Portál AbcLinuxu, 4. května 2024 14:23
V siti pouzivam rozsah 192.168.1.0/255.255.255.0. Server ma IP 192.168.1.1 stanicim prideluje DHCP z rozsahu 192.168.1.10-192.168.1.100. OpenVPN mam takto nastaveno (Debian 5.0):
mode server tls-server dev tap0 proto udp port 1194 ifconfig 192.168.1.2 255.255.255.0 ifconfig-pool 192.168.1.110 192.168.1.120 255.255.255.0 duplicate-cn max-clients 5 client-to-client
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
push "redirect-gateway local def1"
keepalive 10 30
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
log-append /var/log/openvpn
status /var/run/openvpn/vpn.status 10
user nobody
group nogroup
comp-lzo
verb 5
Klient na Windows XP SP2 ma nasledujici nastaveni:
remote server.example.com port 1194 tls-client dev tap pull ns-cert-type server mute 10 ca ca.crt cert pokus.crt key pokus.key comp-lzo verb 3
Vubec se to nespoji. Na klientovi to vypisuje nasledujici chybu:
Wed Aug 26 11:29:56 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Wed Aug 26 11:30:01 2009 LZO compression initialized Wed Aug 26 11:30:01 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Aug 26 11:30:01 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Wed Aug 26 11:30:01 2009 Local Options hash (VER=V4): 'd79ca330' Wed Aug 26 11:30:01 2009 Expected Remote Options hash (VER=V4): 'f7df56b8' Wed Aug 26 11:30:01 2009 UDPv4 link local (bound): [undef]:1194 Wed Aug 26 11:30:01 2009 UDPv4 link remote: IP.AD.RE.SA:1194 Wed Aug 26 11:30:01 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:03 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:06 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:08 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:10 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:11 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:14 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:16 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:17 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:20 2009 TLS Error: client->client or server->server connection attempted from IP.AD.RE.SA:1194 Wed Aug 26 11:30:22 2009 NOTE: --mute triggered...
a na serveru:
Wed Aug 26 11:27:57 2009 us=2701 event_wait : Interrupted system call (code=4) Wed Aug 26 11:27:57 2009 us=7160 TCP/UDP: Closing socket Wed Aug 26 11:27:57 2009 us=7444 Closing TUN/TAP interface Wed Aug 26 11:27:57 2009 us=7576 /sbin/ifconfig tap0 0.0.0.0 SIOCSIFADDR: Permission denied SIOCSIFFLAGS: Permission denied Wed Aug 26 11:27:57 2009 us=12791 Linux ip addr del failed: external program exited with error status: 255 Wed Aug 26 11:27:57 2009 us=27873 SIGTERM[hard,] received, process exiting Wed Aug 26 11:27:58 2009 us=251756 Current Parameter Settings: Wed Aug 26 11:27:58 2009 us=252083 config = '/etc/openvpn/server.conf' Wed Aug 26 11:27:58 2009 us=252177 mode = 1 Wed Aug 26 11:27:58 2009 us=252261 persist_config = DISABLED Wed Aug 26 11:27:58 2009 us=252346 persist_mode = 1 Wed Aug 26 11:27:58 2009 us=252427 show_ciphers = DISABLED Wed Aug 26 11:27:58 2009 us=252508 show_digests = DISABLED Wed Aug 26 11:27:58 2009 us=252588 show_engines = DISABLED Wed Aug 26 11:27:58 2009 us=252669 genkey = DISABLED Wed Aug 26 11:27:58 2009 us=252751 key_pass_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=252833 show_tls_ciphers = DISABLED Wed Aug 26 11:27:58 2009 us=252921 Connection profiles [default]: Wed Aug 26 11:27:58 2009 us=253006 proto = udp Wed Aug 26 11:27:58 2009 us=253089 local = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=253172 local_port = 1194 Wed Aug 26 11:27:58 2009 us=253252 remote = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=253333 remote_port = 1194 Wed Aug 26 11:27:58 2009 us=253415 remote_float = DISABLED Wed Aug 26 11:27:58 2009 us=253553 bind_defined = DISABLED Wed Aug 26 11:27:58 2009 us=253638 bind_local = ENABLED Wed Aug 26 11:27:58 2009 us=253721 connect_retry_seconds = 5 Wed Aug 26 11:27:58 2009 us=253804 connect_timeout = 10 Wed Aug 26 11:27:58 2009 us=253885 connect_retry_max = 0 Wed Aug 26 11:27:58 2009 us=253965 socks_proxy_server = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=254048 socks_proxy_port = 0 Wed Aug 26 11:27:58 2009 us=254129 socks_proxy_retry = DISABLED Wed Aug 26 11:27:58 2009 us=254215 Connection profiles END Wed Aug 26 11:27:58 2009 us=254297 remote_random = DISABLED Wed Aug 26 11:27:58 2009 us=254379 ipchange = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=254462 dev = 'tap0' Wed Aug 26 11:27:58 2009 us=254543 dev_type = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=254623 dev_node = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=254704 lladdr = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=254785 topology = 1 Wed Aug 26 11:27:58 2009 us=254866 tun_ipv6 = DISABLED Wed Aug 26 11:27:58 2009 us=254947 ifconfig_local = '192.168.1.2' Wed Aug 26 11:27:58 2009 us=255028 ifconfig_remote_netmask = '255.255.255.0' Wed Aug 26 11:27:58 2009 us=255109 ifconfig_noexec = DISABLED Wed Aug 26 11:27:58 2009 us=255190 ifconfig_nowarn = DISABLED Wed Aug 26 11:27:58 2009 us=255270 shaper = 0 Wed Aug 26 11:27:58 2009 us=255352 tun_mtu = 1500 Wed Aug 26 11:27:58 2009 us=255433 tun_mtu_defined = ENABLED Wed Aug 26 11:27:58 2009 us=255515 link_mtu = 1500 Wed Aug 26 11:27:58 2009 us=255597 link_mtu_defined = DISABLED Wed Aug 26 11:27:58 2009 us=255678 tun_mtu_extra = 32 Wed Aug 26 11:27:58 2009 us=255759 tun_mtu_extra_defined = ENABLED Wed Aug 26 11:27:58 2009 us=255840 fragment = 0 Wed Aug 26 11:27:58 2009 us=255920 mtu_discover_type = -1 Wed Aug 26 11:27:58 2009 us=256002 mtu_test = 0 Wed Aug 26 11:27:58 2009 us=256083 mlock = DISABLED Wed Aug 26 11:27:58 2009 us=256165 keepalive_ping = 10 Wed Aug 26 11:27:58 2009 us=256246 keepalive_timeout = 30 Wed Aug 26 11:27:58 2009 us=256327 inactivity_timeout = 0 Wed Aug 26 11:27:58 2009 us=256409 ping_send_timeout = 10 Wed Aug 26 11:27:58 2009 us=256489 ping_rec_timeout = 60 Wed Aug 26 11:27:58 2009 us=256570 ping_rec_timeout_action = 2 Wed Aug 26 11:27:58 2009 us=256651 ping_timer_remote = DISABLED Wed Aug 26 11:27:58 2009 us=256732 remap_sigusr1 = 0 Wed Aug 26 11:27:58 2009 us=256814 explicit_exit_notification = 0 Wed Aug 26 11:27:58 2009 us=256973 persist_tun = DISABLED Wed Aug 26 11:27:58 2009 us=257060 persist_local_ip = DISABLED Wed Aug 26 11:27:58 2009 us=257142 persist_remote_ip = DISABLED Wed Aug 26 11:27:58 2009 us=257224 persist_key = DISABLED Wed Aug 26 11:27:58 2009 us=257304 mssfix = 1450 Wed Aug 26 11:27:58 2009 us=257386 passtos = DISABLED Wed Aug 26 11:27:58 2009 us=257521 resolve_retry_seconds = 1000000000 Wed Aug 26 11:27:58 2009 us=257610 username = 'nobody' Wed Aug 26 11:27:58 2009 us=257693 groupname = 'nogroup' Wed Aug 26 11:27:58 2009 us=257774 chroot_dir = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=257856 cd_dir = '/etc/openvpn' Wed Aug 26 11:27:58 2009 us=257937 writepid = '/var/run/openvpn.server.pid' Wed Aug 26 11:27:58 2009 us=258017 up_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=258099 down_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=258178 down_pre = DISABLED Wed Aug 26 11:27:58 2009 us=258260 up_restart = DISABLED Wed Aug 26 11:27:58 2009 us=258340 up_delay = DISABLED Wed Aug 26 11:27:58 2009 us=258421 daemon = ENABLED Wed Aug 26 11:27:58 2009 us=258502 inetd = 0 Wed Aug 26 11:27:58 2009 us=258583 log = ENABLED Wed Aug 26 11:27:58 2009 us=258663 suppress_timestamps = DISABLED Wed Aug 26 11:27:58 2009 us=258744 nice = 0 Wed Aug 26 11:27:58 2009 us=258824 verbosity = 5 Wed Aug 26 11:27:58 2009 us=258905 mute = 0 Wed Aug 26 11:27:58 2009 us=258985 gremlin = 0 Wed Aug 26 11:27:58 2009 us=259068 status_file = '/var/run/openvpn/vpn.status' Wed Aug 26 11:27:58 2009 us=259150 status_file_version = 1 Wed Aug 26 11:27:58 2009 us=259231 status_file_update_freq = 10 Wed Aug 26 11:27:58 2009 us=259312 occ = ENABLED Wed Aug 26 11:27:58 2009 us=259392 rcvbuf = 65536 Wed Aug 26 11:27:58 2009 us=259474 sndbuf = 65536 Wed Aug 26 11:27:58 2009 us=259554 sockflags = 0 Wed Aug 26 11:27:58 2009 us=259636 fast_io = DISABLED Wed Aug 26 11:27:58 2009 us=259716 lzo = 7 Wed Aug 26 11:27:58 2009 us=259796 route_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=259878 route_default_gateway = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=259960 route_default_metric = 0 Wed Aug 26 11:27:58 2009 us=260041 route_noexec = DISABLED Wed Aug 26 11:27:58 2009 us=260123 route_delay = 0 Wed Aug 26 11:27:58 2009 us=260204 route_delay_window = 30 Wed Aug 26 11:27:58 2009 us=260286 route_delay_defined = DISABLED Wed Aug 26 11:27:58 2009 us=260368 route_nopull = DISABLED Wed Aug 26 11:27:58 2009 us=260450 route_gateway_via_dhcp = DISABLED Wed Aug 26 11:27:58 2009 us=260534 allow_pull_fqdn = DISABLED Wed Aug 26 11:27:58 2009 us=260618 management_addr = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=260701 management_port = 0 Wed Aug 26 11:27:58 2009 us=260785 management_user_pass = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=260870 management_log_history_cache = 250 Wed Aug 26 11:27:58 2009 us=260956 management_echo_buffer_size = 100 Wed Aug 26 11:27:58 2009 us=261041 management_write_peer_info_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=261121 management_flags = 0 Wed Aug 26 11:27:58 2009 us=261205 shared_secret_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=261288 key_direction = 0 Wed Aug 26 11:27:58 2009 us=261370 ciphername_defined = ENABLED Wed Aug 26 11:27:58 2009 us=261506 ciphername = 'BF-CBC' Wed Aug 26 11:27:58 2009 us=261596 authname_defined = ENABLED Wed Aug 26 11:27:58 2009 us=261679 authname = 'SHA1' Wed Aug 26 11:27:58 2009 us=261763 keysize = 0 Wed Aug 26 11:27:58 2009 us=261845 engine = DISABLED Wed Aug 26 11:27:58 2009 us=261928 replay = ENABLED Wed Aug 26 11:27:58 2009 us=262012 mute_replay_warnings = DISABLED Wed Aug 26 11:27:58 2009 us=262093 replay_window = 64 Wed Aug 26 11:27:58 2009 us=262176 replay_time = 15 Wed Aug 26 11:27:58 2009 us=262260 packet_id_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=262343 use_iv = ENABLED Wed Aug 26 11:27:58 2009 us=262426 test_crypto = DISABLED Wed Aug 26 11:27:58 2009 us=262505 tls_server = ENABLED Wed Aug 26 11:27:58 2009 us=262588 tls_client = DISABLED Wed Aug 26 11:27:58 2009 us=262717 key_method = 2 Wed Aug 26 11:27:58 2009 us=262806 ca_file = '/etc/openvpn/ca.crt' Wed Aug 26 11:27:58 2009 us=262889 ca_path = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=262974 dh_file = '/etc/openvpn/dh2048.pem' Wed Aug 26 11:27:58 2009 us=263058 cert_file = '/etc/openvpn/server.crt' Wed Aug 26 11:27:58 2009 us=263141 priv_key_file = '/etc/openvpn/server.key' Wed Aug 26 11:27:58 2009 us=263224 pkcs12_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=263307 cipher_list = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=263389 tls_verify = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=263471 tls_remote = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=263553 crl_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=263636 ns_cert_type = 0 Wed Aug 26 11:27:58 2009 us=263721 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=263803 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=263882 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=263964 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264045 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264125 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264206 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264286 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264367 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264448 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264529 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264609 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264690 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264768 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264849 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=264928 remote_cert_ku[i] = 0 Wed Aug 26 11:27:58 2009 us=265010 remote_cert_eku = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=265091 tls_timeout = 2 Wed Aug 26 11:27:58 2009 us=265173 renegotiate_bytes = 0 Wed Aug 26 11:27:58 2009 us=265257 renegotiate_packets = 0 Wed Aug 26 11:27:58 2009 us=265341 renegotiate_seconds = 3600 Wed Aug 26 11:27:58 2009 us=265422 handshake_window = 60 Wed Aug 26 11:27:58 2009 us=265898 transition_window = 3600 Wed Aug 26 11:27:58 2009 us=265992 single_session = DISABLED Wed Aug 26 11:27:58 2009 us=266080 tls_exit = DISABLED Wed Aug 26 11:27:58 2009 us=266166 tls_auth_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=266252 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266336 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266420 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266500 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266585 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266668 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266751 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266835 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266915 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=266999 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267082 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267164 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267248 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267329 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267415 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267499 pkcs11_protected_authentication = DISABLED Wed Aug 26 11:27:58 2009 us=267583 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=267671 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=267754 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=267839 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=267924 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268005 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268088 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268172 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268309 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268400 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268485 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268567 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268651 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268733 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268817 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268903 pkcs11_private_mode = 00000000 Wed Aug 26 11:27:58 2009 us=268987 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269069 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269150 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269231 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269313 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269395 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269524 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269610 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269693 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269774 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269856 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=269940 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=270019 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=270100 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=270181 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=270261 pkcs11_cert_private = DISABLED Wed Aug 26 11:27:58 2009 us=270346 pkcs11_pin_cache_period = -1 Wed Aug 26 11:27:58 2009 us=270428 pkcs11_id = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=270511 pkcs11_id_management = DISABLED Wed Aug 26 11:27:58 2009 us=270651 server_network = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=270748 server_netmask = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=270842 server_bridge_ip = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=270938 server_bridge_netmask = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=271031 server_bridge_pool_start = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=271125 server_bridge_pool_end = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=271211 push_list = 'dhcp-option DNS 192.168.1.1,redirect-gateway def1,redirect-gateway local def1,ping 10,ping-restart 30' Wed Aug 26 11:27:58 2009 us=271297 ifconfig_pool_defined = ENABLED Wed Aug 26 11:27:58 2009 us=271392 ifconfig_pool_start = 192.168.1.110 Wed Aug 26 11:27:58 2009 us=271487 ifconfig_pool_end = 192.168.1.120 Wed Aug 26 11:27:58 2009 us=271582 ifconfig_pool_netmask = 255.255.255.0 Wed Aug 26 11:27:58 2009 us=271668 ifconfig_pool_persist_filename = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=271752 ifconfig_pool_persist_refresh_freq = 600 Wed Aug 26 11:27:58 2009 us=271833 n_bcast_buf = 256 Wed Aug 26 11:27:58 2009 us=271915 tcp_queue_limit = 64 Wed Aug 26 11:27:58 2009 us=271999 real_hash_size = 256 Wed Aug 26 11:27:58 2009 us=272082 virtual_hash_size = 256 Wed Aug 26 11:27:58 2009 us=272167 client_connect_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=272249 learn_address_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=272332 client_disconnect_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=272413 client_config_dir = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=272494 ccd_exclusive = DISABLED Wed Aug 26 11:27:58 2009 us=272576 tmp_dir = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=272660 push_ifconfig_defined = DISABLED Wed Aug 26 11:27:58 2009 us=272756 push_ifconfig_local = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=272850 push_ifconfig_remote_netmask = 0.0.0.0 Wed Aug 26 11:27:58 2009 us=272933 enable_c2c = ENABLED Wed Aug 26 11:27:58 2009 us=273015 duplicate_cn = ENABLED Wed Aug 26 11:27:58 2009 us=273095 cf_max = 0 Wed Aug 26 11:27:58 2009 us=273177 cf_per = 0 Wed Aug 26 11:27:58 2009 us=273258 max_clients = 5 Wed Aug 26 11:27:58 2009 us=273343 max_routes_per_client = 256 Wed Aug 26 11:27:58 2009 us=273427 client_cert_not_required = DISABLED Wed Aug 26 11:27:58 2009 us=273604 username_as_common_name = DISABLED Wed Aug 26 11:27:58 2009 us=273694 auth_user_pass_verify_script = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=273780 auth_user_pass_verify_script_via_file = DISABLED Wed Aug 26 11:27:58 2009 us=273864 port_share_host = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=273947 port_share_port = 0 Wed Aug 26 11:27:58 2009 us=274028 client = DISABLED Wed Aug 26 11:27:58 2009 us=274109 pull = DISABLED Wed Aug 26 11:27:58 2009 us=274191 auth_user_pass_file = '[UNDEF]' Wed Aug 26 11:27:58 2009 us=274287 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008 Wed Aug 26 11:27:58 2009 us=275012 WARNING: you are using user/group/chroot without persist-tun -- this may cause restarts to fail Wed Aug 26 11:27:58 2009 us=275101 WARNING: you are using user/group/chroot without persist-key -- this may cause restarts to fail Wed Aug 26 11:27:58 2009 us=275587 Note: cannot open /var/run/openvpn/vpn.status for WRITE Wed Aug 26 11:27:58 2009 us=842570 Diffie-Hellman initialized with 2048 bit key Wed Aug 26 11:27:58 2009 us=850239 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted> Wed Aug 26 11:28:00 2009 us=301586 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Aug 26 11:28:00 2009 us=308353 TUN/TAP device tap0 opened Wed Aug 26 11:28:00 2009 us=308514 TUN/TAP TX queue length set to 100 Wed Aug 26 11:28:00 2009 us=308738 /sbin/ifconfig tap0 192.168.1.2 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255 Wed Aug 26 11:28:00 2009 us=330284 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Wed Aug 26 11:28:00 2009 us=334191 GID set to nogroup Wed Aug 26 11:28:00 2009 us=334474 UID set to nobody Wed Aug 26 11:28:00 2009 us=334659 Socket Buffers: R=[111616->131072] S=[111616->131072] Wed Aug 26 11:28:00 2009 us=334782 UDPv4 link local (bound): [undef]:1194 Wed Aug 26 11:28:00 2009 us=334876 UDPv4 link remote: [undef] Wed Aug 26 11:28:00 2009 us=334987 MULTI: multi_init called, r=256 v=256 Wed Aug 26 11:28:00 2009 us=335301 IFCONFIG POOL: base=192.168.1.110 size=11 Wed Aug 26 11:28:00 2009 us=335493 Initialization Sequence Completed Wed Aug 26 11:38:32 2009 us=831302 event_wait : Interrupted system call (code=4) Wed Aug 26 11:38:32 2009 us=832375 TCP/UDP: Closing socket Wed Aug 26 11:38:32 2009 us=832495 Closing TUN/TAP interface Wed Aug 26 11:38:32 2009 us=832625 /sbin/ifconfig tap0 0.0.0.0 SIOCSIFADDR: Permission denied SIOCSIFFLAGS: Permission denied Wed Aug 26 11:38:32 2009 us=840892 Linux ip addr del failed: external program exited with error status: 255 Wed Aug 26 11:38:32 2009 us=886653 SIGTERM[hard,] received, process exiting
Nevite nekdo, kde delam chybu? Je lepsi pouzit tun, nebo tap? Co maje jake vyhody a nevyhody? Musim nastavovat routovani pro klient na vpn, kdyz jim budu pridelovat adresy ze stejneho rozsahu, jako maji klienti v lokalni siti? Nemohl by vpn klientum pridelovat ip adresy lokalni DHCP server?
Pridej do serveru:
persist-key
persist-tun
A podle tohoto:
Wed Aug 26 11:38:32 2009 us=832625 /sbin/ifconfig tap0 0.0.0.0 SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied Je problem s opravneni k vytvoreti tap ktery se pouziva k vytvareni mostu takze pouzijte tun. NN
Tak jsem to upravil podle tve rady:
mode server tls-server dev tun0 proto udp port 1194 ifconfig 192.168.1.2 255.255.255.0 ifconfig-pool 192.168.1.110 192.168.1.120 255.255.255.0 duplicate-cn max-clients 5 client-to-client
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
push "redirect-gateway local def1"
keepalive 10 30
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
log-append /var/log/openvpn
status /var/run/openvpn/vpn.status 10
user nobody
group nogroup
comp-lzo
verb 3
persist-key
persist-tun
ale porad to nejde - ani se nespusti VPN server:
Wed Aug 26 17:05:06 2009 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008 Wed Aug 26 17:05:06 2009 Note: cannot open /var/run/openvpn/vpn.status for WRITE Wed Aug 26 17:05:07 2009 Diffie-Hellman initialized with 2048 bit key Wed Aug 26 17:05:07 2009 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted> Wed Aug 26 17:05:10 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Aug 26 17:05:10 2009 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn) Wed Aug 26 17:05:10 2009 TUN/TAP device tun0 opened Wed Aug 26 17:05:10 2009 TUN/TAP TX queue length set to 100 Wed Aug 26 17:05:10 2009 /sbin/ifconfig tun0 192.168.1.2 pointopoint 255.255.255.0 mtu 1500 SIOCSIFDSTADDR: Invalid argument Wed Aug 26 17:05:10 2009 Linux ifconfig failed: external program exited with error status: 1 Wed Aug 26 17:05:10 2009 Exiting Options error: The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode Use --help for more information.
27.8.2009 09:17
Dalibor Smolík | skóre: 54
| blog: Postrehy_ze_zivota
| 50°5'31.93"N,14°19'35.51"E
Zdravím, kompletní problematiku openVPN tak, jak jsem toto připojení zprovoznil a prodiskutoval i zde na abíčku uvádím
Obsahuje i konfiguráky u serveru a klienta, je to odzkoušené na několika klientech a zaručeně funguje.
Nevadi ti radek: Note: cannot open /var/run/openvpn/vpn.status for WRITE ???
IMHO to zapricinuje nasledne
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
Takze nastavit prava ... (/var/run/openvpn musi mit pravo zapisu user nobody nebo alespon skupina nogroup)
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.