OpenVPN i problem z tworzeniem interfejsu TUN

Konfiguracja serwerów, usług, itp.
ODPOWIEDZ
0chi0
Posty: 27
Rejestracja: 31 października 2014, 17:39

OpenVPN i problem z tworzeniem interfejsu TUN

Post autor: 0chi0 »

Witam wszystkich,
mam mały problem z połaczeniem client <> server.

Mam taki oto konfig:

Kod: Zaznacz cały

[font=arial]client[/font]
[font=arial]dev tun9[/font]
[font=arial]ifconfig 10.1.1.5 10.1.1.6[/font]
[font=arial]proto udp[/font]
[font=arial]remote ADRES PORT[/font]
[font=arial]resolv-retry infinite[/font]
[font=arial]nobind[/font]
[font=arial]persist-key[/font]
[font=arial]persist-tun[/font]
[font=arial]ca [/font]
[font=arial]cert[/font]
[font=arial]key [/font]
[font=arial]tls-auth [/font]
[font=arial]comp-lzo[/font]
[font=arial]keepalive 10 120[/font]
[font=arial]verb 3[/font]
[font=arial]mute 20[/font]
po odpaleniu otrzymuje takie błędy:

Kod: Zaznacz cały

[font=arial]Fri Oct 31 16:49:37 2014 OpenVPN 2.2.1 x86_64-unknown-linux-gnu [SSL] [LZO1] [EPOLL] [eurephia] built on Aug  1 2011
[/font]
[font=arial]Fri Oct 31 16:49:37 2014 WARNING: using --pull/--client and --ifconfig together is probably not what you want[/font]
[font=arial]Fri Oct 31 16:49:37 2014 WARNING: No server certificate verification method has been enabled.  See [URL]http://openvpn.net/howto.html#mitm[/URL] for more info.[/font]
[font=arial]Fri Oct 31 16:49:37 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables[/font]
[font=arial]Fri Oct 31 16:49:37 2014 Control Channel Authentication: using '/usr/local/etc/openvpn/' as a OpenVPN static key file[/font]
[font=arial]Fri Oct 31 16:49:37 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication[/font]
[font=arial]Fri Oct 31 16:49:37 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication[/font]
[font=arial]Fri Oct 31 16:49:37 2014 LZO compression initialized[/font]
[font=arial]Fri Oct 31 16:49:37 2014 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ][/font]
[font=arial]Fri Oct 31 16:49:37 2014 Socket Buffers: R=[129024->131072] S=[129024->131072][/font]
[font=arial]Fri Oct 31 16:49:37 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ][/font]
[font=arial]Fri Oct 31 16:49:37 2014 Local Options hash (VER=V4): '504e774e'[/font]
[font=arial]Fri Oct 31 16:49:37 2014 Expected Remote Options hash (VER=V4): '14168603'[/font]
[font=arial]Fri Oct 31 16:49:37 2014 UDPv4 link local: [undef][/font]
[font=arial]Fri Oct 31 16:49:37 2014 UDPv4 link remote: [url=http://217.153.182.236:63194/]A[/URL]DRESIP[/font]
[font=arial]Fri Oct 31 16:49:37 2014 TLS: Initial packet from ADRESIP, sid=0f287a71 29cb10b5[/font]
[font=arial]Fri Oct 31 16:49:37 2014 VERIFY OK: depth=1, /C=PL/[/font]
[font=arial]Fri Oct 31 16:49:37 2014 VERIFY OK: depth=0, /C=PL/[/font]
[font=arial]Fri Oct 31 16:49:37 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key[/font]
[font=arial]Fri Oct 31 16:49:37 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication[/font]
[font=arial]Fri Oct 31 16:49:37 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key[/font]
[font=arial]Fri Oct 31 16:49:37 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication[/font]
[font=arial]Fri Oct 31 16:49:37 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA[/font]
[font=arial]Fri Oct 31 16:49:37 2014 [vpn3] Peer Connection Initiated with [/font]
[font=arial]Fri Oct 31 16:49:39 2014 SENT CONTROL [vpn3]: 'PUSH_REQUEST' (status=1)[/font]
[font=arial]Fri Oct 31 16:49:39 2014 PUSH: Received control message: 'PUSH_REPLY,route 10.1.1.6,topology net30,ping 10,ping-restart 120,route JAKASIEC,ifconfig 10.1.1.6 255.255.255.248'[/font]
[font=arial]Fri Oct 31 16:49:39 2014 OPTIONS IMPORT: timers and/or timeouts modified[/font]
[font=arial]Fri Oct 31 16:49:39 2014 OPTIONS IMPORT: --ifconfig/up options modified[/font]
[font=arial]Fri Oct 31 16:49:39 2014 OPTIONS IMPORT: route options modified[/font]
[font=arial]Fri Oct 31 16:49:39 2014 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address.  You are using something (255.255.255.248) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)[/font]
[font=arial]Fri Oct 31 16:49:39 2014 ROUTE default_gateway=ADRESIP[/font]
[font=arial]Fri Oct 31 16:49:39 2014 TUN/TAP device tun9 opened[/font]
[font=arial]Fri Oct 31 16:49:39 2014 TUN/TAP TX queue length set to 100[/font]
[font=arial][B]Fri Oct 31 16:49:39 2014 /sbin/ifconfig tun9 10.1.1.6 pointopoint 255.255.255.248 mtu 1500[/B][/font]
[font=arial][B]SIOCSIFDSTADDR: Invalid argument[/B][/font]
[font=arial]Fri Oct 31 16:49:39 2014 Linux ifconfig failed: external program exited with error status: 1[/font]
[font=arial]Fri Oct 31 16:49:40 2014 Exiting[/font]
- tun'a ręcznie nie tworzyłem,
- 10.1.1.5 - adres serwera
- 10.1.1.6 - adres klient
- nie mam dostępu do konfiguracji serwera ale nie wiem czy tam nie ma 'tun' gdzie ja mam 'tun9' - o ile to ma znaczenie.
- openvpn uruchamian na routerze, nie robiłem jeszcze zadnych forwardów, input, czy nat.
Na górę
ODPOWIEDZ

Wróć do „Serwer”