tls-crypt in place of tls-auth did the trick. However routing and gateway seems to be non-functional.
So the working server file is --------------------------------------------------------------------- local 192.168.81.1 port 1194 proto udp dev tun ca /usr/local/etc/openvpn/server/ca.crt cert /usr/local/etc/openvpn/server/issued/server.crt key /usr/local/etc/openvpn/server/private/server.key dh /usr/local/etc/openvpn/server/dh.pem topology subnet server 10.8.0.0 255.255.0.0 ifconfig-pool-persist ipp.txt push "route 10.8.0.0 255.255.0.0" push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 192.168.81.1" push "dhcp-option DNS 192.168.81.3" push "dhcp-option DOMAIN nk.ca" push "redirect-gateway defi" client-to-client keepalive 1800 3600 tls-version-min 1.2 tls-crypt /usr/local/etc/openvpn/server/ta.key # 0 # This file is secret cipher AES-256-CBC ;compress lz4-v2 ;push "compress lz4-v2" comp-lzo max-clients 1000 user nobody group nobody persist-key persist-tun crl-verify /usr/local/etc/openvpn/easy-rsa/pki/crl.pem status /var/log/openvpn-status.log log-append /var/log/openvpn.log verb 9 mute 20 explicit-exit-notify 1 fast-io auth SHA512 remote-cert-tls client ---------------------------------------------------------------------------- Client file --------------------------------------------------------------------------- client dev tun proto udp remote openvpn.server 1194 nobind ca ca.crt cert client.crt key client.key revolv-retry infinite persist-key persist-tun mute-replay-warnings auth-user-pass remote-cert-tls server cipher AES-256-CBC auth SHA512 ;tls-auth /usr/local/etc/openvpn/server/ta.key 1 verb 9 mute 5 ---------------------------------------------------------------- ipconfig on this side is -- Memben -dapter Ethernet 3: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::c095:979e:4374:700c%33 IPv4 Address. . . . . . . . . . . : 10.8.0.2 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : Did I forgot to bridge 192.168.81.1 with 10.8.0.1 ? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Those who cannot win on facts rely upon slander. -unknown _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users