abclinuxu.cz AbcLinuxu.cz itbiz.cz ITBiz.cz HDmag.cz HDmag.cz abcprace.cz AbcPráce.cz
AbcLinuxu hledá autory!
Inzerujte na AbcPráce.cz od 950 Kč
Rozšířené hledání
×
eParkomat, startup z ČR, postoupil mezi finalisty evropského akcelerátoru ChallengeUp!
Robot na pivo mu otevřel dveře k opravdovému byznysu
Internet věcí: Propojený svět? Už se to blíží...
včera 21:21 | Nová verze Ladislav Hagara | Komentářů: 0
včera 11:44 | Zajímavý projekt

Na Indiegogo byla spuštěna kampaň na podporu herní mini konzole a multimediálního centra RetroEngine Sigma od Doyodo. Předobjednat ji lze již od 49 dolarů. Požadovaná částka 20 000 dolarů byla překonána již 6 krát. Majitelé mini konzole si budou moci zahrát hry pro Atari VCS 2600, Sega Genesis nebo NES. Předinstalováno bude multimediální centrum Kodi.

Ladislav Hagara | Komentářů: 0
včera 00:10 | Nová verze

Byla vydána verze 4.7 redakčního systému WordPress. Kódové označením Vaughan bylo vybráno na počest americké jazzové zpěvačky Sarah "Sassy" Vaughan. Z novinek lze zmínit například novou výchozí šablonu Twenty Seventeen, náhledy pdf souborů nebo WordPress REST API.

Ladislav Hagara | Komentářů: 1
6.12. 12:00 | Zajímavý projekt

Projekt Termbox umožňuje vyzkoušet si linuxové distribuce Ubuntu, Debian, Fedora, CentOS a Arch Linux ve webovém prohlížeči. Řešení je postaveno na projektu HyperContainer. Podrobnosti v často kladených dotazech (FAQ). Zdrojové kódy jsou k dispozici na GitHubu [reddit].

Ladislav Hagara | Komentářů: 24
6.12. 11:00 | Bezpečnostní upozornění

Byly zveřejněny informace o bezpečnostní chybě CVE-2016-8655 v Linuxu zneužitelné k lokální eskalaci práv. Chyba se dostala do linuxového jádra v srpnu 2011. V upstreamu byla opravena minulý týden [Hacker News].

Ladislav Hagara | Komentářů: 2
5.12. 22:00 | Komunita

Přibližně před měsícem bylo oznámeno, že linuxová distribuce SUSE Linux Enterprise Server (SLES) běží nově také Raspberry Pi 3 (dokumentace). Obraz verze 12 SP2 pro Raspberry Pi 3 je ke stažení zdarma. Pro registrované jsou po dobu jednoho roku zdarma také aktualizace. Dnes bylo oznámeno, že pro Raspberry Pi 3 je k dispozici také nové openSUSE Leap 42.2 (zprávička). K dispozici je hned několik obrazů.

Ladislav Hagara | Komentářů: 6
5.12. 06:00 | Zajímavý software

OMG! Ubuntu! představuje emulátor terminálu Hyper (GitHub) postavený na webových technologiích (HTML, CSS a JavaScript). V diskusi k článku je zmíněn podobný emulátor terminálu Black Screen. Hyper i Black Screen používají framework Electron, stejně jako editor Atom nebo vývojové prostředí Visual Studio Code.

Ladislav Hagara | Komentářů: 50
5.12. 06:00 | Zajímavý článek

I letos vychází řada ajťáckých adventních kalendářů. QEMU Advent Calendar 2016 přináší každý den nový obraz disku pro QEMU. Programátoři se mohou potrápit při řešení úloh z kalendáře Advent of Code 2016. Kalendáře Perl Advent Calendar 2016 a Perl 6 Advent Calendar přinášejí každý den zajímavé informace o programovacím jazyce Perl. Stranou nezůstává ani programovací jazyk Go.

Ladislav Hagara | Komentářů: 10
3.12. 16:24 | Nová verze

Byla vydána Mageia 5.1. Jedná se o první opravné vydání verze 5, jež vyšla v červnu loňského roku (zprávička). Uživatelům verze 5 nepřináší opravné vydání nic nového, samozřejmě pokud pravidelně aktualizují. Vydání obsahuje všechny aktualizace za posledního téměř půldruhého roku. Mageia 5.1 obsahuje LibreOffice 4.4.7, Linux 4.4.32, KDE4 4.14.5 nebo GNOME 3.14.3.

Ladislav Hagara | Komentářů: 17
3.12. 13:42 | Pozvánky

V Praze probíhá konference Internet a Technologie 16.2, volné pokračování jarní konference sdružení CZ.NIC. Konferenci lze sledovat online na YouTube. K dispozici je také archiv předchozích konferencí.

Ladislav Hagara | Komentářů: 0
Kolik máte dat ve svém domovském adresáři na svém primárním osobním počítači?
 (32%)
 (24%)
 (29%)
 (8%)
 (5%)
 (3%)
Celkem 785 hlasů
 Komentářů: 50, poslední 29.11. 15:50
Rozcestník
Reklama

Dotaz: Nefunkční openVPN

svido avatar 20.1.2015 20:41 svido | skóre: 28
Nefunkční openVPN
Přečteno: 293×
Ahoj, mám problém s OpenVPN. Podle správce sítě by mělo VPN fungovat, ale me prostě nefunguje. V logu je nějaký error, ale nepřišel jsem na to, co ho generuje. Dostal jsem samozřejmě certifikáty a heslo, včetně konfigurace.
spejbl openVPN # openvpn --config work.ovpn --verb 1
Tue Jan 20 19:25:26 2015 OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 13 2015
Tue Jan 20 19:25:26 2015 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.08
Enter Private Key Password:
Tue Jan 20 19:25:29 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jan 20 19:25:29 2015 WARNING: file '/home/hurvajs/certificates/prog92.key' is group or others accessible
Tue Jan 20 19:25:29 2015 UDPv4 link local: [undef]
Tue Jan 20 19:25:29 2015 UDPv4 link remote: [AF_INET]176.62.234.2:21194
Tue Jan 20 19:25:31 2015 [praha.xxxxx.cz] Peer Connection Initiated with [AF_INET]176.62.234.2:21194
Tue Jan 20 19:25:34 2015 TUN/TAP device tap0 opened
Tue Jan 20 19:25:34 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jan 20 19:25:34 2015 /bin/ifconfig tap0 192.168.12.59 netmask 255.255.255.0 mtu 1500 broadcast 192.168.12.255
SIOCADDRT: File exists
Tue Jan 20 19:25:36 2015 ERROR: Linux route add command failed: external program exited with error status: 7
Tue Jan 20 19:25:36 2015 Initialization Sequence Completed
Kolegovi, který používá Ubuntu to také vrací ERROR, ale s kódem 2 a VPN mu údajně funguje.

Konfigurace, co jsem dostal, zkoušel jsem ji měnit ale ani nic nezabralo. Připojení kk internetu funguje dál, ale na servery uvnitř VPN nevidím.
client
#ve win bez cisla, v unixu s cislem(tap0)
dev tap

proto udp

#adresa serveru
remote vpn.xxxxx.cz 21194

#dulezite, dovoluje stahnout nastaveni od serveru
#pull

#route-metric 10

route-delay 2

tls-client # SSL klient
ca /home/hurvajs/certificates/ca.crt
cert /home/hurvajs/certificates/prog92.crt
key /home/hurvajs/certificates/prog92.key
ns-cert-type server
auth SHA1
cipher aes-256-cbc
nobind
comp-lzo
persist-key
#persist-tun
verb 5
Neporadil by jste někdo, prosím? Děkuji

Odpovědi

20.1.2015 21:09 GeorgeWH | skóre: 35
Rozbalit Rozbalit vše Re: Nefunkční openVPN
tap je pouzite schvalne?

pouzivam len tun, kde prakticky netreba nic konfigurovat, co sa podla tohto o bridgovani povedat neda...
svido avatar 20.1.2015 22:08 svido | skóre: 28
Rozbalit Rozbalit vše Re: Nefunkční openVPN
Tak mi to poslal správce sítě. Zkoušel jsem dát i tun a nefungovalo to stejně.
svido avatar 20.1.2015 22:29 svido | skóre: 28
Rozbalit Rozbalit vše Re: Nefunkční openVPN
teď jsem ještě zkoušel tun - tak už to padá na hubu rovnou...
spejbl openVPN # openvpn --config xxxxx.ovpn --verb 2
Tue Jan 20 21:21:36 2015 OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 13 2015
Tue Jan 20 21:21:36 2015 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.08
Enter Private Key Password:
Tue Jan 20 21:21:43 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jan 20 21:21:43 2015 WARNING: file '/home/hurvajs/certificates/xxxxx/prog92.key' is group or others accessible
Tue Jan 20 21:21:43 2015 UDPv4 link local: [undef]
Tue Jan 20 21:21:43 2015 UDPv4 link remote: [AF_INET]176.62.234.2:21194
Tue Jan 20 21:21:43 2015 VERIFY OK: depth=1, C=CZ, ST=Czech Republic, L=Prague, O=xxxxx, CN=xxxxx, emailAddress=xxxxx@xxxxx.cz
Tue Jan 20 21:21:43 2015 VERIFY OK: nsCertType=SERVER
Tue Jan 20 21:21:43 2015 VERIFY OK: depth=0, C=CZ, ST=Czech Republic, L=Prague, O=xxxxx, CN=xxxxx, emailAddress=xxxxx@xxxxx.cz
Tue Jan 20 21:21:44 2015 WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
Tue Jan 20 21:21:44 2015 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1590'
Tue Jan 20 21:21:44 2015 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Tue Jan 20 21:21:44 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jan 20 21:21:44 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 20 21:21:44 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jan 20 21:21:44 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 20 21:21:44 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 20 21:21:44 2015 [praha.xxxxx.cz] Peer Connection Initiated with [AF_INET]176.62.234.2:21194
Tue Jan 20 21:21:47 2015 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address.  You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Tue Jan 20 21:21:47 2015 TUN/TAP device tun0 opened
Tue Jan 20 21:21:47 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jan 20 21:21:47 2015 /bin/ifconfig tun0 192.168.12.59 pointopoint 255.255.255.0 mtu 1500
SIOCSIFDSTADDR: Invalid argument
Tue Jan 20 21:21:47 2015 Linux ifconfig failed: external program exited with error status: 1
Tue Jan 20 21:21:47 2015 Exiting due to fatal error
Podle mne se to ale bridguje samo, detailní log...
spejbl openVPN # openvpn --config xxxxx.ovpn --verb 5
Tue Jan 20 21:26:47 2015 us=614205 Current Parameter Settings:
Tue Jan 20 21:26:47 2015 us=614241   config = 'xxxxx.ovpn'
Tue Jan 20 21:26:47 2015 us=614250   mode = 0
Tue Jan 20 21:26:47 2015 us=614257   persist_config = DISABLED
Tue Jan 20 21:26:47 2015 us=614264   persist_mode = 1
Tue Jan 20 21:26:47 2015 us=614270   show_ciphers = DISABLED
Tue Jan 20 21:26:47 2015 us=614277   show_digests = DISABLED
Tue Jan 20 21:26:47 2015 us=614284   show_engines = DISABLED
Tue Jan 20 21:26:47 2015 us=614291   genkey = DISABLED
Tue Jan 20 21:26:47 2015 us=614298   key_pass_file = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614305   show_tls_ciphers = DISABLED
Tue Jan 20 21:26:47 2015 us=614312 Connection profiles [default]:
Tue Jan 20 21:26:47 2015 us=614318   proto = udp
Tue Jan 20 21:26:47 2015 us=614325   local = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614331   local_port = 0
Tue Jan 20 21:26:47 2015 us=614338   remote = 'vpn.xxxxx.cz'
Tue Jan 20 21:26:47 2015 us=614345   remote_port = 21194
Tue Jan 20 21:26:47 2015 us=614351   remote_float = DISABLED
Tue Jan 20 21:26:47 2015 us=614357   bind_defined = DISABLED
Tue Jan 20 21:26:47 2015 us=614363   bind_local = DISABLED
Tue Jan 20 21:26:47 2015 us=614370   connect_retry_seconds = 5
Tue Jan 20 21:26:47 2015 us=614377   connect_timeout = 10
Tue Jan 20 21:26:47 2015 us=614383   connect_retry_max = 0
Tue Jan 20 21:26:47 2015 us=614390   socks_proxy_server = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614397   socks_proxy_port = 0
Tue Jan 20 21:26:47 2015 us=614403   socks_proxy_retry = DISABLED
Tue Jan 20 21:26:47 2015 us=614410   tun_mtu = 1500
Tue Jan 20 21:26:47 2015 us=614416   tun_mtu_defined = ENABLED
Tue Jan 20 21:26:47 2015 us=614422   link_mtu = 1500
Tue Jan 20 21:26:47 2015 us=614429   link_mtu_defined = DISABLED
Tue Jan 20 21:26:47 2015 us=614435   tun_mtu_extra = 32
Tue Jan 20 21:26:47 2015 us=614442   tun_mtu_extra_defined = ENABLED
Tue Jan 20 21:26:47 2015 us=614449   mtu_discover_type = -1
Tue Jan 20 21:26:47 2015 us=614455   fragment = 0
Tue Jan 20 21:26:47 2015 us=614461   mssfix = 1450
Tue Jan 20 21:26:47 2015 us=614468   explicit_exit_notification = 0
Tue Jan 20 21:26:47 2015 us=614474 Connection profiles END
Tue Jan 20 21:26:47 2015 us=614480   remote_random = DISABLED
Tue Jan 20 21:26:47 2015 us=614486   ipchange = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614493   dev = 'tap'
Tue Jan 20 21:26:47 2015 us=614499   dev_type = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614505   dev_node = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614511   lladdr = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614518   topology = 1
Tue Jan 20 21:26:47 2015 us=614524   tun_ipv6 = DISABLED
Tue Jan 20 21:26:47 2015 us=614530   ifconfig_local = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614537   ifconfig_remote_netmask = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614544   ifconfig_noexec = DISABLED
Tue Jan 20 21:26:47 2015 us=614550   ifconfig_nowarn = DISABLED
Tue Jan 20 21:26:47 2015 us=614557   ifconfig_ipv6_local = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614568   ifconfig_ipv6_netbits = 0
Tue Jan 20 21:26:47 2015 us=614575   ifconfig_ipv6_remote = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614582   shaper = 0
Tue Jan 20 21:26:47 2015 us=614588   mtu_test = 0
Tue Jan 20 21:26:47 2015 us=614594   mlock = DISABLED
Tue Jan 20 21:26:47 2015 us=614601   keepalive_ping = 0
Tue Jan 20 21:26:47 2015 us=614609   keepalive_timeout = 0
Tue Jan 20 21:26:47 2015 us=614617   inactivity_timeout = 0
Tue Jan 20 21:26:47 2015 us=614623   ping_send_timeout = 0
Tue Jan 20 21:26:47 2015 us=614629   ping_rec_timeout = 0
Tue Jan 20 21:26:47 2015 us=614636   ping_rec_timeout_action = 0
Tue Jan 20 21:26:47 2015 us=614642   ping_timer_remote = DISABLED
Tue Jan 20 21:26:47 2015 us=614649   remap_sigusr1 = 0
Tue Jan 20 21:26:47 2015 us=614655   persist_tun = DISABLED
Tue Jan 20 21:26:47 2015 us=614661   persist_local_ip = DISABLED
Tue Jan 20 21:26:47 2015 us=614668   persist_remote_ip = DISABLED
Tue Jan 20 21:26:47 2015 us=614675   persist_key = ENABLED
Tue Jan 20 21:26:47 2015 us=614681   passtos = DISABLED
Tue Jan 20 21:26:47 2015 us=614688   resolve_retry_seconds = 1000000000
Tue Jan 20 21:26:47 2015 us=614694   username = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614700   groupname = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614707   chroot_dir = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614713   cd_dir = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614719   writepid = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614725   up_script = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614732   down_script = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614738   down_pre = DISABLED
Tue Jan 20 21:26:47 2015 us=614745   up_restart = DISABLED
Tue Jan 20 21:26:47 2015 us=614751   up_delay = DISABLED
Tue Jan 20 21:26:47 2015 us=614758   daemon = DISABLED
Tue Jan 20 21:26:47 2015 us=614764   inetd = 0
Tue Jan 20 21:26:47 2015 us=614770   log = DISABLED
Tue Jan 20 21:26:47 2015 us=614777   suppress_timestamps = DISABLED
Tue Jan 20 21:26:47 2015 us=614783   nice = 0
Tue Jan 20 21:26:47 2015 us=614790   verbosity = 5
Tue Jan 20 21:26:47 2015 us=614796   mute = 0
Tue Jan 20 21:26:47 2015 us=614803   gremlin = 0
Tue Jan 20 21:26:47 2015 us=614809   status_file = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614815   status_file_version = 1
Tue Jan 20 21:26:47 2015 us=614822   status_file_update_freq = 60
Tue Jan 20 21:26:47 2015 us=614832   occ = ENABLED
Tue Jan 20 21:26:47 2015 us=614838   rcvbuf = 65536
Tue Jan 20 21:26:47 2015 us=614845   sndbuf = 65536
Tue Jan 20 21:26:47 2015 us=614851   mark = 0
Tue Jan 20 21:26:47 2015 us=614857   sockflags = 0
Tue Jan 20 21:26:47 2015 us=614863   fast_io = DISABLED
Tue Jan 20 21:26:47 2015 us=614870   lzo = 7
Tue Jan 20 21:26:47 2015 us=614876   route_script = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614882   route_default_gateway = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614889   route_default_metric = 0
Tue Jan 20 21:26:47 2015 us=614896   route_noexec = DISABLED
Tue Jan 20 21:26:47 2015 us=614904   route_delay = 10
Tue Jan 20 21:26:47 2015 us=614911   route_delay_window = 30
Tue Jan 20 21:26:47 2015 us=614918   route_delay_defined = ENABLED
Tue Jan 20 21:26:47 2015 us=614932   route_nopull = DISABLED
Tue Jan 20 21:26:47 2015 us=614944   route_gateway_via_dhcp = DISABLED
Tue Jan 20 21:26:47 2015 us=614953   max_routes = 100
Tue Jan 20 21:26:47 2015 us=614960   allow_pull_fqdn = DISABLED
Tue Jan 20 21:26:47 2015 us=614967   management_addr = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614974   management_port = 0
Tue Jan 20 21:26:47 2015 us=614980   management_user_pass = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=614987   management_log_history_cache = 250
Tue Jan 20 21:26:47 2015 us=614993   management_echo_buffer_size = 100
Tue Jan 20 21:26:47 2015 us=615000   management_write_peer_info_file = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615007   management_client_user = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615014   management_client_group = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615020   management_flags = 0
Tue Jan 20 21:26:47 2015 us=615027   shared_secret_file = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615033   key_direction = 0
Tue Jan 20 21:26:47 2015 us=615040   ciphername_defined = ENABLED
Tue Jan 20 21:26:47 2015 us=615047   ciphername = 'aes-256-cbc'
Tue Jan 20 21:26:47 2015 us=615053   authname_defined = ENABLED
Tue Jan 20 21:26:47 2015 us=615060   authname = 'SHA1'
Tue Jan 20 21:26:47 2015 us=615066   prng_hash = 'SHA1'
Tue Jan 20 21:26:47 2015 us=615073   prng_nonce_secret_len = 16
Tue Jan 20 21:26:47 2015 us=615079   keysize = 0
Tue Jan 20 21:26:47 2015 us=615086   engine = DISABLED
Tue Jan 20 21:26:47 2015 us=615093   replay = ENABLED
Tue Jan 20 21:26:47 2015 us=615099   mute_replay_warnings = DISABLED
Tue Jan 20 21:26:47 2015 us=615106   replay_window = 64
Tue Jan 20 21:26:47 2015 us=615112   replay_time = 15
Tue Jan 20 21:26:47 2015 us=615119   packet_id_file = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615126   use_iv = ENABLED
Tue Jan 20 21:26:47 2015 us=615132   test_crypto = DISABLED
Tue Jan 20 21:26:47 2015 us=615138   tls_server = DISABLED
Tue Jan 20 21:26:47 2015 us=615145   tls_client = ENABLED
Tue Jan 20 21:26:47 2015 us=615151   key_method = 2
Tue Jan 20 21:26:47 2015 us=615158   ca_file = '/home/hurvajs/certificates/xxxxx/ca.crt'
Tue Jan 20 21:26:47 2015 us=615164   ca_path = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615171   dh_file = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615182   cert_file = '/home/hurvajs/certificates/xxxxx/prog92.crt'
Tue Jan 20 21:26:47 2015 us=615189   priv_key_file = '/home/hurvajs/certificates/xxxxx/prog92.key'
Tue Jan 20 21:26:47 2015 us=615195   pkcs12_file = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615202   cipher_list = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615218   tls_verify = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615223   tls_export_cert = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615229   verify_x509_type = 0
Tue Jan 20 21:26:47 2015 us=615235   verify_x509_name = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615240   crl_file = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615246   ns_cert_type = 1
Tue Jan 20 21:26:47 2015 us=615251   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615257   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615262   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615268   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615273   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615278   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615284   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615289   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615295   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615300   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615305   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615311   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615316   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615321   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615327   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615332   remote_cert_ku[i] = 0
Tue Jan 20 21:26:47 2015 us=615338   remote_cert_eku = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615343   ssl_flags = 0
Tue Jan 20 21:26:47 2015 us=615348   tls_timeout = 2
Tue Jan 20 21:26:47 2015 us=615354   renegotiate_bytes = 0
Tue Jan 20 21:26:47 2015 us=615359   renegotiate_packets = 0
Tue Jan 20 21:26:47 2015 us=615365   renegotiate_seconds = 3600
Tue Jan 20 21:26:47 2015 us=615370   handshake_window = 60
Tue Jan 20 21:26:47 2015 us=615376   transition_window = 3600
Tue Jan 20 21:26:47 2015 us=615381   single_session = DISABLED
Tue Jan 20 21:26:47 2015 us=615387   push_peer_info = DISABLED
Tue Jan 20 21:26:47 2015 us=615392   tls_exit = DISABLED
Tue Jan 20 21:26:47 2015 us=615398   tls_auth_file = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615405   server_network = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615411   server_netmask = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615421   server_network_ipv6 = ::
Tue Jan 20 21:26:47 2015 us=615427   server_netbits_ipv6 = 0
Tue Jan 20 21:26:47 2015 us=615433   server_bridge_ip = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615440   server_bridge_netmask = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615445   server_bridge_pool_start = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615451   server_bridge_pool_end = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615457   ifconfig_pool_defined = DISABLED
Tue Jan 20 21:26:47 2015 us=615463   ifconfig_pool_start = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615469   ifconfig_pool_end = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615475   ifconfig_pool_netmask = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615481   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615487   ifconfig_pool_persist_refresh_freq = 600
Tue Jan 20 21:26:47 2015 us=615493   ifconfig_ipv6_pool_defined = DISABLED
Tue Jan 20 21:26:47 2015 us=615499   ifconfig_ipv6_pool_base = ::
Tue Jan 20 21:26:47 2015 us=615504   ifconfig_ipv6_pool_netbits = 0
Tue Jan 20 21:26:47 2015 us=615510   n_bcast_buf = 256
Tue Jan 20 21:26:47 2015 us=615515   tcp_queue_limit = 64
Tue Jan 20 21:26:47 2015 us=615521   real_hash_size = 256
Tue Jan 20 21:26:47 2015 us=615526   virtual_hash_size = 256
Tue Jan 20 21:26:47 2015 us=615532   client_connect_script = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615537   learn_address_script = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615543   client_disconnect_script = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615548   client_config_dir = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615554   ccd_exclusive = DISABLED
Tue Jan 20 21:26:47 2015 us=615559   tmp_dir = '/tmp'
Tue Jan 20 21:26:47 2015 us=615565   push_ifconfig_defined = DISABLED
Tue Jan 20 21:26:47 2015 us=615571   push_ifconfig_local = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615577   push_ifconfig_remote_netmask = 0.0.0.0
Tue Jan 20 21:26:47 2015 us=615582   push_ifconfig_ipv6_defined = DISABLED
Tue Jan 20 21:26:47 2015 us=615588   push_ifconfig_ipv6_local = ::/0
Tue Jan 20 21:26:47 2015 us=615594   push_ifconfig_ipv6_remote = ::
Tue Jan 20 21:26:47 2015 us=615600   enable_c2c = DISABLED
Tue Jan 20 21:26:47 2015 us=615606   duplicate_cn = DISABLED
Tue Jan 20 21:26:47 2015 us=615611   cf_max = 0
Tue Jan 20 21:26:47 2015 us=615616   cf_per = 0
Tue Jan 20 21:26:47 2015 us=615622   max_clients = 1024
Tue Jan 20 21:26:47 2015 us=615627   max_routes_per_client = 256
Tue Jan 20 21:26:47 2015 us=615633   auth_user_pass_verify_script = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615639   auth_user_pass_verify_script_via_file = DISABLED
Tue Jan 20 21:26:47 2015 us=615645   port_share_host = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615651   port_share_port = 0
Tue Jan 20 21:26:47 2015 us=615657   client = ENABLED
Tue Jan 20 21:26:47 2015 us=615662   pull = ENABLED
Tue Jan 20 21:26:47 2015 us=615669   auth_user_pass_file = '[UNDEF]'
Tue Jan 20 21:26:47 2015 us=615675 OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 13 2015
Tue Jan 20 21:26:47 2015 us=615685 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.08
Enter Private Key Password:
Tue Jan 20 21:26:49 2015 us=571480 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jan 20 21:26:49 2015 us=571687 WARNING: file '/home/hurvajs/certificates/xxxxx/prog92.key' is group or others accessible
Tue Jan 20 21:26:49 2015 us=572081 LZO compression initialized
Tue Jan 20 21:26:49 2015 us=572216 Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jan 20 21:26:49 2015 us=572275 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue Jan 20 21:26:49 2015 us=624119 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jan 20 21:26:49 2015 us=624167 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Tue Jan 20 21:26:49 2015 us=624175 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Tue Jan 20 21:26:49 2015 us=624192 Local Options hash (VER=V4): 'c6c7c21a'
Tue Jan 20 21:26:49 2015 us=624202 Expected Remote Options hash (VER=V4): '1a6d5c5d'
Tue Jan 20 21:26:49 2015 us=624213 UDPv4 link local: [undef]
Tue Jan 20 21:26:49 2015 us=624222 UDPv4 link remote: [AF_INET]176.62.234.2:21194
WRTue Jan 20 21:26:49 2015 us=671547 TLS: Initial packet from [AF_INET]176.62.234.2:21194, sid=1ae9aec5 ba101435
WWWRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRTue Jan 20 21:26:49 2015 us=968866 VERIFY OK: depth=1, C=CZ, ST=Czech Republic, L=Prague, O=xxxxx, CN=xxxxx, emailAddress=xxxxx@xxxxx.cz
Tue Jan 20 21:26:49 2015 us=969145 VERIFY OK: nsCertType=SERVER
Tue Jan 20 21:26:49 2015 us=969162 VERIFY OK: depth=0, C=CZ, ST=Czech Republic, L=Prague, O=xxxxx, CN=praha.xxxxx.cz, emailAddress=xxxxx@xxxxx.cz
WRWRWRWRWRWRWWWWRRRWWRWWRRRRWWWWRRRRWWWWRRRRWWWWRWRRRWWWRRRWRWWWRRRRWRWRTue Jan 20 21:26:50 2015 us=428105 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jan 20 21:26:50 2015 us=428125 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 20 21:26:50 2015 us=428131 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jan 20 21:26:50 2015 us=428136 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WTue Jan 20 21:26:50 2015 us=428173 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 20 21:26:50 2015 us=428191 [praha.xxxxx.cz] Peer Connection Initiated with [AF_INET]176.62.234.2:21194
Tue Jan 20 21:26:52 2015 us=781808 SENT CONTROL [praha.xxxxx.cz]: 'PUSH_REQUEST' (status=1)
WRRWRWRWRWRWRWRRRWRWRWRWRTue Jan 20 21:26:56 2015 us=901120 PUSH: Received control message: 'PUSH_REPLY,route 192.168.3.0 255.255.255.0,route 192.168.5.0 255.255.255.0,route 192.168.100.0 255.255.255.0,route 192.168.101.0 255.255.255.0,route 192.168.102.0 255.255.255.0,route 176.62.234.14 255.255.255.255,route 195.250.149.128 255.255.255.192,route 77.93.217.64 255.255.255.192,route 178.238.38.128 255.255.255.192,route 77.93.222.8 255.255.255.252,route 195.122.208.0 255.255.255.240,route 195.122.208.128 255.255.255.224,route 188.120.192.44 255.255.255.255,route 188.120.196.48 255.255.255.240,route 64.14.225.0 255.255.255.0,route 64.14.236.228 255.255.255.255,route 216.33.74.9 255.255.255.255,route 216.64.211.84 255.255.255.255,route 216.64.211.196 255.255.255.255,route 216.35.168.0 255.255.255.0,route 216.35.169.215 255.255.255.255,route 216.64.208.119 255.255.255.255,route 216.64.208.196 255.255.255.255,route 216.64.209.4 255.255.255.255,route 216.64.209.51 255.255.255.255,route 216.64.209.52 255.255.255.255,push-continuation 2'
WRWRWRWRWRWRWRWRWRWRTue Jan 20 21:26:57 2015 us=224128 PUSH: Received control message: 'PUSH_REPLY,route 212.41.251.141 255.255.255.255,route 216.64.211.4 255.255.255.255,route 93.185.101.130 255.255.255.255,route 92.62.231.50 255.255.255.255,route 82.208.49.228 255.255.255.255,route 82.208.14.140 255.255.255.255,route 194.228.175.203 255.255.255.255,route 194.228.175.218 255.255.255.255,route 194.228.175.223 255.255.255.255,route 194.228.175.242 255.255.255.255,route 5.79.12.121 255.255.255.255,route 5.79.61.226 255.255.255.255,route 5.79.9.110 255.255.255.255,route 5.79.9.111 255.255.255.255,route 176.62.234.6 255.255.255.255,route 90.176.150.210 255.255.255.255,route 90.176.150.211 255.255.255.255,route 81.0.231.81 255.255.255.255,route 81.0.231.82 255.255.255.255,route 81.0.231.83 255.255.255.255,route 81.0.231.84 255.255.255.255,route 217.11.236.225 255.255.255.255,route 77.93.219.184 255.255.255.255,route 77.93.219.185 255.255.255.255,route 62.77.114.18 255.255.255.255,route 90.182.205.232 255.255.255.255,push-continuation 2'
WRWRWRWRWRWRWRWRTue Jan 20 21:26:57 2015 us=353850 PUSH: Received control message: 'PUSH_REPLY,route 90.182.205.243 255.255.255.255,route 54.194.15.77 255.255.255.255,route 54.194.150.200 255.255.255.255,route 54.194.189.101 255.255.255.255,route 54.229.184.75 255.255.255.255,route 72.21.203.197 255.255.255.255,route 176.34.147.136 255.255.255.255,route 176.34.149.93 255.255.255.255,route 176.34.149.183 255.255.255.255,route 176.34.150.14 255.255.255.255,route 176.34.155.53 255.255.255.255,route 194.203.40.19 255.255.255.255,route 194.203.40.142 255.255.255.255,route 54.229.184.75 255.255.255.255,route 88.86.101.58 255.255.255.255,route 77.78.101.2 255.255.255.255,route-gateway 192.168.12.1,ping 10,ping-restart 120,ifconfig 192.168.12.59 255.255.255.0,push-continuation 1'
Tue Jan 20 21:26:57 2015 us=354120 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 20 21:26:57 2015 us=354147 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jan 20 21:26:57 2015 us=354160 OPTIONS IMPORT: route options modified
Tue Jan 20 21:26:57 2015 us=354171 OPTIONS IMPORT: route-related options modified
Tue Jan 20 21:26:57 2015 us=354425 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=enp3s0 HWADDR=28:d2:44:cc:92:44
Tue Jan 20 21:26:57 2015 us=357137 TUN/TAP device tap0 opened
Tue Jan 20 21:26:57 2015 us=357324 TUN/TAP TX queue length set to 100
Tue Jan 20 21:26:57 2015 us=357441 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jan 20 21:26:57 2015 us=357582 /bin/ifconfig tap0 192.168.12.59 netmask 255.255.255.0 mtu 1500 broadcast 192.168.12.255
WrWrWrWrWrWrWrWRwrWRwRwRwRTue Jan 20 21:26:59 2015 us=762690 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_0__0044] 0:9 0:8 t=1421789219[0] r=[-4,64,15,1,1] sl=[55,9,64,528]
wRwRTue Jan 20 21:26:59 2015 us=762733 PID_ERR replay-window backtrack occurred [6] [SSL-0] [0_000__0044] 0:11 0:5 t=1421789219[0] r=[-4,64,15,6,1] sl=[53,11,64,528]
wRwRwRwRwRwRwRwrWRwRwrWTue Jan 20 21:27:07 2015 us=648205 /bin/route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=648981 /bin/route add -net 192.168.5.0 netmask 255.255.255.0 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=649612 /bin/route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=650644 /bin/route add -net 192.168.101.0 netmask 255.255.255.0 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=651359 /bin/route add -net 192.168.102.0 netmask 255.255.255.0 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=652509 /bin/route add -net 176.62.234.14 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=653297 /bin/route add -net 195.250.149.128 netmask 255.255.255.192 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=654158 /bin/route add -net 77.93.217.64 netmask 255.255.255.192 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=654939 /bin/route add -net 178.238.38.128 netmask 255.255.255.192 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=655680 /bin/route add -net 77.93.222.8 netmask 255.255.255.252 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=656429 /bin/route add -net 195.122.208.0 netmask 255.255.255.240 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=657129 /bin/route add -net 195.122.208.128 netmask 255.255.255.224 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=657812 /bin/route add -net 188.120.192.44 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=658493 /bin/route add -net 188.120.196.48 netmask 255.255.255.240 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=659166 /bin/route add -net 64.14.225.0 netmask 255.255.255.0 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=659841 /bin/route add -net 64.14.236.228 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=660369 /bin/route add -net 216.33.74.9 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=661095 /bin/route add -net 216.64.211.84 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=661815 /bin/route add -net 216.64.211.196 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=662559 /bin/route add -net 216.35.168.0 netmask 255.255.255.0 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=663348 /bin/route add -net 216.35.169.215 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=664226 /bin/route add -net 216.64.208.119 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=665204 /bin/route add -net 216.64.208.196 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=665959 /bin/route add -net 216.64.209.4 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=666644 /bin/route add -net 216.64.209.51 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=667336 /bin/route add -net 216.64.209.52 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=668154 /bin/route add -net 212.41.251.141 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=669373 /bin/route add -net 216.64.211.4 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=670393 /bin/route add -net 93.185.101.130 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=671129 /bin/route add -net 92.62.231.50 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=671809 /bin/route add -net 82.208.49.228 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=672458 /bin/route add -net 82.208.14.140 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=673147 /bin/route add -net 194.228.175.203 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=673841 /bin/route add -net 194.228.175.218 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=674526 /bin/route add -net 194.228.175.223 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=675199 /bin/route add -net 194.228.175.242 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=675862 /bin/route add -net 5.79.12.121 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=676582 /bin/route add -net 5.79.61.226 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=677290 /bin/route add -net 5.79.9.110 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=678025 /bin/route add -net 5.79.9.111 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=678655 /bin/route add -net 176.62.234.6 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=679328 /bin/route add -net 90.176.150.210 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=679974 /bin/route add -net 90.176.150.211 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=680824 /bin/route add -net 81.0.231.81 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=681550 /bin/route add -net 81.0.231.82 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=682254 /bin/route add -net 81.0.231.83 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=682958 /bin/route add -net 81.0.231.84 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=684191 /bin/route add -net 217.11.236.225 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=684819 /bin/route add -net 77.93.219.184 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=685477 /bin/route add -net 77.93.219.185 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=686146 /bin/route add -net 62.77.114.18 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=686771 /bin/route add -net 90.182.205.232 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=687397 /bin/route add -net 90.182.205.243 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=688068 /bin/route add -net 54.194.15.77 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=688753 /bin/route add -net 54.194.150.200 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=689389 /bin/route add -net 54.194.189.101 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=690039 /bin/route add -net 54.229.184.75 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=690700 /bin/route add -net 72.21.203.197 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=691579 /bin/route add -net 176.34.147.136 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=692289 /bin/route add -net 176.34.149.93 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=693005 /bin/route add -net 176.34.149.183 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=693698 /bin/route add -net 176.34.150.14 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=694438 /bin/route add -net 176.34.155.53 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=695128 /bin/route add -net 194.203.40.19 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=695794 /bin/route add -net 194.203.40.142 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=696457 /bin/route add -net 54.229.184.75 netmask 255.255.255.255 gw 192.168.12.1
SIOCADDRT: File exists
Tue Jan 20 21:27:07 2015 us=697141 ERROR: Linux route add command failed: external program exited with error status: 7
Tue Jan 20 21:27:07 2015 us=697176 /bin/route add -net 88.86.101.58 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=697835 /bin/route add -net 77.78.101.2 netmask 255.255.255.255 gw 192.168.12.1
Tue Jan 20 21:27:07 2015 us=698430 Initialization Sequence Completed
20.1.2015 21:25 creon | skóre: 18 | blog: creonsnotes
Rozbalit Rozbalit vše Re: Nefunkční openVPN
pod kterym uzivatelem se spousti VPN?
svido avatar 20.1.2015 22:09 svido | skóre: 28
Rozbalit Rozbalit vše Re: Nefunkční openVPN
Pod rootem. Zkoušel jsem Ing konfigu přidat nobody, nepomohlo to
20.1.2015 22:26 Matlák
Rozbalit Rozbalit vše Re: Nefunkční openVPN
....
Tue Jan 20 19:25:34 2015 /bin/ifconfig tap0 192.168.12.59 netmask 255.255.255.0 mtu 1500 broadcast 192.168.12.255
SIOCADDRT: File exists
Tue Jan 20 19:25:36 2015 ERROR: Linux route add command failed: external program exited with error status: 7
....
Podle toho výpisu jste připojen... Možná by to chtělo po spuštění openvpn jen zkontrolovat, jestli se jde dostat do té sítě 192.168.12.0/24. A routy vypíšete třeba příkazem
ip r show
20.1.2015 22:29 Matlák
Rozbalit Rozbalit vše Re: Nefunkční openVPN
Připojení kk internetu funguje dál, ale na servery uvnitř VPN nevidím.

Jaké to jsou servery? Mají taky adresy z rozsahu 192.168.12.0/24 ? Nebo jsou úplně někde jinde, a v té síti je jen nějaká brána k nim?
20.1.2015 22:33 Matlák
Rozbalit Rozbalit vše Re: Nefunkční openVPN
Aha tak podle přiloženého výpisu to vypadá že brána je 192.168.12.1 a ty servery by tam měly být (měly by jít pingnout podle IP adresy). Zkusil bych nejdřív zkusit tu bránu a pak některý z těch serverů...
svido avatar 20.1.2015 22:42 svido | skóre: 28
Rozbalit Rozbalit vše Re: Nefunkční openVPN
jasně, to je můj domácí switch. Z něj to přes Wi-Fi router leze providerovi. Moje domácí sít je 192.168.2.0/24 a brána je: 192.168.2.1

Sít funguje. Nejde jen vlastní VPN, resp. servery co bych měl vidět díky VPN nevidím.
21.1.2015 06:19 Matlák
Rozbalit Rozbalit vše Re: Nefunkční openVPN
Myslel jsem síť 192.168.12.0/24. Že je VPN připojená do této sítě je vidět ve výpisu logu:
Tue Jan 20 19:25:34 2015 /bin/ifconfig tap0 192.168.12.59 netmask 255.255.255.0 mtu 1500 broadcast 192.168.12.255
Je logické, že ta síť je v privátním rozsahu, přeci jen je to virtuální privátní síť...
svido avatar 20.1.2015 22:39 svido | skóre: 28
Rozbalit Rozbalit vše Re: Nefunkční openVPN
tohle je development server, který by měl být v naší interní síti. Možná je jen chybná konfigurace na serveru, zkoušel jsem trace a po čase skončím...
spejbl ~ # tracepath 46.28.107.243
 1?: [LOCALHOST]                                         pmtu 1500
 1:  192.168.2.1                                           0.506ms
 1:  192.168.2.1                                           0.397ms
 2:  10.19.17.49                                           2.215ms
 3:  10.19.17.1                                            7.597ms
 4:  10.19.0.33                                          477.296ms
 5:  10.1.0.1                                             91.885ms
 6:  10.0.90.14                                           46.560ms
 7:  2.144.230.94.awnet.cz                                21.168ms
 8:  gw-78-24-8-201.vshosting.cz                          79.700ms asymm  9
 9:  gw-vshsitpeer.kaora.cz                               23.657ms asymm 10
10:  wedos-sitel.kaora.cz                                 50.223ms asymm 11
11:  r12-a.wedos.net                                      45.235ms asymm 12
12:  no reply
13:  no reply
14:  no reply
15:  no reply
Toto je stage server, který je i mimo naší firemní sít (spravuje ho třetí strana), ale z práce na něj vidím...
spejbl ~ # tracepath 212.100.246.25
 1?: [LOCALHOST]                                         pmtu 1500
 1:  192.168.2.1                                           0.531ms
 1:  192.168.2.1                                           0.497ms
 2:  10.19.17.49                                           2.250ms
 3:  10.19.17.1                                           14.123ms
 4:  10.19.0.33                                           76.885ms
 5:  10.1.0.1                                             17.781ms
 6:  10.0.90.14                                           35.234ms
 7:  1.144.230.94.awnet.cz                                47.213ms
 8:  unassigned-ip.vshosting.cz                           42.303ms
 9:  backbone-sitel-mx.vshosting.cz                       36.551ms
10:  78.152.46.37                                         37.957ms
11:  eth1-3.r1.vie1.at.as5580.net                         48.053ms
12:  eth1-6.r1.fra1.de.as5580.net                         58.032ms asymm 11
13:  eth13-1.core1.par2.fr.as5580.net                     45.877ms asymm 12
14:  eth7-1.core1.lon2.uk.as5580.net                      82.960ms asymm 15
15:  eth7-2.r1.lon1.uk.as5580.net                         72.726ms
16:  94.31.31.17                                          48.989ms
17:  ae5.mpr2.lhr2.uk.zip.zayo.com                        55.336ms
18:  ae6.mpr1.lhr23.uk.zip.zayo.com                       97.621ms
19:  94.31.42.254.IPYX-076520-ZYO.above.net               81.987ms
20:  coreb-edge4.lon3.rackspace.net                      104.708ms
21:  core3-corea.lon3.rackspace.net                       54.273ms
22:  aggr331a-2-core3.lon3.rackspace.net                  97.227ms
23:  no reply
24:  no reply
21.1.2015 06:24 Matlák
Rozbalit Rozbalit vše Re: Nefunkční openVPN
Toto je stage server, který je i mimo naší firemní sít (spravuje ho třetí strana), ale z práce na něj vidím...
spejbl ~ # tracepath 212.100.246.25


Tak zkuste zadat routu ručně, přes síť která je na tap0 - třeba takhle:
ip r add 212.100.246.25 via 192.168.12.1
BTW. asi bylo vhodné, po tom co VPN najede (objeví se "Initialization sequence completed") kouknout jestli jsou všechny interfacy správně nastavené
ip a show
je možné i to že tam něco koliduje...
21.1.2015 09:28 pet
Rozbalit Rozbalit vše Re: Nefunkční openVPN
Ani 46.28.107.243 ani 212.100.246.25 není podle toho dlouhého výpisu routované do VPN, proto traceroute jde přímo do internetu. Co takhle zkusit něco z toho, co je přes VPN routované? Těch mašin je v tom výpisu dost, všechny co mají netmask 255.255.255.255 jsou jednotlivé stroje.
20.1.2015 22:30 NN
Rozbalit Rozbalit vše Re: Nefunkční openVPN
/bin/ifconfig tap0 192.168.12.59 netmask 255.255.255.0 mtu 1500 broadcast 192.168.12.255
SIOCADDRT: File exists
To vypada, ze uz na tom tapu neco visi..

Založit nové vláknoNahoru

Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

ISSN 1214-1267   www.czech-server.cz
© 1999-2015 Nitemedia s. r. o. Všechna práva vyhrazena.