Új hozzászólás Aktív témák

  • Kris87

    aktív tag

    Sziasztok!

    Openvpn-el kapcsolatos probléma megoldásához szeretnék segítséget kérni.

    Adott egy szerver (192.168.0.2), aminek a konfigja:

    config openvpn 'myvpn'
    option enabled '1'
    option verb '3'
    option proto 'tcp-server'
    option port '1194'
    option dev 'tap'
    option mode 'server'
    option tls_server '1'
    list push 'route-gateway dhcp'
    list push 'redirect-gateway def1'
    option keepalive '10 120'
    option ca '/etc/openvpn/ca.crt'
    option cert '/etc/openvpn/my-server.crt'
    option key '/etc/openvpn/my-server.key'
    option dh '/etc/openvpn/dh2048.pem'

    A kliens windows konfigja:

    dev tap
    proto tcp

    log openvpn.log
    verb 3

    ca ca.crt
    cert my-client.crt
    key my-client.key

    client
    remote-cert-tls server
    remote xyz123.uk.to 1194

    Ezzel windowsban működik minden, kap a virtuális hálókártya egy jó ip címet, megy a net forgalom a vpn szerveren keresztül, elérem a vpn szervert futtató rúterre csatlakozott többi eszközt is, minden klappol.

    Viszont szeretném, ha ehhez a szerverhez tudna kapcsolódni egy másik rúter is (192.168.4.1) az ország másik feléből , hogy az ezen a kliens rúteren csücsülő lan kliensek is el tudják érni a távoli vpn szerveres rúteren csücsülő eszközöket és fordítva.

    Ennek a client routernek a konfigja:

    config openvpn 'myvpn'
    option enabled '1'
    option dev 'tap0'
    option proto 'tcp'
    option verb '3'
    option ca '/etc/openvpn/ca.crt'
    option cert '/etc/openvpn/my-client.crt'
    option key '/etc/openvpn/my-client.key'
    option client '1'
    option remote_cert_tls 'server'
    option remote 'xyz123.uk.to 1194'

    Kapcsolódás közben ezt a logot kapom:

    Fri Dec 15 10:58:03 2017 daemon.notice openvpn(myvpn)[1031]: Socket Buffers: R=[87380->87380] S=[16384->16384]
    Fri Dec 15 10:58:03 2017 daemon.notice openvpn(myvpn)[1031]: Attempting to establish TCP connection with [AF_INET]81.182.35.251:1194 [nonblock]
    Fri Dec 15 10:58:04 2017 daemon.notice openvpn(myvpn)[1031]: TCP connection established with [AF_INET]81.182.35.251:1194
    Fri Dec 15 10:58:04 2017 daemon.notice openvpn(myvpn)[1031]: TCP_CLIENT link local: (not bound)
    Fri Dec 15 10:58:04 2017 daemon.notice openvpn(myvpn)[1031]: TCP_CLIENT link remote: [AF_INET]81.182.35.251:1194
    Fri Dec 15 10:58:04 2017 daemon.notice openvpn(myvpn)[1031]: TLS: Initial packet from [AF_INET]81.182.35.251:1194, sid=fcc8a294 5afa7461
    Fri Dec 15 10:58:40 2017 daemon.notice openvpn(myvpn)[1031]: VERIFY OK: depth=1, C=HU, L=SzSzM
    Fri Dec 15 10:58:40 2017 daemon.notice openvpn(myvpn)[1031]: VERIFY KU OK
    Fri Dec 15 10:58:40 2017 daemon.notice openvpn(myvpn)[1031]: Validating certificate extended key usage
    Fri Dec 15 10:58:40 2017 daemon.notice openvpn(myvpn)[1031]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    Fri Dec 15 10:58:40 2017 daemon.notice openvpn(myvpn)[1031]: VERIFY EKU OK
    Fri Dec 15 10:58:40 2017 daemon.notice openvpn(myvpn)[1031]: VERIFY OK: depth=0, C=HU, CN=1043
    Fri Dec 15 10:58:40 2017 daemon.notice openvpn(myvpn)[1031]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Fri Dec 15 10:58:40 2017 daemon.notice openvpn(myvpn)[1031]: [1043] Peer Connection Initiated with [AF_INET]81.182.35.251:1194
    Fri Dec 15 10:58:40 2017 daemon.info pppd[1359]: System time change detected.
    Fri Dec 15 10:58:41 2017 daemon.info dnsmasq[1574]: read /etc/hosts - 4 addresses
    Fri Dec 15 10:58:41 2017 daemon.info dnsmasq[1574]: read /tmp/hosts/dhcp.cfg02411c - 2 addresses
    Fri Dec 15 10:58:41 2017 daemon.info dnsmasq-dhcp[1574]: read /etc/ethers - 0 addresses
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: SENT CONTROL [1043]: 'PUSH_REQUEST' (status=1)
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: PUSH: Received control message: 'PUSH_REPLY,route-gateway dhcp,redirect-gateway def1,ping 10,ping-restart 120,peer-id 0,cipher AES-256-GCM'
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: OPTIONS IMPORT: timers and/or timeouts modified
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: OPTIONS IMPORT: route options modified
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: OPTIONS IMPORT: route-related options modified
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: OPTIONS IMPORT: peer-id set
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: OPTIONS IMPORT: adjusting link_mtu to 1658
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: OPTIONS IMPORT: data channel crypto options modified
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: Data Channel: using negotiated cipher 'AES-256-GCM'
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
    Fri Dec 15 10:58:41 2017 daemon.notice netifd: Interface 'vpn0' is enabled
    Fri Dec 15 10:58:41 2017 daemon.notice netifd: Network device 'tap0' link is up
    Fri Dec 15 10:58:41 2017 daemon.notice netifd: Interface 'vpn0' has link connectivity
    Fri Dec 15 10:58:41 2017 daemon.notice netifd: Interface 'vpn0' is setting up now
    Fri Dec 15 10:58:41 2017 daemon.notice netifd: Interface 'vpn0' is now up
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: TUN/TAP device tap0 opened
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: TUN/TAP TX queue length set to 100
    Fri Dec 15 10:58:41 2017 daemon.warn openvpn(myvpn)[1031]: NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
    Fri Dec 15 10:58:41 2017 daemon.warn openvpn(myvpn)[1031]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Fri Dec 15 10:58:41 2017 daemon.notice openvpn(myvpn)[1031]: Initialization Sequence Completed
    Fri Dec 15 10:58:42 2017 user.notice firewall: Reloading firewall due to ifup of vpn0 (tap0)

    A hibát a Fri Dec 15 10:58:41 2017 daemon.warn openvpn(myvpn)[1031]: NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing sornál keresgélem, de nem jutok tovább. Tud nekem valaki segíteni? Előre is köszönöm!

Új hozzászólás Aktív témák