Polskie Forum Użytkowników Debiana

Polski portal użytkowników dystrybucji Debian GNU/Linux, dyskusje, artykuły, nowości, blog, porady, pomoc.
https://www.debian.pl/

przekierowanie portów poza nat

https://www.debian.pl/viewtopic.php?t=22318

Strona 2 z 4

: 29 marca 2011, 22:31
autor: maximu856
Tak mam stworzone, a co tam dokładnie ma być wpisane, żeby działało?
To jeśli chodzi o serwer VPN, a co jeszcze trzeba wpisać w kliencie VPN?

Wybaczcie tak pewnie dla was laickie pytania, ale ja naprawdę nie potrzebuję zgłębiać wiedzy Linuksa, zresztą nie mam w życiu na to czasu. Potrzebuję tylko to zrobić, żeby stabilnie chodziło i tyle. Pozdrawiam i z góry dziękuję za wypowiedzi.

: 30 marca 2011, 19:09
autor: Cyphermen
http://www.olek.waw.pl/wp-content/uploa ... penvpn.pdf
Tam naprawdę masz wszystko, wystarczy przekleić i zmienić adresację.

: 30 marca 2011, 23:41
autor: maximu856
Dziękuję bardzo. Zabieram się za lekturę. Jak będę miał problemy to mam nadzieje, że zechce Ci się mi doradzić. Pozdrawiam

Edycja:
No tak, przeczytałem, ale widzę, że ta konfiguracja dotyczy Windowsa, a ja chce połączyć 2 Debiany.
Może zechce Ci się napisać mały poradnik: jakie pliki utworzyć, co do nich wkleić, oraz co ustawić w cronie, żeby sie uruchamiał vpn po restarcie systemu?

Na razie z tego co zdołałem sam zrobić:

Kod: Zaznacz cały

apt-get install openvpn
stworzyłem plik static.key oraz openvpn-server.conf - to po stronie serwera, skopiowałem plik static.key z serwera oraz stworzyłem plik openvpn-klient.conf.

To jest wpis z openvpn-server.conf

Kod: Zaznacz cały

dev tun
port 5000
ifconfig 10.8.0.1 10.8.0.2
secret /etc/openvpn/static.key
proto tcp-server
daemon
verb 4
keepalive 10 900
inactive 3600
comp-lzo
A to wpis z openvpn-klient.conf

Kod: Zaznacz cały

dev tun
remote adres.ip.serwera 5000
proto tcp-client
ifconfig 10.8.0.2 10.8.0.1
secret /etc/openvpn/static.key
keepalive 10 60
comp-lzo
Na tym stanąłem. Czy to wystarczy? Dziwi mnie to, że nie trzeba dodawać żadnych reguł uruchamiania itp.

: 01 kwietnia 2011, 12:09
autor: Cyphermen
Wystartuj to najpierw na serwerze i wpisz

Kod: Zaznacz cały

ifconfig
zobacz czy pojawi sie tam interfejs tun 0. Jeśli się pojawi wystaruj klienta. Nie wiem czy poprawnie masz skonfigurowane pliki ale najpierw wystartuj aplikację.

: 01 kwietnia 2011, 16:00
autor: maximu856
[HTML]root@:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 -00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255. 255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:415427 errors:0 dropped:0 overruns:0 frame:0
TX packets:447505 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:48617942 (46.3 MiB) TX bytes:82981971 (79.1 MiB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 -00
inet addr:ip.serwer.openvpn P-t-P:ip.serwer.openvpn Bcast:0.0.0.0 Mask:25 5.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1[/HTML]

: 02 kwietnia 2011, 20:52
autor: Cyphermen
Z tego co widzę nie uruchomił Ci się nawet ten serwer.
Jak go uruchamiasz? Tak w ogóle to mimo że połączenie się zestawi to nie będziesz miał dostępu do sieci lan, gdyż brakuje trasowania ale to później, najpierw zestaw połączenie.
dopisz do pliku serwera:

Kod: Zaznacz cały

local twój_adres_IP_zewnętrzny
Później wpisz w konsoli:

Kod: Zaznacz cały

openvpn -config plik_openvpn_serwera
po tym wklej wynik:

Kod: Zaznacz cały

ifconfig
oraz przydałyby się jakieś logi na temat openvpn z serwera.

: 02 kwietnia 2011, 21:46
autor: maximu856
Uruchamiam dokładnie tak jak napisałeś, ale na kliencie automatycznie sie uruchamia. Dodam, że na kliencie po wpisaniu

Kod: Zaznacz cały

 ifconfig
ładnie widnieje tun0 i adresy 10 itd. Nie wiem co jest grane, może VPS blokować tego rodzaju ustawienia?

: 03 kwietnia 2011, 10:52
autor: Cyphermen
Zły adres w pliku serwera może spowodować nawet, że się serwer nie uruchomi.

Jest jakiś komunikat w ogóle przy próbie startu serwera?

Wklej tutaj co mówią logi.

: 04 kwietnia 2011, 14:28
autor: maximu856
Witam.
Kiedy wykonam polecenie:

Kod: Zaznacz cały

openvpn --config /etc/openvpn/openvpn-serwer.config
to takie wyniki są w logu:

Kod: Zaznacz cały

Mon Apr  4 12:32:08 2011 us=48775 Current Parameter Settings:
Mon Apr  4 12:32:08 2011 us=48856   config = '/etc/openvpn/openvpn-serwer.conf'
Mon Apr  4 12:32:08 2011 us=48871   mode = 0
Mon Apr  4 12:32:08 2011 us=48883   persist_config = DISABLED
Mon Apr  4 12:32:08 2011 us=48897   persist_mode = 1
Mon Apr  4 12:32:08 2011 us=48909   show_ciphers = DISABLED
Mon Apr  4 12:32:08 2011 us=48918   show_digests = DISABLED
Mon Apr  4 12:32:08 2011 us=48931   show_engines = DISABLED
Mon Apr  4 12:32:08 2011 us=48942   genkey = DISABLED
Mon Apr  4 12:32:08 2011 us=48958   key_pass_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=48971   show_tls_ciphers = DISABLED
Mon Apr  4 12:32:08 2011 us=48984 Connection profiles [default]:
Mon Apr  4 12:32:08 2011 us=48997   proto = tcp-server
Mon Apr  4 12:32:08 2011 us=49006   local = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49019   local_port = 5000
Mon Apr  4 12:32:08 2011 us=49034   remote = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49046   remote_port = 5000
Mon Apr  4 12:32:08 2011 us=49059   remote_float = DISABLED
Mon Apr  4 12:32:08 2011 us=49069   bind_defined = DISABLED
Mon Apr  4 12:32:08 2011 us=49084   bind_local = ENABLED
Mon Apr  4 12:32:08 2011 us=49099   connect_retry_seconds = 5
Mon Apr  4 12:32:08 2011 us=49108   connect_timeout = 10
Mon Apr  4 12:32:08 2011 us=49123   connect_retry_max = 0
Mon Apr  4 12:32:08 2011 us=49138   socks_proxy_server = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49151   socks_proxy_port = 0
Mon Apr  4 12:32:08 2011 us=49166   socks_proxy_retry = DISABLED
Mon Apr  4 12:32:08 2011 us=49183 Connection profiles END
Mon Apr  4 12:32:08 2011 us=49198   remote_random = DISABLED
Mon Apr  4 12:32:08 2011 us=49212   ipchange = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49225   dev = 'tun'
Mon Apr  4 12:32:08 2011 us=49234   dev_type = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49247   dev_node = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49260   lladdr = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49272   topology = 1
Mon Apr  4 12:32:08 2011 us=49282   tun_ipv6 = DISABLED
Mon Apr  4 12:32:08 2011 us=49296   ifconfig_local = '10.8.0.1'
Mon Apr  4 12:32:08 2011 us=49306   ifconfig_remote_netmask = '10.8.0.2'
Mon Apr  4 12:32:08 2011 us=49320   ifconfig_noexec = DISABLED
Mon Apr  4 12:32:08 2011 us=49331   ifconfig_nowarn = DISABLED
Mon Apr  4 12:32:08 2011 us=49342   shaper = 0
Mon Apr  4 12:32:08 2011 us=49355   tun_mtu = 1500
Mon Apr  4 12:32:08 2011 us=49366   tun_mtu_defined = ENABLED
Mon Apr  4 12:32:08 2011 us=49376   link_mtu = 1500
Mon Apr  4 12:32:08 2011 us=49388   link_mtu_defined = DISABLED
Mon Apr  4 12:32:08 2011 us=49401   tun_mtu_extra = 0
Mon Apr  4 12:32:08 2011 us=49411   tun_mtu_extra_defined = DISABLED
Mon Apr  4 12:32:08 2011 us=49424   fragment = 0
Mon Apr  4 12:32:08 2011 us=49437   mtu_discover_type = -1
Mon Apr  4 12:32:08 2011 us=49452   mtu_test = 0
Mon Apr  4 12:32:08 2011 us=49465   mlock = DISABLED
Mon Apr  4 12:32:08 2011 us=49479   keepalive_ping = 10
Mon Apr  4 12:32:08 2011 us=49493   keepalive_timeout = 900
Mon Apr  4 12:32:08 2011 us=49505   inactivity_timeout = 3600
Mon Apr  4 12:32:08 2011 us=49520   ping_send_timeout = 10
Mon Apr  4 12:32:08 2011 us=49530   ping_rec_timeout = 900
Mon Apr  4 12:32:08 2011 us=49543   ping_rec_timeout_action = 2
Mon Apr  4 12:32:08 2011 us=49555   ping_timer_remote = DISABLED
Mon Apr  4 12:32:08 2011 us=49565   remap_sigusr1 = 0
Mon Apr  4 12:32:08 2011 us=49578   explicit_exit_notification = 0
Mon Apr  4 12:32:08 2011 us=49590   persist_tun = DISABLED
Mon Apr  4 12:32:08 2011 us=49601   persist_local_ip = DISABLED
Mon Apr  4 12:32:08 2011 us=49613   persist_remote_ip = DISABLED
Mon Apr  4 12:32:08 2011 us=49645   persist_key = DISABLED
Mon Apr  4 12:32:08 2011 us=49655   mssfix = 1450
Mon Apr  4 12:32:08 2011 us=49668   passtos = DISABLED
Mon Apr  4 12:32:08 2011 us=49681   resolve_retry_seconds = 1000000000
Mon Apr  4 12:32:08 2011 us=49694   username = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49707   groupname = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49731   chroot_dir = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49747   cd_dir = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49761   writepid = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49773   up_script = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49786   down_script = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49800   down_pre = DISABLED
Mon Apr  4 12:32:08 2011 us=49813   up_restart = DISABLED
Mon Apr  4 12:32:08 2011 us=49826   up_delay = DISABLED
Mon Apr  4 12:32:08 2011 us=49839   daemon = ENABLED
Mon Apr  4 12:32:08 2011 us=49852   inetd = 0
Mon Apr  4 12:32:08 2011 us=49865   log = ENABLED
Mon Apr  4 12:32:08 2011 us=49881   suppress_timestamps = DISABLED
Mon Apr  4 12:32:08 2011 us=49893   nice = 0
Mon Apr  4 12:32:08 2011 us=49907   verbosity = 4
Mon Apr  4 12:32:08 2011 us=49920   mute = 0
Mon Apr  4 12:32:08 2011 us=49930   gremlin = 0
Mon Apr  4 12:32:08 2011 us=49943   status_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=49954   status_file_version = 1
Mon Apr  4 12:32:08 2011 us=49964   status_file_update_freq = 60
Mon Apr  4 12:32:08 2011 us=49977   occ = ENABLED
Mon Apr  4 12:32:08 2011 us=49990   rcvbuf = 65536
Mon Apr  4 12:32:08 2011 us=50003   sndbuf = 65536
Mon Apr  4 12:32:08 2011 us=50016   sockflags = 0
Mon Apr  4 12:32:08 2011 us=50026   fast_io = DISABLED
Mon Apr  4 12:32:08 2011 us=50039   lzo = 7
Mon Apr  4 12:32:08 2011 us=50050   route_script = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50061   route_default_gateway = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50074   route_default_metric = 0
Mon Apr  4 12:32:08 2011 us=50087   route_noexec = DISABLED
Mon Apr  4 12:32:08 2011 us=50100   route_delay = 0
Mon Apr  4 12:32:08 2011 us=50114   route_delay_window = 30
Mon Apr  4 12:32:08 2011 us=50125   route_delay_defined = DISABLED
Mon Apr  4 12:32:08 2011 us=50134   route_nopull = DISABLED
Mon Apr  4 12:32:08 2011 us=50147   route_gateway_via_dhcp = DISABLED
Mon Apr  4 12:32:08 2011 us=50162   allow_pull_fqdn = DISABLED
Mon Apr  4 12:32:08 2011 us=50177   management_addr = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50191   management_port = 0
Mon Apr  4 12:32:08 2011 us=50204   management_user_pass = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50217   management_log_history_cache = 250
Mon Apr  4 12:32:08 2011 us=50230   management_echo_buffer_size = 100
Mon Apr  4 12:32:08 2011 us=50243   management_write_peer_info_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50254   management_flags = 0
Mon Apr  4 12:32:08 2011 us=50268   shared_secret_file = '/etc/openvpn/static.key'
Mon Apr  4 12:32:08 2011 us=50281   key_direction = 0
Mon Apr  4 12:32:08 2011 us=50295   ciphername_defined = ENABLED
Mon Apr  4 12:32:08 2011 us=50309   ciphername = 'BF-CBC'
Mon Apr  4 12:32:08 2011 us=50324   authname_defined = ENABLED
Mon Apr  4 12:32:08 2011 us=50338   authname = 'SHA1'
Mon Apr  4 12:32:08 2011 us=50349   keysize = 0
Mon Apr  4 12:32:08 2011 us=50364   engine = DISABLED
Mon Apr  4 12:32:08 2011 us=50378   replay = ENABLED
Mon Apr  4 12:32:08 2011 us=50393   mute_replay_warnings = DISABLED
Mon Apr  4 12:32:08 2011 us=50406   replay_window = 64
Mon Apr  4 12:32:08 2011 us=50417   replay_time = 15
Mon Apr  4 12:32:08 2011 us=50431   packet_id_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50443   use_iv = ENABLED
Mon Apr  4 12:32:08 2011 us=50456   test_crypto = DISABLED
Mon Apr  4 12:32:08 2011 us=50470   tls_server = DISABLED
Mon Apr  4 12:32:08 2011 us=50484   tls_client = DISABLED
Mon Apr  4 12:32:08 2011 us=50493   key_method = 2
Mon Apr  4 12:32:08 2011 us=50506   ca_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50517   ca_path = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50529   dh_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50542   cert_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50557   priv_key_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50581   pkcs12_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50595   cipher_list = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50608   tls_verify = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50617   tls_remote = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50626   crl_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50640   ns_cert_type = 0
Mon Apr  4 12:32:08 2011 us=50656   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50665   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50673   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50682   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50691   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50700   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50709   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50718   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50726   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50735   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50744   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50753   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50762   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50770   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50779   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50788   remote_cert_ku[i] = 0
Mon Apr  4 12:32:08 2011 us=50802   remote_cert_eku = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50815   tls_timeout = 2
Mon Apr  4 12:32:08 2011 us=50827   renegotiate_bytes = 0
Mon Apr  4 12:32:08 2011 us=50839   renegotiate_packets = 0
Mon Apr  4 12:32:08 2011 us=50848   renegotiate_seconds = 3600
Mon Apr  4 12:32:08 2011 us=50861   handshake_window = 60
Mon Apr  4 12:32:08 2011 us=50872   transition_window = 3600
Mon Apr  4 12:32:08 2011 us=50883   single_session = DISABLED
Mon Apr  4 12:32:08 2011 us=50893   tls_exit = DISABLED
Mon Apr  4 12:32:08 2011 us=50905   tls_auth_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=50918   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=50932   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=50943   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=50952   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=50961   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=50970   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=50979   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=50987   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=50996   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=51005   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=51014   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=51023   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=51032   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=51041   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=51050   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=51059   pkcs11_protected_authentication = DISABLED
Mon Apr  4 12:32:08 2011 us=51073   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51087   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51096   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51105   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51114   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51123   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51131   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51140   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51149   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51158   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51167   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51176   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51185   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51194   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51215   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51224   pkcs11_private_mode = 00000000
Mon Apr  4 12:32:08 2011 us=51233   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51241   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51250   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51259   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51267   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51276   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51285   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51293   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51302   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51311   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51319   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51328   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51337   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51353   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51362   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51371   pkcs11_cert_private = DISABLED
Mon Apr  4 12:32:08 2011 us=51385   pkcs11_pin_cache_period = -1
Mon Apr  4 12:32:08 2011 us=51396   pkcs11_id = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=51409   pkcs11_id_management = DISABLED
Mon Apr  4 12:32:08 2011 us=51434   server_network = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51445   server_netmask = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51459   server_bridge_ip = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51472   server_bridge_netmask = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51482   server_bridge_pool_start = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51497   server_bridge_pool_end = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51512   ifconfig_pool_defined = DISABLED
Mon Apr  4 12:32:08 2011 us=51529   ifconfig_pool_start = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51543   ifconfig_pool_end = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51556   ifconfig_pool_netmask = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51565   ifconfig_pool_persist_filename = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=51578   ifconfig_pool_persist_refresh_freq = 600
Mon Apr  4 12:32:08 2011 us=51589   n_bcast_buf = 256
Mon Apr  4 12:32:08 2011 us=51602   tcp_queue_limit = 64
Mon Apr  4 12:32:08 2011 us=51610   real_hash_size = 256
Mon Apr  4 12:32:08 2011 us=51624   virtual_hash_size = 256
Mon Apr  4 12:32:08 2011 us=51633   client_connect_script = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=51647   learn_address_script = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=51660   client_disconnect_script = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=51672   client_config_dir = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=51680   ccd_exclusive = DISABLED
Mon Apr  4 12:32:08 2011 us=51694   tmp_dir = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=51708   push_ifconfig_defined = DISABLED
Mon Apr  4 12:32:08 2011 us=51724   push_ifconfig_local = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51740   push_ifconfig_remote_netmask = 0.0.0.0
Mon Apr  4 12:32:08 2011 us=51749   enable_c2c = DISABLED
Mon Apr  4 12:32:08 2011 us=51758   duplicate_cn = DISABLED
Mon Apr  4 12:32:08 2011 us=51770   cf_max = 0
Mon Apr  4 12:32:08 2011 us=51781   cf_per = 0
Mon Apr  4 12:32:08 2011 us=51793   max_clients = 1024
Mon Apr  4 12:32:08 2011 us=51804   max_routes_per_client = 256
Mon Apr  4 12:32:08 2011 us=51815   client_cert_not_required = DISABLED
Mon Apr  4 12:32:08 2011 us=51828   username_as_common_name = DISABLED
Mon Apr  4 12:32:08 2011 us=51843   auth_user_pass_verify_script = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=51858   auth_user_pass_verify_script_via_file = DISABLED
Mon Apr  4 12:32:08 2011 us=51868   port_share_host = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=51883   port_share_port = 0
Mon Apr  4 12:32:08 2011 us=51892   client = DISABLED
Mon Apr  4 12:32:08 2011 us=51901   pull = DISABLED
Mon Apr  4 12:32:08 2011 us=51910   auth_user_pass_file = '[UNDEF]'
Mon Apr  4 12:32:08 2011 us=51927 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Mon Apr  4 12:32:08 2011 us=52061 /usr/sbin/openvpn-vulnkey -q /etc/openvpn/static.key
Mon Apr  4 12:32:08 2011 us=52624 ******* WARNING *******: '/etc/openvpn/static.key' is a known vulnerable key. See 'man openvpn-vulnkey' for details.
Mon Apr  4 12:32:08 2011 us=52782 WARNING: file '/etc/openvpn/static.key' is group or others accessible
Mon Apr  4 12:32:08 2011 us=52881 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Apr  4 12:32:08 2011 us=52907 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr  4 12:32:08 2011 us=52968 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Apr  4 12:32:08 2011 us=52979 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr  4 12:32:08 2011 us=53009 LZO compression initialized
Mon Apr  4 12:32:08 2011 us=53184 Note: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
Mon Apr  4 12:32:08 2011 us=53199 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Mon Apr  4 12:32:08 2011 us=54235 Cannot allocate TUN/TAP dev dynamically
Mon Apr  4 12:32:08 2011 us=54252 Exiting

: 05 kwietnia 2011, 08:37
autor: Cyphermen
Dodaj do pliku serwera to co napisałem wyżej a także:

Kod: Zaznacz cały

user openvpn
group openvpn
i napisz mi tutaj z konta jakiego użytkownika uruchamiasz serwer, z konta root czy jakiegoś zdefiniowanego przez ciebie?

Bo z logów wychodzi, że chyba nie masz uprawnień albo sam serwer nie ma uprawnień by wystartować wirtualne urządzenie.
Sprawdź jeszcze prawa do plików certyfikatów i samego konfiga openvpn itd.
Strefa czasowa UTC+02:00
Strona 2 z 4

Technologię dostarcza phpBB® Forum Software © phpBB Limited

Polski pakiet językowy dostarcza phpBB.pl