abclinuxu.cz AbcLinuxu.cz itbiz.cz ITBiz.cz HDmag.cz HDmag.cz abcprace.cz AbcPráce.cz
AbcLinuxu hledá autory!
Inzerujte na AbcPráce.cz od 950 Kč
Rozšířené hledání
×
eParkomat, startup z ČR, postoupil mezi finalisty evropského akcelerátoru ChallengeUp!
Robot na pivo mu otevřel dveře k opravdovému byznysu
Internet věcí: Propojený svět? Už se to blíží...
dnes 11:44 | Zajímavý projekt

Na Indiegogo byla spuštěna kampaň na podporu herní mini konzole a multimediálního centra RetroEngine Sigma od Doyodo. Předobjednat ji lze již od 49 dolarů. Požadovaná částka 20 000 dolarů byla překonána již 6 krát. Majitelé mini konzole si budou moci zahrát hry pro Atari VCS 2600, Sega Genesis nebo NES. Předinstalováno bude multimediální centrum Kodi.

Ladislav Hagara | Komentářů: 0
dnes 00:10 | Nová verze

Byla vydána verze 4.7 redakčního systému WordPress. Kódové označením Vaughan bylo vybráno na počest americké jazzové zpěvačky Sarah "Sassy" Vaughan. Z novinek lze zmínit například novou výchozí šablonu Twenty Seventeen, náhledy pdf souborů nebo WordPress REST API.

Ladislav Hagara | Komentářů: 0
včera 12:00 | Zajímavý projekt

Projekt Termbox umožňuje vyzkoušet si linuxové distribuce Ubuntu, Debian, Fedora, CentOS a Arch Linux ve webovém prohlížeči. Řešení je postaveno na projektu HyperContainer. Podrobnosti v často kladených dotazech (FAQ). Zdrojové kódy jsou k dispozici na GitHubu [reddit].

Ladislav Hagara | Komentářů: 23
včera 11:00 | Bezpečnostní upozornění

Byly zveřejněny informace o bezpečnostní chybě CVE-2016-8655 v Linuxu zneužitelné k lokální eskalaci práv. Chyba se dostala do linuxového jádra v srpnu 2011. V upstreamu byla opravena minulý týden [Hacker News].

Ladislav Hagara | Komentářů: 2
5.12. 22:00 | Komunita

Přibližně před měsícem bylo oznámeno, že linuxová distribuce SUSE Linux Enterprise Server (SLES) běží nově také Raspberry Pi 3 (dokumentace). Obraz verze 12 SP2 pro Raspberry Pi 3 je ke stažení zdarma. Pro registrované jsou po dobu jednoho roku zdarma také aktualizace. Dnes bylo oznámeno, že pro Raspberry Pi 3 je k dispozici také nové openSUSE Leap 42.2 (zprávička). K dispozici je hned několik obrazů.

Ladislav Hagara | Komentářů: 6
5.12. 06:00 | Zajímavý software

OMG! Ubuntu! představuje emulátor terminálu Hyper (GitHub) postavený na webových technologiích (HTML, CSS a JavaScript). V diskusi k článku je zmíněn podobný emulátor terminálu Black Screen. Hyper i Black Screen používají framework Electron, stejně jako editor Atom nebo vývojové prostředí Visual Studio Code.

Ladislav Hagara | Komentářů: 50
5.12. 06:00 | Zajímavý článek

I letos vychází řada ajťáckých adventních kalendářů. QEMU Advent Calendar 2016 přináší každý den nový obraz disku pro QEMU. Programátoři se mohou potrápit při řešení úloh z kalendáře Advent of Code 2016. Kalendáře Perl Advent Calendar 2016 a Perl 6 Advent Calendar přinášejí každý den zajímavé informace o programovacím jazyce Perl. Stranou nezůstává ani programovací jazyk Go.

Ladislav Hagara | Komentářů: 10
3.12. 16:24 | Nová verze

Byla vydána Mageia 5.1. Jedná se o první opravné vydání verze 5, jež vyšla v červnu loňského roku (zprávička). Uživatelům verze 5 nepřináší opravné vydání nic nového, samozřejmě pokud pravidelně aktualizují. Vydání obsahuje všechny aktualizace za posledního téměř půldruhého roku. Mageia 5.1 obsahuje LibreOffice 4.4.7, Linux 4.4.32, KDE4 4.14.5 nebo GNOME 3.14.3.

Ladislav Hagara | Komentářů: 17
3.12. 13:42 | Pozvánky

V Praze probíhá konference Internet a Technologie 16.2, volné pokračování jarní konference sdružení CZ.NIC. Konferenci lze sledovat online na YouTube. K dispozici je také archiv předchozích konferencí.

Ladislav Hagara | Komentářů: 0
2.12. 22:44 | Komunita

Joinup informuje, že Mnichov používá open source groupware Kolab. V srpnu byl dokončen dvouletý přechod na toto řešení. V provozu je asi 60 000 poštovních schránek. Nejenom Kolabu se věnoval Georg Greve ve své přednášce Open Source: the future for the European institutions (SlideShare) na konferenci DIGITEC 2016, jež proběhla v úterý 29. listopadu v Bruselu. Videozáznam přednášek z hlavního sálu je ke zhlédnutí na Livestreamu.

Ladislav Hagara | Komentářů: 26
Kolik máte dat ve svém domovském adresáři na svém primárním osobním počítači?
 (32%)
 (24%)
 (29%)
 (8%)
 (5%)
 (3%)
Celkem 781 hlasů
 Komentářů: 50, poslední 29.11. 15:50
Rozcestník
Reklama

Dotaz: OpenVPN - nespoji se

26.8.2009 12:20 m
OpenVPN - nespoji se
Přečteno: 860×

V siti pouzivam rozsah 192.168.1.0/255.255.255.0. Server ma IP 192.168.1.1 stanicim prideluje DHCP z rozsahu 192.168.1.10-192.168.1.100. OpenVPN mam takto nastaveno (Debian 5.0):

mode server
tls-server
dev tap0
proto udp
port 1194
ifconfig 192.168.1.2 255.255.255.0
ifconfig-pool 192.168.1.110 192.168.1.120 255.255.255.0
duplicate-cn
max-clients 5
client-to-client
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
push "redirect-gateway local def1"
keepalive 10 30
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
log-append /var/log/openvpn
status /var/run/openvpn/vpn.status 10
user nobody
group nogroup
comp-lzo
verb 5

Klient na Windows XP SP2 ma nasledujici nastaveni:

remote server.example.com
port 1194
tls-client
dev tap
pull
ns-cert-type server
mute 10
ca ca.crt
cert pokus.crt
key pokus.key
comp-lzo
verb 3

Vubec se to nespoji. Na klientovi to vypisuje nasledujici chybu:

Wed Aug 26 11:29:56 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Wed Aug 26 11:30:01 2009 LZO compression initialized
Wed Aug 26 11:30:01 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Aug 26 11:30:01 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Aug 26 11:30:01 2009 Local Options hash (VER=V4): 'd79ca330'
Wed Aug 26 11:30:01 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Wed Aug 26 11:30:01 2009 UDPv4 link local (bound): [undef]:1194
Wed Aug 26 11:30:01 2009 UDPv4 link remote: IP.AD.RE.SA:1194
Wed Aug 26 11:30:01 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
Wed Aug 26 11:30:03 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
Wed Aug 26 11:30:06 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
Wed Aug 26 11:30:08 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
Wed Aug 26 11:30:10 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
Wed Aug 26 11:30:11 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
Wed Aug 26 11:30:14 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
Wed Aug 26 11:30:16 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
Wed Aug 26 11:30:17 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
Wed Aug 26 11:30:20 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194
Wed Aug 26 11:30:22 2009 NOTE: --mute triggered...

a na serveru:


Wed Aug 26 11:27:57 2009 us=2701 event_wait : Interrupted system call (code=4)
Wed Aug 26 11:27:57 2009 us=7160 TCP/UDP: Closing socket
Wed Aug 26 11:27:57 2009 us=7444 Closing TUN/TAP interface
Wed Aug 26 11:27:57 2009 us=7576 /sbin/ifconfig tap0 0.0.0.0
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
Wed Aug 26 11:27:57 2009 us=12791 Linux ip addr del failed: external program exited with error status: 255
Wed Aug 26 11:27:57 2009 us=27873 SIGTERM[hard,] received, process exiting
Wed Aug 26 11:27:58 2009 us=251756 Current Parameter Settings:
Wed Aug 26 11:27:58 2009 us=252083 config = '/etc/openvpn/server.conf'
Wed Aug 26 11:27:58 2009 us=252177 mode = 1
Wed Aug 26 11:27:58 2009 us=252261 persist_config = DISABLED
Wed Aug 26 11:27:58 2009 us=252346 persist_mode = 1
Wed Aug 26 11:27:58 2009 us=252427 show_ciphers = DISABLED
Wed Aug 26 11:27:58 2009 us=252508 show_digests = DISABLED
Wed Aug 26 11:27:58 2009 us=252588 show_engines = DISABLED
Wed Aug 26 11:27:58 2009 us=252669 genkey = DISABLED
Wed Aug 26 11:27:58 2009 us=252751 key_pass_file = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=252833 show_tls_ciphers = DISABLED
Wed Aug 26 11:27:58 2009 us=252921 Connection profiles [default]:
Wed Aug 26 11:27:58 2009 us=253006 proto = udp
Wed Aug 26 11:27:58 2009 us=253089 local = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=253172 local_port = 1194
Wed Aug 26 11:27:58 2009 us=253252 remote = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=253333 remote_port = 1194
Wed Aug 26 11:27:58 2009 us=253415 remote_float = DISABLED
Wed Aug 26 11:27:58 2009 us=253553 bind_defined = DISABLED
Wed Aug 26 11:27:58 2009 us=253638 bind_local = ENABLED
Wed Aug 26 11:27:58 2009 us=253721 connect_retry_seconds = 5
Wed Aug 26 11:27:58 2009 us=253804 connect_timeout = 10
Wed Aug 26 11:27:58 2009 us=253885 connect_retry_max = 0
Wed Aug 26 11:27:58 2009 us=253965 socks_proxy_server = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=254048 socks_proxy_port = 0
Wed Aug 26 11:27:58 2009 us=254129 socks_proxy_retry = DISABLED
Wed Aug 26 11:27:58 2009 us=254215 Connection profiles END
Wed Aug 26 11:27:58 2009 us=254297 remote_random = DISABLED
Wed Aug 26 11:27:58 2009 us=254379 ipchange = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=254462 dev = 'tap0'
Wed Aug 26 11:27:58 2009 us=254543 dev_type = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=254623 dev_node = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=254704 lladdr = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=254785 topology = 1
Wed Aug 26 11:27:58 2009 us=254866 tun_ipv6 = DISABLED
Wed Aug 26 11:27:58 2009 us=254947 ifconfig_local = '192.168.1.2'
Wed Aug 26 11:27:58 2009 us=255028 ifconfig_remote_netmask = '255.255.255.0'
Wed Aug 26 11:27:58 2009 us=255109 ifconfig_noexec = DISABLED
Wed Aug 26 11:27:58 2009 us=255190 ifconfig_nowarn = DISABLED
Wed Aug 26 11:27:58 2009 us=255270 shaper = 0
Wed Aug 26 11:27:58 2009 us=255352 tun_mtu = 1500
Wed Aug 26 11:27:58 2009 us=255433 tun_mtu_defined = ENABLED
Wed Aug 26 11:27:58 2009 us=255515 link_mtu = 1500
Wed Aug 26 11:27:58 2009 us=255597 link_mtu_defined = DISABLED
Wed Aug 26 11:27:58 2009 us=255678 tun_mtu_extra = 32
Wed Aug 26 11:27:58 2009 us=255759 tun_mtu_extra_defined = ENABLED
Wed Aug 26 11:27:58 2009 us=255840 fragment = 0
Wed Aug 26 11:27:58 2009 us=255920 mtu_discover_type = -1
Wed Aug 26 11:27:58 2009 us=256002 mtu_test = 0
Wed Aug 26 11:27:58 2009 us=256083 mlock = DISABLED
Wed Aug 26 11:27:58 2009 us=256165 keepalive_ping = 10
Wed Aug 26 11:27:58 2009 us=256246 keepalive_timeout = 30
Wed Aug 26 11:27:58 2009 us=256327 inactivity_timeout = 0
Wed Aug 26 11:27:58 2009 us=256409 ping_send_timeout = 10
Wed Aug 26 11:27:58 2009 us=256489 ping_rec_timeout = 60
Wed Aug 26 11:27:58 2009 us=256570 ping_rec_timeout_action = 2
Wed Aug 26 11:27:58 2009 us=256651 ping_timer_remote = DISABLED
Wed Aug 26 11:27:58 2009 us=256732 remap_sigusr1 = 0
Wed Aug 26 11:27:58 2009 us=256814 explicit_exit_notification = 0
Wed Aug 26 11:27:58 2009 us=256973 persist_tun = DISABLED
Wed Aug 26 11:27:58 2009 us=257060 persist_local_ip = DISABLED
Wed Aug 26 11:27:58 2009 us=257142 persist_remote_ip = DISABLED
Wed Aug 26 11:27:58 2009 us=257224 persist_key = DISABLED
Wed Aug 26 11:27:58 2009 us=257304 mssfix = 1450
Wed Aug 26 11:27:58 2009 us=257386 passtos = DISABLED
Wed Aug 26 11:27:58 2009 us=257521 resolve_retry_seconds = 1000000000
Wed Aug 26 11:27:58 2009 us=257610 username = 'nobody'
Wed Aug 26 11:27:58 2009 us=257693 groupname = 'nogroup'
Wed Aug 26 11:27:58 2009 us=257774 chroot_dir = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=257856 cd_dir = '/etc/openvpn'
Wed Aug 26 11:27:58 2009 us=257937 writepid = '/var/run/openvpn.server.pid'
Wed Aug 26 11:27:58 2009 us=258017 up_script = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=258099 down_script = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=258178 down_pre = DISABLED
Wed Aug 26 11:27:58 2009 us=258260 up_restart = DISABLED
Wed Aug 26 11:27:58 2009 us=258340 up_delay = DISABLED
Wed Aug 26 11:27:58 2009 us=258421 daemon = ENABLED
Wed Aug 26 11:27:58 2009 us=258502 inetd = 0
Wed Aug 26 11:27:58 2009 us=258583 log = ENABLED
Wed Aug 26 11:27:58 2009 us=258663 suppress_timestamps = DISABLED
Wed Aug 26 11:27:58 2009 us=258744 nice = 0
Wed Aug 26 11:27:58 2009 us=258824 verbosity = 5
Wed Aug 26 11:27:58 2009 us=258905 mute = 0
Wed Aug 26 11:27:58 2009 us=258985 gremlin = 0
Wed Aug 26 11:27:58 2009 us=259068 status_file = '/var/run/openvpn/vpn.status'
Wed Aug 26 11:27:58 2009 us=259150 status_file_version = 1
Wed Aug 26 11:27:58 2009 us=259231 status_file_update_freq = 10
Wed Aug 26 11:27:58 2009 us=259312 occ = ENABLED
Wed Aug 26 11:27:58 2009 us=259392 rcvbuf = 65536
Wed Aug 26 11:27:58 2009 us=259474 sndbuf = 65536
Wed Aug 26 11:27:58 2009 us=259554 sockflags = 0
Wed Aug 26 11:27:58 2009 us=259636 fast_io = DISABLED
Wed Aug 26 11:27:58 2009 us=259716 lzo = 7
Wed Aug 26 11:27:58 2009 us=259796 route_script = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=259878 route_default_gateway = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=259960 route_default_metric = 0
Wed Aug 26 11:27:58 2009 us=260041 route_noexec = DISABLED
Wed Aug 26 11:27:58 2009 us=260123 route_delay = 0
Wed Aug 26 11:27:58 2009 us=260204 route_delay_window = 30
Wed Aug 26 11:27:58 2009 us=260286 route_delay_defined = DISABLED
Wed Aug 26 11:27:58 2009 us=260368 route_nopull = DISABLED
Wed Aug 26 11:27:58 2009 us=260450 route_gateway_via_dhcp = DISABLED
Wed Aug 26 11:27:58 2009 us=260534 allow_pull_fqdn = DISABLED
Wed Aug 26 11:27:58 2009 us=260618 management_addr = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=260701 management_port = 0
Wed Aug 26 11:27:58 2009 us=260785 management_user_pass = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=260870 management_log_history_cache = 250
Wed Aug 26 11:27:58 2009 us=260956 management_echo_buffer_size = 100
Wed Aug 26 11:27:58 2009 us=261041 management_write_peer_info_file = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=261121 management_flags = 0
Wed Aug 26 11:27:58 2009 us=261205 shared_secret_file = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=261288 key_direction = 0
Wed Aug 26 11:27:58 2009 us=261370 ciphername_defined = ENABLED
Wed Aug 26 11:27:58 2009 us=261506 ciphername = 'BF-CBC'
Wed Aug 26 11:27:58 2009 us=261596 authname_defined = ENABLED
Wed Aug 26 11:27:58 2009 us=261679 authname = 'SHA1'
Wed Aug 26 11:27:58 2009 us=261763 keysize = 0
Wed Aug 26 11:27:58 2009 us=261845 engine = DISABLED
Wed Aug 26 11:27:58 2009 us=261928 replay = ENABLED
Wed Aug 26 11:27:58 2009 us=262012 mute_replay_warnings = DISABLED
Wed Aug 26 11:27:58 2009 us=262093 replay_window = 64
Wed Aug 26 11:27:58 2009 us=262176 replay_time = 15
Wed Aug 26 11:27:58 2009 us=262260 packet_id_file = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=262343 use_iv = ENABLED
Wed Aug 26 11:27:58 2009 us=262426 test_crypto = DISABLED
Wed Aug 26 11:27:58 2009 us=262505 tls_server = ENABLED
Wed Aug 26 11:27:58 2009 us=262588 tls_client = DISABLED
Wed Aug 26 11:27:58 2009 us=262717 key_method = 2
Wed Aug 26 11:27:58 2009 us=262806 ca_file = '/etc/openvpn/ca.crt'
Wed Aug 26 11:27:58 2009 us=262889 ca_path = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=262974 dh_file = '/etc/openvpn/dh2048.pem'
Wed Aug 26 11:27:58 2009 us=263058 cert_file = '/etc/openvpn/server.crt'
Wed Aug 26 11:27:58 2009 us=263141 priv_key_file = '/etc/openvpn/server.key'
Wed Aug 26 11:27:58 2009 us=263224 pkcs12_file = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=263307 cipher_list = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=263389 tls_verify = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=263471 tls_remote = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=263553 crl_file = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=263636 ns_cert_type = 0
Wed Aug 26 11:27:58 2009 us=263721 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=263803 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=263882 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=263964 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264045 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264125 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264206 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264286 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264367 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264448 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264529 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264609 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264690 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264768 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264849 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=264928 remote_cert_ku[i] = 0
Wed Aug 26 11:27:58 2009 us=265010 remote_cert_eku = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=265091 tls_timeout = 2
Wed Aug 26 11:27:58 2009 us=265173 renegotiate_bytes = 0
Wed Aug 26 11:27:58 2009 us=265257 renegotiate_packets = 0
Wed Aug 26 11:27:58 2009 us=265341 renegotiate_seconds = 3600
Wed Aug 26 11:27:58 2009 us=265422 handshake_window = 60
Wed Aug 26 11:27:58 2009 us=265898 transition_window = 3600
Wed Aug 26 11:27:58 2009 us=265992 single_session = DISABLED
Wed Aug 26 11:27:58 2009 us=266080 tls_exit = DISABLED
Wed Aug 26 11:27:58 2009 us=266166 tls_auth_file = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=266252 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=266336 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=266420 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=266500 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=266585 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=266668 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=266751 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=266835 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=266915 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=266999 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=267082 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=267164 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=267248 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=267329 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=267415 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=267499 pkcs11_protected_authentication = DISABLED
Wed Aug 26 11:27:58 2009 us=267583 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=267671 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=267754 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=267839 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=267924 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268005 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268088 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268172 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268309 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268400 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268485 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268567 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268651 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268733 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268817 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268903 pkcs11_private_mode = 00000000
Wed Aug 26 11:27:58 2009 us=268987 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269069 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269150 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269231 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269313 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269395 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269524 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269610 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269693 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269774 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269856 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=269940 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=270019 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=270100 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=270181 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=270261 pkcs11_cert_private = DISABLED
Wed Aug 26 11:27:58 2009 us=270346 pkcs11_pin_cache_period = -1
Wed Aug 26 11:27:58 2009 us=270428 pkcs11_id = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=270511 pkcs11_id_management = DISABLED
Wed Aug 26 11:27:58 2009 us=270651 server_network = 0.0.0.0
Wed Aug 26 11:27:58 2009 us=270748 server_netmask = 0.0.0.0
Wed Aug 26 11:27:58 2009 us=270842 server_bridge_ip = 0.0.0.0
Wed Aug 26 11:27:58 2009 us=270938 server_bridge_netmask = 0.0.0.0
Wed Aug 26 11:27:58 2009 us=271031 server_bridge_pool_start = 0.0.0.0
Wed Aug 26 11:27:58 2009 us=271125 server_bridge_pool_end = 0.0.0.0
Wed Aug 26 11:27:58 2009 us=271211 push_list = 'dhcp-option DNS 192.168.1.1,redirect-gateway def1,redirect-gateway local def1,ping 10,ping-restart 30'
Wed Aug 26 11:27:58 2009 us=271297 ifconfig_pool_defined = ENABLED
Wed Aug 26 11:27:58 2009 us=271392 ifconfig_pool_start = 192.168.1.110
Wed Aug 26 11:27:58 2009 us=271487 ifconfig_pool_end = 192.168.1.120
Wed Aug 26 11:27:58 2009 us=271582 ifconfig_pool_netmask = 255.255.255.0
Wed Aug 26 11:27:58 2009 us=271668 ifconfig_pool_persist_filename = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=271752 ifconfig_pool_persist_refresh_freq = 600
Wed Aug 26 11:27:58 2009 us=271833 n_bcast_buf = 256
Wed Aug 26 11:27:58 2009 us=271915 tcp_queue_limit = 64
Wed Aug 26 11:27:58 2009 us=271999 real_hash_size = 256
Wed Aug 26 11:27:58 2009 us=272082 virtual_hash_size = 256
Wed Aug 26 11:27:58 2009 us=272167 client_connect_script = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=272249 learn_address_script = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=272332 client_disconnect_script = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=272413 client_config_dir = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=272494 ccd_exclusive = DISABLED
Wed Aug 26 11:27:58 2009 us=272576 tmp_dir = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=272660 push_ifconfig_defined = DISABLED
Wed Aug 26 11:27:58 2009 us=272756 push_ifconfig_local = 0.0.0.0
Wed Aug 26 11:27:58 2009 us=272850 push_ifconfig_remote_netmask = 0.0.0.0
Wed Aug 26 11:27:58 2009 us=272933 enable_c2c = ENABLED
Wed Aug 26 11:27:58 2009 us=273015 duplicate_cn = ENABLED
Wed Aug 26 11:27:58 2009 us=273095 cf_max = 0
Wed Aug 26 11:27:58 2009 us=273177 cf_per = 0
Wed Aug 26 11:27:58 2009 us=273258 max_clients = 5
Wed Aug 26 11:27:58 2009 us=273343 max_routes_per_client = 256
Wed Aug 26 11:27:58 2009 us=273427 client_cert_not_required = DISABLED
Wed Aug 26 11:27:58 2009 us=273604 username_as_common_name = DISABLED
Wed Aug 26 11:27:58 2009 us=273694 auth_user_pass_verify_script = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=273780 auth_user_pass_verify_script_via_file = DISABLED
Wed Aug 26 11:27:58 2009 us=273864 port_share_host = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=273947 port_share_port = 0
Wed Aug 26 11:27:58 2009 us=274028 client = DISABLED
Wed Aug 26 11:27:58 2009 us=274109 pull = DISABLED
Wed Aug 26 11:27:58 2009 us=274191 auth_user_pass_file = '[UNDEF]'
Wed Aug 26 11:27:58 2009 us=274287 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Wed Aug 26 11:27:58 2009 us=275012 WARNING: you are using user/group/chroot without persist-tun -- this may cause restarts to fail
Wed Aug 26 11:27:58 2009 us=275101 WARNING: you are using user/group/chroot without persist-key -- this may cause restarts to fail
Wed Aug 26 11:27:58 2009 us=275587 Note: cannot open /var/run/openvpn/vpn.status for WRITE
Wed Aug 26 11:27:58 2009 us=842570 Diffie-Hellman initialized with 2048 bit key
Wed Aug 26 11:27:58 2009 us=850239 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Wed Aug 26 11:28:00 2009 us=301586 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Aug 26 11:28:00 2009 us=308353 TUN/TAP device tap0 opened
Wed Aug 26 11:28:00 2009 us=308514 TUN/TAP TX queue length set to 100
Wed Aug 26 11:28:00 2009 us=308738 /sbin/ifconfig tap0 192.168.1.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
Wed Aug 26 11:28:00 2009 us=330284 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Aug 26 11:28:00 2009 us=334191 GID set to nogroup
Wed Aug 26 11:28:00 2009 us=334474 UID set to nobody
Wed Aug 26 11:28:00 2009 us=334659 Socket Buffers: R=[111616->131072] S=[111616->131072]
Wed Aug 26 11:28:00 2009 us=334782 UDPv4 link local (bound): [undef]:1194
Wed Aug 26 11:28:00 2009 us=334876 UDPv4 link remote: [undef]
Wed Aug 26 11:28:00 2009 us=334987 MULTI: multi_init called, r=256 v=256
Wed Aug 26 11:28:00 2009 us=335301 IFCONFIG POOL: base=192.168.1.110 size=11
Wed Aug 26 11:28:00 2009 us=335493 Initialization Sequence Completed
Wed Aug 26 11:38:32 2009 us=831302 event_wait : Interrupted system call (code=4)
Wed Aug 26 11:38:32 2009 us=832375 TCP/UDP: Closing socket
Wed Aug 26 11:38:32 2009 us=832495 Closing TUN/TAP interface
Wed Aug 26 11:38:32 2009 us=832625 /sbin/ifconfig tap0 0.0.0.0
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
Wed Aug 26 11:38:32 2009 us=840892 Linux ip addr del failed: external program exited with error status: 255
Wed Aug 26 11:38:32 2009 us=886653 SIGTERM[hard,] received, process exiting

Nevite nekdo, kde delam chybu? Je lepsi pouzit tun, nebo tap? Co maje jake vyhody a nevyhody? Musim nastavovat routovani pro klient na vpn, kdyz jim budu pridelovat adresy ze stejneho rozsahu, jako maji klienti v lokalni siti? Nemohl by vpn klientum pridelovat ip adresy lokalni DHCP server?

Odpovědi

26.8.2009 13:05 NN
Rozbalit Rozbalit vše Re: m

Pridej do serveru:

persist-key

persist-tun

A podle tohoto:

Wed Aug 26 11:38:32 2009 us=832625 /sbin/ifconfig tap0 0.0.0.0
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied

Je problem s opravneni k vytvoreti tap ktery se pouziva k vytvareni mostu
takze pouzijte tun.

NN
26.8.2009 17:39 m
Rozbalit Rozbalit vše Re: m

Tak jsem to upravil podle tve rady:

mode server
tls-server
dev tun0
proto udp
port 1194
ifconfig 192.168.1.2 255.255.255.0
ifconfig-pool 192.168.1.110 192.168.1.120 255.255.255.0
duplicate-cn
max-clients 5
client-to-client
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
push "redirect-gateway local def1"
keepalive 10 30
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
log-append /var/log/openvpn
status /var/run/openvpn/vpn.status 10
user nobody
group nogroup
comp-lzo
verb 3
persist-key
persist-tun

ale porad to nejde - ani se nespusti VPN server:

Wed Aug 26 17:05:06 2009 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Wed Aug 26 17:05:06 2009 Note: cannot open /var/run/openvpn/vpn.status for WRITE
Wed Aug 26 17:05:07 2009 Diffie-Hellman initialized with 2048 bit key
Wed Aug 26 17:05:07 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Wed Aug 26 17:05:10 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Aug 26 17:05:10 2009 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Wed Aug 26 17:05:10 2009 TUN/TAP device tun0 opened
Wed Aug 26 17:05:10 2009 TUN/TAP TX queue length set to 100
Wed Aug 26 17:05:10 2009 /sbin/ifconfig tun0 192.168.1.2 pointopoint 255.255.255.0 mtu 1500
SIOCSIFDSTADDR: Invalid argument
Wed Aug 26 17:05:10 2009 Linux ifconfig failed: external program exited with error status: 1
Wed Aug 26 17:05:10 2009 Exiting
Options error: The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode
Use --help for more information.
26.8.2009 20:56 NN
Rozbalit Rozbalit vše Re: m

Dobre jeste vyhodit oboje 'ifconfig' a misto toho:

server 192.168.1.0 255.255.255.0

a stim redirect-gateway si nejsem jisty..

NN

 

Dalibor Smolík avatar 27.8.2009 09:17 Dalibor Smolík | skóre: 54 | blog: Postrehy_ze_zivota | 50°5'31.93"N,14°19'35.51"E
Rozbalit Rozbalit vše Re: OpenVPN - nespoji se

Zdravím, kompletní problematiku openVPN tak, jak jsem toto připojení zprovoznil a prodiskutoval i zde na abíčku uvádím

tady.

Obsahuje i konfiguráky u serveru a klienta, je to odzkoušené na několika klientech a zaručeně funguje.


Rozdíly v řeči a ve zvyklostech neznamenají vůbec nic, budeme-li mít stejné cíle a otevřená srdce.
27.8.2009 09:40 melkors | skóre: 13 | blog: kdo_chce_kam
Rozbalit Rozbalit vše Re: OpenVPN - nespoji se

Nevadi ti radek: Note: cannot open /var/run/openvpn/vpn.status for WRITE ???

IMHO to zapricinuje nasledne

SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied

Takze nastavit prava ... (/var/run/openvpn musi mit pravo zapisu user nobody nebo alespon skupina nogroup)

 

Založit nové vláknoNahoru

Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

ISSN 1214-1267   www.czech-server.cz
© 1999-2015 Nitemedia s. r. o. Všechna práva vyhrazena.