Untitled

Last login: Wed Jun 12 08:56:00 on ttys000
➜  ~ sudo -i
Password:
HuongNVs-MacBook-Pro:~ root# ssh fs@192.168.0.233
fs@192.168.0.233's password:
Permission denied, please try again.
fs@192.168.0.233's password:
Permission denied, please try again.
fs@192.168.0.233's password:
fs@192.168.0.233: Permission denied (publickey,password).
HuongNVs-MacBook-Pro:~ root# ping 192.168.0.233
PING 192.168.0.233 (192.168.0.233): 56 data bytes
64 bytes from 192.168.0.233: icmp_seq=0 ttl=63 time=6.792 ms
64 bytes from 192.168.0.233: icmp_seq=1 ttl=63 time=7.324 ms
^Z
[1]+  Stopped(SIGTSTP)        ping 192.168.0.233
HuongNVs-MacBook-Pro:~ root#
HuongNVs-MacBook-Pro:~ root#
HuongNVs-MacBook-Pro:~ root# ssh vpn@192.168.0.233
vpn@192.168.0.233's password:
Linux vpn 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Jun 11 22:48:02 2019 from 10.80.0.6
vpn@vpn:~$
vpn@vpn:~$
OpenVPN CLIENT LIST
vpn@vpn:~$ sudo -i
root@vpn:~# systemctl status openvpn
openvpn@server.service  openvpn.service
root@vpn:~# systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
#!/bin/bash
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 9min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid (code=exited, status=0/SUCCESS)
 Main PID: 3812 (openvpn)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid

Jun 11 22:27:38 vpn ovpn-server[3812]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Jun 11 22:27:38 vpn ovpn-server[3812]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link local (bound): [AF_INET][undef]:1195
Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link remote: [AF_UNSPEC]
Jun 11 22:27:38 vpn ovpn-server[3812]: GID set to nogroup
Jun 11 22:27:38 vpn ovpn-server[3812]: UID set to nobody
Jun 11 22:27:38 vpn ovpn-server[3812]: MULTI: multi_init called, r=256 v=256
Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL LIST
Jun 11 22:27:38 vpn ovpn-server[3812]: Initialization Sequence Completed
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:c9:18:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.233/24 brd 192.168.0.255 scope global ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fec9:1876/64 scope link
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none
    inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::c6:42a3:c01c:1d52/64 scope link flags 800
       valid_lft forever preferred_lft forever
root@vpn:~#
root@vpn:~#
root@vpn:~# ping 192.168.0.191
PING 192.168.0.191 (192.168.0.191) 56(84) bytes of data.
^Z
[1]+  Stopped                 ping 192.168.0.191
root@vpn:~# ping 192.168.0.221
PING 192.168.0.221 (192.168.0.221) 56(84) bytes of data.
^Z
[2]+  Stopped                 ping 192.168.0.221
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~# tailf /var/log/
alternatives.log  apt/              auth.log          btmp              cups/             daemon.log        debug             dpkg.log          exim4/            faillog           fontconfig.log    hp/               installer/        kern.log          lastlog           messages          syslog            ufw.log           wtmp
root@vpn:~# tailf /var/log/
alternatives.log  apt/              auth.log          btmp              cups/             daemon.log        debug             dpkg.log          exim4/            faillog           fontconfig.log    hp/               installer/        kern.log          lastlog           messages          syslog            ufw.log           wtmp
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~# vim /etc/openvpn/
ca.crt              client/             dh2048.pem          ipp.txt             openvpn-status.log  server/             server.conf         Snappy.crt          Snappy.key          ta.key              .ta.key.swp         update-resolv-conf
root@vpn:~# vim /etc/openvpn/
ca.crt              client/             dh2048.pem          ipp.txt             openvpn-status.log  server/             server.conf         Snappy.crt          Snappy.key          ta.key              .ta.key.swp         update-resolv-conf
root@vpn:~# vim /etc/openvpn/
ca.crt              client/             dh2048.pem          ipp.txt             openvpn-status.log  server/             server.conf         Snappy.crt          Snappy.key          ta.key              .ta.key.swp         update-resolv-conf
root@vpn:~# vim /etc/openvpn/openvpn-status.log

[3]+  Stopped                 vim /etc/openvpn/openvpn-status.log
root@vpn:~# vim /etc/openvpn/
ca.crt                   client/                  dh2048.pem               ipp.txt                  openvpn-status.log       .openvpn-status.log.swp  server/                  server.conf              Snappy.crt               Snappy.key               ta.key                   .ta.key.swp              update-resolv-conf
root@vpn:~# vim /etc/openvpn/update-resolv-conf

[4]+  Stopped                 vim /etc/openvpn/update-resolv-conf
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~#
root@vpn:~# ls
client-configs	openvpn-ca
root@vpn:~# cd openvpn-ca/
root@vpn:~/openvpn-ca# ls
build-ca  build-inter  build-key-pass	 build-key-server  build-req-pass  inherit-inter  list-crl	     openssl-0.9.8.cnf	openssl.cnf  revoke-full  vars
build-dh  build-key    build-key-pkcs12  build-req	   clean-all	   keys		  openssl-0.9.6.cnf  openssl-1.0.0.cnf	pkitool      sign-req	  whichopensslcnf
root@vpn:~/openvpn-ca# cd /etc/openvpn/
root@vpn:/etc/openvpn# ls
Snappy.crt  Snappy.key	ca.crt	client	dh2048.pem  ipp.txt  openvpn-status.log  server  server.conf  ta.key  update-resolv-conf
root@vpn:/etc/openvpn# cd
root@vpn:~#
root@vpn:~# cd
# Which local IP address should OpenVPN
client-configs/ openvpn-ca/
root@vpn:~# cd openvpn-ca/
root@vpn:~/openvpn-ca# ls
build-ca  build-inter  build-key-pass	 build-key-server  build-req-pass  inherit-inter  list-crl	     openssl-0.9.8.cnf	openssl.cnf  revoke-full  vars


#
build-dh  build-key    build-key-pkcs12  build-req	   clean-all	   keys		  openssl-0.9.6.cnf  openssl-1.0.0.cnf	pkitool      sign-req	  whichopensslcnf
root@vpn:~/openvpn-ca# cd keys/
root@vpn:~/openvpn-ca/keys# ls
01.pem	Snappy.crt  Snappy.key	ca.key	    index.txt	    index.txt.attr.old	pm.crt	pm.key	serial.old
02.pem	Snappy.csr  ca.crt	dh2048.pem  index.txt.attr  index.txt.old	pm.csr	serial	ta.key
root@vpn:~/openvpn-ca/keys# scp ca.crt pm.crt pm.key cc2@192.168.0.221:/home/cc2/
The authenticity of host '192.168.0.221 (192.168.0.221)' can't be established.
ECDSA key fingerprint is SHA256:X5XeeYTc+F7oacAZIaX75rTXltIwCi4eP5v0e6pvpWU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.221' (ECDSA) to the list of known hosts.
cc2@192.168.0.221's password:
ca.crt                                                                                                                                             100% 1679     1.4MB/s   00:00
pm.crt                                                                                                                                             100% 5365    13.7MB/s   00:00
pm.key                                                                                                                                             100% 1704     5.4MB/s   00:00
root@vpn:~/openvpn-ca/keys# systemctl status openvpn
openvpn@server.service  openvpn.service
root@vpn:~/openvpn-ca/keys# systemctl status openvpn
openvpn@server.service  openvpn.service
root@vpn:~/openvpn-ca/keys# systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 29min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
 Main PID: 3812 (openvpn)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi

Jun 11 22:27:38 vpn ovpn-server[3812]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Jun 11 22:27:38 vpn ovpn-server[3812]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link local (bound): [AF_INET][undef]:1195
Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link remote: [AF_UNSPEC]
Jun 11 22:27:38 vpn ovpn-server[3812]: GID set to nogroup
Jun 11 22:27:38 vpn ovpn-server[3812]: UID set to nobody
Jun 11 22:27:38 vpn ovpn-server[3812]: MULTI: multi_init called, r=256 v=256
Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL LIST
Jun 11 22:27:38 vpn ovpn-server[3812]: Initialization Sequence Completed

[5]+  Stopped                 systemctl status openvpn@server.service
root@vpn:~/openvpn-ca/keys#
root@vpn:~/openvpn-ca/keys#
root@vpn:~/openvpn-ca/keys# history
    1  vim /etc/sudoers
    2  apt update -y
    3  apt dist-upgrade -y
    4  apt install ufw -y
    5  systemctl status openvpn@server.service
    6  ip a
    7  ping 192.168.0.191
    8  ping 192.168.0.221
    9  vim /etc/openvpn/openvpn-status.log
   10  vim /etc/openvpn/update-resolv-conf
   11  ls
   12  cd openvpn-ca/
   13  ls
   14  cd /etc/openvpn/
   15  ls
   16  cd
   17  cd openvpn-ca/
   18  ls
   19  cd keys/
   20  ls
   21  scp ca.crt pm.crt pm.key cc2@192.168.0.221:/home/cc2/
   22  systemctl status openvpn@server.service
   23  history
root@vpn:~/openvpn-ca/keys#
root@vpn:~/openvpn-ca/keys#
root@vpn:~/openvpn-ca/keys#
root@vpn:~/openvpn-ca/keys#
root@vpn:~/openvpn-ca/keys#
root@vpn:~/openvpn-ca/keys# cd /etc/openvpn/
root@vpn:/etc/openvpn# ls
Snappy.crt  Snappy.key	ca.crt	client	dh2048.pem  ipp.txt  openvpn-status.log  server  server.conf  ta.key  update-resolv-conf
root@vpn:/etc/openvpn# vim server.conf

[6]+  Stopped                 vim server.conf
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn# vim server.conf

[7]+  Stopped                 vim server.conf
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn# systemctl status openvpn
openvpn@server.service  openvpn.service
root@vpn:/etc/openvpn# systemctl status openvpn
openvpn@server.service  openvpn.service
root@vpn:/etc/openvpn# systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 36min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
 Main PID: 3812 (openvpn)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi

Jun 12 01:02:05 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49167
Jun 12 01:02:40 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
Jun 12 01:02:42 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
Jun 12 01:02:46 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
Jun 12 01:02:54 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
Jun 12 01:03:10 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
Jun 12 01:03:45 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
Jun 12 01:03:47 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
Jun 12 01:03:51 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
Jun 12 01:03:59 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164

[8]+  Stopped                 systemctl status openvpn@server.service
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn# ufw
ca.crt                   ipp.txt                  server/                  .server.conf.swp         ta.key
client/                  openvpn-status.log       server.conf              Snappy.crt               update-resolv-conf
dh2048.pem               .openvpn-status.log.swp  .server.conf.swo         Snappy.key               .update-resolv-conf.swp
root@vpn:/etc/openvpn# ufw
ca.crt                   ipp.txt                  server/                  .server.conf.swp         ta.key
client/                  openvpn-status.log       server.conf              Snappy.crt               update-resolv-conf
dh2048.pem               .openvpn-status.log.swp  .server.conf.swo         Snappy.key               .update-resolv-conf.swp
root@vpn:/etc/openvpn# ufw status
Status: active

To                         Action      From
--                         ------      ----
1195/udp                   ALLOW       Anywhere
OpenSSH                    ALLOW       Anywhere
1195/udp (v6)              ALLOW       Anywhere (v6)
OpenSSH (v6)               ALLOW       Anywhere (v6)

root@vpn:/etc/openvpn# systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 39min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
 Main PID: 3812 (openvpn)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi

Jun 12 01:04:50 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
Jun 12 01:04:52 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
Jun 12 01:04:56 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
Jun 12 01:05:04 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
Jun 12 01:05:20 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
Jun 12 01:06:00 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
Jun 12 01:06:02 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
Jun 12 01:06:06 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
Jun 12 01:06:14 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
Jun 12 01:06:30 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383

[9]+  Stopped                 systemctl status openvpn@server.service
root@vpn:/etc/openvpn# his
history
    1  vim /etc/sudoers
    2  apt update -y
    3  apt dist-upgrade -y
    4  apt install ufw -y
    5  systemctl status openvpn@server.service
    6  ip a
    7  ping 192.168.0.191
    8  ping 192.168.0.221
    9  vim /etc/openvpn/openvpn-status.log
   10  vim /etc/openvpn/update-resolv-conf
   11  ls
   12  cd openvpn-ca/
   13  ls
   14  cd /etc/openvpn/
   15  ls
   16  cd
   17  cd openvpn-ca/
   18  ls
   19  cd keys/
   20  ls
   21  scp ca.crt pm.crt pm.key cc2@192.168.0.221:/home/cc2/
   22  systemctl status openvpn@server.service
   23  history
   24  cd /etc/openvpn/
   25  ls
   26  vim server.conf


# listen on? (optional)
;local a.b.c.d

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one.  You will need to
# open up this port on your firewall.
port 1195

# TCP or UDP server?
;proto tcp
proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one.  On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).  Each client
# and the server must have their own cert and
# key file.  The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys.  Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca ca.crt
cert Snappy.crt
key Snappy.key  # This file should be kept secret

# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh2048.pem 2048
dh dh2048.pem

# Network topology
# Should be subnet (addressing via IP)
# unless Windows clients v2.0.9 and lower have to
# be supported (then net30, i.e. a /30 per client)
# Defaults to net30 (not recommended)
;topology subnet

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file.  If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
/tl
# clients to be able to "see" each other.
   27  vim server.conf
   28  systemctl status openvpn@server.service
   29  ufw status
   30  systemctl status openvpn@server.service


# listen on? (optional)
;local a.b.c.d

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one.  You will need to
# open up this port on your firewall.
port 1195

# TCP or UDP server?
;proto tcp
proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one.  On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).  Each client
# and the server must have their own cert and
# key file.  The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys.  Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca ca.crt
cert Snappy.crt
key Snappy.key  # This file should be kept secret

# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh2048.pem 2048
dh dh2048.pem

# Network topology
# Should be subnet (addressing via IP)
# unless Windows clients v2.0.9 and lower have to
# be supported (then net30, i.e. a /30 per client)
# Defaults to net30 (not recommended)
;topology subnet

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file.  If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
/tl
# clients to be able to "see" each other.
   31  history
root@vpn:/etc/openvpn# systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 44min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
 Main PID: 3812 (openvpn)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi

Jun 12 01:09:31 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:54271
Jun 12 01:11:04 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
Jun 12 01:11:06 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
Jun 12 01:11:10 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
Jun 12 01:11:18 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
Jun 12 01:11:21 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
Jun 12 01:11:23 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
Jun 12 01:11:27 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
Jun 12 01:11:34 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
Jun 12 01:11:35 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237

[10]+  Stopped                 systemctl status openvpn@server.service
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn# ls
Snappy.crt  Snappy.key	ca.crt	client	dh2048.pem  ipp.txt  openvpn-status.log  server  server.conf  ta.key  update-resolv-conf
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn# scp ta.key cc2@192.168.0.221:/home/cc2/
cc2@192.168.0.221's password:
ta.key                                                                                                                                             100%  636     1.7MB/s   00:00
root@vpn:/etc/openvpn# scp ta.key cc2@192.168.0.221:/home/cc2/
cc2@192.168.0.221's password:

[11]+  Stopped                 scp ta.key cc2@192.168.0.221:/home/cc2/
root@vpn:/etc/openvpn# systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 50min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
 Main PID: 3812 (openvpn)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi

Jun 12 01:13:21 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51262
Jun 12 01:13:31 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51262
# UDP server?  Use the same setting as
Jun 12 01:13:47 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51262
Jun 12 01:14:20 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33148
Jun 12 01:14:23 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33148
Jun 12 01:15:01 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
Jun 12 01:15:03 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
Jun 12 01:15:07 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
Jun 12 01:15:15 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
Jun 12 01:15:31 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201

[12]+  Stopped                 systemctl status openvpn@server.service
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn# vim server.conf

[13]+  Stopped                 vim server.conf
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn# vim server.conf

[14]+  Stopped                 vim server.conf
root@vpn:/etc/openvpn# systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)


cipher AES-256-CBC
   Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 59min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
 Main PID: 3812 (openvpn)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi

Jun 12 01:26:47 vpn ovpn-server[3812]: 192.168.0.221:58231 peer info: IV_TCPNL=1
Jun 12 01:26:47 vpn ovpn-server[3812]: 192.168.0.221:58231 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jun 12 01:26:47 vpn ovpn-server[3812]: 192.168.0.221:58231 [pm] Peer Connection Initiated with [AF_INET]192.168.0.221:58231
Jun 12 01:26:47 vpn ovpn-server[3812]: pm/192.168.0.221:58231 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Jun 12 01:26:47 vpn ovpn-server[3812]: pm/192.168.0.221:58231 MULTI: Learn: 10.8.0.6 -> pm/192.168.0.221:58231
Jun 12 01:26:47 vpn ovpn-server[3812]: pm/192.168.0.221:58231 MULTI: primary virtual IP for pm/192.168.0.221:58231: 10.8.0.6
Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 PUSH: Received control message: 'PUSH_REQUEST'
Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 SENT CONTROL [pm]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-i
Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

[15]+  Stopped                 systemctl status openvpn@server.service
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:c9:18:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.233/24 brd 192.168.0.255 scope global ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fec9:1876/64 scope link
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none
    inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::c6:42a3:c01c:1d52/64 scope link flags 800
       valid_lft forever preferred_lft forever
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn#
root@vpn:/etc/openvpn# cd
root@vpn:~#
root@vpn:~# ls
client-configs	openvpn-ca
root@vpn:~# cd client-configs/
root@vpn:~/client-configs# ls
base.conf  files  make_config.sh
root@vpn:~/client-configs# cd files/
root@vpn:~/client-configs/files# ls
huongnv.ovpn  pm.ovpn
root@vpn:~/client-configs/files# vim huongnv.ovpn

[16]+  Stopped                 vim huongnv.ovpn
root@vpn:~/client-configs/files# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:c9:18:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.233/24 brd 192.168.0.255 scope global ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fec9:1876/64 scope link
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none
    inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::c6:42a3:c01c:1d52/64 scope link flags 800
       valid_lft forever preferred_lft forever
root@vpn:~/client-configs/files# ls
huongnv.ovpn  pm.ovpn
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files# vim huongnv.ovpn
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files# ls
huongnv.ovpn  pm.ovpn
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files#
root@vpn:~/client-configs/files# cat huongnv.ovpn
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 192.168.0.233 1195
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
#   digitalSignature, keyEncipherment
# and the extendedKeyUsage to
#   serverAuth
# EasyRSA can do this for you.
remote-cert-tls server


# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
#   digitalSignature, keyEncipherment
# and the extendedKeyUsage to
#   serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1
key-direction 1


# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that 2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
auth SHA256

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo

# Set log file verbosity.
verb 3

"huongnv.ovpn" [readonly] 186L, 5994C                                                                                                                              123,20        44%