abclinuxu.cz AbcLinuxu.cz itbiz.cz ITBiz.cz HDmag.cz HDmag.cz abcprace.cz AbcPráce.cz
AbcLinuxu hledá autory!
Inzerujte na AbcPráce.cz od 950 Kč
Rozšířené hledání
×
eParkomat, startup z ČR, postoupil mezi finalisty evropského akcelerátoru ChallengeUp!
Robot na pivo mu otevřel dveře k opravdovému byznysu
Internet věcí: Propojený svět? Už se to blíží...
dnes 01:23 | Nová verze

Oficiálně bylo oznámeno vydání verze 3.0 multiplatformního balíku svobodných kancelářských a grafických aplikací Calligra (Wikipedie). Větev 3 je postavena na KDE Frameworks 5 a Qt 5. Krita se osamostatnila. Z balíku byly dále odstraněny aplikace Author, Brainstorm, Flow a Stage. U Flow a Stage se předpokládá jejich návrat v některé z budoucích verzí Calligry.

Ladislav Hagara | Komentářů: 0
včera 15:25 | Nová verze

Bylo oznámeno vydání první RC (release candidate) verze instalátoru pro Debian 9 s kódovým názvem Stretch. Odloženo bylo sloučení /usr jako výchozí nastavení v debootstrap. Vydán byl také Debian 8.7, tj. sedmá opravná verze Debianu 8 s kódovým názvem Jessie.

Ladislav Hagara | Komentářů: 5
včera 13:37 | Zajímavý projekt

1. ledna byl představen projekt Liri (GitHub). Jedná se o spojení projektů Hawaii, Papyros a původního projektu Liri s cílem vyvíjet operační systém (linuxovou distribuci) a aplikace s moderním designem a funkcemi. Včera byl představen Fluid 0.9.0 a také Vibe 0.9.0. Jedná se o toolkit a knihovnu pro vývoj multiplatformních a responzivních aplikací podporující Material Design (Wikipedie) a volitelně také Microsoft Design Language (designový jazyk Microsoft) [reddit].

Ladislav Hagara | Komentářů: 2
14.1. 00:33 | Zajímavý software

Google na svém blogu věnovaném open source představil knihovnu pro komprimaci a dekomprimaci 3D grafiky s názvem Draco. Knihovna bude využívána například v aplikacích pro virtuální a rozšířenou realitu. Porovnání Draco s gzip na YouTube. Zdrojové kódy Draco jsou k dispozici na GitHubu pod licencí Apache 2.0.

Ladislav Hagara | Komentářů: 5
13.1. 17:27 | IT novinky

V loňském roce proběhla úspěšná kampaň na Indiegogo na podporu GPD Win. Jedná se o malý 5,5 palcový notebook a přenosnou herní konzoli v jednom. Předinstalované Windows 10 lze nahradit Linuxem. V únoru by se na Indiegogo měla objevit kampaň na podporu 7 palcového notebooku GPD Pocket.

Ladislav Hagara | Komentářů: 28
13.1. 02:00 | Nová verze

Po pěti měsících od vydání verze 1.0.0 (zprávička) byla vydána verze 2.0.0 frameworku Kirigami (HIG) pro vytváření uživatelských rozhraní mobilních a konvergentních aplikací nad toolkitem Qt. Pro vyzkoušení je určena aplikace pro Android Kirigami gallery.

Ladislav Hagara | Komentářů: 0
12.1. 23:28 | Zajímavý software

Akční hra Lugaru HD od Wolfire Games (recenze) byla uvolněna jako svobodný software, a to včetně dat (pod licencí Creative Commons Attribution – Share Alike). Linuxový port byl v roce 2010 součástí první akce Humble Indie Bundle a engine byl krátce poté uvolněn pod licencí GNU GPL, což vedlo mj. k portu na AmigaOS. Autor mezitím pracuje na pokračování nazvaném Overgrowth.

Fluttershy, yay! | Komentářů: 0
12.1. 14:49 | Bezpečnostní upozornění

Na serveru Jabb.im bylo zveřejněno vyjádření k úniku dat z Jabbim Archive (pastebin). Dump databáze obsahuje komunikaci uživatelů, jejich IP adresy a logy aplikace od října 2015 do března 2016. Celkově se jedná o 8 GB dat, převažujícím jazykem zpráv je čeština a slovenština. O úniku informoval jako první server Motherboard. Jabbim Archive byla službou volitelnou, dostupnou pouze pro VIP uživatele. Podle provozovatele serveru Jabb.im k

… více »
Michal Makovec | Komentářů: 68
12.1. 12:55 | Nová verze

Telegram Desktop, klient služby pro rychlé psaní zpráv Telegram (Wikipedie, zdrojové kódy) pro počítače, byl představen v roce 2013. Dnes byla vydána verze 1.0. Podrobnosti v oznámení na blogu.

Ladislav Hagara | Komentářů: 11
12.1. 11:22 | Bezpečnostní upozornění

Byla nalezena a v upstreamu opravena bezpečnostní chyba CVE-2016-9587 (CT-2017-0109) ve svobodném softwaru vytvářejícím platformu pro konfigurační správu a řízení počítačů Ansible (Wikipedie). Spravování kompromitovaného uzlu pomocí Ansible může vést ke spuštění příkazů na řídícím počítači [LWN.net].

Ladislav Hagara | Komentářů: 0
Jak se stavíte k trendu ztenčování přenosných zařízení (smartphony, notebooky)?
 (10%)
 (2%)
 (74%)
 (3%)
 (10%)
Celkem 289 hlasů
 Komentářů: 19, poslední 13.1. 22:02
    Rozcestník
    Reklama

    Dotaz: OpenVPN - nespoji se

    26.8.2009 12:20 m
    OpenVPN - nespoji se
    Přečteno: 861×

    V siti pouzivam rozsah 192.168.1.0/255.255.255.0. Server ma IP 192.168.1.1 stanicim prideluje DHCP z rozsahu 192.168.1.10-192.168.1.100. OpenVPN mam takto nastaveno (Debian 5.0):

    mode server
    tls-server
    dev tap0
    proto udp
    port 1194
    ifconfig 192.168.1.2 255.255.255.0
    ifconfig-pool 192.168.1.110 192.168.1.120 255.255.255.0
    duplicate-cn
    max-clients 5
    client-to-client
    push "dhcp-option DNS 192.168.1.1"
    push "redirect-gateway def1"
    push "redirect-gateway local def1"
    keepalive 10 30
    ca /etc/openvpn/ca.crt
    cert /etc/openvpn/server.crt
    key /etc/openvpn/server.key
    dh /etc/openvpn/dh2048.pem
    log-append /var/log/openvpn
    status /var/run/openvpn/vpn.status 10
    user nobody
    group nogroup
    comp-lzo
    verb 5

    Klient na Windows XP SP2 ma nasledujici nastaveni:

    remote server.example.com
    port 1194
    tls-client
    dev tap
    pull
    ns-cert-type server
    mute 10
    ca ca.crt
    cert pokus.crt
    key pokus.key
    comp-lzo
    verb 3

    Vubec se to nespoji. Na klientovi to vypisuje nasledujici chybu:

    Wed Aug 26 11:29:56 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
    Wed Aug 26 11:30:01 2009 LZO compression initialized
    Wed Aug 26 11:30:01 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Aug 26 11:30:01 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed Aug 26 11:30:01 2009 Local Options hash (VER=V4): 'd79ca330'
    Wed Aug 26 11:30:01 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Wed Aug 26 11:30:01 2009 UDPv4 link local (bound): [undef]:1194
    Wed Aug 26 11:30:01 2009 UDPv4 link remote: IP.AD.RE.SA:1194
    Wed Aug 26 11:30:01 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:03 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:06 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:08 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:10 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:11 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:14 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:16 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:17 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:20 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:22 2009 NOTE: --mute triggered...
    

    a na serveru:

    
    Wed Aug 26 11:27:57 2009 us=2701 event_wait : Interrupted system call (code=4)
    Wed Aug 26 11:27:57 2009 us=7160 TCP/UDP: Closing socket
    Wed Aug 26 11:27:57 2009 us=7444 Closing TUN/TAP interface
    Wed Aug 26 11:27:57 2009 us=7576 /sbin/ifconfig tap0 0.0.0.0
    SIOCSIFADDR: Permission denied
    SIOCSIFFLAGS: Permission denied
    Wed Aug 26 11:27:57 2009 us=12791 Linux ip addr del failed: external program exited with error status: 255
    Wed Aug 26 11:27:57 2009 us=27873 SIGTERM[hard,] received, process exiting
    Wed Aug 26 11:27:58 2009 us=251756 Current Parameter Settings:
    Wed Aug 26 11:27:58 2009 us=252083 config = '/etc/openvpn/server.conf'
    Wed Aug 26 11:27:58 2009 us=252177 mode = 1
    Wed Aug 26 11:27:58 2009 us=252261 persist_config = DISABLED
    Wed Aug 26 11:27:58 2009 us=252346 persist_mode = 1
    Wed Aug 26 11:27:58 2009 us=252427 show_ciphers = DISABLED
    Wed Aug 26 11:27:58 2009 us=252508 show_digests = DISABLED
    Wed Aug 26 11:27:58 2009 us=252588 show_engines = DISABLED
    Wed Aug 26 11:27:58 2009 us=252669 genkey = DISABLED
    Wed Aug 26 11:27:58 2009 us=252751 key_pass_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=252833 show_tls_ciphers = DISABLED
    Wed Aug 26 11:27:58 2009 us=252921 Connection profiles [default]:
    Wed Aug 26 11:27:58 2009 us=253006 proto = udp
    Wed Aug 26 11:27:58 2009 us=253089 local = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=253172 local_port = 1194
    Wed Aug 26 11:27:58 2009 us=253252 remote = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=253333 remote_port = 1194
    Wed Aug 26 11:27:58 2009 us=253415 remote_float = DISABLED
    Wed Aug 26 11:27:58 2009 us=253553 bind_defined = DISABLED
    Wed Aug 26 11:27:58 2009 us=253638 bind_local = ENABLED
    Wed Aug 26 11:27:58 2009 us=253721 connect_retry_seconds = 5
    Wed Aug 26 11:27:58 2009 us=253804 connect_timeout = 10
    Wed Aug 26 11:27:58 2009 us=253885 connect_retry_max = 0
    Wed Aug 26 11:27:58 2009 us=253965 socks_proxy_server = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=254048 socks_proxy_port = 0
    Wed Aug 26 11:27:58 2009 us=254129 socks_proxy_retry = DISABLED
    Wed Aug 26 11:27:58 2009 us=254215 Connection profiles END
    Wed Aug 26 11:27:58 2009 us=254297 remote_random = DISABLED
    Wed Aug 26 11:27:58 2009 us=254379 ipchange = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=254462 dev = 'tap0'
    Wed Aug 26 11:27:58 2009 us=254543 dev_type = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=254623 dev_node = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=254704 lladdr = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=254785 topology = 1
    Wed Aug 26 11:27:58 2009 us=254866 tun_ipv6 = DISABLED
    Wed Aug 26 11:27:58 2009 us=254947 ifconfig_local = '192.168.1.2'
    Wed Aug 26 11:27:58 2009 us=255028 ifconfig_remote_netmask = '255.255.255.0'
    Wed Aug 26 11:27:58 2009 us=255109 ifconfig_noexec = DISABLED
    Wed Aug 26 11:27:58 2009 us=255190 ifconfig_nowarn = DISABLED
    Wed Aug 26 11:27:58 2009 us=255270 shaper = 0
    Wed Aug 26 11:27:58 2009 us=255352 tun_mtu = 1500
    Wed Aug 26 11:27:58 2009 us=255433 tun_mtu_defined = ENABLED
    Wed Aug 26 11:27:58 2009 us=255515 link_mtu = 1500
    Wed Aug 26 11:27:58 2009 us=255597 link_mtu_defined = DISABLED
    Wed Aug 26 11:27:58 2009 us=255678 tun_mtu_extra = 32
    Wed Aug 26 11:27:58 2009 us=255759 tun_mtu_extra_defined = ENABLED
    Wed Aug 26 11:27:58 2009 us=255840 fragment = 0
    Wed Aug 26 11:27:58 2009 us=255920 mtu_discover_type = -1
    Wed Aug 26 11:27:58 2009 us=256002 mtu_test = 0
    Wed Aug 26 11:27:58 2009 us=256083 mlock = DISABLED
    Wed Aug 26 11:27:58 2009 us=256165 keepalive_ping = 10
    Wed Aug 26 11:27:58 2009 us=256246 keepalive_timeout = 30
    Wed Aug 26 11:27:58 2009 us=256327 inactivity_timeout = 0
    Wed Aug 26 11:27:58 2009 us=256409 ping_send_timeout = 10
    Wed Aug 26 11:27:58 2009 us=256489 ping_rec_timeout = 60
    Wed Aug 26 11:27:58 2009 us=256570 ping_rec_timeout_action = 2
    Wed Aug 26 11:27:58 2009 us=256651 ping_timer_remote = DISABLED
    Wed Aug 26 11:27:58 2009 us=256732 remap_sigusr1 = 0
    Wed Aug 26 11:27:58 2009 us=256814 explicit_exit_notification = 0
    Wed Aug 26 11:27:58 2009 us=256973 persist_tun = DISABLED
    Wed Aug 26 11:27:58 2009 us=257060 persist_local_ip = DISABLED
    Wed Aug 26 11:27:58 2009 us=257142 persist_remote_ip = DISABLED
    Wed Aug 26 11:27:58 2009 us=257224 persist_key = DISABLED
    Wed Aug 26 11:27:58 2009 us=257304 mssfix = 1450
    Wed Aug 26 11:27:58 2009 us=257386 passtos = DISABLED
    Wed Aug 26 11:27:58 2009 us=257521 resolve_retry_seconds = 1000000000
    Wed Aug 26 11:27:58 2009 us=257610 username = 'nobody'
    Wed Aug 26 11:27:58 2009 us=257693 groupname = 'nogroup'
    Wed Aug 26 11:27:58 2009 us=257774 chroot_dir = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=257856 cd_dir = '/etc/openvpn'
    Wed Aug 26 11:27:58 2009 us=257937 writepid = '/var/run/openvpn.server.pid'
    Wed Aug 26 11:27:58 2009 us=258017 up_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=258099 down_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=258178 down_pre = DISABLED
    Wed Aug 26 11:27:58 2009 us=258260 up_restart = DISABLED
    Wed Aug 26 11:27:58 2009 us=258340 up_delay = DISABLED
    Wed Aug 26 11:27:58 2009 us=258421 daemon = ENABLED
    Wed Aug 26 11:27:58 2009 us=258502 inetd = 0
    Wed Aug 26 11:27:58 2009 us=258583 log = ENABLED
    Wed Aug 26 11:27:58 2009 us=258663 suppress_timestamps = DISABLED
    Wed Aug 26 11:27:58 2009 us=258744 nice = 0
    Wed Aug 26 11:27:58 2009 us=258824 verbosity = 5
    Wed Aug 26 11:27:58 2009 us=258905 mute = 0
    Wed Aug 26 11:27:58 2009 us=258985 gremlin = 0
    Wed Aug 26 11:27:58 2009 us=259068 status_file = '/var/run/openvpn/vpn.status'
    Wed Aug 26 11:27:58 2009 us=259150 status_file_version = 1
    Wed Aug 26 11:27:58 2009 us=259231 status_file_update_freq = 10
    Wed Aug 26 11:27:58 2009 us=259312 occ = ENABLED
    Wed Aug 26 11:27:58 2009 us=259392 rcvbuf = 65536
    Wed Aug 26 11:27:58 2009 us=259474 sndbuf = 65536
    Wed Aug 26 11:27:58 2009 us=259554 sockflags = 0
    Wed Aug 26 11:27:58 2009 us=259636 fast_io = DISABLED
    Wed Aug 26 11:27:58 2009 us=259716 lzo = 7
    Wed Aug 26 11:27:58 2009 us=259796 route_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=259878 route_default_gateway = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=259960 route_default_metric = 0
    Wed Aug 26 11:27:58 2009 us=260041 route_noexec = DISABLED
    Wed Aug 26 11:27:58 2009 us=260123 route_delay = 0
    Wed Aug 26 11:27:58 2009 us=260204 route_delay_window = 30
    Wed Aug 26 11:27:58 2009 us=260286 route_delay_defined = DISABLED
    Wed Aug 26 11:27:58 2009 us=260368 route_nopull = DISABLED
    Wed Aug 26 11:27:58 2009 us=260450 route_gateway_via_dhcp = DISABLED
    Wed Aug 26 11:27:58 2009 us=260534 allow_pull_fqdn = DISABLED
    Wed Aug 26 11:27:58 2009 us=260618 management_addr = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=260701 management_port = 0
    Wed Aug 26 11:27:58 2009 us=260785 management_user_pass = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=260870 management_log_history_cache = 250
    Wed Aug 26 11:27:58 2009 us=260956 management_echo_buffer_size = 100
    Wed Aug 26 11:27:58 2009 us=261041 management_write_peer_info_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=261121 management_flags = 0
    Wed Aug 26 11:27:58 2009 us=261205 shared_secret_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=261288 key_direction = 0
    Wed Aug 26 11:27:58 2009 us=261370 ciphername_defined = ENABLED
    Wed Aug 26 11:27:58 2009 us=261506 ciphername = 'BF-CBC'
    Wed Aug 26 11:27:58 2009 us=261596 authname_defined = ENABLED
    Wed Aug 26 11:27:58 2009 us=261679 authname = 'SHA1'
    Wed Aug 26 11:27:58 2009 us=261763 keysize = 0
    Wed Aug 26 11:27:58 2009 us=261845 engine = DISABLED
    Wed Aug 26 11:27:58 2009 us=261928 replay = ENABLED
    Wed Aug 26 11:27:58 2009 us=262012 mute_replay_warnings = DISABLED
    Wed Aug 26 11:27:58 2009 us=262093 replay_window = 64
    Wed Aug 26 11:27:58 2009 us=262176 replay_time = 15
    Wed Aug 26 11:27:58 2009 us=262260 packet_id_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=262343 use_iv = ENABLED
    Wed Aug 26 11:27:58 2009 us=262426 test_crypto = DISABLED
    Wed Aug 26 11:27:58 2009 us=262505 tls_server = ENABLED
    Wed Aug 26 11:27:58 2009 us=262588 tls_client = DISABLED
    Wed Aug 26 11:27:58 2009 us=262717 key_method = 2
    Wed Aug 26 11:27:58 2009 us=262806 ca_file = '/etc/openvpn/ca.crt'
    Wed Aug 26 11:27:58 2009 us=262889 ca_path = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=262974 dh_file = '/etc/openvpn/dh2048.pem'
    Wed Aug 26 11:27:58 2009 us=263058 cert_file = '/etc/openvpn/server.crt'
    Wed Aug 26 11:27:58 2009 us=263141 priv_key_file = '/etc/openvpn/server.key'
    Wed Aug 26 11:27:58 2009 us=263224 pkcs12_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=263307 cipher_list = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=263389 tls_verify = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=263471 tls_remote = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=263553 crl_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=263636 ns_cert_type = 0
    Wed Aug 26 11:27:58 2009 us=263721 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=263803 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=263882 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=263964 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264045 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264125 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264206 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264286 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264367 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264448 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264529 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264609 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264690 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264768 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264849 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264928 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=265010 remote_cert_eku = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=265091 tls_timeout = 2
    Wed Aug 26 11:27:58 2009 us=265173 renegotiate_bytes = 0
    Wed Aug 26 11:27:58 2009 us=265257 renegotiate_packets = 0
    Wed Aug 26 11:27:58 2009 us=265341 renegotiate_seconds = 3600
    Wed Aug 26 11:27:58 2009 us=265422 handshake_window = 60
    Wed Aug 26 11:27:58 2009 us=265898 transition_window = 3600
    Wed Aug 26 11:27:58 2009 us=265992 single_session = DISABLED
    Wed Aug 26 11:27:58 2009 us=266080 tls_exit = DISABLED
    Wed Aug 26 11:27:58 2009 us=266166 tls_auth_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=266252 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266336 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266420 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266500 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266585 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266668 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266751 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266835 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266915 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266999 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267082 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267164 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267248 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267329 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267415 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267499 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267583 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=267671 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=267754 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=267839 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=267924 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268005 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268088 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268172 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268309 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268400 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268485 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268567 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268651 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268733 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268817 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268903 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268987 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269069 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269150 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269231 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269313 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269395 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269524 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269610 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269693 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269774 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269856 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269940 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=270019 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=270100 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=270181 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=270261 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=270346 pkcs11_pin_cache_period = -1
    Wed Aug 26 11:27:58 2009 us=270428 pkcs11_id = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=270511 pkcs11_id_management = DISABLED
    Wed Aug 26 11:27:58 2009 us=270651 server_network = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=270748 server_netmask = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=270842 server_bridge_ip = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=270938 server_bridge_netmask = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=271031 server_bridge_pool_start = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=271125 server_bridge_pool_end = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=271211 push_list = 'dhcp-option DNS 192.168.1.1,redirect-gateway def1,redirect-gateway local def1,ping 10,ping-restart 30'
    Wed Aug 26 11:27:58 2009 us=271297 ifconfig_pool_defined = ENABLED
    Wed Aug 26 11:27:58 2009 us=271392 ifconfig_pool_start = 192.168.1.110
    Wed Aug 26 11:27:58 2009 us=271487 ifconfig_pool_end = 192.168.1.120
    Wed Aug 26 11:27:58 2009 us=271582 ifconfig_pool_netmask = 255.255.255.0
    Wed Aug 26 11:27:58 2009 us=271668 ifconfig_pool_persist_filename = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=271752 ifconfig_pool_persist_refresh_freq = 600
    Wed Aug 26 11:27:58 2009 us=271833 n_bcast_buf = 256
    Wed Aug 26 11:27:58 2009 us=271915 tcp_queue_limit = 64
    Wed Aug 26 11:27:58 2009 us=271999 real_hash_size = 256
    Wed Aug 26 11:27:58 2009 us=272082 virtual_hash_size = 256
    Wed Aug 26 11:27:58 2009 us=272167 client_connect_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=272249 learn_address_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=272332 client_disconnect_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=272413 client_config_dir = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=272494 ccd_exclusive = DISABLED
    Wed Aug 26 11:27:58 2009 us=272576 tmp_dir = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=272660 push_ifconfig_defined = DISABLED
    Wed Aug 26 11:27:58 2009 us=272756 push_ifconfig_local = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=272850 push_ifconfig_remote_netmask = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=272933 enable_c2c = ENABLED
    Wed Aug 26 11:27:58 2009 us=273015 duplicate_cn = ENABLED
    Wed Aug 26 11:27:58 2009 us=273095 cf_max = 0
    Wed Aug 26 11:27:58 2009 us=273177 cf_per = 0
    Wed Aug 26 11:27:58 2009 us=273258 max_clients = 5
    Wed Aug 26 11:27:58 2009 us=273343 max_routes_per_client = 256
    Wed Aug 26 11:27:58 2009 us=273427 client_cert_not_required = DISABLED
    Wed Aug 26 11:27:58 2009 us=273604 username_as_common_name = DISABLED
    Wed Aug 26 11:27:58 2009 us=273694 auth_user_pass_verify_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=273780 auth_user_pass_verify_script_via_file = DISABLED
    Wed Aug 26 11:27:58 2009 us=273864 port_share_host = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=273947 port_share_port = 0
    Wed Aug 26 11:27:58 2009 us=274028 client = DISABLED
    Wed Aug 26 11:27:58 2009 us=274109 pull = DISABLED
    Wed Aug 26 11:27:58 2009 us=274191 auth_user_pass_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=274287 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
    Wed Aug 26 11:27:58 2009 us=275012 WARNING: you are using user/group/chroot without persist-tun -- this may cause restarts to fail
    Wed Aug 26 11:27:58 2009 us=275101 WARNING: you are using user/group/chroot without persist-key -- this may cause restarts to fail
    Wed Aug 26 11:27:58 2009 us=275587 Note: cannot open /var/run/openvpn/vpn.status for WRITE
    Wed Aug 26 11:27:58 2009 us=842570 Diffie-Hellman initialized with 2048 bit key
    Wed Aug 26 11:27:58 2009 us=850239 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
    Wed Aug 26 11:28:00 2009 us=301586 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Aug 26 11:28:00 2009 us=308353 TUN/TAP device tap0 opened
    Wed Aug 26 11:28:00 2009 us=308514 TUN/TAP TX queue length set to 100
    Wed Aug 26 11:28:00 2009 us=308738 /sbin/ifconfig tap0 192.168.1.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
    Wed Aug 26 11:28:00 2009 us=330284 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed Aug 26 11:28:00 2009 us=334191 GID set to nogroup
    Wed Aug 26 11:28:00 2009 us=334474 UID set to nobody
    Wed Aug 26 11:28:00 2009 us=334659 Socket Buffers: R=[111616->131072] S=[111616->131072]
    Wed Aug 26 11:28:00 2009 us=334782 UDPv4 link local (bound): [undef]:1194
    Wed Aug 26 11:28:00 2009 us=334876 UDPv4 link remote: [undef]
    Wed Aug 26 11:28:00 2009 us=334987 MULTI: multi_init called, r=256 v=256
    Wed Aug 26 11:28:00 2009 us=335301 IFCONFIG POOL: base=192.168.1.110 size=11
    Wed Aug 26 11:28:00 2009 us=335493 Initialization Sequence Completed
    Wed Aug 26 11:38:32 2009 us=831302 event_wait : Interrupted system call (code=4)
    Wed Aug 26 11:38:32 2009 us=832375 TCP/UDP: Closing socket
    Wed Aug 26 11:38:32 2009 us=832495 Closing TUN/TAP interface
    Wed Aug 26 11:38:32 2009 us=832625 /sbin/ifconfig tap0 0.0.0.0
    SIOCSIFADDR: Permission denied
    SIOCSIFFLAGS: Permission denied
    Wed Aug 26 11:38:32 2009 us=840892 Linux ip addr del failed: external program exited with error status: 255
    Wed Aug 26 11:38:32 2009 us=886653 SIGTERM[hard,] received, process exiting
    

    Nevite nekdo, kde delam chybu? Je lepsi pouzit tun, nebo tap? Co maje jake vyhody a nevyhody? Musim nastavovat routovani pro klient na vpn, kdyz jim budu pridelovat adresy ze stejneho rozsahu, jako maji klienti v lokalni siti? Nemohl by vpn klientum pridelovat ip adresy lokalni DHCP server?

    Odpovědi

    26.8.2009 13:05 NN
    Rozbalit Rozbalit vše Re: m

    Pridej do serveru:

    persist-key

    persist-tun

    A podle tohoto:

    Wed Aug 26 11:38:32 2009 us=832625 /sbin/ifconfig tap0 0.0.0.0
    SIOCSIFADDR: Permission denied
    
    SIOCSIFFLAGS: Permission denied
    
    Je problem s opravneni k vytvoreti tap ktery se pouziva k vytvareni mostu
    takze pouzijte tun.
    
    NN
    
    26.8.2009 17:39 m
    Rozbalit Rozbalit vše Re: m

    Tak jsem to upravil podle tve rady:

    mode server
    tls-server
    dev tun0
    proto udp
    port 1194
    ifconfig 192.168.1.2 255.255.255.0
    ifconfig-pool 192.168.1.110 192.168.1.120 255.255.255.0
    duplicate-cn
    max-clients 5
    client-to-client
    push "dhcp-option DNS 192.168.1.1"
    push "redirect-gateway def1"
    push "redirect-gateway local def1"
    keepalive 10 30
    ca /etc/openvpn/ca.crt
    cert /etc/openvpn/server.crt
    key /etc/openvpn/server.key
    dh /etc/openvpn/dh2048.pem
    log-append /var/log/openvpn
    status /var/run/openvpn/vpn.status 10
    user nobody
    group nogroup
    comp-lzo
    verb 3
    persist-key
    persist-tun

    ale porad to nejde - ani se nespusti VPN server:

    Wed Aug 26 17:05:06 2009 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
    Wed Aug 26 17:05:06 2009 Note: cannot open /var/run/openvpn/vpn.status for WRITE
    Wed Aug 26 17:05:07 2009 Diffie-Hellman initialized with 2048 bit key
    Wed Aug 26 17:05:07 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
    Wed Aug 26 17:05:10 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Aug 26 17:05:10 2009 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
    Wed Aug 26 17:05:10 2009 TUN/TAP device tun0 opened
    Wed Aug 26 17:05:10 2009 TUN/TAP TX queue length set to 100
    Wed Aug 26 17:05:10 2009 /sbin/ifconfig tun0 192.168.1.2 pointopoint 255.255.255.0 mtu 1500
    SIOCSIFDSTADDR: Invalid argument
    Wed Aug 26 17:05:10 2009 Linux ifconfig failed: external program exited with error status: 1
    Wed Aug 26 17:05:10 2009 Exiting
    Options error: The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode
    Use --help for more information.
    
    26.8.2009 20:56 NN
    Rozbalit Rozbalit vše Re: m

    Dobre jeste vyhodit oboje 'ifconfig' a misto toho:

    server 192.168.1.0 255.255.255.0

    a stim redirect-gateway si nejsem jisty..

    NN

     

    Dalibor Smolík avatar 27.8.2009 09:17 Dalibor Smolík | skóre: 54 | blog: Postrehy_ze_zivota | 50°5'31.93"N,14°19'35.51"E
    Rozbalit Rozbalit vše Re: OpenVPN - nespoji se

    Zdravím, kompletní problematiku openVPN tak, jak jsem toto připojení zprovoznil a prodiskutoval i zde na abíčku uvádím

    tady.

    Obsahuje i konfiguráky u serveru a klienta, je to odzkoušené na několika klientech a zaručeně funguje.


    Rozdíly v řeči a ve zvyklostech neznamenají vůbec nic, budeme-li mít stejné cíle a otevřená srdce.
    27.8.2009 09:40 melkors | skóre: 13 | blog: kdo_chce_kam
    Rozbalit Rozbalit vše Re: OpenVPN - nespoji se

    Nevadi ti radek: Note: cannot open /var/run/openvpn/vpn.status for WRITE ???

    IMHO to zapricinuje nasledne

    SIOCSIFADDR: Permission denied
    SIOCSIFFLAGS: Permission denied

    Takze nastavit prava ... (/var/run/openvpn musi mit pravo zapisu user nobody nebo alespon skupina nogroup)

     

    Založit nové vláknoNahoru

    Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

    ISSN 1214-1267   www.czech-server.cz
    © 1999-2015 Nitemedia s. r. o. Všechna práva vyhrazena.