firewallem to tedy neni. Pridavam jeste log ze serveru :
May 23 14:16:03 david-nbubun ovpn-server[6050]: OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 8 2012
May 23 14:16:03 david-nbubun ovpn-server[6050]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:7505
May 23 14:16:03 david-nbubun ovpn-server[6050]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
May 23 14:16:03 david-nbubun ovpn-server[6050]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 23 14:16:03 david-nbubun ovpn-server[6050]: Diffie-Hellman initialized with 1024 bit key
May 23 14:16:03 david-nbubun ovpn-server[6050]: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
May 23 14:16:03 david-nbubun ovpn-server[6050]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 14:16:03 david-nbubun ovpn-server[6050]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 14:16:03 david-nbubun ovpn-server[6050]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
May 23 14:16:03 david-nbubun ovpn-server[6050]: TLS-Auth MTU parms [ L:1474 D:166 EF:66 EB:0 ET:0 EL:0 ]
May 23 14:16:03 david-nbubun ovpn-server[6050]: Socket Buffers: R=[163840->131072] S=[163840->131072]
May 23 14:16:03 david-nbubun ovpn-server[6050]: TUN/TAP device tap0 opened
May 23 14:16:03 david-nbubun ovpn-server[6050]: TUN/TAP TX queue length set to 100
May 23 14:16:03 david-nbubun ovpn-server[6050]: /etc/openvpn/up.sh br0 tap0 1500 tap0 1400 1474 init
May 23 14:16:03 david-nbubun ovpn-server[6050]: Data Channel MTU parms [ L:1474 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
May 23 14:16:03 david-nbubun ovpn-server[6065]: UDPv4 link local (bound): [undef]
May 23 14:16:03 david-nbubun ovpn-server[6065]: UDPv4 link remote: [undef]
May 23 14:16:03 david-nbubun ovpn-server[6065]: MULTI: multi_init called, r=256 v=256
May 23 14:16:03 david-nbubun ovpn-server[6065]: IFCONFIG POOL: base=192.168.55.110 size=41, ipv6=0
May 23 14:16:03 david-nbubun ovpn-server[6065]: ifconfig_pool_read(), in='client2,192.168.55.110', TODO: IPv6
May 23 14:16:03 david-nbubun ovpn-server[6065]: succeeded -> ifconfig_pool_set()
May 23 14:16:03 david-nbubun ovpn-server[6065]: ifconfig_pool_read(), in='client1,192.168.55.111', TODO: IPv6
May 23 14:16:03 david-nbubun ovpn-server[6065]: succeeded -> ifconfig_pool_set()
May 23 14:16:03 david-nbubun ovpn-server[6065]: IFCONFIG POOL LIST
May 23 14:16:03 david-nbubun ovpn-server[6065]: client2,192.168.55.110
May 23 14:16:03 david-nbubun ovpn-server[6065]: client1,192.168.55.111
May 23 14:16:03 david-nbubun ovpn-server[6065]: Initialization Sequence Completed
May 23 14:16:27 david-nbubun ovpn-server[6065]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:7505
May 23 14:16:31 david-nbubun ovpn-server[6065]: MULTI: multi_create_instance called
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 Re-using SSL/TLS context
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 LZO compression initialized
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 Control Channel MTU parms [ L:1474 D:166 EF:66 EB:0 ET:0 EL:0 ]
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 Data Channel MTU parms [ L:1474 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 Local Options hash (VER=V4): 'a6e8344b'
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 Expected Remote Options hash (VER=V4): 'd185e991'
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 TLS: Initial packet from [AF_INET]10.0.88.12:53436, sid=1dd617d7 a03812b8
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 VERIFY OK: depth=1, /C=CR/ST=CR/L=MoravskyKrumlov/O=CertAutorita/OU=changeme/CN=openVPN-CA/name=changeme/emailAddress=david.malysz@jednotamk.cz
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 VERIFY OK: depth=0, /C=CR/ST=CR/L=MoravskyKrumlov/O=CertAutorita/OU=changeme/CN=client1/name=changeme/emailAddress=david.malysz@jednotamk.cz
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
May 23 14:16:31 david-nbubun ovpn-server[6065]: 10.0.88.12:53436 [client1] Peer Connection Initiated with [AF_INET]10.0.88.12:53436
May 23 14:16:31 david-nbubun ovpn-server[6065]: client1/10.0.88.12:53436 MULTI_sva: pool returned IPv4=192.168.55.111, IPv6=146a:76b7:240a:8cbf:80d:8cbf:88fc:2fb9
May 23 14:16:33 david-nbubun ovpn-server[6065]: client1/10.0.88.12:53436 PUSH: Received control message: 'PUSH_REQUEST'
May 23 14:16:33 david-nbubun ovpn-server[6065]: client1/10.0.88.12:53436 send_push_reply(): safe_cap=960
May 23 14:16:33 david-nbubun ovpn-server[6065]: client1/10.0.88.12:53436 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 192.168.55.12,ping 10,ping-restart 60,ifconfi:
May 23 14:18:33 david-nbubun ovpn-server[6065]: client1/10.0.88.12:53436 [client1] Inactivity timeout (--ping-restart), restarting
May 23 1May 23 14:18:33 david-nbubun ovpn-server[6065]: client1/10.0.88.12:53436 [client1] Inactivity timeout (--ping-restart), restarting
May 23 14:18:33 david-nbubun ovpn-server[6065]: client1/10.0.88.12:53436 SIGUSR1[soft,ping-restart] received, client-instance restarting
4:18:33 david-nbubun ovpn-server[6065]: client1/10.0.88.12:53436 SIGUSR1[soft,ping-restart] received, client-instance restarting
Je videt ze vsechno probehne v poradku, ale nakonec ho vyhodi protoze mu neprijde ping (keepalive) od toho klienta.
routovac tabulka na serveru:
root@david-nbubun:/etc/openvpn# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.55.1 0.0.0.0 UG 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 br0
192.168.55.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
root@david-nbubun:/etc/openvpn#
Muze to byt traba tim, ze virtual (ve kterem bezi klient) ma problem s virtualnim interfacem tap0?
Téma: OpenVPN - nelze pingnout server ani LAN (Přečteno 2434 krát)