Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

Strony: 1

 

#1  2010-05-17 13:38:13

  Nicram - Użytkownik

Nicram
Użytkownik
Zarejestrowany: 2006-03-28

OpenVPN - nie moge sobie poradzic

witam
probuje odpalic OpenVPN ale nie chce mi sie za cholere laczyczyc. oto co robie od poczatku:

apt-get install openvpn
cd /usr/share/doc/.../2.0/easy-rsa

w pliku vars zmieniam na dane do certyfitaktow. i po kolei.

Kod:

root@server:/etc/openvpn/easy-rsa
# . ./vars 
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
root@server:/etc/openvpn/easy-rsa
# ./clean-all 
root@server:/etc/openvpn/easy-rsa
# ./build-ca 
Generating a 1024 bit RSA private key
.......................++++++
.................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PL]:
State or Province Name (full name) [Mazowieckie]:
Locality Name (eg, city) [Wawa]:
Organization Name (eg, company) [siec - Pawel paluch]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [siec - Pawel paluch CA]:siec CA
Email Address [marcin@siec.net.pl]:
root@server:/etc/openvpn/easy-rsa
# ./build-key-server server
Generating a 1024 bit RSA private key
........................++++++
......++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PL]:
State or Province Name (full name) [Mazowieckie]:
Locality Name (eg, city) [Wawa]:
Organization Name (eg, company) [siec - Pawel paluch]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [server]:server.inerdom.net.pl
Email Address [marcin@siec.net.pl]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'PL'
stateOrProvinceName   :PRINTABLE:'Mazowieckie'
localityName          :PRINTABLE:'Wawa'
organizationName      :PRINTABLE:'siec - Pawel paluch'
commonName            :PRINTABLE:'server.siec.net.pl'
emailAddress          :IA5STRING:'marcin@siec.net.pl'
Certificate is to be certified until May 14 11:00:13 2020 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

root@server:/etc/openvpn/easy-rsa
# ./build-key winda
Generating a 1024 bit RSA private key
...++++++
...........++++++
writing new private key to 'winda.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PL]:
State or Province Name (full name) [Mazowieckie]:
Locality Name (eg, city) [Wawa]:
Organization Name (eg, company) [siec - Pawel paluch]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [winda]:
Email Address [marcin@siec.net.pl]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'PL'
stateOrProvinceName   :PRINTABLE:'Mazowieckie'
localityName          :PRINTABLE:'Wawa'
organizationName      :PRINTABLE:'siec - Pawel paluch'
commonName            :PRINTABLE:'winda'
emailAddress          :IA5STRING:'marcin@siec.net.pl'
Certificate is to be certified until May 14 11:09:19 2020 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated


root@server:/etc/openvpn/easy-rsa
# ./build-dh 
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
...........+.........................................................+...................................................................................................+..+........+........................................................................................................................................................+.........................................+...............................................................+........................+.+..........................+...........................................+............................................................+......................+................................+..........................................................+...................................................................................................................................+....................+...........................................+.+............................+................................................................................+.....+..........+..............................................+........+..........+................++*++*++*
root@server:/etc/openvpn/easy-rsa
root@server:/etc/openvpn/easy-rsa
# cp keys/ca.crt /etc/openvpn/
root@server:/etc/openvpn/easy-rsa
# cp keys/dh1024.pem /etc/openvpn/
root@server:/etc/openvpn/easy-rsa
# cp keys/server.key /etc/openvpn/
root@server:/etc/openvpn/easy-rsa
# cp keys/server.crt /etc/openvpn/
root@server:/etc/openvpn/easy-rsa


# cat server.conf |egrep -v "#|;"|sed -e '/^$/d'
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 172.21.254.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 6

podczas startu openvpn mam:

Kod:

May 17 13:31:53 server ovpn-server[12218]: Current Parameter Settings:
May 17 13:31:53 server ovpn-server[12218]:   config = '/etc/openvpn/server.conf'
May 17 13:31:53 server ovpn-server[12218]:   mode = 1
May 17 13:31:53 server ovpn-server[12218]:   persist_config = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   persist_mode = 1
May 17 13:31:53 server ovpn-server[12218]:   show_ciphers = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   show_digests = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   show_engines = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   genkey = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   key_pass_file = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   show_tls_ciphers = DISABLED
May 17 13:31:53 server ovpn-server[12218]: Connection profiles [default]:
May 17 13:31:53 server ovpn-server[12218]:   proto = udp
May 17 13:31:53 server ovpn-server[12218]:   local = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   local_port = 1194
May 17 13:31:53 server ovpn-server[12218]:   remote = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   remote_port = 1194
May 17 13:31:53 server ovpn-server[12218]:   remote_float = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   bind_defined = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   bind_local = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   connect_retry_seconds = 5
May 17 13:31:53 server ovpn-server[12218]:   connect_timeout = 10
May 17 13:31:53 server ovpn-server[12218]:   connect_retry_max = 0
May 17 13:31:53 server ovpn-server[12218]:   socks_proxy_server = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   socks_proxy_port = 0
May 17 13:31:53 server ovpn-server[12218]:   socks_proxy_retry = DISABLED
May 17 13:31:53 server ovpn-server[12218]: Connection profiles END
May 17 13:31:53 server ovpn-server[12218]:   remote_random = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   ipchange = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   dev = 'tun'
May 17 13:31:53 server ovpn-server[12218]:   dev_type = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   dev_node = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   lladdr = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   topology = 1
May 17 13:31:53 server ovpn-server[12218]:   tun_ipv6 = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   ifconfig_local = '172.21.254.1'
May 17 13:31:53 server ovpn-server[12218]:   ifconfig_remote_netmask = '172.21.254.2'
May 17 13:31:53 server ovpn-server[12218]:   ifconfig_noexec = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   ifconfig_nowarn = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   shaper = 0
May 17 13:31:53 server ovpn-server[12218]:   tun_mtu = 1500
May 17 13:31:53 server ovpn-server[12218]:   tun_mtu_defined = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   link_mtu = 1500
May 17 13:31:53 server ovpn-server[12218]:   link_mtu_defined = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   tun_mtu_extra = 0
May 17 13:31:53 server ovpn-server[12218]:   tun_mtu_extra_defined = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   fragment = 0
May 17 13:31:53 server ovpn-server[12218]:   mtu_discover_type = -1
May 17 13:31:53 server ovpn-server[12218]:   mtu_test = 0
May 17 13:31:53 server ovpn-server[12218]:   mlock = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   keepalive_ping = 10
May 17 13:31:53 server ovpn-server[12218]:   keepalive_timeout = 120
May 17 13:31:53 server ovpn-server[12218]:   inactivity_timeout = 0
May 17 13:31:53 server ovpn-server[12218]:   ping_send_timeout = 10
May 17 13:31:53 server ovpn-server[12218]:   ping_rec_timeout = 240
May 17 13:31:53 server ovpn-server[12218]:   ping_rec_timeout_action = 2
May 17 13:31:53 server ovpn-server[12218]:   ping_timer_remote = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   remap_sigusr1 = 0
May 17 13:31:53 server ovpn-server[12218]:   explicit_exit_notification = 0
May 17 13:31:53 server ovpn-server[12218]:   persist_tun = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   persist_local_ip = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   persist_remote_ip = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   persist_key = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   mssfix = 1450
May 17 13:31:53 server ovpn-server[12218]:   passtos = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   resolve_retry_seconds = 1000000000
May 17 13:31:53 server ovpn-server[12218]:   username = 'nobody'
May 17 13:31:53 server ovpn-server[12218]:   groupname = 'nogroup'
May 17 13:31:53 server ovpn-server[12218]:   chroot_dir = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   cd_dir = '/etc/openvpn'
May 17 13:31:53 server ovpn-server[12218]:   writepid = '/var/run/openvpn.server.pid'
May 17 13:31:53 server ovpn-server[12218]:   up_script = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   down_script = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   down_pre = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   up_restart = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   up_delay = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   daemon = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   inetd = 0
May 17 13:31:53 server ovpn-server[12218]:   log = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   suppress_timestamps = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   nice = 0
May 17 13:31:53 server ovpn-server[12218]:   verbosity = 6
May 17 13:31:53 server ovpn-server[12218]:   mute = 0
May 17 13:31:53 server ovpn-server[12218]:   gremlin = 0
May 17 13:31:53 server ovpn-server[12218]:   status_file = 'openvpn-status.log'
May 17 13:31:53 server ovpn-server[12218]:   status_file_version = 1
May 17 13:31:53 server ovpn-server[12218]:   status_file_update_freq = 60
May 17 13:31:53 server ovpn-server[12218]:   occ = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   rcvbuf = 65536
May 17 13:31:53 server ovpn-server[12218]:   sndbuf = 65536
May 17 13:31:53 server ovpn-server[12218]:   sockflags = 0
May 17 13:31:53 server ovpn-server[12218]:   fast_io = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   lzo = 7
May 17 13:31:53 server ovpn-server[12218]:   route_script = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   route_default_gateway = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   route_default_metric = 0
May 17 13:31:53 server ovpn-server[12218]:   route_noexec = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   route_delay = 0
May 17 13:31:53 server ovpn-server[12218]:   route_delay_window = 30
May 17 13:31:53 server ovpn-server[12218]:   route_delay_defined = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   route_nopull = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   route_gateway_via_dhcp = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   allow_pull_fqdn = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   route 172.21.254.0/255.255.255.0/nil/nil
May 17 13:31:53 server ovpn-server[12218]:   management_addr = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   management_port = 0
May 17 13:31:53 server ovpn-server[12218]:   management_user_pass = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   management_log_history_cache = 250
May 17 13:31:53 server ovpn-server[12218]:   management_echo_buffer_size = 100
May 17 13:31:53 server ovpn-server[12218]:   management_write_peer_info_file = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   management_flags = 0
May 17 13:31:53 server ovpn-server[12218]:   shared_secret_file = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   key_direction = 0
May 17 13:31:53 server ovpn-server[12218]:   ciphername_defined = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   ciphername = 'BF-CBC'
May 17 13:31:53 server ovpn-server[12218]:   authname_defined = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   authname = 'SHA1'
May 17 13:31:53 server ovpn-server[12218]:   keysize = 0
May 17 13:31:53 server ovpn-server[12218]:   engine = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   replay = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   mute_replay_warnings = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   replay_window = 64
May 17 13:31:53 server ovpn-server[12218]:   replay_time = 15
May 17 13:31:53 server ovpn-server[12218]:   packet_id_file = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   use_iv = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   test_crypto = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   tls_server = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   tls_client = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   key_method = 2
May 17 13:31:53 server ovpn-server[12218]:   ca_file = 'ca.crt'
May 17 13:31:53 server ovpn-server[12218]:   ca_path = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   dh_file = 'dh1024.pem'
May 17 13:31:53 server ovpn-server[12218]:   cert_file = 'server.crt'
May 17 13:31:53 server ovpn-server[12218]:   priv_key_file = 'server.key'
May 17 13:31:53 server ovpn-server[12218]:   pkcs12_file = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   cipher_list = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   tls_verify = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   tls_remote = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   crl_file = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   ns_cert_type = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_ku[i] = 0
May 17 13:31:53 server ovpn-server[12218]:   remote_cert_eku = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   tls_timeout = 2
May 17 13:31:53 server ovpn-server[12218]:   renegotiate_bytes = 0
May 17 13:31:53 server ovpn-server[12218]:   renegotiate_packets = 0
May 17 13:31:53 server ovpn-server[12218]:   renegotiate_seconds = 3600
May 17 13:31:53 server ovpn-server[12218]:   handshake_window = 60
May 17 13:31:53 server ovpn-server[12218]:   transition_window = 3600
May 17 13:31:53 server ovpn-server[12218]:   single_session = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   tls_exit = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   tls_auth_file = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_protected_authentication = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_private_mode = 00000000
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_cert_private = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_pin_cache_period = -1
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_id = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   pkcs11_id_management = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   server_network = 172.21.254.0
May 17 13:31:53 server ovpn-server[12218]:   server_netmask = 255.255.255.0
May 17 13:31:53 server ovpn-server[12218]:   server_bridge_ip = 0.0.0.0
May 17 13:31:53 server ovpn-server[12218]:   server_bridge_netmask = 0.0.0.0
May 17 13:31:53 server ovpn-server[12218]:   server_bridge_pool_start = 0.0.0.0
May 17 13:31:53 server ovpn-server[12218]:   server_bridge_pool_end = 0.0.0.0
May 17 13:31:53 server ovpn-server[12218]:   push_list = 'route 172.21.254.0 255.255.255.0,topology net30,ping 10,ping-restart 120'
May 17 13:31:53 server ovpn-server[12218]:   ifconfig_pool_defined = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   ifconfig_pool_start = 172.21.254.4
May 17 13:31:53 server ovpn-server[12218]:   ifconfig_pool_end = 172.21.254.251
May 17 13:31:53 server ovpn-server[12218]:   ifconfig_pool_netmask = 0.0.0.0
May 17 13:31:53 server ovpn-server[12218]:   ifconfig_pool_persist_filename = 'ipp.txt'
May 17 13:31:53 server ovpn-server[12218]:   ifconfig_pool_persist_refresh_freq = 600
May 17 13:31:53 server ovpn-server[12218]:   n_bcast_buf = 256
May 17 13:31:53 server ovpn-server[12218]:   tcp_queue_limit = 64
May 17 13:31:53 server ovpn-server[12218]:   real_hash_size = 256
May 17 13:31:53 server ovpn-server[12218]:   virtual_hash_size = 256
May 17 13:31:53 server ovpn-server[12218]:   client_connect_script = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   learn_address_script = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   client_disconnect_script = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   client_config_dir = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   ccd_exclusive = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   tmp_dir = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   push_ifconfig_defined = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   push_ifconfig_local = 0.0.0.0
May 17 13:31:53 server ovpn-server[12218]:   push_ifconfig_remote_netmask = 0.0.0.0
May 17 13:31:53 server ovpn-server[12218]:   enable_c2c = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   duplicate_cn = ENABLED
May 17 13:31:53 server ovpn-server[12218]:   cf_max = 0
May 17 13:31:53 server ovpn-server[12218]:   cf_per = 0
May 17 13:31:53 server ovpn-server[12218]:   max_clients = 1024
May 17 13:31:53 server ovpn-server[12218]:   max_routes_per_client = 256
May 17 13:31:53 server ovpn-server[12218]:   client_cert_not_required = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   username_as_common_name = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   auth_user_pass_verify_script = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   auth_user_pass_verify_script_via_file = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   port_share_host = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]:   port_share_port = 0
May 17 13:31:53 server ovpn-server[12218]:   client = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   pull = DISABLED
May 17 13:31:53 server ovpn-server[12218]:   auth_user_pass_file = '[UNDEF]'
May 17 13:31:53 server ovpn-server[12218]: OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
May 17 13:31:53 server ovpn-server[12218]: WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
May 17 13:31:53 server ovpn-server[12218]: Diffie-Hellman initialized with 1024 bit key
May 17 13:31:53 server ovpn-server[12218]: /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
May 17 13:31:53 server ovpn-server[12218]: TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
May 17 13:31:53 server ovpn-server[12218]: ROUTE default_gateway=193.59.36.1
May 17 13:31:53 server ovpn-server[12218]: TUN/TAP device tun0 opened
May 17 13:31:53 server ovpn-server[12218]: TUN/TAP TX queue length set to 100
May 17 13:31:53 server ovpn-server[12218]: /sbin/ifconfig tun0 172.21.254.1 pointopoint 172.21.254.2 mtu 1500
May 17 13:31:53 server ovpn-server[12218]: /sbin/route add -net 172.21.254.0 netmask 255.255.255.0 gw 172.21.254.2
May 17 13:31:53 server ovpn-server[12218]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
May 17 13:31:53 server ovpn-server[12225]: GID set to nogroup
May 17 13:31:53 server ovpn-server[12225]: UID set to nobody
May 17 13:31:53 server ovpn-server[12225]: Socket Buffers: R=[112640->131072] S=[112640->131072]
May 17 13:31:53 server ovpn-server[12225]: UDPv4 link local (bound): [undef]:1194
May 17 13:31:53 server ovpn-server[12225]: UDPv4 link remote: [undef]
May 17 13:31:53 server ovpn-server[12225]: MULTI: multi_init called, r=256 v=256
May 17 13:31:53 server ovpn-server[12225]: IFCONFIG POOL: base=172.21.254.4 size=62
May 17 13:31:53 server ovpn-server[12225]: IFCONFIG POOL LIST
May 17 13:31:53 server ovpn-server[12225]: Initialization Sequence Completed

wygenerowane pliki winda.* oraz ca.crt przenosze do stacji klienckiej na windowssie.
prubuje sie polaczyc i w logu mam:

Kod:

May 17 13:34:43 server ovpn-server[12225]: MULTI: multi_create_instance called
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 Re-using SSL/TLS context
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 LZO compression initialized
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 Local Options hash (VER=V4): '530fdded'
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 Expected Remote Options hash (VER=V4): '41690919'
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 READ [14] from 192.168.37.1:49475: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 TLS: Initial packet from 192.168.37.1:49475, sid=d5a877f1 cd90d4d2
May 17 13:34:43 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [26] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
May 17 13:34:43 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:46 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [14] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:46 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:46 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 READ [14] from 192.168.37.1:49475: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:46 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [22] to 192.168.37.1:49475: P_ACK_V1 kid=0 [ 0 ]
May 17 13:34:46 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:48 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [14] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:48 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:48 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 READ [14] from 192.168.37.1:49475: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:48 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [22] to 192.168.37.1:49475: P_ACK_V1 kid=0 [ 0 ]
May 17 13:34:48 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:50 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [14] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:50 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:51 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 READ [14] from 192.168.37.1:49475: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:51 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [22] to 192.168.37.1:49475: P_ACK_V1 kid=0 [ 0 ]
May 17 13:34:51 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:52 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [14] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:52 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:53 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 READ [14] from 192.168.37.1:49475: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:53 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [22] to 192.168.37.1:49475: P_ACK_V1 kid=0 [ 0 ]
May 17 13:34:53 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:54 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [14] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:54 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:56 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [14] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:56 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:56 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 READ [14] from 192.168.37.1:49475: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:56 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [22] to 192.168.37.1:49475: P_ACK_V1 kid=0 [ 0 ]
May 17 13:34:56 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:57 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 READ [14] from 192.168.37.1:49475: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:57 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [22] to 192.168.37.1:49475: P_ACK_V1 kid=0 [ 0 ]
May 17 13:34:57 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:58 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [14] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:58 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:34:59 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 READ [14] from 192.168.37.1:49475: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:34:59 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [22] to 192.168.37.1:49475: P_ACK_V1 kid=0 [ 0 ]
May 17 13:34:59 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:35:00 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [14] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:35:00 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:35:02 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [14] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:35:02 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:35:02 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 READ [14] from 192.168.37.1:49475: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:35:02 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [22] to 192.168.37.1:49475: P_ACK_V1 kid=0 [ 0 ]
May 17 13:35:02 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:35:04 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [14] to 192.168.37.1:49475: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:35:04 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
May 17 13:35:04 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 READ [14] from 192.168.37.1:49475: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 17 13:35:04 server ovpn-server[12225]: 192.168.37.1:49475 UDPv4 WRITE [22] to 192.168.37.1:49475: P_ACK_V1 kid=0 [ 0 ]
May 17 13:35:04 server ovpn-server[12225]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)

prosze o pomoc w konfiguracji tego. juz mi rece opadaja a zapewne problem tkwi w jakims szczegole.

---edited---

mam jeszcze dziwniejszy problem. zainstalowalem to na virtualce, czysty debian i poszla ta konfiguracja. probowalem postawic na innym debianie, na ktorym stoi pppoe, to niby openvpn zaczynal sluchac to podczas laczenia klienta w logu czysciutko, tak jakby openvpn nie chcial nikogo obsluzyc. na drugiej debianowej brzegowce jest to co powyzej. bledy tls.

---edited---

wyglada na to, ze w pewnym sensie problem sie rozjasnil. oba serwery na ktorych postawilem openvpn sa to koncowki pppoe gdzie pomiedzy nimi pracuje ospf, caly czas byle fizycznie zalogowany do drugiego serwera, do tego ktory "wogole mi nie odpowiadal". serwer z ktorym mialem te klocki z connection refused mial wpisany routing do mojego hosta. nie wiem czy to akurat to jest przyczyna, ale z zupelnie zewnetrznego lacza normalnie uwierzytelnilem sie w openvpn.
czy to, ze akurat bylem zalogowany po pppoe do serwera na ktorym postawilem openvpn, moze byc przyczyna mojej bezskutecznej walki??

Ostatnio edytowany przez Nicram (2010-05-17 18:06:09)

Offline

 

 

Strony: 1

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
To nie jest tylko forum, to nasza mała ojczyzna ;-)