.100:19795 [nonblock]
2023-05-18 16:22:56 TCP connection established with [AF_INET]10.10.0.100:19795
2023-05-18 16:22:56 TCP_CLIENT link local: (not bound)
2023-05-18 16:22:56 TCP_CLIENT link remote: [AF_INET]10.10.0.100:19795
2023-05-18 16:22:56 Connection reset, restarting [0]
2023-05-18 16:22:56 SIGUSR1[soft,connection-reset] received, process restarting
2023-05-18 16:22:56 Restart pause, 5 second(s)
2023-05-18 16:23:01 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:23:01 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:23:01 TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.0.100:19795
2023-05-18 16:23:01 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-05-18 16:23:01 Attempting to establish TCP connection with [AF_INET]10.10.0.100:19795 [nonblock]
2023-05-18 16:23:01 TCP connection established with [AF_INET]10.10.0.100:19795
2023-05-18 16:23:01 TCP_CLIENT link local: (not bound)
2023-05-18 16:23:01 TCP_CLIENT link remote: [AF_INET]10.10.0.100:19795
2023-05-18 16:23:01 Connection reset, restarting [0]
2023-05-18 16:23:01 SIGUSR1[soft,connection-reset] received, process restarting
2023-05-18 16:23:01 Restart pause, 5 second(s)
2023-05-18 16:23:06 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:23:06 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:23:06 TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.0.100:19795
2023-05-18 16:23:06 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-05-18 16:23:06 Attempting to establish TCP connection with [AF_INET]10.10.0.100:19795 [nonblock]
2023-05-18 16:23:06 TCP connection established with [AF_INET]10.10.0.100:19795
2023-05-18 16:23:06 TCP_CLIENT link local: (not bound)
2023-05-18 16:23:06 TCP_CLIENT link remote: [AF_INET]10.10.0.100:19795
2023-05-18 16:23:06 Connection reset, restarting [0]
2023-05-18 16:23:06 SIGUSR1[soft,connection-reset] received, process restarting
2023-05-18 16:23:06 Restart pause, 5 second(s)
2023-05-18 16:23:11 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:23:11 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:23:11 TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.0.100:19795
2023-05-18 16:23:11 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-05-18 16:23:11 Attempting to establish TCP connection with [AF_INET]10.10.0.100:19795 [nonblock]
2023-05-18 16:23:11 TCP connection established with [AF_INET]10.10.0.100:19795
2023-05-18 16:23:11 TCP_CLIENT link local: (not bound)
2023-05-18 16:23:11 TCP_CLIENT link remote: [AF_INET]10.10.0.100:19795
2023-05-18 16:23:11 Connection reset, restarting [0]
2023-05-18 16:23:11 SIGUSR1[soft,connection-reset] received, process restarting
2023-05-18 16:23:11 Restart pause, 10 second(s)
^X^C2023-05-18 16:23:19 SIGINT[hard,init_instance] received, process exiting

подробный лог:
root@rum:/etc/openvpn# openvpn --config client.conf
2023-05-18 16:41:22 us=205972 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-05-18 16:41:22 us=206221 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
2023-05-18 16:41:22 us=206263 WARNING: file 'Key/rum.key' is group or others accessible
2023-05-18 16:41:22 us=206282 WARNING: file 'Key/ta.key' is group or others accessible
2023-05-18 16:41:22 us=206302 Current Parameter Settings:
2023-05-18 16:41:22 us=206315 config = 'client.conf'
2023-05-18 16:41:22 us=206331 mode = 0
2023-05-18 16:41:22 us=206344 persist_config = DISABLED
2023-05-18 16:41:22 us=206358 persist_mode = 1
2023-05-18 16:41:22 us=206375 show_ciphers = DISABLED
2023-05-18 16:41:22 us=206387 show_digests = DISABLED
2023-05-18 16:41:22 us=206401 show_engines = DISABLED
2023-05-18 16:41:22 us=206412 genkey = DISABLED
2023-05-18 16:41:22 us=206423 genkey_filename = '[UNDEF]'
2023-05-18 16:41:22 us=206433 key_pass_file = '[UNDEF]'
2023-05-18 16:41:22 us=206442 show_tls_ciphers = DISABLED
2023-05-18 16:41:22 us=206453 connect_retry_max = 0
2023-05-18 16:41:22 us=206466 Connection profiles [0]:
2023-05-18 16:41:22 us=206477 proto = tcp-client
2023-05-18 16:41:22 us=206488 local = '[UNDEF]'
2023-05-18 16:41:22 us=206500 local_port = '[UNDEF]'
2023-05-18 16:41:22 us=206514 remote = '10.10.0.100'
2023-05-18 16:41:22 us=206526 remote_port = '19795'
2023-05-18 16:41:22 us=206540 remote_float = DISABLED
2023-05-18 16:41:22 us=206552 bind_defined = DISABLED
2023-05-18 16:41:22 us=206564 bind_local = DISABLED
2023-05-18 16:41:22 us=206578 bind_ipv6_only = DISABLED
2023-05-18 16:41:22 us=206590 connect_retry_seconds = 5
2023-05-18 16:41:22 us=206605 connect_timeout = 120
2023-05-18 16:41:22 us=206618 socks_proxy_server = '[UNDEF]'
2023-05-18 16:41:22 us=206631 socks_proxy_port = '[UNDEF]'
2023-05-18 16:41:22 us=206643 tun_mtu = 1500
2023-05-18 16:41:22 us=206656 tun_mtu_defined = ENABLED
2023-05-18 16:41:22 us=206671 link_mtu = 1500
2023-05-18 16:41:22 us=206683 link_mtu_defined = DISABLED
2023-05-18 16:41:22 us=206696 tun_mtu_extra = 0
2023-05-18 16:41:22 us=206708 tun_mtu_extra_defined = DISABLED
2023-05-18 16:41:22 us=206722 mtu_discover_type = -1
2023-05-18 16:41:22 us=206735 fragment = 0
2023-05-18 16:41:22 us=206748 mssfix = 1450
2023-05-18 16:41:22 us=206763 explicit_exit_notification = 0
2023-05-18 16:41:22 us=206778 tls_auth_file = 'Key/ta.key'
2023-05-18 16:41:22 us=206794 key_direction = 1
2023-05-18 16:41:22 us=206808 tls_crypt_file = '[UNDEF]'
2023-05-18 16:41:22 us=206820 tls_crypt_v2_file = '[UNDEF]'
2023-05-18 16:41:22 us=206833 Connection profiles END
2023-05-18 16:41:22 us=206846 remote_random = DISABLED
2023-05-18 16:41:22 us=206858 ipchange = '[UNDEF]'
2023-05-18 16:41:22 us=206870 dev = 'tun'
2023-05-18 16:41:22 us=206883 dev_type = '[UNDEF]'
2023-05-18 16:41:22 us=206894 dev_node = '[UNDEF]'
2023-05-18 16:41:22 us=206907 lladdr = '[UNDEF]'
2023-05-18 16:41:22 us=206918 topology = 1
2023-05-18 16:41:22 us=206932 ifconfig_local = '[UNDEF]'
2023-05-18 16:41:22 us=206944 ifconfig_remote_netmask = '[UNDEF]'
2023-05-18 16:41:22 us=206957 ifconfig_noexec = DISABLED
2023-05-18 16:41:22 us=206966 ifconfig_nowarn = DISABLED
2023-05-18 16:41:22 us=206975 ifconfig_ipv6_local = '[UNDEF]'
2023-05-18 16:41:22 us=206985 ifconfig_ipv6_netbits = 0
2023-05-18 16:41:22 us=206993 ifconfig_ipv6_remote = '[UNDEF]'
2023-05-18 16:41:22 us=207002 shaper = 0
2023-05-18 16:41:22 us=207014 mtu_test = 0
2023-05-18 16:41:22 us=207028 mlock = DISABLED
2023-05-18 16:41:22 us=207040 keepalive_ping = 0
2023-05-18 16:41:22 us=207051 keepalive_timeout = 0
2023-05-18 16:41:22 us=207065 inactivity_timeout = 0
2023-05-18 16:41:22 us=207079 ping_send_timeout = 0
2023-05-18 16:41:22 us=207093 ping_rec_timeout = 0
2023-05-18 16:41:22 us=207101 ping_rec_timeout_action = 0
2023-05-18 16:41:22 us=207108 ping_timer_remote = DISABLED
2023-05-18 16:41:22 us=207115 remap_sigusr1 = 0
2023-05-18 16:41:22 us=207122 persist_tun = DISABLED
2023-05-18 16:41:22 us=207129 persist_local_ip = DISABLED
2023-05-18 16:41:22 us=207136 persist_remote_ip = DISABLED
2023-05-18 16:41:22 us=207142 persist_key = DISABLED
2023-05-18 16:41:22 us=207160 passtos = DISABLED
2023-05-18 16:41:22 us=207172 resolve_retry_seconds = 1000000000
2023-05-18 16:41:22 us=207187 resolve_in_advance = DISABLED
2023-05-18 16:41:22 us=207199 username = '[UNDEF]'
2023-05-18 16:41:22 us=207212 groupname = '[UNDEF]'
2023-05-18 16:41:22 us=207223 chroot_dir = '[UNDEF]'
2023-05-18 16:41:22 us=207235 cd_dir = '[UNDEF]'
2023-05-18 16:41:22 us=207249 writepid = '[UNDEF]'
2023-05-18 16:41:22 us=207259 up_script = '[UNDEF]'
2023-05-18 16:41:22 us=207266 down_script = '[UNDEF]'
2023-05-18 16:41:22 us=207278 down_pre = DISABLED
2023-05-18 16:41:22 us=207288 up_restart = DISABLED
2023-05-18 16:41:22 us=207301 up_delay = DISABLED
2023-05-18 16:41:22 us=207313 daemon = DISABLED
2023-05-18 16:41:22 us=207326 inetd = 0
2023-05-18 16:41:22 us=207338 log = DISABLED
2023-05-18 16:41:22 us=207350 suppress_timestamps = DISABLED
2023-05-18 16:41:22 us=207366 machine_readable_output = DISABLED
2023-05-18 16:41:22 us=207379 nice = 0
2023-05-18 16:41:22 us=207397 verbosity = 9
2023-05-18 16:41:22 us=207410 mute = 0
2023-05-18 16:41:22 us=207421 gremlin = 0
2023-05-18 16:41:22 us=207435 status_file = '[UNDEF]'
2023-05-18 16:41:22 us=207445 status_file_version = 1
2023-05-18 16:41:22 us=207454 status_file_update_freq = 60
2023-05-18 16:41:22 us=207464 occ = ENABLED
2023-05-18 16:41:22 us=207477 rcvbuf = 0
2023-05-18 16:41:22 us=207492 sndbuf = 0
2023-05-18 16:41:22 us=207505 mark = 0
2023-05-18 16:41:22 us=207518 sockflags = 0
2023-05-18 16:41:22 us=207531 fast_io = DISABLED
2023-05-18 16:41:22 us=207545 comp.alg = 0
2023-05-18 16:41:22 us=207560 comp.flags = 0
2023-05-18 16:41:22 us=207575 route_script = '[UNDEF]'
2023-05-18 16:41:22 us=207589 route_default_gateway = '[UNDEF]'
2023-05-18 16:41:22 us=207603 route_default_metric = 0
2023-05-18 16:41:22 us=207616 route_noexec = DISABLED
2023-05-18 16:41:22 us=207629 route_delay = 0
2023-05-18 16:41:22 us=207642 route_delay_window = 30
2023-05-18 16:41:22 us=207655 route_delay_defined = DISABLED
2023-05-18 16:41:22 us=207670 route_nopull = DISABLED
2023-05-18 16:41:22 us=207684 route_gateway_via_dhcp = DISABLED
2023-05-18 16:41:22 us=207698 allow_pull_fqdn = DISABLED
2023-05-18 16:41:22 us=207711 management_addr = '[UNDEF]'
2023-05-18 16:41:22 us=207724 management_port = '[UNDEF]'
2023-05-18 16:41:22 us=207740 management_user_pass = '[UNDEF]'
2023-05-18 16:41:22 us=207753 management_log_history_cache = 250
2023-05-18 16:41:22 us=207936 management_echo_buffer_size = 100
2023-05-18 16:41:22 us=207962 management_write_peer_info_file = '[UNDEF]'
2023-05-18 16:41:22 us=207977 management_client_user = '[UNDEF]'
2023-05-18 16:41:22 us=207992 management_client_group = '[UNDEF]'
2023-05-18 16:41:22 us=208005 management_flags = 0
2023-05-18 16:41:22 us=208022 shared_secret_file = '[UNDEF]'
2023-05-18 16:41:22 us=208035 key_direction = 1
2023-05-18 16:41:22 us=208049 ciphername = 'AES-256-CBC'
2023-05-18 16:41:22 us=208065 ncp_enabled = ENABLED
2023-05-18 16:41:22 us=208080 ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-256-CBC'
2023-05-18 16:41:22 us=208096 authname = 'SHA256'
2023-05-18 16:41:22 us=208109 prng_hash = 'SHA1'
2023-05-18 16:41:22 us=208121 prng_nonce_secret_len = 16
2023-05-18 16:41:22 us=208135 keysize = 0
2023-05-18 16:41:22 us=208147 engine = DISABLED
2023-05-18 16:41:22 us=208164 replay = ENABLED
2023-05-18 16:41:22 us=208177 mute_replay_warnings = DISABLED
2023-05-18 16:41:22 us=208191 replay_window = 64
2023-05-18 16:41:22 us=208204 replay_time = 15
2023-05-18 16:41:22 us=208220 packet_id_file = '[UNDEF]'
2023-05-18 16:41:22 us=208237 test_crypto = DISABLED
2023-05-18 16:41:22 us=208253 tls_server = DISABLED
2023-05-18 16:41:22 us=208266 tls_client = ENABLED
2023-05-18 16:41:22 us=208281 ca_file = 'Key/ca.crt'
2023-05-18 16:41:22 us=208297 ca_path = '[UNDEF]'
2023-05-18 16:41:22 us=208312 dh_file = '[UNDEF]'
2023-05-18 16:41:22 us=208324 cert_file = 'Key/rum.crt'
2023-05-18 16:41:22 us=208339 extra_certs_file = '[UNDEF]'
2023-05-18 16:41:22 us=208355 priv_key_file = 'Key/rum.key'
2023-05-18 16:41:22 us=208370 pkcs12_file = '[UNDEF]'
2023-05-18 16:41:22 us=208385 cipher_list = '[UNDEF]'
2023-05-18 16:41:22 us=208401 cipher_list_tls13 = '[UNDEF]'
2023-05-18 16:41:22 us=208418 tls_cert_profile = '[UNDEF]'
2023-05-18 16:41:22 us=208433 tls_verify = '[UNDEF]'
2023-05-18 16:41:22 us=208472 tls_export_cert = '[UNDEF]'
2023-05-18 16:41:22 us=208487 verify_x509_type = 0
2023-05-18 16:41:22 us=208500 verify_x509_name = '[UNDEF]'
2023-05-18 16:41:22 us=208515 crl_file = '[UNDEF]'
2023-05-18 16:41:22 us=208530 ns_cert_type = 0
2023-05-18 16:41:22 us=208546 remote_cert_ku[i] = 65535
2023-05-18 16:41:22 us=208561 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208577 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208592 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208608 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208622 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208635 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208649 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208667 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208683 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208696 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208711 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208726 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208739 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208754 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208770 remote_cert_ku[i] = 0
2023-05-18 16:41:22 us=208786 remote_cert_eku = 'TLS Web Server Authentication'
2023-05-18 16:41:22 us=208799 ssl_flags = 0
2023-05-18 16:41:22 us=208809 tls_timeout = 2
2023-05-18 16:41:22 us=208816 renegotiate_bytes = -1
2023-05-18 16:41:22 us=208827 renegotiate_packets = 0
2023-05-18 16:41:22 us=208836 renegotiate_seconds = 3600
2023-05-18 16:41:22 us=208844 handshake_window = 60
2023-05-18 16:41:22 us=208852 transition_window = 3600
2023-05-18 16:41:22 us=208862 single_session = DISABLED
2023-05-18 16:41:22 us=208870 push_peer_info = DISABLED
2023-05-18 16:41:22 us=208880 tls_exit = DISABLED
2023-05-18 16:41:22 us=208890 tls_crypt_v2_metadata = '[UNDEF]'
2023-05-18 16:41:22 us=208898 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=208909 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=208919 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=208926 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=208938 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=208948 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=208955 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=208963 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=208973 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=208987 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=208996 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=209003 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=209011 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=209020 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=209026 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=209034 pkcs11_protected_authentication = DISABLED
2023-05-18 16:41:22 us=209044 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209055 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209068 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209075 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209082 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209091 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209098 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209105 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209114 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209121 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209128 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209137 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209143 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209150 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209160 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209166 pkcs11_private_mode = 00000000
2023-05-18 16:41:22 us=209172 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209179 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209185 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209192 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209198 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209204 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209211 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209217 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209224 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209230 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209236 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209243 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209249 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209256 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209262 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209269 pkcs11_cert_private = DISABLED
2023-05-18 16:41:22 us=209275 pkcs11_pin_cache_period = -1
2023-05-18 16:41:22 us=209282 pkcs11_id = '[UNDEF]'
2023-05-18 16:41:22 us=209289 pkcs11_id_management = DISABLED
2023-05-18 16:41:22 us=209298 server_network = 0.0.0.0
2023-05-18 16:41:22 us=209305 server_netmask = 0.0.0.0
2023-05-18 16:41:22 us=209324 server_network_ipv6 = ::
2023-05-18 16:41:22 us=209335 server_netbits_ipv6 = 0
2023-05-18 16:41:22 us=209348 server_bridge_ip = 0.0.0.0
2023-05-18 16:41:22 us=209360 server_bridge_netmask = 0.0.0.0
2023-05-18 16:41:22 us=209373 server_bridge_pool_start = 0.0.0.0
2023-05-18 16:41:22 us=209386 server_bridge_pool_end = 0.0.0.0
2023-05-18 16:41:22 us=209397 ifconfig_pool_defined = DISABLED
2023-05-18 16:41:22 us=209409 ifconfig_pool_start = 0.0.0.0
2023-05-18 16:41:22 us=209421 ifconfig_pool_end = 0.0.0.0
2023-05-18 16:41:22 us=209433 ifconfig_pool_netmask = 0.0.0.0
2023-05-18 16:41:22 us=209444 ifconfig_pool_persist_filename = '[UNDEF]'
2023-05-18 16:41:22 us=209454 ifconfig_pool_persist_refresh_freq = 600
2023-05-18 16:41:22 us=209465 ifconfig_ipv6_pool_defined = DISABLED
2023-05-18 16:41:22 us=209476 ifconfig_ipv6_pool_base = ::
2023-05-18 16:41:22 us=209486 ifconfig_ipv6_pool_netbits = 0
2023-05-18 16:41:22 us=209508 n_bcast_buf = 256
2023-05-18 16:41:22 us=209562 tcp_queue_limit = 64
2023-05-18 16:41:22 us=209579 real_hash_size = 256
2023-05-18 16:41:22 us=209597 virtual_hash_size = 256
2023-05-18 16:41:22 us=209615 client_connect_script = '[UNDEF]'
2023-05-18 16:41:22 us=209633 learn_address_script = '[UNDEF]'
2023-05-18 16:41:22 us=209643 client_disconnect_script = '[UNDEF]'
2023-05-18 16:41:22 us=209654 client_config_dir = '[UNDEF]'
2023-05-18 16:41:22 us=209664 ccd_exclusive = DISABLED
2023-05-18 16:41:22 us=209674 tmp_dir = '/tmp'
2023-05-18 16:41:22 us=209685 push_ifconfig_defined = DISABLED
2023-05-18 16:41:22 us=209698 push_ifconfig_local = 0.0.0.0
2023-05-18 16:41:22 us=209710 push_ifconfig_remote_netmask = 0.0.0.0
2023-05-18 16:41:22 us=209721 push_ifconfig_ipv6_defined = DISABLED
2023-05-18 16:41:22 us=209734 push_ifconfig_ipv6_local = ::/0
2023-05-18 16:41:22 us=209747 push_ifconfig_ipv6_remote = ::
2023-05-18 16:41:22 us=209759 enable_c2c = DISABLED
2023-05-18 16:41:22 us=209771 duplicate_cn = DISABLED
2023-05-18 16:41:22 us=209783 cf_max = 0
2023-05-18 16:41:22 us=209795 cf_per = 0
2023-05-18 16:41:22 us=209807 max_clients = 1024
2023-05-18 16:41:22 us=209819 max_routes_per_client = 256
2023-05-18 16:41:22 us=209830 auth_user_pass_verify_script = '[UNDEF]'
2023-05-18 16:41:22 us=209841 auth_user_pass_verify_script_via_file = DISABLED
2023-05-18 16:41:22 us=209851 auth_token_generate = DISABLED
2023-05-18 16:41:22 us=209872 auth_token_lifetime = 0
2023-05-18 16:41:22 us=209887 auth_token_secret_file = '[UNDEF]'
2023-05-18 16:41:22 us=209910 port_share_host = '[UNDEF]'
2023-05-18 16:41:22 us=209922 port_share_port = '[UNDEF]'
2023-05-18 16:41:22 us=209939 vlan_tagging = DISABLED
2023-05-18 16:41:22 us=209958 vlan_accept = all
2023-05-18 16:41:22 us=209971 vlan_pvid = 1
2023-05-18 16:41:22 us=209988 client = ENABLED
2023-05-18 16:41:22 us=210000 pull = ENABLED
2023-05-18 16:41:22 us=210011 auth_user_pass_file = '[UNDEF]'
2023-05-18 16:41:22 us=210025 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2023-05-18 16:41:22 us=210047 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
2023-05-18 16:41:22 us=210134 PKCS#11: pkcs11_initialize - entered
2023-05-18 16:41:22 us=210232 PKCS#11: pkcs11_initialize - return 0-'CKR_OK'
2023-05-18 16:41:22 us=210275 PO_INIT maxevents=4 flags=0x00000002
2023-05-18 16:41:22 us=211946 PRNG init md=SHA1 size=36
2023-05-18 16:41:22 us=212033 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:41:22 us=212055 Outgoing Control Channel Authentication: HMAC KEY: 3e92b500 7a1a5934 1d84faef 5e0178c6 485b0f47 fcd0f02a 73479c53 5d650f72
2023-05-18 16:41:22 us=212066 Outgoing Control Channel Authentication: HMAC size=32 block_size=32
2023-05-18 16:41:22 us=212080 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-18 16:41:22 us=212100 Incoming Control Channel Authentication: HMAC KEY: 6557a515 871917db 9bd71476 b815da44 7fae313b 599fcd92 fc9e72f3 635be1d9
2023-05-18 16:41:22 us=212110 Incoming Control Channel Authentication: HMAC size=32 block_size=32
2023-05-18 16:41:22 us=212121 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 40 bytes
2023-05-18 16:41:22 us=212141 TLS: tls_session_init: entry
2023-05-18 16:41:22 us=212154 PID packet_id_init seq_backtrack=64 time_backtrack=15
2023-05-18 16:41:22 us=212202 PID packet_id_init seq_backtrack=64 time_backtrack=15
2023-05-18 16:41:22 us=212222 TLS: tls_session_init: new session object, sid=672fea4e 7f3cecc4
2023-05-18 16:41:22 us=212231 TLS: tls_session_init: entry
2023-05-18 16:41:22 us=212243 PID packet_id_init seq_backtrack=64 time_backtrack=15
2023-05-18 16:41:22 us=212286 PID packet_id_init seq_backtrack=64 time_backtrack=15
2023-05-18 16:41:22 us=212311 TLS: tls_session_init: new session object, sid=415627e3 4a47fa22
2023-05-18 16:41:22 us=212323 Control Channel MTU parms [ L:1623 D:1170 EF:80 EB:0 ET:0 EL:3 ]
2023-05-18 16:41:22 us=212355 MTU DYNAMIC mtu=1450, flags=2, 1623 -> 1450
2023-05-18 16:41:22 us=212377 RESOLVE_REMOTE flags=0x0101 phase=1 rrs=0 sig=-1 status=0
2023-05-18 16:41:22 us=212388 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2023-05-18 16:41:22 us=212406 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 68 bytes
2023-05-18 16:41:22 us=212417 calc_options_string_link_mtu: link-mtu 1623 -> 1571
2023-05-18 16:41:22 us=212439 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 68 bytes
2023-05-18 16:41:22 us=212450 calc_options_string_link_mtu: link-mtu 1623 -> 1571
2023-05-18 16:41:22 us=212467 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1571,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
2023-05-18 16:41:22 us=212478 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1571,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
2023-05-18 16:41:22 us=212499 STREAM: RESET
2023-05-18 16:41:22 us=212509 STREAM: INIT maxlen=1626
2023-05-18 16:41:22 us=212523 TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.0.100:19795
2023-05-18 16:41:22 us=212556 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-05-18 16:41:22 us=212568 Attempting to establish TCP connection with [AF_INET]10.10.0.100:19795 [nonblock]
2023-05-18 16:41:22 us=212849 TCP connection established with [AF_INET]10.10.0.100:19795
2023-05-18 16:41:22 us=212884 TCP_CLIENT link local: (not bound)
2023-05-18 16:41:22 us=212896 TCP_CLIENT link remote: [AF_INET]10.10.0.100:19795
2023-05-18 16:41:22 us=212911 TIMER: coarse timer wakeup 1 seconds
2023-05-18 16:41:22 us=212933 TLS: tls_multi_process: i=0 state=S_INITIAL, mysid=672fea4e 7f3cecc4, stored-sid=00000000 00000000, stored-ip=[AF_INET]10.10.0.100:19795
2023-05-18 16:41:22 us=212945 TLS: tls_process: chg=0 ks=S_INITIAL lame=S_UNDEF to_link->len=0 wakeup=604800
2023-05-18 16:41:22 us=212955 ACK mark active outgoing ID 0
2023-05-18 16:41:22 us=212967 TLS: Initial Handshake, sid=672fea4e 7f3cecc4
2023-05-18 16:41:22 us=212978 ACK reliable_can_send active=1 current=1 : [1] 0
2023-05-18 16:41:22 us=212988 ACK reliable_send ID 0 (size=4 to=2)
2023-05-18 16:41:22 us=212999 write_control_auth(): P_CONTROL_HARD_RESET_CLIENT_V2
2023-05-18 16:41:22 us=213024 ENCRYPT HMAC: 31ad3a09 a7d519a2 92c2494c c7f81079 8879b317 d1aa1201 bd9129fa d9cb3304
2023-05-18 16:41:22 us=213052 ENCRYPT TO: 31ad3a09 a7d519a2 92c2494c c7f81079 8879b317 d1aa1201 bd9129fa d9cb330[more...]
2023-05-18 16:41:22 us=213063 Reliable -> TCP/UDP
2023-05-18 16:41:22 us=213073 ACK reliable_send_timeout 2 [1] 0
2023-05-18 16:41:22 us=213082 TLS: tls_process: timeout set to 2
2023-05-18 16:41:22 us=213100 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=415627e3 4a47fa22, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2023-05-18 16:41:22 us=213116 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2023-05-18 16:41:22 us=213132 RANDOM USEC=38999
2023-05-18 16:41:22 us=213144 STREAM: SET NEXT, buf=[532,0] next=[532,1626] len=-1 maxlen=1626
2023-05-18 16:41:22 us=213155 PO_CTL rwflags=0x0003 ev=3 arg=0x55e1e1c451f0
2023-05-18 16:41:22 us=213169 I/O WAIT T?|T?|SR|SW [1/38999]
2023-05-18 16:41:22 us=213198 PO_WAIT[0,0] fd=3 rev=0x00000004 rwflags=0x0002 arg=0x55e1e1c451f0
2023-05-18 16:41:22 us=213209 event_wait returned 1
2023-05-18 16:41:22 us=213218 I/O WAIT status=0x0002
2023-05-18 16:41:22 us=213262 TCP_CLIENT WRITE [54] to [AF_INET]10.10.0.100:19795: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=672fea4e 7f3cecc4 tls_hmac=31ad3a09 a7d519a2 92c2494c c7f81079 8879b317 d1aa1201 bd9129fa d9cb3304 pid=[ #1 / time = (1684417282) 2023-05-18 16:41:22 ] [ ] pid=0 DATA
2023-05-18 16:41:22 us=213276 STREAM: WRITE 54 offset=30
2023-05-18 16:41:22 us=213308 TCP_CLIENT write returned 56
2023-05-18 16:41:22 us=213329 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=672fea4e 7f3cecc4, stored-sid=00000000 00000000, stored-ip=[AF_INET]10.10.0.100:19795
2023-05-18 16:41:22 us=213364 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
2023-05-18 16:41:22 us=213376 ACK reliable_can_send active=1 current=0 : [1] 0
2023-05-18 16:41:22 us=213467 SSL state (connect): before SSL initialization
2023-05-18 16:41:22 us=213719 SSL state (connect): SSLv3/TLS write client hello
2023-05-18 16:41:22 us=213736 ACK reliable_send_timeout 2 [1] 0
2023-05-18 16:41:22 us=213743 TLS: tls_process: timeout set to 2
2023-05-18 16:41:22 us=213754 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=415627e3 4a47fa22, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2023-05-18 16:41:22 us=213764 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2023-05-18 16:41:22 us=213773 STREAM: SET NEXT, buf=[532,0] next=[532,1626] len=-1 maxlen=1626
2023-05-18 16:41:22 us=213785 PO_CTL rwflags=0x0001 ev=3 arg=0x55e1e1c451f0
2023-05-18 16:41:22 us=213794 I/O WAIT T?|T?|SR|Sw [1/38999]
2023-05-18 16:41:22 us=213803 PO_WAIT[0,0] fd=3 rev=0x00000001 rwflags=0x0001 arg=0x55e1e1c451f0
2023-05-18 16:41:22 us=213809 event_wait returned 1
2023-05-18 16:41:22 us=213818 I/O WAIT status=0x0001
2023-05-18 16:41:22 us=213827 STREAM: GET NEXT len=1626
2023-05-18 16:41:22 us=213838 Connection reset, restarting [0]
2023-05-18 16:41:22 us=213847 PID packet_id_free
2023-05-18 16:41:22 us=213871 PID packet_id_free
2023-05-18 16:41:22 us=213877 PID packet_id_free
2023-05-18 16:41:22 us=213883 PID packet_id_free
2023-05-18 16:41:22 us=213895 PID packet_id_free
2023-05-18 16:41:22 us=213907 PID packet_id_free
2023-05-18 16:41:22 us=213915 PID packet_id_free
2023-05-18 16:41:22 us=213926 PID packet_id_free
2023-05-18 16:41:22 us=213981 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=0x55e1e2010050, ptr=(nil), ad=0x55e1e20100b8, idx=1, argl=0, argp=0x7efdae9da79e
2023-05-18 16:41:22 us=214003 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=0x55e1e200b500, ptr=(nil), ad=0x55e1e200b568, idx=1, argl=0, argp=0x7efdae9da79e
2023-05-18 16:41:22 us=214020 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=0x55e1e200fac0, ptr=(nil), ad=0x55e1e200fb28, idx=1, argl=0, argp=0x7efdae9da79e
2023-05-18 16:41:22 us=214031 TCP/UDP: Closing socket
2023-05-18 16:41:22 us=214058 PID packet_id_free
2023-05-18 16:41:22 us=214067 SIGUSR1[soft,connection-reset] received, process restarting
2023-05-18 16:41:22 us=214079 Restart pause, 5 second(s)
^C2023-05-18 16:41:24 us=878445 PID packet_id_free
2023-05-18 16:41:24 us=878521 SIGINT[hard,init_instance] received, process exiting
2023-05-18 16:41:24 us=878548 PKCS#11: pkcs11_terminate - entered
2023-05-18 16:41:24 us=878566 PKCS#11: pkcs11h_terminate entry
2023-05-18 16:41:24 us=878583 PKCS#11: Terminating openssl
2023-05-18 16:41:24 us=878595 PKCS#11: _pkcs11h_openssl_terminate
2023-05-18 16:41:24 us=878624 PKCS#11: Removing providers
2023-05-18 16:41:24 us=878640 PKCS#11: Releasing sessions
2023-05-18 16:41:24 us=878653 PKCS#11: Terminating slotevent
2023-05-18 16:41:24 us=878671 PKCS#11: _pkcs11h_slotevent_terminate entry
2023-05-18 16:41:24 us=878681 PKCS#11: _pkcs11h_slotevent_terminate return
2023-05-18 16:41:24 us=878695 PKCS#11: Marking as uninitialized
2023-05-18 16:41:24 us=878712 PKCS#11: pkcs11_terminate - return

[Garri]

На клиенте поправьте вот так. Но есть и другие наборы шифров:

client
dev tun
remote-cert-tls server
proto tcp
remote 10.10.0.100 19795
data-ciphers AES-256-CBC
data-ciphers-fallback AES-256-CBC
ca Key/ca.crt
cert Key/rum.crt
key Key/rum.key
dh Key/dh.pem
tls-client
tls-auth Key/ta.key 1
auth SHA256
verb 3

[rum]

К сожалению клиент не подключается с таким же логом. Я как понимаю маршрутизатор разрывает соединение, и я решил посмотреть логи вот таким способами:
syslog file tmpsys:syslog/default
severity debug
match process-name openvpn
exit


syslog host LinCA
remote-address 10.0.0.239
severity debug
source-address 10.10.0.100
exit

Логи сыплются, но не про openvpn. Где нибудь надо отдельно отладку включать?

[Garri]

Из настроек клиента уберите dh Key/dh.pem. Это для сервера.

Покажите настройки файрвола для входящего трафика из зоны wan в зону openvpn.

Вы используете адрес на клиенте:
remote 10.10.0.100 19795
Адрес 10.10.0.100 просто заменён для данного примера в место реального wan-адрес?

[rum]

Тестирую подключение ил локальной сети.
вот настройки сетевого интерфейса локальной сети:
interface gigabitethernet 1/0/8.10
security-zone trusted
ip address 10.10.0.100/24
exit

настройки фаервола для этой пары зон
security zone-pair trusted self
rule 5
action permit
enable
exit

на всякий настройки впн сервера.
remote-access openvpn Ras
network 10.5.0.0/24
protocol tcp
tunnel ip
port 19795
route 10.0.0.0/16,172.16.0.0/16,10.10.0.0/24
dns-server 10.0.0.8,10.0.0.3
encryption algorithm aes256
certificate ca ca.crt
certificate dh dh.pem
certificate server-key server.key
certificate server-crt server.crt
certificate ta ta.key
security-zone Ras_VPN
enable
exit

Клиент находится в сети 10.0.0.0/16 за маршрутизатором без фильтрации трафика.
Соответственно с сервером впн IP связность есть и порт доступен
root@rum:/etc/openvpn# nmap -p 19795 10.10.0.100
Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-22 08:36 MSK
Nmap scan report for 10.10.0.100
Host is up (0.00013s latency).

PORT STATE SERVICE
19795/tcp open unknown

Клиент ВПН установлен на Debian 11 из стабильного репозитория, вот такой версии:
OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

Может проблема в версиях библиотек SSL или надо попробывать другую версию клиента?

[Garri]

Ели подключаетесь со стороны сетей 10.10.0.100/24 10.0.0.0/16, зачем отдавать их обратно в впн. Нужно отдавать только те сети к которым хоте получить доступ.
Ещё требуется прохождение трафика из trusted в Ras_VPN имеется security zone-pair для этих зон?