Configuração do Servidor OpenVPN, não funcionando após 4 dias ou tutoriais e lendo

1

Novo na rede e isso tem me enlouquecido pela maior parte de quatro dias agora. Eu li 5 tutoriais e não consigo fazer nenhum deles funcionar.

Configurações DDWRT

Configuração Adicional

push "route 10.217.64.55 255.255.255.0"
push "dhcp-options DNS 10.217.64.186"
server 10.217.88.0 255.255.255.0

dev tun0
proto udp
keepalive 10 120

Código para o cliente

remote myip 1194
client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
float
tun-mtu 1400
ca ca.crt
cert client2.crt
key client2.key

ns-cert-type server
comp-lzo
verb 3

Eu tentei desativar o firewall no DDWRT, mas isso não teve efeito. Aqui estão os IPtables que estou usando atualmente, apesar de ter tentado cerca de 20 iterações.

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 10.217.88.0/24 -j ACCEPT
iptables -I FORWARD 1 --source 10.217.88.1/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.217.88.1/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.217.88.1/24 -j MASQUERADE
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Registro do cliente

Sat Apr 29 21:04:34 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sat Apr 29 21:04:34 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Apr 29 21:04:34 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Sat Apr 29 21:04:34 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Apr 29 21:04:34 2017 Need hold release from management interface, waiting...
Sat Apr 29 21:04:35 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'state on'
Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'log all on'
Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'echo all on'
Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'hold off'
Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'hold release'
Sat Apr 29 21:04:35 2017 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Apr 29 21:04:35 2017 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Sat Apr 29 21:04:35 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]
Sat Apr 29 21:04:35 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 29 21:04:35 2017 UDP link local: (not bound)
Sat Apr 29 21:04:35 2017 UDP link remote: [AF_INET]
Sat Apr 29 21:04:35 2017 MANAGEMENT: >STATE:1493517875,WAIT,,,,,,
Sat Apr 29 21:04:52 2017 SIGTERM[hard,] received, process exiting
Sat Apr 29 21:04:52 2017 MANAGEMENT: >STATE:1493517892,EXITING,SIGTERM,,,,,

Log do servidor

Sun Apr 30 12:32:41 2017 OpenVPN 2.4.1 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 27 2017
Sun Apr 30 12:32:41 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Sun Apr 30 12:32:41 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
Sun Apr 30 12:32:41 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 30 12:32:41 2017 Diffie-Hellman initialized with 1024 bit key
Sun Apr 30 12:32:41 2017 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Sun Apr 30 12:32:41 2017 TUN/TAP device tun0 opened
Sun Apr 30 12:32:41 2017 TUN/TAP TX queue length set to 100
Sun Apr 30 12:32:41 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Apr 30 12:32:41 2017 /sbin/ifconfig tun0 10.217.88.1 netmask 255.255.255.0 mtu 1400 broadcast 10.217.88.255
Sun Apr 30 12:32:41 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Sun Apr 30 12:32:41 2017 UDP: Cannot create UDP/UDP6 socket: Address family not supported by protocol (errno=97)
Sun Apr 30 12:32:41 2017 Exiting due to fatal error
Sun Apr 30 12:32:41 2017 /tmp/openvpn/route-down.sh tun0 1400 1522 10.217.88.1 255.255.255.0 init
Sun Apr 30 12:32:41 2017 Closing TUN/TAP interface
Sun Apr 30 12:32:41 2017 /sbin/ifconfig tun0 0.0.0.0

EDIT: Para esclarecer, minha frustração é que eu não consigo fazer com que o servidor e o cliente façam um aperto de mão e pelo menos respondam um ao outro.

Eu suspeito que um sintoma disso está checando canyouseeme ver 1194 UPD resulta em ser fechado. Apesar do fato de que eu tenho a tabela IP configurada como afirmei acima. Mesmo ao desligar completamente o firewall, ele ainda resulta no estado de espera do OpenVPN.

    
por Slacker101 30.04.2017 / 04:45

0 respostas