Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

Strony: 1

 

#1  2016-07-17 16:12:35

  lis6502 - Łowca lamerów

lis6502
Łowca lamerów
Skąd: Stalinogród
Zarejestrowany: 2008-12-04

Serwer OpenVPN i androidowy klient

Zechciało mi się zabaw z OpenVPNem- celem jest wkręcenie się w sieć domową i szturchanie mumina będąc poza domem :D
Na serwerze z Gentoo zrobiłem tak:
interface'y eth0 i tap0 spiąłem w bridge'a.

Kod:

Nexus(remote) openvpn # brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.0a2fdc085368       no              eth0
                                                        tap0

Efetem tego jest

Kod:

Nexus(remote) openvpn # ifconfig br0
br0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 192.168.110.252  netmask 255.255.255.0  broadcast 192.168.110.255

I jest fajnie, internety działają, router operatora kontorolowany przeze mnie dhcpuje mi zawsze tym samym adresem, port 1194 przekierowany.
Moj konfig( komentarze zechcialem zachować stąd taka forma)

Kod:

Nexus(remote) openvpn # sed '/^$/d' openvpn.conf |grep -v '^[#;]'
port 1194
proto tcp
dev tap0
ca ca.crt
cert openvpn.crt
key openvpn.key  # This file should be kept secret
dh dh2048.pem
server-bridge
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Tap po to, by urządzenie które wepnie się w tunel dostało adres z puli lanowskiej i brało udział w broadcast stormach ;)
Pliczki

Kod:

Nexus(remote) openvpn # ls -lha
total 60K
drwxr-xr-x   2 root root 4.0K Jul 17 15:11 .
drwxr-xr-x 116 root root 8.0K Jul 17 13:02 ..
-rw-r--r--   1 root root 1.7K Jul 17 12:59 ca.crt
-rw-r--r--   1 root root  424 Jul 17 12:59 dh2048.pem
-rwxr-xr-x   1 root root  943 Jul 17 12:56 down.sh
-rw-------   1 root root    0 Jul 17 13:22 ipp.txt
-rw-r--r--   1 root root    0 Jul 17 12:56 .keep_net-misc_openvpn-0
-rw-r--r--   1 root root  11K Jul 17 14:58 openvpn.conf
-rw-r--r--   1 root root 5.4K Jul 17 12:59 openvpn.crt
-rw-------   1 root root 1.7K Jul 17 12:59 openvpn.key
-rw-------   1 root root  232 Jul 17 15:41 openvpn-status.log
-rwxr-xr-x   1 root root 2.8K Jul 17 12:56 up.sh

I za uja nie umiem tego pożenić z androidowym klientem openvpn.
Wiem wiem, czytałem że z urządzeniami tap klient ma prawo nie działać bez uprawnień roota, ale wydaje mi się że do połączenia w ogołe nie dochodzi.
Przesłałem na urządzenie (zte open c, obecnie na androidzie) ca.crt, openc.key i openc.crt. Próbowałem z udp i tcp, ale efekt zawsze jest ten sam.
Po stronie serwera:

Kod:

Jul 17 14:58:29 Nexus openvpn[6665]: OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul
 17 2016
Jul 17 14:58:29 Nexus openvpn[6665]: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.08
Jul 17 14:58:29 Nexus openvpn[6666]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapt
er will often take on its own IP address that is different from what the LAN adapter was previously set to
Jul 17 14:58:29 Nexus openvpn[6666]: Diffie-Hellman initialized with 2048 bit key
Jul 17 14:58:29 Nexus openvpn[6666]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Jul 17 14:58:29 Nexus openvpn[6666]: TUN/TAP device tap0 opened
Jul 17 14:58:29 Nexus openvpn[6666]: TUN/TAP TX queue length set to 100
Jul 17 14:58:29 Nexus openvpn[6666]: GID set to openvpn
Jul 17 14:58:29 Nexus openvpn[6666]: UID set to openvpn
Jul 17 14:58:29 Nexus openvpn[6666]: Listening for incoming TCP connection on [undef]
Jul 17 14:58:29 Nexus openvpn[6666]: TCPv4_SERVER link local (bound): [undef]
Jul 17 14:58:29 Nexus openvpn[6666]: TCPv4_SERVER link remote: [undef]
Jul 17 14:58:29 Nexus openvpn[6666]: MULTI: multi_init called, r=256 v=256
Jul 17 14:58:29 Nexus openvpn[6666]: MULTI: TCP INIT maxclients=1024 maxevents=1028
Jul 17 14:58:29 Nexus openvpn[6666]: Initialization Sequence Completed
Jul 17 14:58:29 Nexus kernel: br0: port 2(tap0) entered forwarding state
Jul 17 14:58:29 Nexus kernel: br0: port 2(tap0) entered forwarding state
Jul 17 14:58:36 Nexus openvpn[6666]: TCP connection established with [AF_INET]94.254.176.66:47048
Jul 17 14:58:36 Nexus openvpn[6666]: 94.254.176.66:47048 TLS: Initial packet from [AF_INET]94.254.176.66:47048, sid=6adc5957 7
32bdbec
Jul 17 14:58:37 Nexus openvpn[6666]: 94.254.176.66:47048 Connection reset, restarting [-1]
Jul 17 14:58:37 Nexus openvpn[6666]: 94.254.176.66:47048 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 17 14:58:41 Nexus openvpn[6666]: TCP connection established with [AF_INET]94.254.176.66:47041
Jul 17 14:58:42 Nexus openvpn[6666]: 94.254.176.66:47041 TLS: Initial packet from [AF_INET]94.254.176.66:47041, sid=eb60727e 2
adae233
Jul 17 14:58:43 Nexus openvpn[6666]: 94.254.176.66:47041 Connection reset, restarting [-1]
Jul 17 14:58:43 Nexus openvpn[6666]: 94.254.176.66:47041 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 17 14:58:44 Nexus kernel: br0: port 2(tap0) entered forwarding state
Jul 17 14:58:47 Nexus openvpn[6666]: TCP connection established with [AF_INET]94.254.176.66:47050
Jul 17 14:58:48 Nexus openvpn[6666]: 94.254.176.66:47050 TLS: Initial packet from [AF_INET]94.254.176.66:47050, sid=6833a6b9 4
ab0146c
Jul 17 14:58:53 Nexus openvpn[6666]: TCP connection established with [AF_INET]94.254.176.66:47055
Jul 17 14:58:53 Nexus openvpn[6666]: 94.254.176.66:47055 TLS: Initial packet from [AF_INET]94.254.176.66:47055, sid=8097d859 f
c0943cd
Jul 17 14:58:54 Nexus openvpn[6666]: 94.254.176.66:47055 Connection reset, restarting [-1]
Jul 17 14:58:54 Nexus openvpn[6666]: 94.254.176.66:47055 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 17 14:58:58 Nexus openvpn[6666]: TCP connection established with [AF_INET]94.254.176.66:47064
Jul 17 14:58:59 Nexus openvpn[6666]: 94.254.176.66:47064 TLS: Initial packet from [AF_INET]94.254.176.66:47064, sid=ed62f160 45e8f37d
Jul 17 14:59:00 Nexus openvpn[6666]: 94.254.176.66:47064 Connection reset, restarting [-1]
Jul 17 14:59:00 Nexus openvpn[6666]: 94.254.176.66:47064 SIGUSR1[soft,connection-reset] received, client-instance restarting

i tak we kółko.
Log z klienta

klient napisał(-a):

2016-07-17 15:13:19 F-Droid built and signed version 0.6.54 running on ZTE Kis 3 (MSM8610), Android 6.0.1 (MOB30J) API 23, ABI armeabi-v7a, (ZTE/ZTE-P821E10/ZTE-P821E10:4.4.2/KOT49H/eng.root.20140509.130110:user/release-keys)
2016-07-17 15:13:19 Building configuration…
2016-07-17 15:13:19 started Socket Thread
2016-07-17 15:13:19 Network Status: CONNECTED HSPA to MOBILE Internet
2016-07-17 15:13:19 Current Parameter Settings:
2016-07-17 15:13:19   config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2016-07-17 15:13:19   mode = 0
2016-07-17 15:13:19   show_ciphers = DISABLED
2016-07-17 15:13:19   show_digests = DISABLED
2016-07-17 15:13:19   show_engines = DISABLED
2016-07-17 15:13:19   genkey = DISABLED
2016-07-17 15:13:19   key_pass_file = '[UNDEF]'
2016-07-17 15:13:19   show_tls_ciphers = DISABLED
2016-07-17 15:13:19   connect_retry_max = 5
2016-07-17 15:13:19 Connection profiles [0]:
2016-07-17 15:13:19   proto = tcp-client
2016-07-17 15:13:19   local = '[UNDEF]'
2016-07-17 15:13:19   local_port = '[UNDEF]'
2016-07-17 15:13:19   remote = 'tu poprawny adres'
2016-07-17 15:13:19   remote_port = '1194'
2016-07-17 15:13:19   remote_float = DISABLED
2016-07-17 15:13:19   bind_defined = DISABLED
2016-07-17 15:13:19   bind_local = DISABLED
2016-07-17 15:13:19   bind_ipv6_only = DISABLED
2016-07-17 15:13:19   connect_retry_seconds = 5
2016-07-17 15:13:19   connect_timeout = 120
2016-07-17 15:13:19   socks_proxy_server = '[UNDEF]'
2016-07-17 15:13:19   socks_proxy_port = '[UNDEF]'
2016-07-17 15:13:19   socks_proxy_retry = DISABLED
2016-07-17 15:13:19   tun_mtu = 1500
2016-07-17 15:13:19   tun_mtu_defined = ENABLED
2016-07-17 15:13:19   link_mtu = 1500
2016-07-17 15:13:19   link_mtu_defined = DISABLED
2016-07-17 15:13:19   tun_mtu_extra = 0
2016-07-17 15:13:19   tun_mtu_extra_defined = DISABLED
2016-07-17 15:13:19   mtu_discover_type = -1
2016-07-17 15:13:19   fragment = 0
2016-07-17 15:13:19   mssfix = 1450
2016-07-17 15:13:19   explicit_exit_notification = 0
2016-07-17 15:13:19 Connection profiles END
2016-07-17 15:13:19   remote_random = DISABLED
2016-07-17 15:13:19   ipchange = '[UNDEF]'
2016-07-17 15:13:19   dev = 'tun'
2016-07-17 15:13:19   dev_type = '[UNDEF]'
2016-07-17 15:13:19   dev_node = '[UNDEF]'
2016-07-17 15:13:19   lladdr = '[UNDEF]'
2016-07-17 15:13:19   topology = 1
2016-07-17 15:13:19   tun_ipv6 = DISABLED
2016-07-17 15:13:19   ifconfig_local = '[UNDEF]'
2016-07-17 15:13:19   ifconfig_remote_netmask = '[UNDEF]'
2016-07-17 15:13:19   ifconfig_noexec = DISABLED
2016-07-17 15:13:19   ifconfig_nowarn = ENABLED
2016-07-17 15:13:19   ifconfig_ipv6_local = '[UNDEF]'
2016-07-17 15:13:19   ifconfig_ipv6_netbits = 0
2016-07-17 15:13:19   ifconfig_ipv6_remote = '[UNDEF]'
2016-07-17 15:13:19   shaper = 0
2016-07-17 15:13:19   mtu_test = 0
2016-07-17 15:13:19   mlock = DISABLED
2016-07-17 15:13:19   keepalive_ping = 0
2016-07-17 15:13:19   keepalive_timeout = 0
2016-07-17 15:13:19   inactivity_timeout = 0
2016-07-17 15:13:19   ping_send_timeout = 0
2016-07-17 15:13:19   ping_rec_timeout = 0
2016-07-17 15:13:19   ping_rec_timeout_action = 0
2016-07-17 15:13:19   ping_timer_remote = DISABLED
2016-07-17 15:13:19   remap_sigusr1 = 0
2016-07-17 15:13:19   persist_tun = DISABLED
2016-07-17 15:13:19   persist_local_ip = DISABLED
2016-07-17 15:13:19   persist_remote_ip = DISABLED
2016-07-17 15:13:19   persist_key = DISABLED
2016-07-17 15:13:19   passtos = DISABLED
2016-07-17 15:13:19   resolve_retry_seconds = 60
2016-07-17 15:13:19   resolve_in_advance = DISABLED
2016-07-17 15:13:19   username = '[UNDEF]'
2016-07-17 15:13:19   groupname = '[UNDEF]'
2016-07-17 15:13:19   chroot_dir = '[UNDEF]'
2016-07-17 15:13:19   cd_dir = '[UNDEF]'
2016-07-17 15:13:19   writepid = '[UNDEF]'
2016-07-17 15:13:19   up_script = '[UNDEF]'
2016-07-17 15:13:19   down_script = '[UNDEF]'
2016-07-17 15:13:19   down_pre = DISABLED
2016-07-17 15:13:19   up_restart = DISABLED
2016-07-17 15:13:19   up_delay = DISABLED
2016-07-17 15:13:19   daemon = DISABLED
2016-07-17 15:13:19   inetd = 0
2016-07-17 15:13:19   log = DISABLED
2016-07-17 15:13:19   suppress_timestamps = DISABLED
2016-07-17 15:13:19   machine_readable_output = ENABLED
2016-07-17 15:13:19   nice = 0
2016-07-17 15:13:19   verbosity = 4
2016-07-17 15:13:19   mute = 0
2016-07-17 15:13:19   gremlin = 0
2016-07-17 15:13:19   status_file = '[UNDEF]'
2016-07-17 15:13:19   status_file_version = 1
2016-07-17 15:13:19   status_file_update_freq = 60
2016-07-17 15:13:19   occ = ENABLED
2016-07-17 15:13:19   rcvbuf = 0
2016-07-17 15:13:19   sndbuf = 0
2016-07-17 15:13:19   sockflags = 0
2016-07-17 15:13:19   fast_io = DISABLED
2016-07-17 15:13:19   comp.alg = 2
2016-07-17 15:13:19   comp.flags = 1
2016-07-17 15:13:19   route_script = '[UNDEF]'
2016-07-17 15:13:20   route_default_gateway = '[UNDEF]'
2016-07-17 15:13:20   route_default_metric = 0
2016-07-17 15:13:20   route_noexec = DISABLED
2016-07-17 15:13:20   route_delay = 0
2016-07-17 15:13:20   route_delay_window = 30
2016-07-17 15:13:20   route_delay_defined = DISABLED
2016-07-17 15:13:20   route_nopull = DISABLED
2016-07-17 15:13:20   route_gateway_via_dhcp = DISABLED
2016-07-17 15:13:20   allow_pull_fqdn = DISABLED
2016-07-17 15:13:20   route 0.0.0.0/0.0.0.0/vpn_gateway/nil
2016-07-17 15:13:20   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2016-07-17 15:13:20   management_port = 'unix'
2016-07-17 15:13:20   management_user_pass = '[UNDEF]'
2016-07-17 15:13:20   management_log_history_cache = 250
2016-07-17 15:13:20   management_echo_buffer_size = 100
2016-07-17 15:13:20   management_write_peer_info_file = '[UNDEF]'
2016-07-17 15:13:20   management_client_user = '[UNDEF]'
2016-07-17 15:13:20   management_client_group = '[UNDEF]'
2016-07-17 15:13:20   management_flags = 4390
2016-07-17 15:13:20   shared_secret_file = '[UNDEF]'
2016-07-17 15:13:20   key_direction = 0
2016-07-17 15:13:20   ciphername_defined = ENABLED
2016-07-17 15:13:20   ciphername = 'BF-CBC'
2016-07-17 15:13:20   authname_defined = ENABLED
2016-07-17 15:13:20   authname = 'SHA1'
2016-07-17 15:13:20   prng_hash = 'SHA1'
2016-07-17 15:13:20   prng_nonce_secret_len = 16
2016-07-17 15:13:20   keysize = 0
2016-07-17 15:13:20   engine = DISABLED
2016-07-17 15:13:20   replay = ENABLED
2016-07-17 15:13:20   mute_replay_warnings = DISABLED
2016-07-17 15:13:20   replay_window = 64
2016-07-17 15:13:20   replay_time = 15
2016-07-17 15:13:20   packet_id_file = '[UNDEF]'
2016-07-17 15:13:20   use_iv = ENABLED
2016-07-17 15:13:20   test_crypto = DISABLED
2016-07-17 15:13:20   tls_server = DISABLED
2016-07-17 15:13:20   tls_client = ENABLED
2016-07-17 15:13:20   key_method = 2
2016-07-17 15:13:20   ca_file = '[[INLINE]]'
2016-07-17 15:13:20   ca_path = '[UNDEF]'
2016-07-17 15:13:20   dh_file = '[UNDEF]'
2016-07-17 15:13:20   cert_file = '[[INLINE]]'
2016-07-17 15:13:20   extra_certs_file = '[UNDEF]'
2016-07-17 15:13:20   priv_key_file = '[[INLINE]]'
2016-07-17 15:13:20   pkcs12_file = '[UNDEF]'
2016-07-17 15:13:20   cipher_list = '[UNDEF]'
2016-07-17 15:13:20   tls_verify = '[UNDEF]'
2016-07-17 15:13:20   tls_export_cert = '[UNDEF]'
2016-07-17 15:13:20   verify_x509_type = 2
2016-07-17 15:13:20   verify_x509_name = 'nexus.domena'
2016-07-17 15:13:20   crl_file = '[UNDEF]'
2016-07-17 15:13:20   ns_cert_type = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_ku[i] = 0
2016-07-17 15:13:20   remote_cert_eku = '[UNDEF]'
2016-07-17 15:13:20   ssl_flags = 0
2016-07-17 15:13:20   tls_timeout = 2
2016-07-17 15:13:20   renegotiate_bytes = 0
2016-07-17 15:13:20   renegotiate_packets = 0
2016-07-17 15:13:20   renegotiate_seconds = 3600
2016-07-17 15:13:20   handshake_window = 60
2016-07-17 15:13:20   transition_window = 3600
2016-07-17 15:13:20   single_session = DISABLED
2016-07-17 15:13:20   push_peer_info = DISABLED
2016-07-17 15:13:20   tls_exit = DISABLED
2016-07-17 15:13:20   tls_auth_file = '[UNDEF]'
2016-07-17 15:13:20   client = ENABLED
2016-07-17 15:13:20   pull = ENABLED
2016-07-17 15:13:20   auth_user_pass_file = '[UNDEF]'
2016-07-17 15:13:20 OpenVPN 2.4-icsopenvpn [git:HEAD-049858bb44a04f3a] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on May  7 2016
2016-07-17 15:13:20 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.09
2016-07-17 15:13:20 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2016-07-17 15:13:20 MANAGEMENT: CMD 'hold release'
2016-07-17 15:13:20 MANAGEMENT: CMD 'bytecount 2'
2016-07-17 15:13:20 MANAGEMENT: CMD 'state on'
2016-07-17 15:13:20 MANAGEMENT: CMD 'proxy NONE'
2016-07-17 15:13:20 LZO compression initializing
2016-07-17 15:13:20 Control Channel MTU parms [ L:1544 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2016-07-17 15:13:20 MANAGEMENT: >STATE:1468761200,RESOLVE,,,,,,
2016-07-17 15:13:20 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:393 ET:0 EL:3 ]
2016-07-17 15:13:20 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2016-07-17 15:13:20 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2016-07-17 15:13:20 TCP/UDP: Preserving recently used remote address: [AF_INET]91.x.x.x:1194 to adres mojego serwera z openvpn
2016-07-17 15:13:20 Socket Buffers: R=[244668->244668] S=[100663->100663]
2016-07-17 15:13:20 Attempting to establish TCP connection with [AF_INET]91.x.x.x:1194 [nonblock]
2016-07-17 15:13:20 MANAGEMENT: >STATE:1468761200,TCP_CONNECT,,,,,,
2016-07-17 15:13:20 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2016-07-17 15:13:21 TCP connection established with [AF_INET]91.x.x.x:1194
2016-07-17 15:13:21 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2016-07-17 15:13:21 TCP_CLIENT link local: (not bound)
2016-07-17 15:13:21 TCP_CLIENT link remote: [AF_INET]91.x.x.x:1194
2016-07-17 15:13:21 MANAGEMENT: >STATE:1468761201,WAIT,,,,,,
2016-07-17 15:13:22 MANAGEMENT: >STATE:1468761202,AUTH,,,,,,
2016-07-17 15:13:22 TLS: Initial packet from [AF_INET]91.x.x.x:1194, sid=f674c321 5ebb51b2
2016-07-17 15:13:23 VERIFY OK: depth=1, C=PL, ST=Slask, L=Knurow, O=lisu, OU=stacyjkowo, CN=nexus_ca, name=lisu, emailAddress=lis6502@openmailbox.org
2016-07-17 15:13:23 VERIFY X509NAME ERROR: C=PL, ST=Slask, L=Knurow, O=lisu, OU=stacyjkowo, CN=openvpn, name=EasyRSA, emailAddress=lis6502@openmailbox.org, must be nexus.tu domena pod którą jestem widziany w internecie
2016-07-17 15:13:23 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2016-07-17 15:13:23 TLS_ERROR: BIO read tls_read_plaintext error
2016-07-17 15:13:23 TLS Error: TLS object -> incoming plaintext read error
2016-07-17 15:13:23 TLS Error: TLS handshake failed
2016-07-17 15:13:23 Fatal TLS error (check_tls_errors_co), restarting
2016-07-17 15:13:23 TCP/UDP: Closing socket
2016-07-17 15:13:23 SIGUSR1[soft,tls-error] received, process restarting
CIACH, bo log się powtarza pięciokrotnie

i tak na dobrą sprawę nie wiem co wyrzuca błędy ssl. Kolorem niebieskim pozwoliłem sobie zaznaczyć podejrzany fragment. No i z którego certyfikatu pochodzi niebieski błąd (wystawiłem trzy z tym adresem mailowym: ca, serwerowi i klientowi).
Jeśli to ma znaczenie to w polu 'connect to' wpisuję swój adres domenowy( bo nie po to psułem binda ża czasów pracy u isp żeby teraz jak zwierzę posługiwać się cyferkami:P).

Ostatnio edytowany przez lis6502 (2016-07-17 16:14:07)

Offline

 

#2  2016-07-18 07:42:42

  diabolic - Użytkownik

diabolic
Użytkownik
Skąd: okolice Leżajska
Zarejestrowany: 2007-10-08

Re: Serwer OpenVPN i androidowy klient

lis6502 napisał(-a):

2016-07-17 15:13:23 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2016-07-17 15:13:23 TLS_ERROR: BIO read tls_read_plaintext error
2016-07-17 15:13:23 TLS Error: TLS object -> incoming plaintext read error
2016-07-17 15:13:23 TLS Error: TLS handshake failed
2016-07-17 15:13:23 Fatal TLS error (check_tls_errors_co), restarting
2016-07-17 15:13:23 TCP/UDP: Closing socket
2016-07-17 15:13:23 SIGUSR1[soft,tls-error] received, process restarting

Wygląda to na ten problem: https://community.openvpn.net/openvpn/ticket/401

I am the one who chose my path

Offline

 

#3  2016-07-18 13:50:52

  lis6502 - Łowca lamerów

lis6502
Łowca lamerów
Skąd: Stalinogród
Zarejestrowany: 2008-12-04

Re: Serwer OpenVPN i androidowy klient

Podziękował, sprawdzę jak wrócę do domu (chyba że jest ktoś w stanie puścić mi magic packet do domu xD).

Offline

 

 

Strony: 1

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
Możesz wyłączyć AdBlock — tu nie ma reklam ;-)