forum.opennet.ru - "OpenVPN (не подключается клиент)" (2)

форумы

помощь

поиск

регистрация

майллист

вход/выход

слежка

"OpenVPN (не подключается клиент)"

Форум Открытые системы на сервере (VPN)
Вариант для распечатки		Пред. тема \| След. тема
Изначальное сообщение		[ Отслеживать ]

"OpenVPN (не подключается клиент)"	+/–
Сообщение от IceTony (ok) on 05-Фев-16, 07:24
Доброго времени суток. 1. ПЕРВЫЙ ОФИС. Роутер D-Link DIR-615 поднимает инет соединение (адрес роутера 192.168.1.1) 2. Машина на Debian выступает в качестве шлюза локальной сети, имеет два сетевых интерфейса: eth0=192.168.1.11 и eth1=192.168.0.1 (все компьютеры в сети имеют адрес 192.168.0.х) 3. На этой же машине установлен OpenVPN сервер, согласно инструкции: http://debian-help.ru/articles/ustanovka-nastroika-openvpn-s.../ Конфиг сервера: push "route 192.168.0.0 255.255.255.0" tls-auth ta.key 0 cipher DES-EDE3-CBC port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log verb 3 4. На роутере в разделе virtual server открываю порт 1194 UDP для адреса 192.168.1.11 и запускаю OpenVPN через команду: /etc/init.d/openvpn start 5. ВТОРОЙ ОФИС. Клиентом OpenVPN выступает машина на windows, внутренний IP=172.17.10.100, подключена к роутеру напрямую. Передаю ключи и сертификаты клиенту (кстати говоря файлы *.key не хотели даже открываться, но chmod 777 вроде решил данную проблему), создаю конфиг клиента: client port 1194 proto udp dev tun dev-node "VPN" remote 78.85.32.29 1194 remote-cert-tls server ca ca.crt cert user.crt key user.key tls-auth ta.key 1 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 ping-restart 60 ping 10 comp-lzo persist-key persist-tun cipher DES-EDE3-CBC status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log" log "C:\\Program Files\\OpenVPN\\log\\openvpn.log" verb 3 mute 20 6. Клиент НЕ подключается к серверу Лог клиента: Fri Feb 05 08:24:51 2016 Current Parameter Settings: Fri Feb 05 08:24:51 2016 config = 'user.ovpn' Fri Feb 05 08:24:51 2016 mode = 0 Fri Feb 05 08:24:51 2016 show_ciphers = DISABLED Fri Feb 05 08:24:51 2016 show_digests = DISABLED Fri Feb 05 08:24:51 2016 show_engines = DISABLED Fri Feb 05 08:24:51 2016 genkey = DISABLED Fri Feb 05 08:24:51 2016 key_pass_file = '[UNDEF]' Fri Feb 05 08:24:51 2016 show_tls_ciphers = DISABLED Fri Feb 05 08:24:51 2016 Connection profiles [default]: Fri Feb 05 08:24:51 2016 proto = udp Fri Feb 05 08:24:51 2016 local = '[UNDEF]' Fri Feb 05 08:24:51 2016 local_port = 1194 Fri Feb 05 08:24:51 2016 remote = '78.85.32.29' Fri Feb 05 08:24:51 2016 remote_port = 1194 Fri Feb 05 08:24:51 2016 remote_float = DISABLED Fri Feb 05 08:24:51 2016 bind_defined = DISABLED Fri Feb 05 08:24:51 2016 bind_local = ENABLED Fri Feb 05 08:24:51 2016 connect_retry_seconds = 5 Fri Feb 05 08:24:51 2016 connect_timeout = 10 Fri Feb 05 08:24:51 2016 NOTE: --mute triggered... Fri Feb 05 08:24:51 2016 268 variation(s) on previous 20 message(s) suppressed by --mute Fri Feb 05 08:24:51 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Feb 1 2016 Fri Feb 05 08:24:51 2016 Windows version 6.2 (Windows 8 or greater) Fri Feb 05 08:24:51 2016 library versions: OpenSSL 1.0.1r 28 Jan 2016, LZO 2.09 Fri Feb 05 08:24:51 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Fri Feb 05 08:24:51 2016 Need hold release from management interface, waiting... Fri Feb 05 08:24:52 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Fri Feb 05 08:24:52 2016 MANAGEMENT: CMD 'state on' Fri Feb 05 08:24:52 2016 MANAGEMENT: CMD 'log all on' Fri Feb 05 08:24:52 2016 MANAGEMENT: CMD 'hold off' Fri Feb 05 08:24:52 2016 MANAGEMENT: CMD 'hold release' Fri Feb 05 08:24:52 2016 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Fri Feb 05 08:24:52 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Feb 05 08:24:52 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Feb 05 08:24:52 2016 LZO compression initialized Fri Feb 05 08:24:52 2016 Control Channel MTU parms [ L:1574 D:1184 EF:66 EB:0 ET:0 EL:3 ] Fri Feb 05 08:24:52 2016 Socket Buffers: R=[65536->65536] S=[65536->65536] Fri Feb 05 08:24:52 2016 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:143 ET:32 EL:3 AF:3/1 ] Fri Feb 05 08:24:52 2016 Local Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher DES-EDE3-CBC,auth SHA1,keysize 192,tls-auth,key-method 2,tls-client' Fri Feb 05 08:24:52 2016 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher DES-EDE3-CBC,auth SHA1,keysize 192,tls-auth,key-method 2,tls-server' Fri Feb 05 08:24:52 2016 Local Options hash (VER=V4): '785d27b4' Fri Feb 05 08:24:52 2016 Expected Remote Options hash (VER=V4): 'faad5c3e' Fri Feb 05 08:24:52 2016 UDPv4 link local (bound): [undef] Fri Feb 05 08:24:52 2016 UDPv4 link remote: [AF_INET]78.85.32.29:1194 Fri Feb 05 08:24:52 2016 MANAGEMENT: >STATE:1454646292,WAIT,,, Fri Feb 05 08:24:52 2016 UDPv4 WRITE [42] to [AF_INET]78.85.32.29:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 Fri Feb 05 08:24:54 2016 UDPv4 WRITE [42] to [AF_INET]78.85.32.29:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0 Fri Feb 05 08:24:59 2016 UDPv4 WRITE [42] to [AF_INET]78.85.32.29:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0 Fri Feb 05 08:25:07 2016 UDPv4 WRITE [42] to [AF_INET]78.85.32.29:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0 Fri Feb 05 08:25:23 2016 UDPv4 WRITE [42] to [AF_INET]78.85.32.29:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0 Fri Feb 05 08:25:52 2016 [UNDEF] Inactivity timeout (--ping-restart), restarting Fri Feb 05 08:25:52 2016 TCP/UDP: Closing socket Fri Feb 05 08:25:52 2016 SIGUSR1[soft,ping-restart] received, process restarting Fri Feb 05 08:25:52 2016 MANAGEMENT: >STATE:1454646352,RECONNECTING,ping-restart,, Fri Feb 05 08:25:52 2016 Restart pause, 2 second(s) Fri Feb 05 08:25:54 2016 Re-using SSL/TLS context Fri Feb 05 08:25:54 2016 LZO compression initialized Fri Feb 05 08:25:54 2016 Control Channel MTU parms [ L:1574 D:1184 EF:66 EB:0 ET:0 EL:3 ] Fri Feb 05 08:25:54 2016 Socket Buffers: R=[65536->65536] S=[65536->65536] Fri Feb 05 08:25:54 2016 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:143 ET:32 EL:3 AF:3/1 ] Fri Feb 05 08:25:54 2016 Local Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher DES-EDE3-CBC,auth SHA1,keysize 192,tls-auth,key-method 2,tls-client' Fri Feb 05 08:25:54 2016 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher DES-EDE3-CBC,auth SHA1,keysize 192,tls-auth,key-method 2,tls-server' Fri Feb 05 08:25:54 2016 Local Options hash (VER=V4): '785d27b4' Fri Feb 05 08:25:54 2016 Expected Remote Options hash (VER=V4): 'faad5c3e' Fri Feb 05 08:25:54 2016 UDPv4 link local (bound): [undef] Fri Feb 05 08:25:54 2016 UDPv4 link remote: [AF_INET]78.85.32.29:1194 Fri Feb 05 08:25:54 2016 MANAGEMENT: >STATE:1454646354,WAIT,,, Fri Feb 05 08:25:54 2016 UDPv4 WRITE [42] to [AF_INET]78.85.32.29:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 Fri Feb 05 08:25:56 2016 UDPv4 WRITE [42] to [AF_INET]78.85.32.29:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0 Fri Feb 05 08:26:00 2016 UDPv4 WRITE [42] to [AF_INET]78.85.32.29:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0 Fri Feb 05 08:26:08 2016 UDPv4 WRITE [42] to [AF_INET]78.85.32.29:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0 Fri Feb 05 08:26:24 2016 UDPv4 WRITE [42] to [AF_INET]78.85.32.29:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0 Fri Feb 05 08:26:55 2016 [UNDEF] Inactivity timeout (--ping-restart), restarting Fri Feb 05 08:26:55 2016 TCP/UDP: Closing socket Лог сервера Fri Feb 5 05:51:10 2016 us=666220 Current Parameter Settings: Fri Feb 5 05:51:10 2016 us=666405 config = '/etc/openvpn/server.conf' Fri Feb 5 05:51:10 2016 us=666460 mode = 1 Fri Feb 5 05:51:10 2016 us=666500 persist_config = DISABLED Fri Feb 5 05:51:10 2016 us=666536 persist_mode = 1 Fri Feb 5 05:51:10 2016 us=666571 show_ciphers = DISABLED Fri Feb 5 05:51:10 2016 us=666605 show_digests = DISABLED Fri Feb 5 05:51:10 2016 us=666641 show_engines = DISABLED Fri Feb 5 05:51:10 2016 us=666677 genkey = DISABLED Fri Feb 5 05:51:10 2016 us=666713 key_pass_file = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=666748 show_tls_ciphers = DISABLED Fri Feb 5 05:51:10 2016 us=666783 Connection profiles [default]: Fri Feb 5 05:51:10 2016 us=666820 proto = udp Fri Feb 5 05:51:10 2016 us=666857 local = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=666893 local_port = 1194 Fri Feb 5 05:51:10 2016 us=666928 remote = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=666965 remote_port = 1194 Fri Feb 5 05:51:10 2016 us=667000 remote_float = DISABLED Fri Feb 5 05:51:10 2016 us=667035 bind_defined = DISABLED Fri Feb 5 05:51:10 2016 us=667069 bind_local = ENABLED Fri Feb 5 05:51:10 2016 us=667104 connect_retry_seconds = 5 Fri Feb 5 05:51:10 2016 us=667138 connect_timeout = 10 Fri Feb 5 05:51:10 2016 us=667174 connect_retry_max = 0 Fri Feb 5 05:51:10 2016 us=667210 socks_proxy_server = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=667246 socks_proxy_port = 0 Fri Feb 5 05:51:10 2016 us=667282 socks_proxy_retry = DISABLED Fri Feb 5 05:51:10 2016 us=667318 Connection profiles END Fri Feb 5 05:51:10 2016 us=667353 remote_random = DISABLED Fri Feb 5 05:51:10 2016 us=667387 ipchange = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=667421 dev = 'tun' Fri Feb 5 05:51:10 2016 us=667455 dev_type = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=667489 dev_node = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=667525 lladdr = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=667562 topology = 1 Fri Feb 5 05:51:10 2016 us=667597 tun_ipv6 = DISABLED Fri Feb 5 05:51:10 2016 us=667631 ifconfig_local = '10.8.0.1' Fri Feb 5 05:51:10 2016 us=667666 ifconfig_remote_netmask = '10.8.0.2' Fri Feb 5 05:51:10 2016 us=667702 ifconfig_noexec = DISABLED Fri Feb 5 05:51:10 2016 us=667747 ifconfig_nowarn = DISABLED Fri Feb 5 05:51:10 2016 us=667792 ifconfig_ipv6_local = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=667829 ifconfig_ipv6_netbits = 0 Fri Feb 5 05:51:10 2016 us=667865 ifconfig_ipv6_remote = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=667947 shaper = 0 Fri Feb 5 05:51:10 2016 us=667996 tun_mtu = 1500 Fri Feb 5 05:51:10 2016 us=668038 tun_mtu_defined = ENABLED Fri Feb 5 05:51:10 2016 us=668075 link_mtu = 1500 Fri Feb 5 05:51:10 2016 us=668110 link_mtu_defined = DISABLED Fri Feb 5 05:51:10 2016 us=668145 tun_mtu_extra = 0 Fri Feb 5 05:51:10 2016 us=668180 tun_mtu_extra_defined = DISABLED Fri Feb 5 05:51:10 2016 us=668215 fragment = 0 Fri Feb 5 05:51:10 2016 us=668249 mtu_discover_type = -1 Fri Feb 5 05:51:10 2016 us=668283 mtu_test = 0 Fri Feb 5 05:51:10 2016 us=668317 mlock = DISABLED Fri Feb 5 05:51:10 2016 us=668351 keepalive_ping = 10 Fri Feb 5 05:51:10 2016 us=668386 keepalive_timeout = 120 Fri Feb 5 05:51:10 2016 us=668420 inactivity_timeout = 0 Fri Feb 5 05:51:10 2016 us=668455 ping_send_timeout = 10 Fri Feb 5 05:51:10 2016 us=668490 ping_rec_timeout = 240 Fri Feb 5 05:51:10 2016 us=668525 ping_rec_timeout_action = 2 Fri Feb 5 05:51:10 2016 us=668560 ping_timer_remote = DISABLED Fri Feb 5 05:51:10 2016 us=668596 remap_sigusr1 = 0 Fri Feb 5 05:51:10 2016 us=668631 explicit_exit_notification = 0 Fri Feb 5 05:51:10 2016 us=668667 persist_tun = ENABLED Fri Feb 5 05:51:10 2016 us=668702 persist_local_ip = DISABLED Fri Feb 5 05:51:10 2016 us=668738 persist_remote_ip = DISABLED Fri Feb 5 05:51:10 2016 us=668772 persist_key = ENABLED Fri Feb 5 05:51:10 2016 us=668808 mssfix = 1450 Fri Feb 5 05:51:10 2016 us=668843 passtos = DISABLED Fri Feb 5 05:51:10 2016 us=668880 resolve_retry_seconds = 1000000000 Fri Feb 5 05:51:10 2016 us=668933 username = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=668975 groupname = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=669012 chroot_dir = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=669047 cd_dir = '/etc/openvpn' Fri Feb 5 05:51:10 2016 us=669082 writepid = '/var/run/openvpn.server.pid' Fri Feb 5 05:51:10 2016 us=669244 up_script = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=669295 down_script = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=669331 down_pre = DISABLED Fri Feb 5 05:51:10 2016 us=669365 up_restart = DISABLED Fri Feb 5 05:51:10 2016 us=669400 up_delay = DISABLED Fri Feb 5 05:51:10 2016 us=669435 daemon = ENABLED Fri Feb 5 05:51:10 2016 us=669470 inetd = 0 Fri Feb 5 05:51:10 2016 us=669505 log = ENABLED Fri Feb 5 05:51:10 2016 us=669539 suppress_timestamps = DISABLED Fri Feb 5 05:51:10 2016 us=669574 nice = 0 Fri Feb 5 05:51:10 2016 us=669608 verbosity = 6 Fri Feb 5 05:51:10 2016 us=669642 mute = 0 Fri Feb 5 05:51:10 2016 us=669677 gremlin = 0 Fri Feb 5 05:51:10 2016 us=669711 status_file = 'openvpn-status.log' Fri Feb 5 05:51:10 2016 us=669747 status_file_version = 1 Fri Feb 5 05:51:10 2016 us=669781 status_file_update_freq = 60 Fri Feb 5 05:51:10 2016 us=669816 occ = ENABLED Fri Feb 5 05:51:10 2016 us=669851 rcvbuf = 65536 Fri Feb 5 05:51:10 2016 us=669886 sndbuf = 65536 Fri Feb 5 05:51:10 2016 us=669921 sockflags = 0 Fri Feb 5 05:51:10 2016 us=669956 fast_io = DISABLED Fri Feb 5 05:51:10 2016 us=669990 lzo = 7 Fri Feb 5 05:51:10 2016 us=670025 route_script = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=670059 route_default_gateway = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=670093 route_default_metric = 0 Fri Feb 5 05:51:10 2016 us=670127 route_noexec = DISABLED Fri Feb 5 05:51:10 2016 us=670162 route_delay = 0 Fri Feb 5 05:51:10 2016 us=670197 route_delay_window = 30 Fri Feb 5 05:51:10 2016 us=670232 route_delay_defined = DISABLED Fri Feb 5 05:51:10 2016 us=670267 route_nopull = DISABLED Fri Feb 5 05:51:10 2016 us=670302 route_gateway_via_dhcp = DISABLED Fri Feb 5 05:51:10 2016 us=670337 max_routes = 100 Fri Feb 5 05:51:10 2016 us=670443 allow_pull_fqdn = DISABLED Fri Feb 5 05:51:10 2016 us=670495 route 10.8.0.0/255.255.255.0/nil/nil Fri Feb 5 05:51:10 2016 us=670534 management_addr = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=670571 management_port = 0 Fri Feb 5 05:51:10 2016 us=670605 management_user_pass = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=670713 management_log_history_cache = 250 Fri Feb 5 05:51:10 2016 us=670754 management_echo_buffer_size = 100 Fri Feb 5 05:51:10 2016 us=670791 management_write_peer_info_file = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=670827 management_client_user = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=670863 management_client_group = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=670898 management_flags = 0 Fri Feb 5 05:51:10 2016 us=670999 shared_secret_file = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=671047 key_direction = 1 Fri Feb 5 05:51:10 2016 us=671084 ciphername_defined = ENABLED Fri Feb 5 05:51:10 2016 us=671120 ciphername = 'DES-EDE3-CBC' Fri Feb 5 05:51:10 2016 us=671155 authname_defined = ENABLED Fri Feb 5 05:51:10 2016 us=671191 authname = 'SHA1' Fri Feb 5 05:51:10 2016 us=671227 prng_hash = 'SHA1' Fri Feb 5 05:51:10 2016 us=671263 prng_nonce_secret_len = 16 Fri Feb 5 05:51:10 2016 us=671298 keysize = 0 Fri Feb 5 05:51:10 2016 us=671334 engine = DISABLED Fri Feb 5 05:51:10 2016 us=671369 replay = ENABLED Fri Feb 5 05:51:10 2016 us=671404 mute_replay_warnings = DISABLED Fri Feb 5 05:51:10 2016 us=671439 replay_window = 64 Fri Feb 5 05:51:10 2016 us=671473 replay_time = 15 Fri Feb 5 05:51:10 2016 us=671507 packet_id_file = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=671542 use_iv = ENABLED Fri Feb 5 05:51:10 2016 us=671579 test_crypto = DISABLED Fri Feb 5 05:51:10 2016 us=671613 tls_server = ENABLED Fri Feb 5 05:51:10 2016 us=671648 tls_client = DISABLED Fri Feb 5 05:51:10 2016 us=671684 key_method = 2 Fri Feb 5 05:51:10 2016 us=671741 ca_file = 'ca.crt' Fri Feb 5 05:51:10 2016 us=671783 ca_path = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=671820 dh_file = 'dh1024.pem' Fri Feb 5 05:51:10 2016 us=671969 cert_file = 'server.crt' Fri Feb 5 05:51:10 2016 us=672012 priv_key_file = 'server.key' Fri Feb 5 05:51:10 2016 us=672049 pkcs12_file = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=672085 cipher_list = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=672294 tls_verify = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=672459 tls_export_cert = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=672575 tls_remote = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=672617 crl_file = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=672661 ns_cert_type = 0 Fri Feb 5 05:51:10 2016 us=672757 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=672815 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=672853 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=672952 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673010 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673058 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673098 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673135 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673170 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673207 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673243 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673279 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673315 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673351 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673385 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673420 remote_cert_ku[i] = 0 Fri Feb 5 05:51:10 2016 us=673456 remote_cert_eku = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=673492 tls_timeout = 2 Fri Feb 5 05:51:10 2016 us=673528 renegotiate_bytes = 0 Fri Feb 5 05:51:10 2016 us=673563 renegotiate_packets = 0 Fri Feb 5 05:51:10 2016 us=673599 renegotiate_seconds = 3600 Fri Feb 5 05:51:10 2016 us=673706 handshake_window = 60 Fri Feb 5 05:51:10 2016 us=673822 transition_window = 3600 Fri Feb 5 05:51:10 2016 us=673936 single_session = DISABLED Fri Feb 5 05:51:10 2016 us=674052 push_peer_info = DISABLED Fri Feb 5 05:51:10 2016 us=674101 tls_exit = DISABLED Fri Feb 5 05:51:10 2016 us=674147 tls_auth_file = 'ta.key' Fri Feb 5 05:51:10 2016 us=674189 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674293 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674339 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674386 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674488 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674535 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674583 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674623 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674660 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674695 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674730 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674766 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674802 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674839 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674875 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674910 pkcs11_protected_authentication = DISABLED Fri Feb 5 05:51:10 2016 us=674948 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=674985 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675022 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675057 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675093 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675129 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675164 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675218 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675260 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675295 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675332 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675368 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675403 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675437 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675472 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675506 pkcs11_private_mode = 00000000 Fri Feb 5 05:51:10 2016 us=675540 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675575 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675610 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675644 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675679 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675713 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675748 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675784 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675819 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675855 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675935 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=675980 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=676017 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=676051 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=676086 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=676122 pkcs11_cert_private = DISABLED Fri Feb 5 05:51:10 2016 us=676158 pkcs11_pin_cache_period = -1 Fri Feb 5 05:51:10 2016 us=676193 pkcs11_id = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=676228 pkcs11_id_management = DISABLED Fri Feb 5 05:51:10 2016 us=676280 server_network = 10.8.0.0 Fri Feb 5 05:51:10 2016 us=676328 server_netmask = 255.255.255.0 Fri Feb 5 05:51:10 2016 us=676378 server_network_ipv6 = :: Fri Feb 5 05:51:10 2016 us=676420 server_netbits_ipv6 = 0 Fri Feb 5 05:51:10 2016 us=676461 server_bridge_ip = 0.0.0.0 Fri Feb 5 05:51:10 2016 us=676502 server_bridge_netmask = 0.0.0.0 Fri Feb 5 05:51:10 2016 us=676544 server_bridge_pool_start = 0.0.0.0 Fri Feb 5 05:51:10 2016 us=676584 server_bridge_pool_end = 0.0.0.0 Fri Feb 5 05:51:10 2016 us=676623 push_entry = 'route 192.168.0.0 255.255.255.0' Fri Feb 5 05:51:10 2016 us=676660 push_entry = 'route 10.8.0.1' Fri Feb 5 05:51:10 2016 us=676696 push_entry = 'topology net30' Fri Feb 5 05:51:10 2016 us=676732 push_entry = 'ping 10' Fri Feb 5 05:51:10 2016 us=676767 push_entry = 'ping-restart 120' Fri Feb 5 05:51:10 2016 us=676803 ifconfig_pool_defined = ENABLED Fri Feb 5 05:51:10 2016 us=676841 ifconfig_pool_start = 10.8.0.4 Fri Feb 5 05:51:10 2016 us=676879 ifconfig_pool_end = 10.8.0.251 Fri Feb 5 05:51:10 2016 us=676918 ifconfig_pool_netmask = 0.0.0.0 Fri Feb 5 05:51:10 2016 us=676953 ifconfig_pool_persist_filename = 'ipp.txt' Fri Feb 5 05:51:10 2016 us=676989 ifconfig_pool_persist_refresh_freq = 600 Fri Feb 5 05:51:10 2016 us=677025 ifconfig_ipv6_pool_defined = DISABLED Fri Feb 5 05:51:10 2016 us=677063 ifconfig_ipv6_pool_base = :: Fri Feb 5 05:51:10 2016 us=677099 ifconfig_ipv6_pool_netbits = 0 Fri Feb 5 05:51:10 2016 us=677135 n_bcast_buf = 256 Fri Feb 5 05:51:10 2016 us=677169 tcp_queue_limit = 64 Fri Feb 5 05:51:10 2016 us=677204 real_hash_size = 256 Fri Feb 5 05:51:10 2016 us=677238 virtual_hash_size = 256 Fri Feb 5 05:51:10 2016 us=677273 client_connect_script = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=677308 learn_address_script = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=677344 client_disconnect_script = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=677379 client_config_dir = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=677413 ccd_exclusive = DISABLED Fri Feb 5 05:51:10 2016 us=677449 tmp_dir = '/tmp' Fri Feb 5 05:51:10 2016 us=677482 push_ifconfig_defined = DISABLED Fri Feb 5 05:51:10 2016 us=677536 push_ifconfig_local = 0.0.0.0 Fri Feb 5 05:51:10 2016 us=677581 push_ifconfig_remote_netmask = 0.0.0.0 Fri Feb 5 05:51:10 2016 us=677620 push_ifconfig_ipv6_defined = DISABLED Fri Feb 5 05:51:10 2016 us=677658 push_ifconfig_ipv6_local = ::/0 Fri Feb 5 05:51:10 2016 us=677695 push_ifconfig_ipv6_remote = :: Fri Feb 5 05:51:10 2016 us=677732 enable_c2c = DISABLED Fri Feb 5 05:51:10 2016 us=677768 duplicate_cn = DISABLED Fri Feb 5 05:51:10 2016 us=677802 cf_max = 0 Fri Feb 5 05:51:10 2016 us=677837 cf_per = 0 Fri Feb 5 05:51:10 2016 us=677874 max_clients = 1024 Fri Feb 5 05:51:10 2016 us=677910 max_routes_per_client = 256 Fri Feb 5 05:51:10 2016 us=677945 auth_user_pass_verify_script = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=677981 auth_user_pass_verify_script_via_file = DISABLED Fri Feb 5 05:51:10 2016 us=678017 ssl_flags = 0 Fri Feb 5 05:51:10 2016 us=678052 port_share_host = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=678087 port_share_port = 0 Fri Feb 5 05:51:10 2016 us=678121 client = DISABLED Fri Feb 5 05:51:10 2016 us=678156 pull = DISABLED Fri Feb 5 05:51:10 2016 us=678191 auth_user_pass_file = '[UNDEF]' Fri Feb 5 05:51:10 2016 us=678239 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 1 2014 Fri Feb 5 05:51:10 2016 us=678651 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet. Fri Feb 5 05:51:10 2016 us=678732 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Fri Feb 5 05:51:10 2016 us=686173 Diffie-Hellman initialized with 1024 bit key Fri Feb 5 05:51:10 2016 us=688297 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Fri Feb 5 05:51:10 2016 us=688400 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Feb 5 05:51:10 2016 us=688461 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Feb 5 05:51:10 2016 us=688524 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Fri Feb 5 05:51:10 2016 us=688610 Socket Buffers: R=[163840->131072] S=[163840->131072] Fri Feb 5 05:51:10 2016 us=688975 ROUTE default_gateway=192.168.1.1 Fri Feb 5 05:51:10 2016 us=692169 TUN/TAP device tun0 opened Fri Feb 5 05:51:10 2016 us=692292 TUN/TAP TX queue length set to 100 Fri Feb 5 05:51:10 2016 us=692365 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Fri Feb 5 05:51:10 2016 us=692450 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500 Fri Feb 5 05:51:10 2016 us=703565 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2 Fri Feb 5 05:51:10 2016 us=716838 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Fri Feb 5 05:51:10 2016 us=719820 UDPv4 link local (bound): [undef] Fri Feb 5 05:51:10 2016 us=720017 UDPv4 link remote: [undef] Fri Feb 5 05:51:10 2016 us=720089 MULTI: multi_init called, r=256 v=256 Fri Feb 5 05:51:10 2016 us=720251 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0 Fri Feb 5 05:51:10 2016 us=720320 IFCONFIG POOL LIST Fri Feb 5 05:51:10 2016 us=720417 Initialization Sequence Completed tcpdump говорит что пакет от клиента поступают на сервер Требуется сделать так, что бы все компьютеры из первого офиса (192.168.0.х) видели все компьютеры из второго офиса (172.17.10.х) по их внутренним IP. Помогите пожалуйста.
Ответить \| Правка \| Cообщить модератору

Оглавление

OpenVPN (не подключается клиент), qwertykma, 12:21 , 05-Фев-16, (1)
OpenVPN (не подключается клиент), ALex_hha, 12:27 , 05-Фев-16, (2)

Сообщения по теме [Сортировка по времени | RSS]

1. "OpenVPN (не подключается клиент)" +/–

Сообщение от qwertykma (ok) on 05-Фев-16, 12:21

"6. Клиент НЕ подключается к серверу"
"tcpdump говорит что пакет от клиента поступают на сервер"
По логам ИМХО подключается.
"Требуется сделать так, что бы все компьютеры из первого офиса (192.168.0.х) видели все компьютеры из второго офиса (172.17.10.х) по их внутренним IP. Помогите пожалуйста." Итак если соединение поднято, то вам надо настроить маршрутизацию.
Вот сюда:
http://just-networks.ru/seti-tcp-ip/marshrutizatsiya
http://edu.dvgups.ru/METDOC/GDTRAN/YAT/TELECOMM/PDI/METOD/PI...

Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

2. "OpenVPN (не подключается клиент)" +/–

Сообщение от ALex_hha (ok) on 05-Фев-16, 12:27

> кстати говоря файлы *.key не хотели даже открываться, но chmod 777 вроде решил данную проблему
воу воу, палехче ( с ). Давать 777 на private key это конечно круто. Например, по ssh вы никогда не подключитесь, если у ключа стоит хотя бы group read флаг, не говоря уже за other.
78.85.32.29 это адрес dlink в 1м офисе? Зачем вы поднимаете т.н. road warriors конфиг, если вам надо настроить обычный тунель?
Я бы упростил задачу
клиент

dev tun0
remote xxx.xxx.xxx.xxx
port 1194
proto udp
script-security 1
sndbuf 0
rcvbuf 0
txqueuelen 1024
ifconfig 10.0.0.2 10.0.0.1
float
nobind
secret /etc/openvpn/secret.key
user nobody
group nobody
comp-lzo
ping 15
ping-restart 30
ping-timer-rem
persist-tun
persist-key
persist-remote-ip
log /var/log/openvpn.log
verb 3
сервер

dev tun0
local xxx.xxx.xxx.xxx
port 1194
proto udp
script-security 1
sndbuf 0
rcvbuf 0
txqueuelen 1024
ifconfig 10.0.0.1 10.0.0.2
secret /etc/openvpn/static.key
user nobody
group nobody
comp-lzo
ping 15
ping-restart 30
ping-timer-rem
persist-tun
persist-key
persist-local-ip
log /var/log/openvpn.log
verb 3
Ключ генерируем с помощью

# openvpn --genkey --secret secret.key
На венде соответственно поправить пути к ключам и логам.
После этого на шлюзах в офисах добавить маршруты
# ip ro add 192.168.1.0/24 via 10.0.0.2
# ip ro add 172.17.10.0/24 via 10.0.0.1
P.S.
на венде openvpn надо запускать от имени администратора (Run as Administrator). Это важный момент.

Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

Архив | Удалить

Рекомендовать для помещения в FAQ | Индекс форумов | Темы | Пред. тема | След. тема

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "OpenVPN (не подключается клиент)"	+/–
Сообщение от qwertykma (ok) on 05-Фев-16, 12:21
"6. Клиент НЕ подключается к серверу" "tcpdump говорит что пакет от клиента поступают на сервер" По логам ИМХО подключается. "Требуется сделать так, что бы все компьютеры из первого офиса (192.168.0.х) видели все компьютеры из второго офиса (172.17.10.х) по их внутренним IP. Помогите пожалуйста." Итак если соединение поднято, то вам надо настроить маршрутизацию. Вот сюда: http://just-networks.ru/seti-tcp-ip/marshrutizatsiya http://edu.dvgups.ru/METDOC/GDTRAN/YAT/TELECOMM/PDI/METOD/PI...
Ответить \| Правка \| ^ к родителю #0 \| Наверх \| Cообщить модератору

2. "OpenVPN (не подключается клиент)"	+/–
Сообщение от ALex_hha (ok) on 05-Фев-16, 12:27
> кстати говоря файлы *.key не хотели даже открываться, но chmod 777 вроде решил данную проблему воу воу, палехче ( с ). Давать 777 на private key это конечно круто. Например, по ssh вы никогда не подключитесь, если у ключа стоит хотя бы group read флаг, не говоря уже за other. 78.85.32.29 это адрес dlink в 1м офисе? Зачем вы поднимаете т.н. road warriors конфиг, если вам надо настроить обычный тунель? Я бы упростил задачу клиент dev tun0 remote xxx.xxx.xxx.xxx port 1194 proto udp script-security 1 sndbuf 0 rcvbuf 0 txqueuelen 1024 ifconfig 10.0.0.2 10.0.0.1 float nobind secret /etc/openvpn/secret.key user nobody group nobody comp-lzo ping 15 ping-restart 30 ping-timer-rem persist-tun persist-key persist-remote-ip log /var/log/openvpn.log verb 3 сервер dev tun0 local xxx.xxx.xxx.xxx port 1194 proto udp script-security 1 sndbuf 0 rcvbuf 0 txqueuelen 1024 ifconfig 10.0.0.1 10.0.0.2 secret /etc/openvpn/static.key user nobody group nobody comp-lzo ping 15 ping-restart 30 ping-timer-rem persist-tun persist-key persist-local-ip log /var/log/openvpn.log verb 3 Ключ генерируем с помощью # openvpn --genkey --secret secret.key На венде соответственно поправить пути к ключам и логам. После этого на шлюзах в офисах добавить маршруты # ip ro add 192.168.1.0/24 via 10.0.0.2 # ip ro add 172.17.10.0/24 via 10.0.0.1 P.S. на венде openvpn надо запускать от имени администратора (Run as Administrator). Это важный момент.
Ответить \| Правка \| ^ к родителю #0 \| Наверх \| Cообщить модератору