openvpn --config conf.ovpn resulta em 'Respostas RTNETLINK: Arquivo existe'

1

Estou tentando configurar um cliente vpn (primeiro e apenas para este servidor). O servidor está rodando em um Raspberry 3 Pi configurado com o PiVPN, que também gerou o arquivo de configuração do cliente.

Aqui está a saída de openvpn --config conf.ovpn :

Tue Jun 27 21:35:42 2017 OpenVPN 2.4.0 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 22 2017
Tue Jun 27 21:35:42 2017 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Enter Private Key Password: *************
Tue Jun 27 21:35:45 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]2.x.x.x:1194
Tue Jun 27 21:35:45 2017 UDP link local: (not bound)
Tue Jun 27 21:35:45 2017 UDP link remote: [AF_INET]2.x.x.x:1194
Tue Jun 27 21:35:46 2017 [server] Peer Connection Initiated with [AF_INET]2.x.x.x:1194
Tue Jun 27 21:35:47 2017 TUN/TAP device tun0 opened
Tue Jun 27 21:35:47 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jun 27 21:35:47 2017 /sbin/ip link set dev tun0 up mtu 1500
Tue Jun 27 21:35:47 2017 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
RTNETLINK answers: File exists
Tue Jun 27 21:35:47 2017 ERROR: Linux route add command failed: external  program exited with error status: 2
Tue Jun 27 21:35:47 2017 Initialization Sequence Completed

No lado do cliente:

root@kali:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 1c:75:08:fa:3b:7e brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ec:55:f9:79:b5:dc brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.64/24 brd 192.168.1.255 scope global dynamic wlan0
       valid_lft 2511sec preferred_lft 2511sec
    inet6 2001:b07:2e0:81c6:7341:e6d7:dab4:9e57/64 scope global noprefixroute dynamic 
       valid_lft 25114sec preferred_lft 10714sec
    inet6 fe80::de7a:3e8b:1eb4:4163/64 scope link 
       valid_lft forever preferred_lft forever

No lado do servidor:

pi@raspberrypi:~ $ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:70:cf:f3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.67/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2001:b07:2e0:81c6:4efb:fa6b:69b7:a22b/64 scope global noprefixroute dynamic 
       valid_lft 24935sec preferred_lft 10535sec
    inet6 fe80::4137:8750:ed76:79cf/64 scope link 
       valid_lft forever preferred_lft forever
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether b8:27:eb:25:9a:a6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::8d7:6c11:f28e:eea0/64 scope link tentative 
       valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::1c6c:2047:3987:5469/64 scope link flags 800 
       valid_lft forever preferred_lft forever

EDITAR:

Conteúdo de conf.ovpn:

client
dev tun
proto udp
remote 2.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
auth-nocache

Conteúdo do server.conf:

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 84.200.69.80"
push "dhcp-option DNS 84.200.70.40"
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
    
por AndTuf 27.06.2017 / 21:53

1 resposta

0

Analisando seus registros:

Tue Jun 27 21:35:47 2017 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
RTNETLINK answers: File exists
Tue Jun 27 21:35:47 2017 ERROR: Linux route add command failed: 
external  program exited with error status: 2

Este trecho específico do log está dizendo que você está tentando criar uma rota que já existe ( RTNETLINK answers: File exists ). Quando você define os endereços IP no servidor e no cliente (ou o pool que os clientes usarão), as rotas usadas para se comunicar entre esses ips são criadas sob demanda com base nessa máscara de rede "LAN". Esta linhas na configuração do servidor:

server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2

Com isso em mente, você não precisa forçar o envio de rota para endereços IP na mesma rede com máscaras /32 ou /24 . Você só precisa excluir ou comentar as seguintes linhas no seu arquivo de configuração do servidor:

push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"

Agora, não haverá rotas mais repetidas:)

    
por 28.06.2017 / 00:01