URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID10
Нить номер: 3177
[ Назад ]

Исходное сообщение
"OpenVPN c Linux на Windows ????"
Отправлено klim_old , 21-Фев-07 13:06

Пробовал настроить неполучилось нигде ненашел солюшн
на сервере (Линух)
local 192.168.1.1
port 1194
proto tcp
dev tun
tls-server
ca      /etc/openvpn/server/keys/ca.crt
cert    /etc/openvpn/server/keys/server.crt
key     /etc/openvpn/server/keys/server.key
dh      /etc/openvpn/server/keys/dh1024.pem
tls-auth /etc/openvpn/server/ta.key 0
server 10.0.0.1 255.255.255.0
push "dchp-option DNS 10.0.0.33"
keepalive 10 120
comp-lzo
max-clients 5
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
persist-key
persist-tun
status  /var/log/openvpn-status.log
log     /var/log/openvpn.log
verb 3
на клиенте (мастдай)
client
dev tun
proto tcp
remote 192.168.1.1 1194
resolv-retry infinite
nobind
tls-client
persist-key
persist-tun
ca "C:\\Documents\ and\ Settings\\user\\openvpn\\ca.crt"
cert "C:\\Documents\ and\ Settings\\user\\openvpn\\kadmin.crt"
key "C:\\Documents\ and\ Settings\\user\\openvpn\\kadmin.key"
tls-auth "C:\\Documents\ and\ Settings\\user\\openvpn\\ta.key" 1
comp-lzo
verb 3
Ключевые файлы одинаковые из одного источника сa.crt ta.key (одни и теже что на сервер то и на клиенте). В логе пишет:
(Линух)
Wed Feb 21 16:08:35 2007 OpenVPN 2.0.6 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Feb 21 2007
Wed Feb 21 16:08:35 2007 Diffie-Hellman initialized with 1024 bit key
Wed Feb 21 16:08:35 2007 Control Channel Authentication: using '/etc/openvpn/server/ta.key' as a OpenVPN static key file
Wed Feb 21 16:08:35 2007 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 21 16:08:35 2007 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 21 16:08:35 2007 TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Feb 21 16:08:35 2007 TUN/TAP device tun0 opened
Wed Feb 21 16:08:35 2007 /sbin/ifconfig tun0 10.0.10.1 pointopoint 10.0.10.2 mtu 1500
Wed Feb 21 16:08:35 2007 /sbin/route add -net 10.0.10.0 netmask 255.255.255.0 gw 10.0.10.2
Wed Feb 21 16:08:35 2007 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 21 16:08:35 2007 Listening for incoming TCP connection on 192.168.1.106:1194
Wed Feb 21 16:08:35 2007 TCPv4_SERVER link local (bound): 192.168.1.106:1194
Wed Feb 21 16:08:35 2007 TCPv4_SERVER link remote: [undef]
Wed Feb 21 16:08:35 2007 MULTI: multi_init called, r=256 v=256
Wed Feb 21 16:08:35 2007 IFCONFIG POOL: base=10.0.10.4 size=62
Wed Feb 21 16:08:35 2007 IFCONFIG POOL LIST
Wed Feb 21 16:08:35 2007 MULTI: TCP INIT maxclients=100 maxevents=104
Wed Feb 21 16:08:35 2007 Initialization Sequence Completed
Wed Feb 21 16:08:46 2007 MULTI: multi_create_instance called
Wed Feb 21 16:08:46 2007 Re-using SSL/TLS context
Wed Feb 21 16:08:46 2007 LZO compression initialized
Wed Feb 21 16:08:46 2007 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Feb 21 16:08:46 2007 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 21 16:08:46 2007 Local Options hash (VER=V4): 'a642654b'
Wed Feb 21 16:08:46 2007 Expected Remote Options hash (VER=V4): '0bdd0804'
Wed Feb 21 16:08:46 2007 TCP connection established with 192.168.1.69:2978
Wed Feb 21 16:08:46 2007 TCPv4_SERVER link local: [undef]
Wed Feb 21 16:08:46 2007 TCPv4_SERVER link remote: 192.168.1.69:2978
Wed Feb 21 16:08:46 2007 192.168.1.69:2978 TLS: Initial packet from 192.168.1.69:2978, sid=8abde009 d6189f90
Wed Feb 21 16:08:46 2007 192.168.1.69:2978 Connection reset, restarting [-1]
Wed Feb 21 16:08:46 2007 192.168.1.69:2978 SIGUSR1[soft,connection-reset] received, client-instance restarting
Wed Feb 21 16:08:46 2007 TCP/UDP: Closing socket
Wed Feb 21 16:08:55 2007 MULTI: multi_create_instance called
Wed Feb 21 16:08:55 2007 Re-using SSL/TLS context
Wed Feb 21 16:08:55 2007 LZO compression initialized
Wed Feb 21 16:08:55 2007 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Feb 21 16:08:55 2007 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 21 16:08:55 2007 Local Options hash (VER=V4): 'a642654b'
Wed Feb 21 16:08:55 2007 Expected Remote Options hash (VER=V4): '0bdd0804'
Wed Feb 21 16:08:55 2007 TCP connection established with 192.168.1.69:2989
Wed Feb 21 16:08:55 2007 TCPv4_SERVER link local: [undef]
Wed Feb 21 16:08:55 2007 TCPv4_SERVER link remote: 192.168.1.69:2989
Wed Feb 21 16:08:55 2007 192.168.1.69:2989 Connection reset, restarting [-1]
Wed Feb 21 16:08:55 2007 192.168.1.69:2989 SIGUSR1[soft,connection-reset] received, client-instance restarting
Wed Feb 21 16:08:55 2007 TCP/UDP: Closing socket
(мастдай)
Wed Feb 21 16:01:06 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Wed Feb 21 16:01:06 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and
earlier used 5000 as the default port.
Wed Feb 21 16:01:06 2007 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Feb 21 16:01:13 2007 Control Channel Authentication: using 'C:\Documents and Settings\user\openvpn\ta.key' as a OpenVPN static key file
Wed Feb 21 16:01:13 2007 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 21 16:01:13 2007 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 21 16:01:13 2007 LZO compression initialized
Wed Feb 21 16:01:13 2007 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Feb 21 16:01:13 2007 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 21 16:01:13 2007 Local Options hash (VER=V4): 'ee93268d'
Wed Feb 21 16:01:13 2007 Expected Remote Options hash (VER=V4): 'bd577cd1'
Wed Feb 21 16:01:13 2007 Attempting to establish TCP connection with 192.168.1.1:1194
Wed Feb 21 16:01:13 2007 TCP connection established with 192.168.1.1:1194
Wed Feb 21 16:01:13 2007 TCPv4_CLIENT link local: [undef]
Wed Feb 21 16:01:13 2007 TCPv4_CLIENT link remote: 192.168.1.1:1194
Wed Feb 21 16:01:13 2007 TLS: Initial packet from 192.168.1.1:1194, sid=161a4866 f4355c98
Wed Feb 21 16:01:13 2007 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=COM/ST=COM/L=City/O=COMPANY/CN=COMPANY_CA/emailAdd
ress=email
Wed Feb 21 16:01:13 2007 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Feb 21 16:01:13 2007 TLS Error: TLS object -> incoming plaintext read error
Wed Feb 21 16:01:13 2007 TLS Error: TLS handshake failed
Wed Feb 21 16:01:13 2007 Fatal TLS error (check_tls_errors_co), restarting
Wed Feb 21 16:01:13 2007 TCP/UDP: Closing socket
Wed Feb 21 16:01:13 2007 SIGUSR1[soft,tls-error] received, process restarting
Wed Feb 21 16:01:13 2007 Restart pause, 5 second(s)
Wed Feb 21 16:01:18 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and
earlier used 5000 as the default port.
Wed Feb 21 16:01:18 2007 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Feb 21 16:01:18 2007 Re-using SSL/TLS context
Wed Feb 21 16:01:18 2007 LZO compression initialized
Wed Feb 21 16:01:18 2007 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Feb 21 16:01:18 2007 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 21 16:01:18 2007 Local Options hash (VER=V4): 'ee93268d'
Wed Feb 21 16:01:18 2007 Expected Remote Options hash (VER=V4): 'bd577cd1'
Wed Feb 21 16:01:18 2007 Attempting to establish TCP connection with 192.168.1.1:1194
Wed Feb 21 16:01:18 2007 TCP/UDP: Closing socket

Содержание

OpenVPN c Linux на Windows ????,klim_old, 07:15 , 23-Фев-07
- OpenVPN c Linux на Windows ????,stalker, 14:46 , 09-Мрт-07
  - OpenVPN c Linux на Windows ????,domas, 15:31 , 14-Мрт-07
    - OpenVPN c Linux на Windows ????,Djdf, 01:10 , 16-Ноя-08

Сообщения в этом обсуждении

"OpenVPN c Linux на Windows ????"
Отправлено klim_old , 23-Фев-07 07:15

Что никто не сталкивался?

"OpenVPN c Linux на Windows ????"
Отправлено stalker , 09-Мрт-07 14:46

>Что никто не сталкивался?
Посмотрите на свои сертификатики похоже с ними не все гладко.
сверьте согласно этой таблички
Имя файла    Где нужен    Назначение    Секретный
ca.crt    сервер + все клиенты    Root CA certificate    НЕТ
ca.key    ключ подписывающей машины    Root CA key    ДА
dh{n}.pem    только на сервере    Diffie Hellman параметры    НЕТ
server.crt    только на сервере    Server сертификат    НЕТ
server.key    только на сервере    Server ключ    ДА
client1.crt    только на client1    Client1 сертификат    НЕТ
client1.key    только на client1    Client1 ключ    ДА
с   openvpn  идут примеры конфигов и описание и предварительно сгенереные ключи - которые ес-но пригодны только для тестирования - попробуйте для начала с ними
Best Regards

"OpenVPN c Linux на Windows ????"
Отправлено domas , 14-Мрт-07 15:31

Сталкивался.
У сертификатов CN должны быть одинаковые.
В доках к openvpn про это, кстати, написанно.

"OpenVPN c Linux на Windows ????"
Отправлено Djdf , 16-Ноя-08 01:10

>Сталкивался.
>У сертификатов CN должны быть одинаковые.
>В доках к openvpn про это, кстати, написанно.
хм. а можете подсказать где это? а то без dupclicate-cn он вышибает клиентов.