openvpn

[Corsair]

Takže bude to stačit takhle když do client.conf souboru dám:

Kód: [Vybrat]

script-security 3 system
         fragment 1400
         mssfix
a do server conf

Kód: [Vybrat]

fragment 1400 
        mssfix

Tak potvrzuji že to funguje.Už na klientovi dostavám z vpn stejnou ip jako na serveru.Ještě jsem povolil šifrování AES 128 bit.

[Corsair]

Lámu si hlavu nad touto chybou, Vše funguje ale pořád nejde TLS handshake, zkoušel jsem generovat nový protokol ale chyba je pořád stejná.
Dávám vyýpis z klient logu i server logu:
Client log:

Kód: [Vybrat]

Fri Jul 06 13:31:15 2012 NOTE: --user option is not implemented on Windows
Fri Jul 06 13:31:15 2012 NOTE: --group option is not implemented on Windows
Fri Jul 06 13:31:15 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri Jul 06 13:31:15 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul 06 13:31:15 2012 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Fri Jul 06 13:31:15 2012 LZO compression initialized
Fri Jul 06 13:31:15 2012 Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jul 06 13:31:15 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 06 13:31:15 2012 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jul 06 13:31:15 2012 Local Options hash (VER=V4): 'b498be7c'
Fri Jul 06 13:31:15 2012 Expected Remote Options hash (VER=V4): '26e19fc0'
Fri Jul 06 13:31:15 2012 UDPv4 link local: [undef]
Fri Jul 06 13:31:15 2012 UDPv4 link remote: 192.168.2.253:1194
Fri Jul 06 13:31:15 2012 TLS: Initial packet from 192.168.2.253:1194, sid=74c957fb f175293f
Fri Jul 06 13:31:15 2012 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /C=CZ/ST=VC/L=Nachod/O=Lipi/OU=server/CN=server/name=server/emailAddress=mail@host.domain
Fri Jul 06 13:31:15 2012 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Jul 06 13:31:15 2012 TLS Error: TLS object -> incoming plaintext read error
Fri Jul 06 13:31:15 2012 TLS Error: TLS handshake failed
Fri Jul 06 13:31:15 2012 TCP/UDP: Closing socket
Fri Jul 06 13:31:15 2012 SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 06 13:31:15 2012 Restart pause, 2 second(s)
Fri Jul 06 13:31:17 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul 06 13:31:17 2012 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Fri Jul 06 13:31:17 2012 Re-using SSL/TLS context
Fri Jul 06 13:31:17 2012 LZO compression initialized
Fri Jul 06 13:31:17 2012 Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jul 06 13:31:17 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 06 13:31:17 2012 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jul 06 13:31:17 2012 Local Options hash (VER=V4): 'b498be7c'
Fri Jul 06 13:31:17 2012 Expected Remote Options hash (VER=V4): '26e19fc0'
Fri Jul 06 13:31:17 2012 UDPv4 link local: [undef]
Fri Jul 06 13:31:17 2012 UDPv4 link remote: 192.168.2.253:1194
Fri Jul 06 13:31:17 2012 TLS: Initial packet from 192.168.2.253:1194, sid=51dac2a1 42278923
Fri Jul 06 13:31:17 2012 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /C=CZ/ST=VC/L=Nachod/O=Lipi/OU=server/CN=server/name=server/emailAddress=mail@host.domain
Fri Jul 06 13:31:17 2012 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Jul 06 13:31:17 2012 TLS Error: TLS object -> incoming plaintext read error
Fri Jul 06 13:31:17 2012 TLS Error: TLS handshake failed
Fri Jul 06 13:31:17 2012 TCP/UDP: Closing socket
Fri Jul 06 13:31:17 2012 SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 06 13:31:17 2012 Restart pause, 2 second(s)
Fri Jul 06 13:31:19 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul 06 13:31:19 2012 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Fri Jul 06 13:31:19 2012 Re-using SSL/TLS context
Fri Jul 06 13:31:19 2012 LZO compression initialized
Fri Jul 06 13:31:19 2012 Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jul 06 13:31:19 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 06 13:31:19 2012 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jul 06 13:31:19 2012 Local Options hash (VER=V4): 'b498be7c'
Fri Jul 06 13:31:19 2012 Expected Remote Options hash (VER=V4): '26e19fc0'
Fri Jul 06 13:31:19 2012 UDPv4 link local: [undef]
Fri Jul 06 13:31:19 2012 UDPv4 link remote: 192.168.2.253:1194
Fri Jul 06 13:31:19 2012 TCP/UDP: Closing socket
Fri Jul 06 13:31:19 2012 SIGTERM[hard,] received, process exiting

server log:

Kód: [Vybrat]

Fri Jul  6 07:27:05 2012 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
Fri Jul  6 07:27:05 2012 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Fri Jul  6 07:27:05 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul  6 07:27:05 2012 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Fri Jul  6 07:27:05 2012 Diffie-Hellman initialized with 1024 bit key
Fri Jul  6 07:27:05 2012 WARNING: file '/etc/openvpn/easy-rsa/keys/server.key' is group or others accessible
Fri Jul  6 07:27:05 2012 TLS-Auth MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jul  6 07:27:05 2012 Socket Buffers: R=[229376->131072] S=[229376->131072]
Fri Jul  6 07:27:05 2012 TUN/TAP device tap0 opened
Fri Jul  6 07:27:05 2012 TUN/TAP TX queue length set to 100
Fri Jul  6 07:27:05 2012 /etc/openvpn/up.sh br0 tap0 tap0 1500 1590   init
Fri Jul  6 07:27:05 2012 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jul  6 07:27:05 2012 GID set to nogroup
Fri Jul  6 07:27:05 2012 UID set to nobody
Fri Jul  6 07:27:05 2012 UDPv4 link local (bound): [AF_INET]192.168.2.253:1194
Fri Jul  6 07:27:05 2012 UDPv4 link remote: [undef]
Fri Jul  6 07:27:05 2012 MULTI: multi_init called, r=256 v=256
Fri Jul  6 07:27:05 2012 IFCONFIG POOL: base=192.168.2.50 size=11, ipv6=0
Fri Jul  6 07:27:05 2012 IFCONFIG POOL LIST
Fri Jul  6 07:27:05 2012 Initialization Sequence Completed
Fri Jul  6 13:31:32 2012 MULTI: multi_create_instance called
Fri Jul  6 13:31:32 2012 192.168.2.10:49414 Re-using SSL/TLS context
Fri Jul  6 13:31:32 2012 192.168.2.10:49414 LZO compression initialized
Fri Jul  6 13:31:32 2012 192.168.2.10:49414 Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jul  6 13:31:32 2012 192.168.2.10:49414 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jul  6 13:31:32 2012 192.168.2.10:49414 Local Options hash (VER=V4): '26e19fc0'
Fri Jul  6 13:31:32 2012 192.168.2.10:49414 Expected Remote Options hash (VER=V4): 'b498be7c'
Fri Jul  6 13:31:32 2012 192.168.2.10:49414 TLS: Initial packet from [AF_INET]192.168.2.10:49414, sid=72e4934f 8432ce13
Fri Jul  6 13:31:34 2012 MULTI: multi_create_instance called
Fri Jul  6 13:31:34 2012 192.168.2.10:49415 Re-using SSL/TLS context
Fri Jul  6 13:31:34 2012 192.168.2.10:49415 LZO compression initialized
Fri Jul  6 13:31:34 2012 192.168.2.10:49415 Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jul  6 13:31:34 2012 192.168.2.10:49415 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jul  6 13:31:34 2012 192.168.2.10:49415 Local Options hash (VER=V4): '26e19fc0'
Fri Jul  6 13:31:34 2012 192.168.2.10:49415 Expected Remote Options hash (VER=V4): 'b498be7c'
Fri Jul  6 13:31:34 2012 192.168.2.10:49415 TLS: Initial packet from [AF_INET]192.168.2.10:49415, sid=02594417 cfaaaebd
Fri Jul  6 13:32:32 2012 192.168.2.10:49414 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jul  6 13:32:32 2012 192.168.2.10:49414 TLS Error: TLS handshake failed
Fri Jul  6 13:32:32 2012 192.168.2.10:49414 SIGUSR1[soft,tls-error] received, client-instance restarting
Fri Jul  6 13:32:34 2012 192.168.2.10:49415 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jul  6 13:32:34 2012 192.168.2.10:49415 TLS Error: TLS handshake failed
Fri Jul  6 13:32:34 2012 192.168.2.10:49415 SIGUSR1[soft,tls-error] received, client-instance restarting
Možná zkusím vygenerovat znovu ca.crt a server certifikat.

[Corsair]

Ahoj,
Openvpnka funguje jak má a dělá radost. Nicméně bych rád rozchodil třeba toto

Kód: [Vybrat]

http://sourceforge.net/projects/openvpn-status/ bohužel jsou zde velice skromní na to jak to vlastně nainstalovat, tímto prosím o pomoc někoho zkušeného a nasměroval mne jak to udělat.
Našel jsem tuto stránku

Kód: [Vybrat]

https://community.openvpn.net/openvpn/wiki/RelatedProjects pro monitorování openvpn pokud máte někdo zkušenost s lepším prográmkem dejte mne prosím vědět.
Děkuji.

[Corsair]

Opravdu, nikdo nemá zkušenost jak na to

[ntz_reloaded]

prosim neplet si vyznam a smysl fora - vyznam a smysl opravdu neni nastavovat jinym lidem pocitac
precti si dokumentaci k dane veci a zacni si to nastavovat sam. V pripade, ze budes mit problem s konkretnimi kroky, tak se zeptej.

dekuji za pochopeni