OpenSSH acessando sites

1

Eu configurei um servidor OpenVPN seguindo este artigo.

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04#step-9-start-and-enable-the-openvpn-service

O servidor está funcionando bem.

m@m-ubu1604:~/client-configs/files$ sudo openvpn --config client1.ovpn 
Tue Aug 15 13:05:56 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Tue Aug 15 13:05:56 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Tue Aug 15 13:05:56 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Aug 15 13:05:56 2017 Control Channel Authentication: tls-auth using INLINE static key file
Tue Aug 15 13:05:56 2017 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Aug 15 13:05:56 2017 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Aug 15 13:05:56 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Aug 15 13:05:56 2017 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Tue Aug 15 13:05:56 2017 UDPv4 link local: [undef]
Tue Aug 15 13:05:56 2017 UDPv4 link remote: [AF_INET]10.8.0.1:1194
Tue Aug 15 13:05:56 2017 TLS: Initial packet from [AF_INET]10.8.0.1:1194, sid=9af65e56 bf209786
Tue Aug 15 13:05:56 2017 VERIFY OK: depth=1, C=US, ST=NY, L=New York City, O=DigitalOcean, OU=Community, CN=DigitalOcean CA, name=server, [email protected]
Tue Aug 15 13:05:56 2017 Validating certificate key usage
Tue Aug 15 13:05:56 2017 ++ Certificate has key usage  00a0, expects 00a0
Tue Aug 15 13:05:56 2017 VERIFY KU OK
Tue Aug 15 13:05:56 2017 Validating certificate extended key usage
Tue Aug 15 13:05:56 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Aug 15 13:05:56 2017 VERIFY EKU OK
Tue Aug 15 13:05:56 2017 VERIFY OK: depth=0, C=US, ST=NY, L=New York City, O=DigitalOcean, OU=Community, CN=server, name=server, [email protected]
Tue Aug 15 13:05:56 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Aug 15 13:05:56 2017 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Aug 15 13:05:56 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Aug 15 13:05:56 2017 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Aug 15 13:05:56 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Aug 15 13:05:56 2017 [server] Peer Connection Initiated with [AF_INET]10.8.0.1:1194
Tue Aug 15 13:05:59 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Aug 15 13:05:59 2017 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 192.168.20.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Aug 15 13:05:59 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 15 13:05:59 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 15 13:05:59 2017 OPTIONS IMPORT: route options modified
Tue Aug 15 13:05:59 2017 WARNING: potential conflict between --remote address [10.8.0.1] and --ifconfig address pair [10.8.0.6, 10.8.0.5] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn)
Tue Aug 15 13:05:59 2017 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=wlp4s0 HWADDR=14:ab:c5:83:82:ef
Tue Aug 15 13:05:59 2017 TUN/TAP device tun1 opened
Tue Aug 15 13:05:59 2017 TUN/TAP TX queue length set to 100
Tue Aug 15 13:05:59 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Aug 15 13:05:59 2017 /sbin/ip link set dev tun1 up mtu 1500
Tue Aug 15 13:05:59 2017 /sbin/ip addr add dev tun1 local 10.8.0.6 peer 10.8.0.5
Tue Aug 15 13:05:59 2017 /etc/openvpn/update-resolv-conf tun1 1500 1570 10.8.0.6 10.8.0.5 init
Tue Aug 15 13:05:59 2017 /sbin/ip route add 192.168.10.0/24 via 10.8.0.5
Tue Aug 15 13:05:59 2017 /sbin/ip route add 192.168.20.0/24 via 10.8.0.5
Tue Aug 15 13:05:59 2017 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Tue Aug 15 13:05:59 2017 GID set to nogroup
Tue Aug 15 13:05:59 2017 UID set to nobody
Tue Aug 15 13:05:59 2017 Initialization Sequence Completed

Como posso verificar se minha solicitação do navegador ou terminal passa pelo servidor Open VPN?

Eu fiz uma onda www.google.com mas não vejo nada no terminal openserver, achei que deveria haver alguns comandos no terminal que uma nova requisição chegou.

    
por user1050619 15.08.2017 / 19:15

1 resposta

0

Primeiro, para verificar seu IP, basta executar:

myip="$(dig +short myip.opendns.com @resolver1.opendns.com)"
echo "My WAN/Public IP address: ${myip}"

de: link

Se o seu IP corresponde ao IP do seu servidor, então tudo está passando pela VPN. Se isso não funcionar, tente usar uma ferramenta de GUI, como network-manager-openvpn , com a qual tive mais sorte.

    
por NerdOfLinux 15.08.2017 / 19:29