Não é possível conectar ao servidor OpenVPN no Ubuntu 16.04

3

Estou tentando se conectar a um servidor VPN.

Eu tenho o client.ovpn do administrador do meu sistema.

Ao executar: sudo openvpn --config client.ovpn , estou recebendo Initialization Sequence Completed após alguns segundos, mas minha conexão não está funcionando. tentando - ping google.com não produz resposta.

Em uma máquina macOSX com o Tunnelblick instalado e o mesmo arquivo client.ovpn, tudo está funcionando perfeitamente.

Estou sentindo falta de algo?

Adicionando registros para sudo openvpn --config client.ovpn :

OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Enter Auth Username: *****
Enter Auth Password: ********************
Control Channel Authentication: tls-auth using INLINE static key file
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[212992->200000] S=[212992->200000]
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]52.204.89.71:1194
Server poll timeout, restarting
SIGUSR1[soft,server_poll] received, process restarting
Control Channel Authentication: tls-auth using INLINE static key file
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[212992->200000] S=[212992->200000]
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]52.204.89.71:1194
Server poll timeout, restarting
SIGUSR1[soft,server_poll] received, process restarting
Control Channel Authentication: tls-auth using INLINE static key file
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[87380->200000] S=[16384->200000]
Attempting to establish TCP connection with [AF_INET]52.204.89.71:443 [nonblock]
TCP connection established with [AF_INET]52.204.89.71:443
TCPv4_CLIENT link local: [undef]
TCPv4_CLIENT link remote: [AF_INET]52.204.89.71:443
TLS: Initial packet from [AF_INET]52.204.89.71:443, sid=06674f4e bf6e2a84
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
VERIFY OK: depth=1, CN=OpenVPN CA
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, CN=OpenVPN Server
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
[OpenVPN Server] Peer Connection Initiated with [AF_INET]52.204.89.71:443
SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,socket-flags TCP_NODELAY,auth-token SESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.224.1,dhcp-option DNS 10.0.0.2,register-dns,block-ipv6,ifconfig 172.27.227.61 255.255.248.0'
Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks 
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.3.10)
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
OPTIONS IMPORT: LZO parms modified
OPTIONS IMPORT: --socket-flags option modified
Socket flags: TCP_NODELAY=1 succeeded
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
ROUTE_GATEWAY 192.168.1.99/255.255.255.0 IFACE=wlp4s0 HWADDR=60:f6:77:31:df:9e
TUN/TAP device tun0 opened
TUN/TAP TX queue length set to 100
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
/sbin/ip link set dev tun0 up mtu 1500
/sbin/ip addr add dev tun0 172.27.227.61/21 broadcast 172.27.231.255
ROUTE remote_host is NOT LOCAL
/sbin/ip route add 52.204.89.71/32 via 192.168.1.99
/sbin/ip route add 0.0.0.0/1 via 172.27.224.1
/sbin/ip route add 128.0.0.0/1 via 172.27.224.1
Initialization Sequence Completed

editar:

Meu client.ovpn é assim:

Iv'e remove \ altera os detalhes do privet

# Automatically generated OpenVPN client config file
# Generated on Mon Jan 22 15:15:18 2018 by openvpnas2
# Note: this config file contains inline private keys
#       and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=My_Name
# Define the profile name of this particular configuration file
# [email protected]
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=vpn.server.com:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----

# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc.
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 443 tcp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>

## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256

## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----


## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----

## -----END CERTIFICATE-----
    
por Arnon 22.01.2018 / 18:43

1 resposta

1

O Ubuntu fornece um script para atualizar seu resolv.conf: /etc/openvpn/update-resolv-conf

você pode adicioná-lo ao seu client.ovpn anexando estas linhas a ele:

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

ao iniciar o serviço vpn, ele avaliará as opções estrangeiras enviadas pelo servidor. esses devem conter informações sobre servidores dns para a rede remota que você acabou de conectar.

Para permitir que esses scripts sejam executados, você precisa alterar a configuração e adicionar

script-security 2

também, ou você pode adicionar este parâmetro à sua linha de comando assim:

sudo openvpn --config client.ovpn --script-security 2
    
por 24.01.2018 / 11:45