abclinuxu.cz AbcLinuxu.cz itbiz.cz ITBiz.cz HDmag.cz HDmag.cz abcprace.cz AbcPráce.cz
AbcLinuxu hledá autory!
Inzerujte na AbcPráce.cz od 950 Kč
Rozšířené hledání
×

dnes 13:55 | Zajímavý projekt

UPSat je první open source nanodružice. Jedná se o společný projekt nadace Libre Space Foundation a University of Patras. Repozitáře projektu jsou k dispozici na GitHubu. Pod Libre Space Foundation patří také projekt SatNOGS (zprávička), projekt globální sítě open source pozemních satelitních stanic, vítězný projekt soutěže The Hackaday Prize 2014. UPSat je součástí mise QB50 (Twitter). ID UPSatu je GR02. GPS přijímač na UPSatu je od české společnosti SkyFox Labs. Součástí mise QB50 je i česká nanodružice VZLUSAT-1 s ID CZ02.

Ladislav Hagara | Komentářů: 0
21.4. 15:00 | Komunita

V diskusním listu Thunderbird planning vývojáři poštovního klienta Thunderbird řeší, zda by nebylo možné budoucí Thunderbird postavit nad webovými technologiemi, tj. nad Electronem, stejně jako například Nylas Mail. Gecko, nad kterým je Thunderbird postaven, se má hodně změnit. V plánu je odstranění vlastností, které Firefox už nepotřebuje, ale Thunderbird je na nich závislý [Hacker News, reddit].

Ladislav Hagara | Komentářů: 74
21.4. 10:22 | Bezpečnostní upozornění

Společnost Oracle vydala čtvrtletní bezpečnostní aktualizaci svých softwarových produktů (CPU, Critical Patch Update). Opraveno bylo celkově 299 bezpečnostních chyb. V Oracle Java SE je například opraveno 8 bezpečnostních chyb. Vzdáleně zneužitelných bez autentizace je 7 z nich. V Oracle MySQL je opraveno 39 bezpečnostních chyb. Vzdáleně zneužitelných bez autentizace je 11 z nich.

Ladislav Hagara | Komentářů: 6
21.4. 10:00 | Pozvánky

V úterý 25. dubna proběhne další Prague Containers Meetup. Přijďte se nechat inspirovat jak zlepšit build/delivery pipeline vašich kontejnerových aplikací.

little-drunk-jesus | Komentářů: 2
20.4. 21:33 | Komunita

Na Launchpadu se objevilo kódové jméno následující verze Ubuntu. Ubuntu 17.10 bude Artful Aardvark (mazaný hrabáč) [OMG! Ubuntu!].

Ladislav Hagara | Komentářů: 9
20.4. 20:11 | Zajímavý software

MojeFedora.cz informuje, že společnost Nylas oznámila vydání verze 2.0 poštovního klienta Nylas Mail (původně Nylas N1), která již plně podporuje Linux. Obchodní model společnosti je tzv. open core. Samotný klient je open source, ale uživatel si musí připlatit za některé pokročilé funkce. V základu se lze připojit k GMailu nebo libovolnému účtu přes IMAP. Podpora Exchange je pouze v placené verzi. Klient je napsaný nad Electronem.

Ladislav Hagara | Komentářů: 12
20.4. 15:55 | Zajímavý článek

České centrum pro investigativní žurnalistiku (ČCIŽ) publikovalo na svých stránkách článek s názvem Je česká státní správa „rukojmím Microsoftu“?. Drtivá většina české veřejné správy je závislá na výrobcích softwarového gigantu Microsoft – a nijak zvlášť jí to nevadí.

Ladislav Hagara | Komentářů: 16
20.4. 02:48 | Nová verze

Google Chrome 58 byl prohlášen za stabilní. Nejnovější stabilní verze 58.0.3029.81 tohoto webového prohlížeče přináší řadu oprav a vylepšení (YouTube). Opraveno bylo 29 bezpečnostních chyb. Mezi nimi i chyba umožňující phishing s unicode doménami.

Ladislav Hagara | Komentářů: 0
19.4. 22:44 | Nová verze

Po šesti týdnech od vydání verze 52.0 byla vydána verze 53.0 webového prohlížeče Mozilla Firefox. Z novinek lze upozornit například na nové kompaktní vzhledy – tmavý z Firefoxu Developer Edition a jeho světlá varianta. Na Linuxu byla ukončena podpora procesorů starších než Pentium 4 a AMD Opteron. Podrobné informace v poznámkách k vydání a na stránce věnované vývojářům. Řešeny jsou také bezpečnostní chyby.

Ladislav Hagara | Komentářů: 11
19.4. 17:44 | IT novinky

Realtimová strategická počítačová hra StarCraft a její rozšíření StarCraft: Brood War jsou ode dneška zdarma. Společnost Blizzard Entertainment chystá remasterovanou verzi (YouTube) a při té příležitosti se rozhodla neremasterovanou verzi aktualizovat a dát ji ode dneška k dispozici zdarma. Hru lze na Linuxu hrát pod Wine.

Ladislav Hagara | Komentářů: 3
Chystáte se pořídit CPU AMD Ryzen?
 (4%)
 (35%)
 (0%)
 (7%)
 (45%)
 (9%)
Celkem 268 hlasů
 Komentářů: 31, poslední 20.4. 21:26
    Rozcestník

    Dotaz: OpenVPN - nespoji se

    26.8.2009 12:20 m
    OpenVPN - nespoji se
    Přečteno: 869×

    V siti pouzivam rozsah 192.168.1.0/255.255.255.0. Server ma IP 192.168.1.1 stanicim prideluje DHCP z rozsahu 192.168.1.10-192.168.1.100. OpenVPN mam takto nastaveno (Debian 5.0):

    mode server
    tls-server
    dev tap0
    proto udp
    port 1194
    ifconfig 192.168.1.2 255.255.255.0
    ifconfig-pool 192.168.1.110 192.168.1.120 255.255.255.0
    duplicate-cn
    max-clients 5
    client-to-client
    push "dhcp-option DNS 192.168.1.1"
    push "redirect-gateway def1"
    push "redirect-gateway local def1"
    keepalive 10 30
    ca /etc/openvpn/ca.crt
    cert /etc/openvpn/server.crt
    key /etc/openvpn/server.key
    dh /etc/openvpn/dh2048.pem
    log-append /var/log/openvpn
    status /var/run/openvpn/vpn.status 10
    user nobody
    group nogroup
    comp-lzo
    verb 5

    Klient na Windows XP SP2 ma nasledujici nastaveni:

    remote server.example.com
    port 1194
    tls-client
    dev tap
    pull
    ns-cert-type server
    mute 10
    ca ca.crt
    cert pokus.crt
    key pokus.key
    comp-lzo
    verb 3

    Vubec se to nespoji. Na klientovi to vypisuje nasledujici chybu:

    Wed Aug 26 11:29:56 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
    Wed Aug 26 11:30:01 2009 LZO compression initialized
    Wed Aug 26 11:30:01 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Aug 26 11:30:01 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed Aug 26 11:30:01 2009 Local Options hash (VER=V4): 'd79ca330'
    Wed Aug 26 11:30:01 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
    Wed Aug 26 11:30:01 2009 UDPv4 link local (bound): [undef]:1194
    Wed Aug 26 11:30:01 2009 UDPv4 link remote: IP.AD.RE.SA:1194
    Wed Aug 26 11:30:01 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:03 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:06 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:08 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:10 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:11 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:14 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:16 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:17 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:20 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
    Wed Aug 26 11:30:22 2009 NOTE: --mute triggered...
    

    a na serveru:

    
    Wed Aug 26 11:27:57 2009 us=2701 event_wait : Interrupted system call (code=4)
    Wed Aug 26 11:27:57 2009 us=7160 TCP/UDP: Closing socket
    Wed Aug 26 11:27:57 2009 us=7444 Closing TUN/TAP interface
    Wed Aug 26 11:27:57 2009 us=7576 /sbin/ifconfig tap0 0.0.0.0
    SIOCSIFADDR: Permission denied
    SIOCSIFFLAGS: Permission denied
    Wed Aug 26 11:27:57 2009 us=12791 Linux ip addr del failed: external program exited with error status: 255
    Wed Aug 26 11:27:57 2009 us=27873 SIGTERM[hard,] received, process exiting
    Wed Aug 26 11:27:58 2009 us=251756 Current Parameter Settings:
    Wed Aug 26 11:27:58 2009 us=252083 config = '/etc/openvpn/server.conf'
    Wed Aug 26 11:27:58 2009 us=252177 mode = 1
    Wed Aug 26 11:27:58 2009 us=252261 persist_config = DISABLED
    Wed Aug 26 11:27:58 2009 us=252346 persist_mode = 1
    Wed Aug 26 11:27:58 2009 us=252427 show_ciphers = DISABLED
    Wed Aug 26 11:27:58 2009 us=252508 show_digests = DISABLED
    Wed Aug 26 11:27:58 2009 us=252588 show_engines = DISABLED
    Wed Aug 26 11:27:58 2009 us=252669 genkey = DISABLED
    Wed Aug 26 11:27:58 2009 us=252751 key_pass_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=252833 show_tls_ciphers = DISABLED
    Wed Aug 26 11:27:58 2009 us=252921 Connection profiles [default]:
    Wed Aug 26 11:27:58 2009 us=253006 proto = udp
    Wed Aug 26 11:27:58 2009 us=253089 local = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=253172 local_port = 1194
    Wed Aug 26 11:27:58 2009 us=253252 remote = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=253333 remote_port = 1194
    Wed Aug 26 11:27:58 2009 us=253415 remote_float = DISABLED
    Wed Aug 26 11:27:58 2009 us=253553 bind_defined = DISABLED
    Wed Aug 26 11:27:58 2009 us=253638 bind_local = ENABLED
    Wed Aug 26 11:27:58 2009 us=253721 connect_retry_seconds = 5
    Wed Aug 26 11:27:58 2009 us=253804 connect_timeout = 10
    Wed Aug 26 11:27:58 2009 us=253885 connect_retry_max = 0
    Wed Aug 26 11:27:58 2009 us=253965 socks_proxy_server = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=254048 socks_proxy_port = 0
    Wed Aug 26 11:27:58 2009 us=254129 socks_proxy_retry = DISABLED
    Wed Aug 26 11:27:58 2009 us=254215 Connection profiles END
    Wed Aug 26 11:27:58 2009 us=254297 remote_random = DISABLED
    Wed Aug 26 11:27:58 2009 us=254379 ipchange = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=254462 dev = 'tap0'
    Wed Aug 26 11:27:58 2009 us=254543 dev_type = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=254623 dev_node = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=254704 lladdr = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=254785 topology = 1
    Wed Aug 26 11:27:58 2009 us=254866 tun_ipv6 = DISABLED
    Wed Aug 26 11:27:58 2009 us=254947 ifconfig_local = '192.168.1.2'
    Wed Aug 26 11:27:58 2009 us=255028 ifconfig_remote_netmask = '255.255.255.0'
    Wed Aug 26 11:27:58 2009 us=255109 ifconfig_noexec = DISABLED
    Wed Aug 26 11:27:58 2009 us=255190 ifconfig_nowarn = DISABLED
    Wed Aug 26 11:27:58 2009 us=255270 shaper = 0
    Wed Aug 26 11:27:58 2009 us=255352 tun_mtu = 1500
    Wed Aug 26 11:27:58 2009 us=255433 tun_mtu_defined = ENABLED
    Wed Aug 26 11:27:58 2009 us=255515 link_mtu = 1500
    Wed Aug 26 11:27:58 2009 us=255597 link_mtu_defined = DISABLED
    Wed Aug 26 11:27:58 2009 us=255678 tun_mtu_extra = 32
    Wed Aug 26 11:27:58 2009 us=255759 tun_mtu_extra_defined = ENABLED
    Wed Aug 26 11:27:58 2009 us=255840 fragment = 0
    Wed Aug 26 11:27:58 2009 us=255920 mtu_discover_type = -1
    Wed Aug 26 11:27:58 2009 us=256002 mtu_test = 0
    Wed Aug 26 11:27:58 2009 us=256083 mlock = DISABLED
    Wed Aug 26 11:27:58 2009 us=256165 keepalive_ping = 10
    Wed Aug 26 11:27:58 2009 us=256246 keepalive_timeout = 30
    Wed Aug 26 11:27:58 2009 us=256327 inactivity_timeout = 0
    Wed Aug 26 11:27:58 2009 us=256409 ping_send_timeout = 10
    Wed Aug 26 11:27:58 2009 us=256489 ping_rec_timeout = 60
    Wed Aug 26 11:27:58 2009 us=256570 ping_rec_timeout_action = 2
    Wed Aug 26 11:27:58 2009 us=256651 ping_timer_remote = DISABLED
    Wed Aug 26 11:27:58 2009 us=256732 remap_sigusr1 = 0
    Wed Aug 26 11:27:58 2009 us=256814 explicit_exit_notification = 0
    Wed Aug 26 11:27:58 2009 us=256973 persist_tun = DISABLED
    Wed Aug 26 11:27:58 2009 us=257060 persist_local_ip = DISABLED
    Wed Aug 26 11:27:58 2009 us=257142 persist_remote_ip = DISABLED
    Wed Aug 26 11:27:58 2009 us=257224 persist_key = DISABLED
    Wed Aug 26 11:27:58 2009 us=257304 mssfix = 1450
    Wed Aug 26 11:27:58 2009 us=257386 passtos = DISABLED
    Wed Aug 26 11:27:58 2009 us=257521 resolve_retry_seconds = 1000000000
    Wed Aug 26 11:27:58 2009 us=257610 username = 'nobody'
    Wed Aug 26 11:27:58 2009 us=257693 groupname = 'nogroup'
    Wed Aug 26 11:27:58 2009 us=257774 chroot_dir = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=257856 cd_dir = '/etc/openvpn'
    Wed Aug 26 11:27:58 2009 us=257937 writepid = '/var/run/openvpn.server.pid'
    Wed Aug 26 11:27:58 2009 us=258017 up_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=258099 down_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=258178 down_pre = DISABLED
    Wed Aug 26 11:27:58 2009 us=258260 up_restart = DISABLED
    Wed Aug 26 11:27:58 2009 us=258340 up_delay = DISABLED
    Wed Aug 26 11:27:58 2009 us=258421 daemon = ENABLED
    Wed Aug 26 11:27:58 2009 us=258502 inetd = 0
    Wed Aug 26 11:27:58 2009 us=258583 log = ENABLED
    Wed Aug 26 11:27:58 2009 us=258663 suppress_timestamps = DISABLED
    Wed Aug 26 11:27:58 2009 us=258744 nice = 0
    Wed Aug 26 11:27:58 2009 us=258824 verbosity = 5
    Wed Aug 26 11:27:58 2009 us=258905 mute = 0
    Wed Aug 26 11:27:58 2009 us=258985 gremlin = 0
    Wed Aug 26 11:27:58 2009 us=259068 status_file = '/var/run/openvpn/vpn.status'
    Wed Aug 26 11:27:58 2009 us=259150 status_file_version = 1
    Wed Aug 26 11:27:58 2009 us=259231 status_file_update_freq = 10
    Wed Aug 26 11:27:58 2009 us=259312 occ = ENABLED
    Wed Aug 26 11:27:58 2009 us=259392 rcvbuf = 65536
    Wed Aug 26 11:27:58 2009 us=259474 sndbuf = 65536
    Wed Aug 26 11:27:58 2009 us=259554 sockflags = 0
    Wed Aug 26 11:27:58 2009 us=259636 fast_io = DISABLED
    Wed Aug 26 11:27:58 2009 us=259716 lzo = 7
    Wed Aug 26 11:27:58 2009 us=259796 route_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=259878 route_default_gateway = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=259960 route_default_metric = 0
    Wed Aug 26 11:27:58 2009 us=260041 route_noexec = DISABLED
    Wed Aug 26 11:27:58 2009 us=260123 route_delay = 0
    Wed Aug 26 11:27:58 2009 us=260204 route_delay_window = 30
    Wed Aug 26 11:27:58 2009 us=260286 route_delay_defined = DISABLED
    Wed Aug 26 11:27:58 2009 us=260368 route_nopull = DISABLED
    Wed Aug 26 11:27:58 2009 us=260450 route_gateway_via_dhcp = DISABLED
    Wed Aug 26 11:27:58 2009 us=260534 allow_pull_fqdn = DISABLED
    Wed Aug 26 11:27:58 2009 us=260618 management_addr = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=260701 management_port = 0
    Wed Aug 26 11:27:58 2009 us=260785 management_user_pass = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=260870 management_log_history_cache = 250
    Wed Aug 26 11:27:58 2009 us=260956 management_echo_buffer_size = 100
    Wed Aug 26 11:27:58 2009 us=261041 management_write_peer_info_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=261121 management_flags = 0
    Wed Aug 26 11:27:58 2009 us=261205 shared_secret_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=261288 key_direction = 0
    Wed Aug 26 11:27:58 2009 us=261370 ciphername_defined = ENABLED
    Wed Aug 26 11:27:58 2009 us=261506 ciphername = 'BF-CBC'
    Wed Aug 26 11:27:58 2009 us=261596 authname_defined = ENABLED
    Wed Aug 26 11:27:58 2009 us=261679 authname = 'SHA1'
    Wed Aug 26 11:27:58 2009 us=261763 keysize = 0
    Wed Aug 26 11:27:58 2009 us=261845 engine = DISABLED
    Wed Aug 26 11:27:58 2009 us=261928 replay = ENABLED
    Wed Aug 26 11:27:58 2009 us=262012 mute_replay_warnings = DISABLED
    Wed Aug 26 11:27:58 2009 us=262093 replay_window = 64
    Wed Aug 26 11:27:58 2009 us=262176 replay_time = 15
    Wed Aug 26 11:27:58 2009 us=262260 packet_id_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=262343 use_iv = ENABLED
    Wed Aug 26 11:27:58 2009 us=262426 test_crypto = DISABLED
    Wed Aug 26 11:27:58 2009 us=262505 tls_server = ENABLED
    Wed Aug 26 11:27:58 2009 us=262588 tls_client = DISABLED
    Wed Aug 26 11:27:58 2009 us=262717 key_method = 2
    Wed Aug 26 11:27:58 2009 us=262806 ca_file = '/etc/openvpn/ca.crt'
    Wed Aug 26 11:27:58 2009 us=262889 ca_path = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=262974 dh_file = '/etc/openvpn/dh2048.pem'
    Wed Aug 26 11:27:58 2009 us=263058 cert_file = '/etc/openvpn/server.crt'
    Wed Aug 26 11:27:58 2009 us=263141 priv_key_file = '/etc/openvpn/server.key'
    Wed Aug 26 11:27:58 2009 us=263224 pkcs12_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=263307 cipher_list = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=263389 tls_verify = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=263471 tls_remote = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=263553 crl_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=263636 ns_cert_type = 0
    Wed Aug 26 11:27:58 2009 us=263721 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=263803 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=263882 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=263964 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264045 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264125 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264206 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264286 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264367 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264448 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264529 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264609 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264690 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264768 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264849 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=264928 remote_cert_ku[i] = 0
    Wed Aug 26 11:27:58 2009 us=265010 remote_cert_eku = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=265091 tls_timeout = 2
    Wed Aug 26 11:27:58 2009 us=265173 renegotiate_bytes = 0
    Wed Aug 26 11:27:58 2009 us=265257 renegotiate_packets = 0
    Wed Aug 26 11:27:58 2009 us=265341 renegotiate_seconds = 3600
    Wed Aug 26 11:27:58 2009 us=265422 handshake_window = 60
    Wed Aug 26 11:27:58 2009 us=265898 transition_window = 3600
    Wed Aug 26 11:27:58 2009 us=265992 single_session = DISABLED
    Wed Aug 26 11:27:58 2009 us=266080 tls_exit = DISABLED
    Wed Aug 26 11:27:58 2009 us=266166 tls_auth_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=266252 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266336 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266420 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266500 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266585 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266668 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266751 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266835 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266915 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=266999 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267082 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267164 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267248 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267329 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267415 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267499 pkcs11_protected_authentication = DISABLED
    Wed Aug 26 11:27:58 2009 us=267583 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=267671 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=267754 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=267839 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=267924 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268005 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268088 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268172 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268309 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268400 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268485 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268567 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268651 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268733 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268817 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268903 pkcs11_private_mode = 00000000
    Wed Aug 26 11:27:58 2009 us=268987 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269069 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269150 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269231 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269313 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269395 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269524 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269610 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269693 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269774 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269856 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=269940 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=270019 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=270100 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=270181 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=270261 pkcs11_cert_private = DISABLED
    Wed Aug 26 11:27:58 2009 us=270346 pkcs11_pin_cache_period = -1
    Wed Aug 26 11:27:58 2009 us=270428 pkcs11_id = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=270511 pkcs11_id_management = DISABLED
    Wed Aug 26 11:27:58 2009 us=270651 server_network = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=270748 server_netmask = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=270842 server_bridge_ip = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=270938 server_bridge_netmask = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=271031 server_bridge_pool_start = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=271125 server_bridge_pool_end = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=271211 push_list = 'dhcp-option DNS 192.168.1.1,redirect-gateway def1,redirect-gateway local def1,ping 10,ping-restart 30'
    Wed Aug 26 11:27:58 2009 us=271297 ifconfig_pool_defined = ENABLED
    Wed Aug 26 11:27:58 2009 us=271392 ifconfig_pool_start = 192.168.1.110
    Wed Aug 26 11:27:58 2009 us=271487 ifconfig_pool_end = 192.168.1.120
    Wed Aug 26 11:27:58 2009 us=271582 ifconfig_pool_netmask = 255.255.255.0
    Wed Aug 26 11:27:58 2009 us=271668 ifconfig_pool_persist_filename = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=271752 ifconfig_pool_persist_refresh_freq = 600
    Wed Aug 26 11:27:58 2009 us=271833 n_bcast_buf = 256
    Wed Aug 26 11:27:58 2009 us=271915 tcp_queue_limit = 64
    Wed Aug 26 11:27:58 2009 us=271999 real_hash_size = 256
    Wed Aug 26 11:27:58 2009 us=272082 virtual_hash_size = 256
    Wed Aug 26 11:27:58 2009 us=272167 client_connect_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=272249 learn_address_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=272332 client_disconnect_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=272413 client_config_dir = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=272494 ccd_exclusive = DISABLED
    Wed Aug 26 11:27:58 2009 us=272576 tmp_dir = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=272660 push_ifconfig_defined = DISABLED
    Wed Aug 26 11:27:58 2009 us=272756 push_ifconfig_local = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=272850 push_ifconfig_remote_netmask = 0.0.0.0
    Wed Aug 26 11:27:58 2009 us=272933 enable_c2c = ENABLED
    Wed Aug 26 11:27:58 2009 us=273015 duplicate_cn = ENABLED
    Wed Aug 26 11:27:58 2009 us=273095 cf_max = 0
    Wed Aug 26 11:27:58 2009 us=273177 cf_per = 0
    Wed Aug 26 11:27:58 2009 us=273258 max_clients = 5
    Wed Aug 26 11:27:58 2009 us=273343 max_routes_per_client = 256
    Wed Aug 26 11:27:58 2009 us=273427 client_cert_not_required = DISABLED
    Wed Aug 26 11:27:58 2009 us=273604 username_as_common_name = DISABLED
    Wed Aug 26 11:27:58 2009 us=273694 auth_user_pass_verify_script = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=273780 auth_user_pass_verify_script_via_file = DISABLED
    Wed Aug 26 11:27:58 2009 us=273864 port_share_host = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=273947 port_share_port = 0
    Wed Aug 26 11:27:58 2009 us=274028 client = DISABLED
    Wed Aug 26 11:27:58 2009 us=274109 pull = DISABLED
    Wed Aug 26 11:27:58 2009 us=274191 auth_user_pass_file = '[UNDEF]'
    Wed Aug 26 11:27:58 2009 us=274287 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
    Wed Aug 26 11:27:58 2009 us=275012 WARNING: you are using user/group/chroot without persist-tun -- this may cause restarts to fail
    Wed Aug 26 11:27:58 2009 us=275101 WARNING: you are using user/group/chroot without persist-key -- this may cause restarts to fail
    Wed Aug 26 11:27:58 2009 us=275587 Note: cannot open /var/run/openvpn/vpn.status for WRITE
    Wed Aug 26 11:27:58 2009 us=842570 Diffie-Hellman initialized with 2048 bit key
    Wed Aug 26 11:27:58 2009 us=850239 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
    Wed Aug 26 11:28:00 2009 us=301586 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Aug 26 11:28:00 2009 us=308353 TUN/TAP device tap0 opened
    Wed Aug 26 11:28:00 2009 us=308514 TUN/TAP TX queue length set to 100
    Wed Aug 26 11:28:00 2009 us=308738 /sbin/ifconfig tap0 192.168.1.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
    Wed Aug 26 11:28:00 2009 us=330284 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    Wed Aug 26 11:28:00 2009 us=334191 GID set to nogroup
    Wed Aug 26 11:28:00 2009 us=334474 UID set to nobody
    Wed Aug 26 11:28:00 2009 us=334659 Socket Buffers: R=[111616->131072] S=[111616->131072]
    Wed Aug 26 11:28:00 2009 us=334782 UDPv4 link local (bound): [undef]:1194
    Wed Aug 26 11:28:00 2009 us=334876 UDPv4 link remote: [undef]
    Wed Aug 26 11:28:00 2009 us=334987 MULTI: multi_init called, r=256 v=256
    Wed Aug 26 11:28:00 2009 us=335301 IFCONFIG POOL: base=192.168.1.110 size=11
    Wed Aug 26 11:28:00 2009 us=335493 Initialization Sequence Completed
    Wed Aug 26 11:38:32 2009 us=831302 event_wait : Interrupted system call (code=4)
    Wed Aug 26 11:38:32 2009 us=832375 TCP/UDP: Closing socket
    Wed Aug 26 11:38:32 2009 us=832495 Closing TUN/TAP interface
    Wed Aug 26 11:38:32 2009 us=832625 /sbin/ifconfig tap0 0.0.0.0
    SIOCSIFADDR: Permission denied
    SIOCSIFFLAGS: Permission denied
    Wed Aug 26 11:38:32 2009 us=840892 Linux ip addr del failed: external program exited with error status: 255
    Wed Aug 26 11:38:32 2009 us=886653 SIGTERM[hard,] received, process exiting
    

    Nevite nekdo, kde delam chybu? Je lepsi pouzit tun, nebo tap? Co maje jake vyhody a nevyhody? Musim nastavovat routovani pro klient na vpn, kdyz jim budu pridelovat adresy ze stejneho rozsahu, jako maji klienti v lokalni siti? Nemohl by vpn klientum pridelovat ip adresy lokalni DHCP server?

    Odpovědi

    26.8.2009 13:05 NN
    Rozbalit Rozbalit vše Re: m

    Pridej do serveru:

    persist-key

    persist-tun

    A podle tohoto:

    Wed Aug 26 11:38:32 2009 us=832625 /sbin/ifconfig tap0 0.0.0.0
    SIOCSIFADDR: Permission denied
    
    SIOCSIFFLAGS: Permission denied
    
    Je problem s opravneni k vytvoreti tap ktery se pouziva k vytvareni mostu
    takze pouzijte tun.
    
    NN
    
    26.8.2009 17:39 m
    Rozbalit Rozbalit vše Re: m

    Tak jsem to upravil podle tve rady:

    mode server
    tls-server
    dev tun0
    proto udp
    port 1194
    ifconfig 192.168.1.2 255.255.255.0
    ifconfig-pool 192.168.1.110 192.168.1.120 255.255.255.0
    duplicate-cn
    max-clients 5
    client-to-client
    push "dhcp-option DNS 192.168.1.1"
    push "redirect-gateway def1"
    push "redirect-gateway local def1"
    keepalive 10 30
    ca /etc/openvpn/ca.crt
    cert /etc/openvpn/server.crt
    key /etc/openvpn/server.key
    dh /etc/openvpn/dh2048.pem
    log-append /var/log/openvpn
    status /var/run/openvpn/vpn.status 10
    user nobody
    group nogroup
    comp-lzo
    verb 3
    persist-key
    persist-tun

    ale porad to nejde - ani se nespusti VPN server:

    Wed Aug 26 17:05:06 2009 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
    Wed Aug 26 17:05:06 2009 Note: cannot open /var/run/openvpn/vpn.status for WRITE
    Wed Aug 26 17:05:07 2009 Diffie-Hellman initialized with 2048 bit key
    Wed Aug 26 17:05:07 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
    Wed Aug 26 17:05:10 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Aug 26 17:05:10 2009 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
    Wed Aug 26 17:05:10 2009 TUN/TAP device tun0 opened
    Wed Aug 26 17:05:10 2009 TUN/TAP TX queue length set to 100
    Wed Aug 26 17:05:10 2009 /sbin/ifconfig tun0 192.168.1.2 pointopoint 255.255.255.0 mtu 1500
    SIOCSIFDSTADDR: Invalid argument
    Wed Aug 26 17:05:10 2009 Linux ifconfig failed: external program exited with error status: 1
    Wed Aug 26 17:05:10 2009 Exiting
    Options error: The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode
    Use --help for more information.
    
    26.8.2009 20:56 NN
    Rozbalit Rozbalit vše Re: m

    Dobre jeste vyhodit oboje 'ifconfig' a misto toho:

    server 192.168.1.0 255.255.255.0

    a stim redirect-gateway si nejsem jisty..

    NN

     

    Dalibor Smolík avatar 27.8.2009 09:17 Dalibor Smolík | skóre: 54 | blog: Postrehy_ze_zivota | 50°5'31.93"N,14°19'35.51"E
    Rozbalit Rozbalit vše Re: OpenVPN - nespoji se

    Zdravím, kompletní problematiku openVPN tak, jak jsem toto připojení zprovoznil a prodiskutoval i zde na abíčku uvádím

    tady.

    Obsahuje i konfiguráky u serveru a klienta, je to odzkoušené na několika klientech a zaručeně funguje.


    Rozdíly v řeči a ve zvyklostech neznamenají vůbec nic, budeme-li mít stejné cíle a otevřená srdce.
    27.8.2009 09:40 melkors | skóre: 13 | blog: kdo_chce_kam
    Rozbalit Rozbalit vše Re: OpenVPN - nespoji se

    Nevadi ti radek: Note: cannot open /var/run/openvpn/vpn.status for WRITE ???

    IMHO to zapricinuje nasledne

    SIOCSIFADDR: Permission denied
    SIOCSIFFLAGS: Permission denied

    Takze nastavit prava ... (/var/run/openvpn musi mit pravo zapisu user nobody nebo alespon skupina nogroup)

     

    Založit nové vláknoNahoru

    Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

    ISSN 1214-1267   www.czech-server.cz
    © 1999-2015 Nitemedia s. r. o. Všechna práva vyhrazena.