Eu tinha uma configuração que funcionava anteriormente com os arquivos de configuração usados em uma pergunta anterior
No entanto, eu mudei isso agora para a seguinte configuração usando o modo de servidor, tudo nos logs parece bem, no entanto, o cliente não cria qualquer interface tun, então eu não tenho nada para se conectar, presumivelmente, Eu preciso adicionar ou empurrar alguns comandos de rota, mas eu não tenho nenhuma ideia neste momento o que eu preciso fazer. Estou postando todos os meus arquivos de configuração relevantes
server.conf
:
dev tun
server 10.8.117.0 255.255.255.0
ifconfig-pool-persist ipp.txt
tls-server
dh /home/lurscher/keys/dh1024.pem
ca /home/lurscher/keys/ca.crt
cert /home/lurscher/keys/vpnCh8TestServer.crt
key /home/lurscher/keys/vpnCh8TestServer.key
status openvpn-status.log
log openvpn.log
comp-lzo
verb 3
e client.conf
:
dev tun
remote my.server.com
tls-client
ca /home/chuckq/keys/ca.crt
cert /home/chuckq/keys/vpnCh8TestClient.crt
key /home/chuckq/keys/vpnCh8TestClient.key
ns-cert-type server
; port 1194
; user nobody
; group nogroup
status openvpn-status.log
log openvpn.log
comp-lzo
verb 3
o servidor ifconfig
mostra um dispositivo tun:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.117.1 P-t-P:10.8.117.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
No entanto, o cliente ifconfig
não mostra nenhuma interface tun!
$ ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
POINTOPOINT NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
o log do cliente diz:
Tue May 17 23:27:09 2011 OpenVPN 2.1.0 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 12 2010
Tue May 17 23:27:09 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue May 17 23:27:09 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue May 17 23:27:09 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Tue May 17 23:27:09 2011 LZO compression initialized
Tue May 17 23:27:09 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue May 17 23:27:09 2011 TUN/TAP device tun0 opened
Tue May 17 23:27:09 2011 TUN/TAP TX queue length set to 100
Tue May 17 23:27:09 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue May 17 23:27:09 2011 Local Options hash (VER=V4): '41690919'
Tue May 17 23:27:09 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue May 17 23:27:09 2011 Socket Buffers: R=[114688->131072] S=[114688->131072]
Tue May 17 23:27:09 2011 UDPv4 link local (bound): [undef]
Tue May 17 23:27:09 2011 UDPv4 link remote: [AF_INET]192.168.0.101:1194
Tue May 17 23:27:09 2011 TLS: Initial packet from [AF_INET]192.168.0.101:1194, sid=8e8bdc33 f4275407
Tue May 17 23:27:09 2011 VERIFY OK: depth=1, /C=CA/ST=Out/L=There/O=Ubuntu/OU=Home/CN=Ubuntu_CA/name=lurscher/[email protected]
Tue May 17 23:27:09 2011 VERIFY OK: nsCertType=SERVER
Tue May 17 23:27:09 2011 VERIFY OK: depth=0, /C=CA/ST=Out/L=There/O=Ubuntu/OU=Home/CN=vpnCh8TestServer/name=lurscher/[email protected]
Tue May 17 23:27:09 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 17 23:27:09 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 17 23:27:09 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 17 23:27:09 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 17 23:27:09 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue May 17 23:27:09 2011 [vpnCh8TestServer] Peer Connection Initiated with [AF_INET]192.168.0.101:1194
Tue May 17 23:27:10 2011 Initialization Sequence Completed
o registro de status do cliente:
OpenVPN STATISTICS
Updated,Tue May 17 23:30:09 2011
TUN/TAP read bytes,0
TUN/TAP write bytes,0
TCP/UDP read bytes,5604
TCP/UDP write bytes,4244
Auth read bytes,0
pre-compress bytes,0
post-compress bytes,0
pre-decompress bytes,0
post-decompress bytes,0
END
e o log do servidor diz:
Tue May 17 23:18:25 2011 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 12 2010
Tue May 17 23:18:25 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue May 17 23:18:25 2011 WARNING: --keepalive option is missing from server config
Tue May 17 23:18:25 2011 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue May 17 23:18:25 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue May 17 23:18:25 2011 Diffie-Hellman initialized with 1024 bit key
Tue May 17 23:18:25 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Tue May 17 23:18:25 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue May 17 23:18:25 2011 ROUTE default_gateway=192.168.0.1
Tue May 17 23:18:25 2011 TUN/TAP device tun0 opened
Tue May 17 23:18:25 2011 TUN/TAP TX queue length set to 100
Tue May 17 23:18:25 2011 /sbin/ifconfig tun0 10.8.117.1 pointopoint 10.8.117.2 mtu 1500
Tue May 17 23:18:25 2011 /sbin/route add -net 10.8.117.0 netmask 255.255.255.0 gw 10.8.117.2
Tue May 17 23:18:25 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue May 17 23:18:25 2011 Socket Buffers: R=[126976->131072] S=[126976->131072]
Tue May 17 23:18:25 2011 UDPv4 link local (bound): [undef]
Tue May 17 23:18:25 2011 UDPv4 link remote: [undef]
Tue May 17 23:18:25 2011 MULTI: multi_init called, r=256 v=256
Tue May 17 23:18:25 2011 IFCONFIG POOL: base=10.8.117.4 size=62
Tue May 17 23:18:25 2011 IFCONFIG POOL LIST
Tue May 17 23:18:25 2011 vpnCh8TestClient,10.8.117.4
Tue May 17 23:18:25 2011 Initialization Sequence Completed
Tue May 17 23:27:22 2011 MULTI: multi_create_instance called
Tue May 17 23:27:22 2011 192.168.0.104:1194 Re-using SSL/TLS context
Tue May 17 23:27:22 2011 192.168.0.104:1194 LZO compression initialized
Tue May 17 23:27:22 2011 192.168.0.104:1194 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue May 17 23:27:22 2011 192.168.0.104:1194 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue May 17 23:27:22 2011 192.168.0.104:1194 Local Options hash (VER=V4): '530fdded'
Tue May 17 23:27:22 2011 192.168.0.104:1194 Expected Remote Options hash (VER=V4): '41690919'
Tue May 17 23:27:22 2011 192.168.0.104:1194 TLS: Initial packet from [AF_INET]192.168.0.104:1194, sid=8972b565 79323f68
Tue May 17 23:27:22 2011 192.168.0.104:1194 VERIFY OK: depth=1, /C=CA/ST=Out/L=There/O=Ubuntu/OU=Home/CN=Ubuntu_CA/name=lurscher/[email protected]
Tue May 17 23:27:22 2011 192.168.0.104:1194 VERIFY OK: depth=0, /C=CA/ST=Out/L=There/O=Ubuntu/OU=Home/CN=Ubuntu_CA/name=lurscher/[email protected]
Tue May 17 23:27:22 2011 192.168.0.104:1194 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 17 23:27:22 2011 192.168.0.104:1194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 17 23:27:22 2011 192.168.0.104:1194 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 17 23:27:22 2011 192.168.0.104:1194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 17 23:27:22 2011 192.168.0.104:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue May 17 23:27:22 2011 192.168.0.104:1194 [vpnCh8TestClient] Peer Connection Initiated with [AF_INET]192.168.0.104:1194
Tue May 17 23:27:22 2011 vpnCh8TestClient/192.168.0.104:1194 MULTI: Learn: 10.8.117.6 -> vpnCh8TestClient/192.168.0.104:1194
Tue May 17 23:27:22 2011 vpnCh8TestClient/192.168.0.104:1194 MULTI: primary virtual IP for vpnCh8TestClient/192.168.0.104:1194: 10.8.117.6
finalmente, o log de status do servidor:
OpenVPN CLIENT LIST
Updated,Tue May 17 23:36:25 2011
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
vpnCh8TestClient,192.168.0.104:1194,4244,5604,Tue May 17 23:27:22 2011
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.117.6,vpnCh8TestClient,192.168.0.104:1194,Tue May 17 23:27:22 2011
GLOBAL STATS
Max bcast/mcast queue length,0
END