Portál AbcLinuxu, 8. května 2025 01:02
ca.crt client05.crt client05.keya /etc/config/openvpn vyzera nasledovne
config openvpn 'myvpn'
option enabled '1'
option dev 'tun'
option proto 'udp'
option verb '3'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/client05.crt'
option key '/etc/openvpn/client05.key'
option client '1'
option remote '192.168.1.3 1194'
Pripajam sa na vpn server, ktory urcite funguje a config ma takyto
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt client-config-dir ccd push "redirect-gateway" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3LOG z openwrt je nasledovny
Dec 11 18:23:22 OpenWrt daemon.notice openvpn(myvpn)[1650]: OpenVPN 2.3_alpha3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 14 2013 Dec 11 18:23:22 OpenWrt daemon.warn openvpn(myvpn)[1650]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Dec 11 18:23:22 OpenWrt daemon.warn openvpn(myvpn)[1650]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Dec 11 18:23:22 OpenWrt daemon.notice openvpn(myvpn)[1650]: Socket Buffers: R=[163840->131072] S=[163840->131072] Dec 11 18:23:22 OpenWrt daemon.notice openvpn(myvpn)[1650]: UDPv4 link local (bound): [undef] Dec 11 18:23:22 OpenWrt daemon.notice openvpn(myvpn)[1650]: UDPv4 link remote: [AF_INET]192.168.1.3:1194 Dec 11 18:23:22 OpenWrt daemon.notice openvpn(myvpn)[1650]: TLS: Initial packet from [AF_INET]192.168.1.3:1194, sid=324d0d9e fc2db78c Dec 11 18:23:22 OpenWrt daemon.err openvpn(myvpn)[1650]: VERIFY ERROR: depth=1, error=certificate is not yet valid: C=US, ST=TX, L=Dallas, O=My Company Name, OU=skl, CN=My Company Name CA, name=server, emailAddress=skl@skl.com Dec 11 18:23:22 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134) Dec 11 18:23:22 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: TLS object -> incoming plaintext read error Dec 11 18:23:22 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: TLS handshake failed Dec 11 18:23:22 OpenWrt daemon.notice openvpn(myvpn)[1650]: SIGUSR1[soft,tls-error] received, process restarting Dec 11 18:23:22 OpenWrt daemon.notice openvpn(myvpn)[1650]: Restart pause, 2 second(s) Dec 11 18:23:24 OpenWrt daemon.warn openvpn(myvpn)[1650]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Dec 11 18:23:24 OpenWrt daemon.warn openvpn(myvpn)[1650]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Dec 11 18:23:24 OpenWrt daemon.notice openvpn(myvpn)[1650]: Socket Buffers: R=[163840->131072] S=[163840->131072] Dec 11 18:23:24 OpenWrt daemon.notice openvpn(myvpn)[1650]: UDPv4 link local (bound): [undef] Dec 11 18:23:24 OpenWrt daemon.notice openvpn(myvpn)[1650]: UDPv4 link remote: [AF_INET]192.168.1.3:1194 Dec 11 18:23:24 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_ACK_V1) Dec 11 18:23:26 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Dec 11 18:23:26 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_ACK_V1) Dec 11 18:23:27 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Dec 11 18:23:28 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Dec 11 18:23:29 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Feb 20 13:41:49 OpenWrt daemon.notice openvpn(myvpn)[1650]: [UNDEF] Inactivity timeout (--ping-restart), restarting Feb 20 13:41:49 OpenWrt daemon.notice openvpn(myvpn)[1650]: SIGUSR1[soft,ping-restart] received, process restarting Feb 20 13:41:49 OpenWrt daemon.notice openvpn(myvpn)[1650]: Restart pause, 2 second(s) Feb 20 13:41:51 OpenWrt daemon.warn openvpn(myvpn)[1650]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 20 13:41:51 OpenWrt daemon.warn openvpn(myvpn)[1650]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Feb 20 13:41:51 OpenWrt daemon.notice openvpn(myvpn)[1650]: Socket Buffers: R=[163840->131072] S=[163840->131072] Feb 20 13:41:51 OpenWrt daemon.notice openvpn(myvpn)[1650]: UDPv4 link local (bound): [undef] Feb 20 13:41:51 OpenWrt daemon.notice openvpn(myvpn)[1650]: UDPv4 link remote: [AF_INET]192.168.1.3:1194 Feb 20 13:41:51 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_ACK_V1) Feb 20 13:41:53 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_ACK_V1) Feb 20 13:41:55 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Feb 20 13:41:56 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Feb 20 13:41:58 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_ACK_V1) Feb 20 13:41:59 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Feb 20 13:41:59 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Feb 20 13:42:07 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_ACK_V1) Feb 20 13:42:11 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Feb 20 13:42:12 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Feb 20 13:42:15 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Feb 20 13:42:16 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_CONTROL_V1) Feb 20 13:42:23 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: Unroutable control packet received from [AF_INET]192.168.1.3:1194 (si=3 op=P_ACK_V1) Feb 20 13:42:51 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Feb 20 13:42:51 OpenWrt daemon.err openvpn(myvpn)[1650]: TLS Error: TLS handshake failed Feb 20 13:42:51 OpenWrt daemon.notice openvpn(myvpn)[1650]: SIGUSR1[soft,tls-error] received, process restarting Feb 20 13:42:51 OpenWrt daemon.notice openvpn(myvpn)[1650]: Restart pause, 2 second(s) Feb 20 13:42:53 OpenWrt daemon.warn openvpn(myvpn)[1650]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 20 13:42:53 OpenWrt daemon.warn openvpn(myvpn)[1650]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Feb 20 13:42:53 OpenWrt daemon.notice openvpn(myvpn)[1650]: Socket Buffers: R=[163840->131072] S=[163840->131072] Feb 20 13:42:53 OpenWrt daemon.notice openvpn(myvpn)[1650]: UDPv4 link local (bound): [undef] Feb 20 13:42:53 OpenWrt daemon.notice openvpn(myvpn)[1650]: UDPv4 link remote: [AF_INET]192.168.1.3:1194 Feb 20 13:42:53 OpenWrt daemon.notice openvpn(myvpn)[1650]: TLS: Initial packet from [AF_INET]192.168.1.3:1194, sid=dc2f0875 e01857ed Feb 20 13:42:53 OpenWrt daemon.notice openvpn(myvpn)[1650]: VERIFY OK: depth=1, C=US, ST=TX, L=Dallas, O=My Company Name, OU=skl, CN=My Company Name CA, name=server, emailAddress=skl@skl.com Feb 20 13:42:53 OpenWrt daemon.notice openvpn(myvpn)[1650]: VERIFY OK: depth=0, C=US, ST=TX, L=Dallas, O=My Company Name, OU=skl, CN=server, name=server, emailAddress=skl@skl.com Feb 20 13:42:55 OpenWrt daemon.notice openvpn(myvpn)[1650]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Feb 20 13:42:55 OpenWrt daemon.notice openvpn(myvpn)[1650]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Feb 20 13:42:55 OpenWrt daemon.notice openvpn(myvpn)[1650]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Feb 20 13:42:55 OpenWrt daemon.notice openvpn(myvpn)[1650]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Feb 20 13:42:55 OpenWrt daemon.notice openvpn(myvpn)[1650]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Feb 20 13:42:55 OpenWrt daemon.notice openvpn(myvpn)[1650]: [server] Peer Connection Initiated with [AF_INET]192.168.1.3:1194 Feb 20 13:42:58 OpenWrt daemon.notice openvpn(myvpn)[1650]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Feb 20 13:42:58 OpenWrt daemon.notice openvpn(myvpn)[1650]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway# def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ifconfig 10.8.0.105 255.255.255.0' Feb 20 13:42:58 OpenWrt daemon.err openvpn(myvpn)[1650]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: redirect-gateway# (2.3_alpha3) Feb 20 13:42:58 OpenWrt daemon.notice openvpn(myvpn)[1650]: OPTIONS IMPORT: --ifconfig/up options modified Feb 20 13:42:58 OpenWrt daemon.notice openvpn(myvpn)[1650]: OPTIONS IMPORT: route options modified Feb 20 13:42:58 OpenWrt daemon.notice openvpn(myvpn)[1650]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Feb 20 13:42:58 OpenWrt daemon.warn openvpn(myvpn)[1650]: WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence thi Feb 20 13:42:58 OpenWrt daemon.notice openvpn(myvpn)[1650]: TUN/TAP device tun0 opened Feb 20 13:42:58 OpenWrt daemon.notice openvpn(myvpn)[1650]: TUN/TAP TX queue length set to 100 Feb 20 13:42:58 OpenWrt daemon.notice openvpn(myvpn)[1650]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Feb 20 13:42:58 OpenWrt daemon.notice openvpn(myvpn)[1650]: /sbin/ifconfig tun0 10.8.0.105 pointopoint 255.255.255.0 mtu 1500 Feb 20 13:42:58 OpenWrt daemon.err openvpn(myvpn)[1650]: Linux ifconfig failed: external program exited with error status: 1 Feb 20 13:42:58 OpenWrt daemon.notice openvpn(myvpn)[1650]: Exiting due to fatal error
Řešení dotazu:
Dec 11 18:23:22 OpenWrt daemon.err openvpn(myvpn)[1650]: VERIFY ERROR: depth=1, error=certificate is not yet valid
config system
option hostname 'OpenWrt'
option zonename 'Europe/Bratislava'
option timezone 'CET-1CEST,M3.5.0,M10.5.0/3'
option conloglevel '8'
option cronloglevel '8'
config timeserver 'ntp'
list server '0.openwrt.pool.ntp.org'
list server '1.openwrt.pool.ntp.org'
list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org'
config led 'led_usb'
option name 'USB'
option sysfs 'tp-link:green:usb'
option trigger 'usbdev'
option dev '1-1'
option interval '50'
config led 'led_wlan'
option name 'WLAN'
option sysfs 'tp-link:green:wlan'
option trigger 'phy0tpt'
Feb 20 17:43:48 OpenWrt daemon.notice openvpn(myvpn)[2415]: OpenVPN 2.3_alpha3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 14 2013 Feb 20 17:43:48 OpenWrt daemon.warn openvpn(myvpn)[2415]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Feb 20 17:43:48 OpenWrt daemon.warn openvpn(myvpn)[2415]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Feb 20 17:43:48 OpenWrt daemon.notice openvpn(myvpn)[2415]: Socket Buffers: R=[163840->131072] S=[163840->131072] Feb 20 17:43:48 OpenWrt daemon.notice openvpn(myvpn)[2415]: UDPv4 link local (bound): [undef] Feb 20 17:43:48 OpenWrt daemon.notice openvpn(myvpn)[2415]: UDPv4 link remote: [AF_INET]192.168.1.3:1194 Feb 20 17:43:48 OpenWrt daemon.notice openvpn(myvpn)[2415]: TLS: Initial packet from [AF_INET]192.168.1.3:1194, sid=95fda373 6694d21e Feb 20 17:43:48 OpenWrt daemon.notice openvpn(myvpn)[2415]: VERIFY OK: depth=1, C=US, ST=TX, L=Dallas, O=My Company Name, OU=skl, CN=My Company Name CA, name=server, emailAddress=skl@skl.com Feb 20 17:43:48 OpenWrt daemon.notice openvpn(myvpn)[2415]: VERIFY OK: depth=0, C=US, ST=TX, L=Dallas, O=My Company Name, OU=skl, CN=server, name=server, emailAddress=skl@skl.com Feb 20 17:43:50 OpenWrt daemon.notice openvpn(myvpn)[2415]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Feb 20 17:43:50 OpenWrt daemon.notice openvpn(myvpn)[2415]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Feb 20 17:43:50 OpenWrt daemon.notice openvpn(myvpn)[2415]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Feb 20 17:43:50 OpenWrt daemon.notice openvpn(myvpn)[2415]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Feb 20 17:43:50 OpenWrt daemon.notice openvpn(myvpn)[2415]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Feb 20 17:43:50 OpenWrt daemon.notice openvpn(myvpn)[2415]: [server] Peer Connection Initiated with [AF_INET]192.168.1.3:1194 Feb 20 17:43:52 OpenWrt daemon.notice openvpn(myvpn)[2415]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Feb 20 17:43:52 OpenWrt daemon.notice openvpn(myvpn)[2415]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway# def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ifconfig 10.8.0.105 255.255.255.0' Feb 20 17:43:52 OpenWrt daemon.err openvpn(myvpn)[2415]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: redirect-gateway# (2.3_alpha3) Feb 20 17:43:52 OpenWrt daemon.notice openvpn(myvpn)[2415]: OPTIONS IMPORT: --ifconfig/up options modified Feb 20 17:43:52 OpenWrt daemon.notice openvpn(myvpn)[2415]: OPTIONS IMPORT: route options modified Feb 20 17:43:52 OpenWrt daemon.notice openvpn(myvpn)[2415]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Feb 20 17:43:52 OpenWrt daemon.warn openvpn(myvpn)[2415]: WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence thi Feb 20 17:43:52 OpenWrt daemon.notice openvpn(myvpn)[2415]: TUN/TAP device tun0 opened Feb 20 17:43:52 OpenWrt daemon.notice openvpn(myvpn)[2415]: TUN/TAP TX queue length set to 100 Feb 20 17:43:52 OpenWrt daemon.notice openvpn(myvpn)[2415]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Feb 20 17:43:52 OpenWrt daemon.notice openvpn(myvpn)[2415]: /sbin/ifconfig tun0 10.8.0.105 pointopoint 255.255.255.0 mtu 1500 Feb 20 17:43:52 OpenWrt daemon.err openvpn(myvpn)[2415]: Linux ifconfig failed: external program exited with error status: 1 Feb 20 17:43:52 OpenWrt daemon.notice openvpn(myvpn)[2415]: Exiting due to fatal errorAko spozdit start openvpn. Napisat si script, ktory niekolko sekund po starte restartne openvpn, alebo aky sposob pouzit ?
/etc/init.d/openvpn disablea potom pridat do /etc/rc.local PRED exit 0 radek:
openvpn --cd /etc/openvpn --config /etc/openvpn/openvpnReboot a uvidi se ..
Feb 20 20:15:22 OpenWrt user.info sysinit: Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/openvpnconfig subor je ulozeny v /etc/config/openvpn a ak pouzijem tu cestu co uvadzam ja, tak skoncim takto:
Feb 20 20:18:22 OpenWrt user.info sysinit: Options error: In /etc/config/openvpn:2: Error opening configuration file: openvpn
client dev tun proto udp remote 192.168.1.3 1194 ca /etc/openvpn/ca.crt cert /etc/openvpn/client05.crt key /etc/openvpn/client05.key verb 3Upravten rc.local aby ukazoval na novou konfiguraci .Reload. Kdyby to neco brecelo dej vedet.
openvpn --cd /etc/openvpn --config /etc/openvpn/openvpn.cfg
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.