Eu tenho um servidor OpenVPN instalado em uma instância do Amazon com o Windows Server 2008 R2 e há meu cliente.
Primeiro, conecto-me à minha VPN Por alguma razão, quando tento conectar-me ao meu servidor VPN e RDP, a tela do RDP congela após alguns segundos porque a conexão ou o túnel está caindo após alguns segundos serem estabelecidos.
Para configurar primeiro o túnel, eu executo este comando: sudo openvpn client.conf
O arquivo client.conf possui o seguinte conteúdo:
#This is a client profile.
client
# We want to tunnel packets (rather than Ethernet bridging).
dev tun
# Use TCP instead of UDP.
proto tcp
# This is the VPN server we're connecting to.
# Be sure to change this value to YOUR Elastic IP address.
remote 107.23.174.205 443
# These are the crypto certificates we'll be using.
ca ca.crt
cert IanCert.crt
key IanCert.key
# Use LZO compression on the channel.
comp-lzo
#Verbosity
verb 3
Depois de executar esse comando, isso está se repetindo no meu terminal:
Mon Dec 31 03:35:03 2012 Connection reset, restarting [-1]
Mon Dec 31 03:35:03 2012 TCP/UDP: Closing socket
Mon Dec 31 03:35:03 2012 /sbin/route del -net 10.8.0.1 netmask 255.255.255.255
Mon Dec 31 03:35:03 2012 Closing TUN/TAP interface
Mon Dec 31 03:35:03 2012 /sbin/ifconfig tun0 0.0.0.0
Mon Dec 31 03:35:03 2012 SIGUSR1[soft,connection-reset] received, process restarting
Mon Dec 31 03:35:03 2012 Restart pause, 5 second(s)
Mon Dec 31 03:35:08 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Dec 31 03:35:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Dec 31 03:35:08 2012 WARNING: file 'IanCert.key' is group or others accessible
Mon Dec 31 03:35:08 2012 LZO compression initialized
Mon Dec 31 03:35:08 2012 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Dec 31 03:35:08 2012 Socket Buffers: R=[87380->131072] S=[16384->131072]
Mon Dec 31 03:35:08 2012 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Dec 31 03:35:08 2012 Local Options hash (VER=V4): '69109d17'
Mon Dec 31 03:35:08 2012 Expected Remote Options hash (VER=V4): 'c0103fa8'
Mon Dec 31 03:35:08 2012 Attempting to establish TCP connection with [AF_INET]107.23.174.205:443 [nonblock]
Mon Dec 31 03:35:09 2012 TCP connection established with [AF_INET]107.23.174.205:443
Mon Dec 31 03:35:09 2012 TCPv4_CLIENT link local: [undef]
Mon Dec 31 03:35:09 2012 TCPv4_CLIENT link remote: [AF_INET]107.23.174.205:443
Mon Dec 31 03:35:09 2012 TLS: Initial packet from [AF_INET]107.23.174.205:443, sid=79b44982 8fb01720
Mon Dec 31 03:35:11 2012 VERIFY OK: depth=1, /C=US/ST=VA/L=Haymarket/O=DKRDomain/OU=IT/CN=DKRDomain/name=Dave_Rensin/[email protected]
Mon Dec 31 03:35:11 2012 VERIFY OK: depth=0, /C=US/ST=VA/L=Haymarket/O=DKRDomain/OU=IT/CN=DKRDomain/name=Dave_Rensin/[email protected]
Mon Dec 31 03:35:14 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 31 03:35:14 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 31 03:35:14 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 31 03:35:14 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 31 03:35:14 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Dec 31 03:35:14 2012 [DKRDomain] Peer Connection Initiated with [AF_INET]107.23.174.205:443
Mon Dec 31 03:35:17 2012 SENT CONTROL [DKRDomain]: 'PUSH_REQUEST' (status=1)
Mon Dec 31 03:35:17 2012 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Dec 31 03:35:17 2012 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 31 03:35:17 2012 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 31 03:35:17 2012 OPTIONS IMPORT: route options modified
Mon Dec 31 03:35:17 2012 ROUTE default_gateway=192.168.1.1
Mon Dec 31 03:35:17 2012 TUN/TAP device tun0 opened
Mon Dec 31 03:35:17 2012 TUN/TAP TX queue length set to 100
Mon Dec 31 03:35:17 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Dec 31 03:35:17 2012 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Mon Dec 31 03:35:17 2012 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Mon Dec 31 03:35:17 2012 Initialization Sequence Completed
A única maneira de RDP para minha instância (sem configurar VPN) é por seu IP público (mas eu não quero isso, apenas para corrigir isso). Estou usando o Mint Linux (ou o Debian 6) no meu cliente.
Alguma idéia?
Tags networking openvpn rdp