Hi, On Wed, Aug 16, 2023 at 06:35:01AM +0000, Jason Long wrote: > I added the following lines to my server.conf: > > client-config-dir myclient > ccd-exclusive > route 192.168.1.0 255.255.255.0
>This tells the server "put routing towards 192.168.1.0 into the VPN", >while 192.168.1.x is your LAN network. So this does not make sense. > multihome > > > Client showed me: [..] > Wed Aug 16 11:01:39 2023 TLS: tls_multi_process: initial untrusted session > promoted to trusted >So the network between client and server is good now... > Wed Aug 16 11:01:39 2023 AUTH: Received control message: AUTH_FAILED >... but the server refuses this client. So you must look into the server >log to see why it does so. >My guess is that the ccd file you created does not have the right name >(must match the CN in the client certificate), or is not in the right >place, or you did fancy thing with chroot (paths must match *inside* >the chroot environment). Hi Gert, Thank you so much for your reply. My OpenVPN server NICs are: enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 inet6 fe80::a00:27ff:feed:b47c prefixlen 64 scopeid 0x20<link> ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet) RX packets 3984 bytes 1600249 (1.5 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3182 bytes 685377 (669.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s3:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 20.1.1.20 netmask 255.0.0.0 broadcast 20.255.255.255 ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet) enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.20 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::a00:27ff:fe74:6397 prefixlen 64 scopeid 0x20<link> ether 08:00:27:74:63:97 txqueuelen 1000 (Ethernet) RX packets 396 bytes 76796 (74.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 174 bytes 49776 (48.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 So, what is the right IP for the following statement? route 192.168.1.0 255.255.255.0 And about your second note, I must change the "/etc/openvpn/ccd/Test-PC" to the CN in the client certificate. I opened the ca.crt file on the client and clicked on the Details tab and it showed me "CN = Server". So, I must change the "Test-PC" to "Server". Am I right? gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users