Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

#1  2009-11-10 15:43:05

  miastek - Użytkownik

miastek
Użytkownik
Zarejestrowany: 2009-09-15

OpenVPN brak polaczenia i brak pomysłu co dalej :(

Witam, walcze z postawieniem OpenVpn na moim testowym serwerku, sprawa wyglada tak:
1 karta sieciowa daje mi wyjscie na swiat i ma adres 182.168.1.1 brama 192.168.1.265 maska 255.255.255.0
2 karta sieciowa daje mi siec lokalna na adresie 192.168.2.1 bramka 192.168.2.1 maska 255.255.255.0
kolega kozysta tez z sieci a karty 1 (jest wpiety bezposrednio do modemu)
i teraz tak postawile (wlasciwie zainstalowalem openvpna) skonfigurowalem i niesty ale nie moge sie polaczyc, ani zdalnie (na modemie mam przekierowania na 192.168.1.1) ani  lokalnie nie widze drugiej sieci.
oto moje konfigi:

serwer

Kod:

#OkreĹamy rodzaj tunelu:
dev tun
#OkreĹamy koĹ
ifconfig 192.168.1.1 192.168.1.2Ä
server 192.168.1.1 255.255.255.0 
#ĹcieĹźka do pliku klucza wspĂłĹdzielonego:
secret /etc/openvpn/shared.key
#OkreĹamy protokĂłĹ:
proto tcp-server
#PoniĹźej sÄ
daemon dotyczÄ
verb 4Ăłw, czasu nawiÄ
log-append /var/log/openvpn.log
keepalive 10 900
inactive 3600 kombinu$
comp-lzo
push "route 192.168.1.0 255.255.255.0"

klient

Kod:

#Jak wyżej
dev tap
#IP komputera z którym się łączymy i port
#remote +++tutaj wbijam moje stale ip kiedy jestem poza praca +++
remote 192.168.1.2 1194
#Określamy protokół
proto tcp-client
#Końce tunelu odwrotnie niż w pliku serwera
ifconfig 192.168.1.2 192.168.1.1
#Wiadomo
secret c:\\openvpn\\shared.key
#To również wiadmo
keepalive 10 60
route 192.168.1.2 255.255.255.0
#route 192.168.2.243 255.255.255.0
comp-lzo

Oto log z openvpna

Kod:

Tue Nov 10 15:04:52 2009 us=221509   daemon = ENABLED
Tue Nov 10 15:04:52 2009 us=221526   inetd = 0
Tue Nov 10 15:04:52 2009 us=221543   log = ENABLED
Tue Nov 10 15:04:52 2009 us=221559   suppress_timestamps = DISABLED
Tue Nov 10 15:04:52 2009 us=221577   nice = 0
Tue Nov 10 15:04:52 2009 us=221594   verbosity = 4
Tue Nov 10 15:04:52 2009 us=221611   mute = 0
Tue Nov 10 15:04:52 2009 us=221628   gremlin = 0
Tue Nov 10 15:04:52 2009 us=221645   status_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=221661   status_file_version = 1
Tue Nov 10 15:04:52 2009 us=221678   status_file_update_freq = 60
Tue Nov 10 15:04:52 2009 us=221695   occ = ENABLED
Tue Nov 10 15:04:52 2009 us=221712   rcvbuf = 65536
Tue Nov 10 15:04:52 2009 us=221729   sndbuf = 65536
Tue Nov 10 15:04:52 2009 us=221746   sockflags = 0
Tue Nov 10 15:04:52 2009 us=221763   fast_io = DISABLED
Tue Nov 10 15:04:52 2009 us=221780   lzo = 7
Tue Nov 10 15:04:52 2009 us=221797   route_script = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=221814   route_default_gateway = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=221831   route_default_metric = 0
Tue Nov 10 15:04:52 2009 us=221848   route_noexec = DISABLED
Tue Nov 10 15:04:52 2009 us=221865   route_delay = 0
Tue Nov 10 15:04:52 2009 us=221883   route_delay_window = 30
Tue Nov 10 15:04:52 2009 us=221900   route_delay_defined = DISABLED
Tue Nov 10 15:04:52 2009 us=221917   route_nopull = DISABLED
Tue Nov 10 15:04:52 2009 us=221934   route_gateway_via_dhcp = DISABLED
Tue Nov 10 15:04:52 2009 us=221951   allow_pull_fqdn = DISABLED
Tue Nov 10 15:04:52 2009 us=221972   management_addr = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=221990   management_port = 0
Tue Nov 10 15:04:52 2009 us=222008   management_user_pass = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222032   management_log_history_cache = 250
Tue Nov 10 15:04:52 2009 us=222051   management_echo_buffer_size = 100
Tue Nov 10 15:04:52 2009 us=222069   management_write_peer_info_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222087   management_flags = 0
Tue Nov 10 15:04:52 2009 us=222105   shared_secret_file = '/etc/openvpn/shared.k                                                                              ey'
Tue Nov 10 15:04:52 2009 us=222123   key_direction = 0
Tue Nov 10 15:04:52 2009 us=222140   ciphername_defined = ENABLED
Tue Nov 10 15:04:52 2009 us=222157   ciphername = 'BF-CBC'
Tue Nov 10 15:04:52 2009 us=222174   authname_defined = ENABLED
Tue Nov 10 15:04:52 2009 us=222191   authname = 'SHA1'
Tue Nov 10 15:04:52 2009 us=222208   keysize = 0
Tue Nov 10 15:04:52 2009 us=222226   engine = DISABLED
Tue Nov 10 15:04:52 2009 us=222243   replay = ENABLED
Tue Nov 10 15:04:52 2009 us=222260   mute_replay_warnings = DISABLED
Tue Nov 10 15:04:52 2009 us=222278   replay_window = 64
Tue Nov 10 15:04:52 2009 us=222295   replay_time = 15
Tue Nov 10 15:04:52 2009 us=222312   packet_id_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222329   use_iv = ENABLED
Tue Nov 10 15:04:52 2009 us=222346   test_crypto = DISABLED
Tue Nov 10 15:04:52 2009 us=222363   tls_server = DISABLED
Tue Nov 10 15:04:52 2009 us=222381   tls_client = DISABLED
Tue Nov 10 15:04:52 2009 us=222398   key_method = 2
Tue Nov 10 15:04:52 2009 us=222414   ca_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222431   ca_path = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222448   dh_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222465   cert_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222481   priv_key_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222498   pkcs12_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222515   cipher_list = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222532   tls_verify = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222549   tls_remote = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222566   crl_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222596   ns_cert_type = 0
Tue Nov 10 15:04:52 2009 us=222615   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222632   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222649   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222666   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222683   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222700   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222718   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222735   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222752   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222769   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222786   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222803   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222820   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222837   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222855   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222872   remote_cert_ku[i] = 0
Tue Nov 10 15:04:52 2009 us=222889   remote_cert_eku = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=222906   tls_timeout = 2
Tue Nov 10 15:04:52 2009 us=222923   renegotiate_bytes = 0
Tue Nov 10 15:04:52 2009 us=222940   renegotiate_packets = 0
Tue Nov 10 15:04:52 2009 us=222958   renegotiate_seconds = 3600
Tue Nov 10 15:04:52 2009 us=222975   handshake_window = 60
Tue Nov 10 15:04:52 2009 us=222992   transition_window = 3600
Tue Nov 10 15:04:52 2009 us=223009   single_session = DISABLED
Tue Nov 10 15:04:52 2009 us=223026   tls_exit = DISABLED
Tue Nov 10 15:04:52 2009 us=223043   tls_auth_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=223060   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223077   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223095   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223112   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223129   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223147   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223164   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223181   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223199   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223216   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223233   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223251   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223268   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223307   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223327   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223344   pkcs11_protected_authentication = DISABLED
Tue Nov 10 15:04:52 2009 us=223362   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223380   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223398   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223415   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223433   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223451   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223468   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223486   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223503   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223520   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223537   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223555   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223573   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223591   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223608   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223625   pkcs11_private_mode = 00000000
Tue Nov 10 15:04:52 2009 us=223643   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223660   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223690   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223708   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223725   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223742   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223759   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223777   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223794   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223812   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223829   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223846   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223863   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223881   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223899   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223916   pkcs11_cert_private = DISABLED
Tue Nov 10 15:04:52 2009 us=223933   pkcs11_pin_cache_period = -1
Tue Nov 10 15:04:52 2009 us=223951   pkcs11_id = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=223968   pkcs11_id_management = DISABLED
Tue Nov 10 15:04:52 2009 us=224000   server_network = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224019   server_netmask = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224039   server_bridge_ip = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224057   server_bridge_netmask = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224076   server_bridge_pool_start = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224095   server_bridge_pool_end = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224112   push_list = 'route 192.168.1.0 255.255.255.                                                                              0,route 192.168.2.0 255.255.255.0'
Tue Nov 10 15:04:52 2009 us=224130   ifconfig_pool_defined = DISABLED
Tue Nov 10 15:04:52 2009 us=224150   ifconfig_pool_start = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224169   ifconfig_pool_end = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224188   ifconfig_pool_netmask = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224205   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=224223   ifconfig_pool_persist_refresh_freq = 600
Tue Nov 10 15:04:52 2009 us=224240   n_bcast_buf = 256
Tue Nov 10 15:04:52 2009 us=224258   tcp_queue_limit = 64
Tue Nov 10 15:04:52 2009 us=224275   real_hash_size = 256
Tue Nov 10 15:04:52 2009 us=224293   virtual_hash_size = 256
Tue Nov 10 15:04:52 2009 us=224309   client_connect_script = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=224327   learn_address_script = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=224344   client_disconnect_script = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=224362   client_config_dir = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=224379   ccd_exclusive = DISABLED
Tue Nov 10 15:04:52 2009 us=224396   tmp_dir = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=224413   push_ifconfig_defined = DISABLED
Tue Nov 10 15:04:52 2009 us=224432   push_ifconfig_local = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224451   push_ifconfig_remote_netmask = 0.0.0.0
Tue Nov 10 15:04:52 2009 us=224469   enable_c2c = DISABLED
Tue Nov 10 15:04:52 2009 us=224486   duplicate_cn = DISABLED
Tue Nov 10 15:04:52 2009 us=224503   cf_max = 0
Tue Nov 10 15:04:52 2009 us=224520   cf_per = 0
Tue Nov 10 15:04:52 2009 us=224537   max_clients = 1024
Tue Nov 10 15:04:52 2009 us=224555   max_routes_per_client = 256
Tue Nov 10 15:04:52 2009 us=224573   client_cert_not_required = DISABLED
Tue Nov 10 15:04:52 2009 us=224590   username_as_common_name = DISABLED
Tue Nov 10 15:04:52 2009 us=224607   auth_user_pass_verify_script = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=224625   auth_user_pass_verify_script_via_file = DIS                                                                              ABLED
Tue Nov 10 15:04:52 2009 us=224642   port_share_host = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=224659   port_share_port = 0
Tue Nov 10 15:04:52 2009 us=224676   client = DISABLED
Tue Nov 10 15:04:52 2009 us=224693   pull = DISABLED
Tue Nov 10 15:04:52 2009 us=224710   auth_user_pass_file = '[UNDEF]'
Tue Nov 10 15:04:52 2009 us=224732 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO                                                                              2] [EPOLL] [PKCS11] built on Mar  9 2009
Tue Nov 10 15:04:52 2009 us=224894 IMPORTANT: OpenVPN's default port number is n                                                                              ow 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta1                                                                              6 and earlier used 5000 as the default port.
Tue Nov 10 15:04:52 2009 us=224958 /usr/sbin/openvpn-vulnkey -q /etc/openvpn/sha                                                                              red.key
/usr/sbin/openvpn-vulnkey:22: DeprecationWarning: the md5 module is deprecated;                                                                               use hashlib instead
  import md5
Tue Nov 10 15:04:52 2009 us=441636 Static Encrypt: Cipher 'BF-CBC' initialized w                                                                              ith 128 bit key
Tue Nov 10 15:04:52 2009 us=441752 Static Encrypt: Using 160 bit message hash 'S                                                                              HA1' for HMAC authentication
Tue Nov 10 15:04:52 2009 us=441827 Static Decrypt: Cipher 'BF-CBC' initialized w                                                                              ith 128 bit key
Tue Nov 10 15:04:52 2009 us=441850 Static Decrypt: Using 160 bit message hash 'S                                                                              HA1' for HMAC authentication
Tue Nov 10 15:04:52 2009 us=441899 LZO compression initialized
Tue Nov 10 15:04:52 2009 us=442006 WARNING: Since you are using --dev tap, the s                                                                              econd argument to --ifconfig must be a netmask, for example something like 255.2                                                                              55.255.0. (silence this warning with --ifconfig-nowarn)
Tue Nov 10 15:04:52 2009 us=442236 WARNING: potential TUN/TAP adapter subnet con                                                                              flict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/                                                                              192.168.1.2]
Tue Nov 10 15:04:52 2009 us=443580 TUN/TAP device tap0 opened
Tue Nov 10 15:04:52 2009 us=443648 TUN/TAP TX queue length set to 100
Tue Nov 10 15:04:52 2009 us=443702 /sbin/ifconfig tap0 192.168.1.1 netmask 192.1                                                                              68.1.2 mtu 1500 broadcast 255.255.255.253
SIOCSIFNETMASK: Invalid argument
Tue Nov 10 15:04:52 2009 us=449103 Linux ifconfig failed: external program exite                                                                              d with error status: 1
Tue Nov 10 15:04:52 2009 us=449201 Exiting
Options error: --server and --secret cannot be used together (you must use SSL/T                                                                              LS keys)
Use --help for more information.
Options error: --server and --secret cannot be used together (you must use SSL/T                                                                              LS keys)

Uprzejmie prosze o pomoc, moze mam cos z tablica routingu nie wiem, po prostu ucze sie linucha...
Dziekuje

Moze jest cos z routingiem ?? Troche czytalem na ten temat, ale nadal bez pozytywnego rezultatu..

Ostatnio edytowany przez miastek (2009-11-11 16:49:19)

Offline

 

#2  2009-11-12 10:04:08

  qlemik - Użytkownik

qlemik
Użytkownik
Zarejestrowany: 2007-11-27

Re: OpenVPN brak polaczenia i brak pomysłu co dalej :(

Napisał ci ładnie:

Kod:

--server and --secret cannot be used together

skasuj:

Kod:

server 192.168.1.1 255.255.255.0

i powinno działać :)

Polecam przeczytanie tego:

Kod:

http://mediawiki.ilab.pl/images/6/60/Bsi_11_lab.pdf

Miłe proste i w ojczystym języku :D

Ostatnio edytowany przez qlemik (2009-11-12 10:20:05)

Offline

 

#3  2009-11-13 11:50:04

  redelek - Członek DUG

redelek
Członek DUG
Skąd: Warszawa
Zarejestrowany: 2008-07-17

Re: OpenVPN brak polaczenia i brak pomysłu co dalej :(

Poza tym w kliencie masz błąd

Kod:

Tue Nov 10 15:04:52 2009 us=443702 /sbin/ifconfig tap0 192.168.1.1 netmask 192.1                                                                              68.1.2 mtu 1500 broadcast 255.255.255.253
SIOCSIFNETMASK: Invalid argument

Pozdrawiam
Redelek
--------------------------------------------------------
Polecam hosting ViPower https://vipower.pl/panel/aff.php?aff=208, TikTalik https://tiktalik.com/pl/

Offline

 

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
To nie jest tylko forum, to nasza mała ojczyzna ;-)