Curl, řádkový nástroj a knihovna pro přenos dat po různých protokolech, slaví 25 let. Vydána byla nová verze 8.0.0. Mimo jiné řeší 6 zranitelností.
V sobotu 25. března proběhne Arduino Day 2023. Od 14:00 lze sledovat oficiální stream. Zúčastnit se lze i lokálních akcí. V Česku jsou aktuálně registrovány dvě: v Praze na Matfyzu a v Poličce v městské knihovně.
Fabrice Bellard, tvůrce FFmpeg nebo QEMU, představil TextSynth Server. Jedná se o webový server nabízející REST API k velkým AI jazykovým modelům. CPU verze je k dispozici zdarma jako binárka pod licencí MIT. GPU verze je komerční. Vyzkoušet lze na stránkách TextSynth.
Na konferenci LibrePlanet 2023 byly vyhlášeny ceny Free Software Foundation. Oceněni byli Eli Zaretskii za dlouhodobé příspěvky (správce Emacsu), Tad „SkewedZeppelin“ za nové příspěvky (správce DivestOS, distribuce Androidu) a projekt GNU Jami za společenský přínos.
Projekt Libreboot (Wikipedie) vydal novou verzi 20230319 svého svobodného firmwaru nahrazujícího proprietární BIOSy. Přibyla například podpora Lenovo ThinkPadů W530 a T530. Libreboot je distribucí Corebootu bez proprietárních blobů.
Na YouTube jsou k dispozici videozáznamy z 20. konference SCALE (Southern California Linux Expo). Závěrečnou přednášku měl dnes již osmdesátiletý Ken Thompson. Na otázku, jaký operační systém používá, odpověděl: "Většinu svého života jsem používal Apple, protože jsem se do této společnosti tak trochu narodil. Poslední dobou, myslím posledních pět let, jsem ale kvůli Applu více a více depresivní. To, co dělá s něčím, co by vám mělo umožnit
… více »Byla vydána verze 10.00 linuxové distribuce SystemRescue, původně SystemRescueCd, určené pro záchranu systémů a dat. Přehled novinek v changelogu. Linux byl povýšen na verzi 6.1.20.
Byla vydána verze 16.0.0 překladačové infrastruktury LLVM (Wikipedie). Přehled novinek v poznámkách k vydání: LLVM, Clang, LLD, Extra Clang Tools, Libc++ a Polly.
O víkendu probíhá v Bostonu, a také virtuálně, konference LibrePlanet 2023 organizovaná nadací Free Software Foundation (FSF).
Na Crowd Supply běží kampaň na podporu open source notebooku MNT Pocket Reform od společnosti MNT Research. Notebook má mechanickou klávesnici s RGB podsvícením a 7 palcový displej s rozlišením 1920×1200 pixelů. Cena začíná na 899 dolarech. Před třemi lety proběhla úspěšná kampaň na podporu notebooku MNT Reform.
V siti pouzivam rozsah 192.168.1.0/255.255.255.0. Server ma IP 192.168.1.1 stanicim prideluje DHCP z rozsahu 192.168.1.10-192.168.1.100. OpenVPN mam takto nastaveno (Debian 5.0):
mode server tls-server dev tap0 proto udp port 1194 ifconfig 192.168.1.2 255.255.255.0 ifconfig-pool 192.168.1.110 192.168.1.120 255.255.255.0 duplicate-cn max-clients 5 client-to-client
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
push "redirect-gateway local def1"
keepalive 10 30
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
log-append /var/log/openvpn
status /var/run/openvpn/vpn.status 10
user nobody
group nogroup
comp-lzo
verb 5
Klient na Windows XP SP2 ma nasledujici nastaveni:
remote server.example.com port 1194 tls-client dev tap pull ns-cert-type server mute 10 ca ca.crt cert pokus.crt key pokus.key comp-lzo verb 3
Vubec se to nespoji. Na klientovi to vypisuje nasledujici chybu:
Wed Aug 26 11:29:56 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Wed Aug 26 11:30:01 2009 LZO compression initialized Wed Aug 26 11:30:01 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Aug 26 11:30:01 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Wed Aug 26 11:30:01 2009 Local Options hash (VER=V4): 'd79ca330' Wed Aug 26 11:30:01 2009 Expected Remote Options hash (VER=V4): 'f7df56b8' Wed Aug 26 11:30:01 2009 UDPv4 link local (bound): [undef]:1194 Wed Aug 26 11:30:01 2009 UDPv4 link remote: IP.AD.RE.SA:1194 Wed Aug 26 11:30:01 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:03 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:06 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:08 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:10 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:11 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:14 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:16 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:17 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:20 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:22 2009 NOTE: --mute triggered...
a na serveru:
Wed Aug 26 11:27:57 2009 us=2701 event_wait : Interrupted system call (code=4) Wed Aug 26 11:27:57 2009 us=7160 TCP/UDP: Closing socket Wed Aug 26 11:27:57 2009 us=7444 Closing TUN/TAP interface Wed Aug 26 11:27:57 2009 us=7576 /sbin/ifconfig tap0 0.0.0.0 SIOCSIFADDR: Permission denied SIOCSIFFLAGS: Permission denied Wed Aug 26 11:27:57 2009 us=12791 Linux ip addr del failed: external program exited with error status: 255 Wed Aug 26 11:27:57 2009 us=27873 SIGTERM[hard,] received, process exiting Wed Aug 26 11:27:58 2009 us=251756 Current Parameter Settings: Wed Aug 26 11:27:58 2009 us=252083 config = '/etc/openvpn/server.conf' Wed Aug 26 11:27:58 2009 us=252177 mode = 1 Wed Aug 26 11:27:58 2009 us=252261 persist_config = DISABLED Wed Aug 26 11:27:58 2009 us=252346 persist_mode = 1 Wed Aug 26 11:27:58 2009 us=252427 show_ciphers = DISABLED Wed Aug 26 11:27:58 2009 us=252508 show_digests = DISABLED Wed Aug 26 11:27:58 2009 us=252588 show_engines = DISABLED Wed Aug 26 11:27:58 2009 us=252669 genkey = DISABLED Wed Aug 26 11:27:58 2009 us=252751 key_pass_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=252833 show_tls_ciphers = DISABLED Wed Aug 26 11:27:58 2009 us=252921 Connection profiles [default]: Wed Aug 26 11:27:58 2009 us=253006 proto = udp Wed Aug 26 11:27:58 2009 us=253089 local = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=253172 local_port = 1194 Wed Aug 26 11:27:58 2009 us=253252 remote = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=253333 remote_port = 1194 Wed Aug 26 11:27:58 2009 us=253415 remote_float = DISABLED Wed Aug 26 11:27:58 2009 us=253553 bind_defined = DISABLED Wed Aug 26 11:27:58 2009 us=253638 bind_local = ENABLED Wed Aug 26 11:27:58 2009 us=253721 connect_retry_seconds = 5 Wed Aug 26 11:27:58 2009 us=253804 connect_timeout = 10 Wed Aug 26 11:27:58 2009 us=253885 connect_retry_max = 0 Wed Aug 26 11:27:58 2009 us=253965 socks_proxy_server = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=254048 socks_proxy_port = 0 Wed Aug 26 11:27:58 2009 us=254129 socks_proxy_retry = DISABLED Wed Aug 26 11:27:58 2009 us=254215 Connection profiles END Wed Aug 26 11:27:58 2009 us=254297 remote_random = DISABLED Wed Aug 26 11:27:58 2009 us=254379 ipchange = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=254462 dev = 'tap0' Wed Aug 26 11:27:58 2009 us=254543 dev_type = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=254623 dev_node = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=254704 lladdr = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=254785 topology = 1 Wed Aug 26 11:27:58 2009 us=254866 tun_ipv6 = DISABLED Wed Aug 26 11:27:58 2009 us=254947 ifconfig_local = '192.168.1.2' Wed Aug 26 11:27:58 2009 us=255028 ifconfig_remote_netmask = '255.255.255.0' Wed Aug 26 11:27:58 2009 us=255109 ifconfig_noexec = DISABLED Wed Aug 26 11:27:58 2009 us=255190 ifconfig_nowarn = DISABLED Wed Aug 26 11:27:58 2009 us=255270 shaper = 0 Wed Aug 26 11:27:58 2009 us=255352 tun_mtu = 1500 Wed Aug 26 11:27:58 2009 us=255433 tun_mtu_defined = ENABLED Wed Aug 26 11:27:58 2009 us=255515 link_mtu = 1500 Wed Aug 26 11:27:58 2009 us=255597 link_mtu_defined = DISABLED Wed Aug 26 11:27:58 2009 us=255678 tun_mtu_extra = 32 Wed Aug 26 11:27:58 2009 us=255759 tun_mtu_extra_defined = ENABLED Wed Aug 26 11:27:58 2009 us=255840 fragment = 0 Wed Aug 26 11:27:58 2009 us=255920 mtu_discover_type = -1 Wed Aug 26 11:27:58 2009 us=256002 mtu_test = 0 Wed Aug 26 11:27:58 2009 us=256083 mlock = DISABLED Wed Aug 26 11:27:58 2009 us=256165 keepalive_ping = 10 Wed Aug 26 11:27:58 2009 us=256246 keepalive_timeout = 30 Wed Aug 26 11:27:58 2009 us=256327 inactivity_timeout = 0 Wed Aug 26 11:27:58 2009 us=256409 ping_send_timeout = 10 Wed Aug 26 11:27:58 2009 us=256489 ping_rec_timeout = 60 Wed Aug 26 11:27:58 2009 us=256570 ping_rec_timeout_action = 2 Wed Aug 26 11:27:58 2009 us=256651 ping_timer_remote = DISABLED Wed Aug 26 11:27:58 2009 us=256732 remap_sigusr1 = 0 Wed Aug 26 11:27:58 2009 us=256814 explicit_exit_notification = 0 Wed Aug 26 11:27:58 2009 us=256973 persist_tun = DISABLED Wed Aug 26 11:27:58 2009 us=257060 persist_local_ip = DISABLED Wed Aug 26 11:27:58 2009 us=257142 persist_remote_ip = DISABLED Wed Aug 26 11:27:58 2009 us=257224 persist_key = DISABLED Wed Aug 26 11:27:58 2009 us=257304 mssfix = 1450 Wed Aug 26 11:27:58 2009 us=257386 passtos = DISABLED Wed Aug 26 11:27:58 2009 us=257521 resolve_retry_seconds = 1000000000 Wed Aug 26 11:27:58 2009 us=257610 username = 'nobody' Wed Aug 26 11:27:58 2009 us=257693 groupname = 'nogroup' Wed Aug 26 11:27:58 2009 us=257774 chroot_dir = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=257856 cd_dir = '/etc/openvpn' Wed Aug 26 11:27:58 2009 us=257937 writepid = '/var/run/openvpn.server.pid' Wed Aug 26 11:27:58 2009 us=258017 up_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=258099 down_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=258178 down_pre = DISABLED Wed Aug 26 11:27:58 2009 us=258260 up_restart = DISABLED Wed Aug 26 11:27:58 2009 us=258340 up_delay = DISABLED Wed Aug 26 11:27:58 2009 us=258421 daemon = ENABLED Wed Aug 26 11:27:58 2009 us=258502 inetd = 0 Wed Aug 26 11:27:58 2009 us=258583 log = ENABLED Wed Aug 26 11:27:58 2009 us=258663 suppress_timestamps = DISABLED Wed Aug 26 11:27:58 2009 us=258744 nice = 0 Wed Aug 26 11:27:58 2009 us=258824 verbosity = 5 Wed Aug 26 11:27:58 2009 us=258905 mute = 0 Wed Aug 26 11:27:58 2009 us=258985 gremlin = 0 Wed Aug 26 11:27:58 2009 us=259068 status_file = '/var/run/openvpn/vpn.status' Wed Aug 26 11:27:58 2009 us=259150 status_file_version = 1 Wed Aug 26 11:27:58 2009 us=259231 status_file_update_freq = 10 Wed Aug 26 11:27:58 2009 us=259312 occ = ENABLED Wed Aug 26 11:27:58 2009 us=259392 rcvbuf = 65536 Wed Aug 26 11:27:58 2009 us=259474 sndbuf = 65536 Wed Aug 26 11:27:58 2009 us=259554 sockflags = 0 Wed Aug 26 11:27:58 2009 us=259636 fast_io = DISABLED Wed Aug 26 11:27:58 2009 us=259716 lzo = 7 Wed Aug 26 11:27:58 2009 us=259796 route_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=259878 route_default_gateway = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=259960 route_default_metric = 0 Wed Aug 26 11:27:58 2009 us=260041 route_noexec = DISABLED Wed Aug 26 11:27:58 2009 us=260123 route_delay = 0 Wed Aug 26 11:27:58 2009 us=260204 route_delay_window = 30 Wed Aug 26 11:27:58 2009 us=260286 route_delay_defined = DISABLED Wed Aug 26 11:27:58 2009 us=260368 route_nopull = DISABLED Wed Aug 26 11:27:58 2009 us=260450 route_gateway_via_dhcp = DISABLED Wed Aug 26 11:27:58 2009 us=260534 allow_pull_fqdn = DISABLED Wed Aug 26 11:27:58 2009 us=260618 management_addr = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=260701 management_port = 0 Wed Aug 26 11:27:58 2009 us=260785 management_user_pass = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=260870 management_log_history_cache = 250 Wed Aug 26 11:27:58 2009 us=260956 management_echo_buffer_size = 100 Wed Aug 26 11:27:58 2009 us=261041 management_write_peer_info_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=261121 management_flags = 0 Wed Aug 26 11:27:58 2009 us=261205 shared_secret_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=261288 key_direction = 0 Wed Aug 26 11:27:58 2009 us=261370 ciphername_defined = ENABLED Wed Aug 26 11:27:58 2009 us=261506 ciphername = 'BF-CBC' Wed Aug 26 11:27:58 2009 us=261596 authname_defined = ENABLED Wed Aug 26 11:27:58 2009 us=261679 authname = 'SHA1' Wed Aug 26 11:27:58 2009 us=261763 keysize = 0 Wed Aug 26 11:27:58 2009 us=261845 engine = DISABLED Wed Aug 26 11:27:58 2009 us=261928 replay = ENABLED Wed Aug 26 11:27:58 2009 us=262012 mute_replay_warnings = DISABLED Wed Aug 26 11:27:58 2009 us=262093 replay_window = 64 Wed Aug 26 11:27:58 2009 us=262176 replay_time = 15 Wed Aug 26 11:27:58 2009 us=262260 packet_id_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=262343 use_iv = ENABLED Wed Aug 26 11:27:58 2009 us=262426 test_crypto = DISABLED Wed Aug 26 11:27:58 2009 us=262505 tls_server = ENABLED Wed Aug 26 11:27:58 2009 us=262588 tls_client = DISABLED Wed Aug 26 11:27:58 2009 us=262717 key_method = 2 Wed Aug 26 11:27:58 2009 us=262806 ca_file = '/etc/openvpn/ca.crt' Wed Aug 26 11:27:58 2009 us=262889 ca_path = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=262974 dh_file = '/etc/openvpn/dh2048.pem' Wed Aug 26 11:27:58 2009 us=263058 cert_file = '/etc/openvpn/server.crt' Wed Aug 26 11:27:58 2009 us=263141 priv_key_file = '/etc/openvpn/server.key' Wed Aug 26 11:27:58 2009 us=263224 pkcs12_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=263307 cipher_list = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=263389 tls_verify = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=263471 tls_remote = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=263553 crl_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=263636 ns_cert_type = 0 Wed Aug 26 11:27:58 2009 us=263721 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=263803 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=263882 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=263964 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264045 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264125 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264206 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264286 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264367 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264448 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264529 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264609 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264690 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264768 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264849 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264928 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=265010 remote_cert_eku = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=265091 tls_timeout = 2 Wed Aug 26 11:27:58 2009 us=265173 renegotiate_bytes = 0 Wed Aug 26 11:27:58 2009 us=265257 renegotiate_packets = 0 Wed Aug 26 11:27:58 2009 us=265341 renegotiate_seconds = 3600 Wed Aug 26 11:27:58 2009 us=265422 handshake_window = 60 Wed Aug 26 11:27:58 2009 us=265898 transition_window = 3600 Wed Aug 26 11:27:58 2009 us=265992 single_session = DISABLED Wed Aug 26 11:27:58 2009 us=266080 tls_exit = DISABLED Wed Aug 26 11:27:58 2009 us=266166 tls_auth_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=266252 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266336 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266420 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266500 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266585 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266668 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266751 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266835 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266915 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266999 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267082 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267164 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267248 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267329 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267415 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267499 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267583 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=267671 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=267754 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=267839 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=267924 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268005 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268088 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268172 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268309 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268400 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268485 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268567 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268651 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268733 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268817 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268903 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268987 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269069 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269150 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269231 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269313 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269395 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269524 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269610 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269693 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269774 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269856 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269940 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=270019 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=270100 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=270181 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=270261 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=270346 pkcs11_pin_cache_period = -1 Wed Aug 26 11:27:58 2009 us=270428 pkcs11_id = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=270511 pkcs11_id_management = DISABLED Wed Aug 26 11:27:58 2009 us=270651 server_network = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=270748 server_netmask = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=270842 server_bridge_ip = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=270938 server_bridge_netmask = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=271031 server_bridge_pool_start = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=271125 server_bridge_pool_end = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=271211 push_list = 'dhcp-option DNS 192.168.1.1,redirect-gateway def1,redirect-gateway local def1,ping 10,ping-restart 30' Wed Aug 26 11:27:58 2009 us=271297 ifconfig_pool_defined = ENABLED Wed Aug 26 11:27:58 2009 us=271392 ifconfig_pool_start = 192.168.1.110 Wed Aug 26 11:27:58 2009 us=271487 ifconfig_pool_end = 192.168.1.120 Wed Aug 26 11:27:58 2009 us=271582 ifconfig_pool_netmask = 255.255.255.0 Wed Aug 26 11:27:58 2009 us=271668 ifconfig_pool_persist_filename = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=271752 ifconfig_pool_persist_refresh_freq = 600 Wed Aug 26 11:27:58 2009 us=271833 n_bcast_buf = 256 Wed Aug 26 11:27:58 2009 us=271915 tcp_queue_limit = 64 Wed Aug 26 11:27:58 2009 us=271999 real_hash_size = 256 Wed Aug 26 11:27:58 2009 us=272082 virtual_hash_size = 256 Wed Aug 26 11:27:58 2009 us=272167 client_connect_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=272249 learn_address_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=272332 client_disconnect_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=272413 client_config_dir = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=272494 ccd_exclusive = DISABLED Wed Aug 26 11:27:58 2009 us=272576 tmp_dir = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=272660 push_ifconfig_defined = DISABLED Wed Aug 26 11:27:58 2009 us=272756 push_ifconfig_local = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=272850 push_ifconfig_remote_netmask = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=272933 enable_c2c = ENABLED Wed Aug 26 11:27:58 2009 us=273015 duplicate_cn = ENABLED Wed Aug 26 11:27:58 2009 us=273095 cf_max = 0 Wed Aug 26 11:27:58 2009 us=273177 cf_per = 0 Wed Aug 26 11:27:58 2009 us=273258 max_clients = 5 Wed Aug 26 11:27:58 2009 us=273343 max_routes_per_client = 256 Wed Aug 26 11:27:58 2009 us=273427 client_cert_not_required = DISABLED Wed Aug 26 11:27:58 2009 us=273604 username_as_common_name = DISABLED Wed Aug 26 11:27:58 2009 us=273694 auth_user_pass_verify_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=273780 auth_user_pass_verify_script_via_file = DISABLED Wed Aug 26 11:27:58 2009 us=273864 port_share_host = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=273947 port_share_port = 0 Wed Aug 26 11:27:58 2009 us=274028 client = DISABLED Wed Aug 26 11:27:58 2009 us=274109 pull = DISABLED Wed Aug 26 11:27:58 2009 us=274191 auth_user_pass_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=274287 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008 Wed Aug 26 11:27:58 2009 us=275012 WARNING: you are using user/group/chroot without persist-tun -- this may cause restarts to fail Wed Aug 26 11:27:58 2009 us=275101 WARNING: you are using user/group/chroot without persist-key -- this may cause restarts to fail Wed Aug 26 11:27:58 2009 us=275587 Note: cannot open /var/run/openvpn/vpn.status for WRITE Wed Aug 26 11:27:58 2009 us=842570 Diffie-Hellman initialized with 2048 bit key Wed Aug 26 11:27:58 2009 us=850239 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted> Wed Aug 26 11:28:00 2009 us=301586 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Aug 26 11:28:00 2009 us=308353 TUN/TAP device tap0 opened Wed Aug 26 11:28:00 2009 us=308514 TUN/TAP TX queue length set to 100 Wed Aug 26 11:28:00 2009 us=308738 /sbin/ifconfig tap0 192.168.1.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255 Wed Aug 26 11:28:00 2009 us=330284 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Wed Aug 26 11:28:00 2009 us=334191 GID set to nogroup Wed Aug 26 11:28:00 2009 us=334474 UID set to nobody Wed Aug 26 11:28:00 2009 us=334659 Socket Buffers: R=[111616->131072] S=[111616->131072] Wed Aug 26 11:28:00 2009 us=334782 UDPv4 link local (bound): [undef]:1194 Wed Aug 26 11:28:00 2009 us=334876 UDPv4 link remote: [undef] Wed Aug 26 11:28:00 2009 us=334987 MULTI: multi_init called, r=256 v=256 Wed Aug 26 11:28:00 2009 us=335301 IFCONFIG POOL: base=192.168.1.110 size=11 Wed Aug 26 11:28:00 2009 us=335493 Initialization Sequence Completed Wed Aug 26 11:38:32 2009 us=831302 event_wait : Interrupted system call (code=4) Wed Aug 26 11:38:32 2009 us=832375 TCP/UDP: Closing socket Wed Aug 26 11:38:32 2009 us=832495 Closing TUN/TAP interface Wed Aug 26 11:38:32 2009 us=832625 /sbin/ifconfig tap0 0.0.0.0 SIOCSIFADDR: Permission denied SIOCSIFFLAGS: Permission denied Wed Aug 26 11:38:32 2009 us=840892 Linux ip addr del failed: external program exited with error status: 255 Wed Aug 26 11:38:32 2009 us=886653 SIGTERM[hard,] received, process exiting
Nevite nekdo, kde delam chybu? Je lepsi pouzit tun, nebo tap? Co maje jake vyhody a nevyhody? Musim nastavovat routovani pro klient na vpn, kdyz jim budu pridelovat adresy ze stejneho rozsahu, jako maji klienti v lokalni siti? Nemohl by vpn klientum pridelovat ip adresy lokalni DHCP server?
Pridej do serveru:
persist-key
persist-tun
A podle tohoto:
Wed Aug 26 11:38:32 2009 us=832625 /sbin/ifconfig tap0 0.0.0.0 SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied Je problem s opravneni k vytvoreti tap ktery se pouziva k vytvareni mostu takze pouzijte tun. NN
Tak jsem to upravil podle tve rady:
mode server tls-server dev tun0 proto udp port 1194 ifconfig 192.168.1.2 255.255.255.0 ifconfig-pool 192.168.1.110 192.168.1.120 255.255.255.0 duplicate-cn max-clients 5 client-to-client
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
push "redirect-gateway local def1"
keepalive 10 30
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
log-append /var/log/openvpn
status /var/run/openvpn/vpn.status 10
user nobody
group nogroup
comp-lzo
verb 3
persist-key
persist-tun
ale porad to nejde - ani se nespusti VPN server:
Wed Aug 26 17:05:06 2009 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008 Wed Aug 26 17:05:06 2009 Note: cannot open /var/run/openvpn/vpn.status for WRITE Wed Aug 26 17:05:07 2009 Diffie-Hellman initialized with 2048 bit key Wed Aug 26 17:05:07 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted> Wed Aug 26 17:05:10 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Aug 26 17:05:10 2009 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn) Wed Aug 26 17:05:10 2009 TUN/TAP device tun0 opened Wed Aug 26 17:05:10 2009 TUN/TAP TX queue length set to 100 Wed Aug 26 17:05:10 2009 /sbin/ifconfig tun0 192.168.1.2 pointopoint 255.255.255.0 mtu 1500 SIOCSIFDSTADDR: Invalid argument Wed Aug 26 17:05:10 2009 Linux ifconfig failed: external program exited with error status: 1 Wed Aug 26 17:05:10 2009 Exiting Options error: The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode Use --help for more information.
27.8.2009 09:17
Dalibor Smolík | skóre: 54
| blog: Postrehy_ze_zivota
| 50°5'31.93"N,14°19'35.51"E
Zdravím, kompletní problematiku openVPN tak, jak jsem toto připojení zprovoznil a prodiskutoval i zde na abíčku uvádím
Obsahuje i konfiguráky u serveru a klienta, je to odzkoušené na několika klientech a zaručeně funguje.
Nevadi ti radek: Note: cannot open /var/run/openvpn/vpn.status for WRITE ???
IMHO to zapricinuje nasledne
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
Takze nastavit prava ... (/var/run/openvpn musi mit pravo zapisu user nobody nebo alespon skupina nogroup)
Tiskni
Sdílej:
AbcLinuxu.cz
ITBiz.cz
HDmag.cz
AbcPráce.cz