這一集的重點為config 的檔設定,看起來應該比較簡單一點,比較繁複的作業,在前面大致上都完成了..
Logo Ref Open VPN Project
前情提要:OpenVPN 建置筆記(第4集)
首先由OpenVPN預先設計好的設定檔,server.conf 開始做修改。有一個sample 檔放在/usr/share/doc/openvpn-2.1_rc7/sample-config-files 這個目錄下。先複製到/etc/openvpn 下。
[root@openvpn ~]#cp /usr/share/doc/openvpn-2.1_rc7/sample-config-files/server.conf /etc/openvpn/server.conf
接著去做一個ta key, 去防Dos 及 UDP port flooding 攻擊。
[root@openvpn ~]#openvpn --genkey --secret ta.key
接著編輯一下 server.conf 這個設定檔!
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
#這個puch route 主要是要走100的網段到小瑞的袐密花園
push "route 192.168.100.0 255.255.255.0"
tls-auth ta.key 0
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
以上是小瑞的OpenVPN Server 端的設定檔。這個檔弄好,就可以啟動 VPN Server 囉。
[root@openvpn ~]#service openvpn start
這時候,執行一下ifconfig ,會看到多一個網路介面出來。
[root@openvpn ~]#ifconfig
tun0 Link encap:UNSPEC HWaddr
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
接著來做一些防火牆的設定。先把樣版的firewall 複製到/etc/openvpn 下,來修改。
[root@openvpn ~]#cp /usr/share/doc/openvpn-2.1_rc7/sample-config-files/firewall.sh /etc/openvpn/.
對 firewall 做一些修改。(有加的及改的才有列出,其它的保留原來的寫法)
#!/bin/bash
echo "1" > /proc/sys/net/ipv4/ip_forward
PRIVATE=192.168.100.0/24
# Anything coming from the Internet should have a real Internet address
#iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
#iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
#iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP
#iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP
#iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
#iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP# Check source address validity on packets going out to internet
#iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP# Masquerade local subnet
# iptables -t nat -A POSTROUTING -s $PRIVATE -o eth0 -j MASQUERADE
改好後,執行這個scripts
[root@openvpn ~]#./firewall
目前server 端應該是OK 了,接著要來設定一下Client 端。
小瑞使用的client 端是Winxp Service Pack 2 ,請注意, “暈倒XP” 至少要在Service Pack2 以上的版本,才不會有問題。
先下載Windows 上使用的OpenVPN GUI 軟體,可以在http://openvpn.se/files/install_packages/上下載,小瑞使用的是openvpn-2.0.9-gui-1.0.3-install.exe ,看起來比較新一點。
下載後,執行安裝。安裝完後,會產生一張,TAP-WIN32 的網路介面卡,我把它改名字為OpenVPN_Tap。這個會後面的設定檔中,會用到這個名字。
軟體裝完後,在工具列的右下方,會出現一個OpenVPN GUI 的小圖示。
接著到 C:\Program Files\OpenVPN\config 下面的建立一個nuface_client1 的目錄。
將Server 上的幾個Key File 下載到client端,ca.crt / client1.crt / client1.key / client1.csr / ta.key
最好使用安全的方式,FTP 到小瑞的電腦,請參考 各項網路服務 + SSL 應用,不過目前都在內網中,所以小瑞偷懶,就直接FTP 捉下來,放到C:\Program Files\OpenVPN\config\nuface_client1 目錄下
接著在該目錄下,建立一個nuface_client1.ovpn 檔案,內容如下:
client
dev tun
dev-node OpenVPN_Tap
proto udp
remote 192.168.2.198 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3
接著就可以在右下角的OpenVPN 小圖示上,按右鍵,選擇connect
連線過程的畫面
連線成功的畫面
目前己經跟OpenVPN Server 成功建立連線,也取得IP
於Dos命令列模式 下使用route print 檢視一下routing table,查看,要往192.168.100.0/24 網段的封包。目前會走到10.8.0.6,由OpenVPN_Tap這張卡送出,也就是走VPN 的連線。
到此大致搞定,接著要來設定小瑞的另一台袐密花園,這個留到下一集再來說吧!待續囉! ^_^
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
push “route 192.168.100.0 255.255.255.0”
tls-auth ta.key 0
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
[root@abc ~]# service openvpn start
正在啟動 openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
修改ㄋserver.conf,但出現失敗,不知問題點救救命
push “route 192.168.100.0 255.255.255.0”
push “route 192.168.100.0 255.255.255.0″,這個應該不是這樣的, 應該是–>
puch "route 192.168.100.0 255.255.255.0"
, 另外 lzo 好像有問題, 查一下yun info lzo 是否有安裝, 如果沒有, 可能要先裝一下!eth0 Link encap:Ethernet HWaddr 00:40:F4:22:B1:E3
inet addr:114.33.138.54 Bcast:114.33.138.255 Mask:255.255.255.0
inet6 addr: fe80::240:f4ff:fe22:b1e3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5162 errors:0 dropped:0 overruns:0 frame:0
TX packets:5384 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:816810 (797.6 KiB) TX bytes:531015 (518.5 KiB)
Interrupt:217 Base address:0xe000
eth1 Link encap:Ethernet HWaddr 00:26:5A:08:31:73
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:209 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2402 errors:0 dropped:0 overruns:0 frame:0
TX packets:2402 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4323488 (4.1 MiB) TX bytes:4323488 (4.1 MiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:114.33.138.54 P-t-P:168.95.98.254 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:2195 errors:0 dropped:0 overruns:0 frame:0
TX packets:2364 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:590396 (576.5 KiB) TX bytes:292353 (285.5 KiB)
You have new mail in /var/spool/mail/root
達人求救
嗯
server 10.8.0.0 255.255.255.0
push “route 192.168.100.0 255.255.255.0”
tls-auth ta.key 0
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
奇怪屋我在etc/openvpn/service.conf顯現的是push “route 192.168.100.0 255.255.255.0″不知貼上變成上面一樣,唉傷腦筋
[root@abc ~]# service openvpn start
正在啟動 openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
還是失敗,
[root@abc ~]# yum info lzo
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: http://ftp.nsysu.edu.tw
* base: http://ftp.nsysu.edu.tw
* extras: http://ftp.nsysu.edu.tw
* updates: http://ftp.nsysu.edu.tw
Installed Packages
Name : lzo
Arch : i386
Version : 1.08
Release : 4.rf
Size : 430 k
Repo : installed
Summary : Portable lossless data compression library
URL : http://www.oberhumer.com/opensource/lzo/
License : GPL
Description: LZO is a portable lossless data compression library written in ANSI
: C. It offers pretty fast compression and *very* fast decompression.
: Decompression requires no memory. In addition there are slower
: compression levels achieving a quite competitive compression ratio
: while still decompressing at this very high speed.
[root@abc ~]# service openvpn start
正在啟動 openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
[失敗]
[root@abc ~]#
更正 push “route 192.168.100.0 255.255.255.0”
真怪貼上究會變符號
push “route 192.168.100.0 255.255.255.0″嗯正確的
Permission denied –> 這個訊息,告訴你,它不讓你執行OpenVPN 這個程式, 很有可能是 selinux 的問題, 你可以把這個選項關閉, 重開機再試看看! /etc/selinux/config 這個檔案, 把其中的SELINUX=disabled 後, 重開機試試!
[root@hung ~]# service openvpn start
正在啟動 openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
[失敗]
[root@hung ~]# ipconfig
bash: ipconfig: command not found
[root@hung ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:40:F4:22:B1:E3
inet addr:192.168.7.1 Bcast:192.168.7.255 Mask:255.255.255.0
inet6 addr: fe80::240:f4ff:fe22:b1e3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14139 errors:0 dropped:0 overruns:0 frame:0
TX packets:15498 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2039057 (1.9 MiB) TX bytes:12277806 (11.7 MiB)
Interrupt:217 Base address:0xe000
eth1 Link encap:Ethernet HWaddr 00:26:5A:08:31:73
inet addr:114.33.138.54 Bcast:114.33.138.255 Mask:255.255.255.0
inet6 addr: fe80::226:5aff:fe08:3173/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:69033 errors:0 dropped:0 overruns:0 frame:0
TX packets:47657 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:84702013 (80.7 MiB) TX bytes:5052248 (4.8 MiB)
Interrupt:209 Base address:0xc000
又失敗,會變成國父革命
push “route 192.168.7.0 255.255.255.0”
這是我內部網段 ,改成這樣可以嗎
我將server.conf 開始做修改。有一個sample 檔,內容全部刪掉,將您寫的貼上並儲存,不知是否可行
當我下了這個指令 service openvpn start
出現了
Starting openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
[[31mFAILED[m]
也查了個yun info lzo
他沒有安裝,要如何決解
bash: yun: command not found
ifconfig
出現了這個
eth0 Link encap:Ethernet HWaddr 00:25:64:91:35:69
inet addr:192.168.89.66 Bcast:192.168.89.255 Mask:255.255.255.0
inet6 addr: fe80::225:64ff:fe91:3569/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8444 errors:0 dropped:0 overruns:0 frame:0
TX packets:5059 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:922013 (900.4 KiB) TX bytes:607300 (593.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:900 (900.0 b) TX bytes:900 (900.0 b)
peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:8465 errors:0 dropped:0 overruns:0 frame:0
TX packets:5104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:924405 (902.7 KiB) TX bytes:613100 (598.7 KiB)
Memory:fe6e0000-fe700000
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:5073 errors:0 dropped:0 overruns:0 frame:0
TX packets:8450 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:610676 (596.3 KiB) TX bytes:922557 (900.9 KiB)
virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:6400 (6.2 KiB)
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:4334 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:438695 (428.4 KiB) TX bytes:0 (0.0 b)
yun info lzo -> 應該是 yum , 打錯字了哦 ^_^
vi /etc/openvpn/server.conf 內的內容
;local a.b.c.d
port 1194
proto tcp
;proto udp
;dev tap
dev tun
;dev-node MyTap
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
;server 10.8.0.0 255.255.255.0
server 192.168.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;push “route 192.168.10.0 255.255.255.0”
;push “route 192.168.20.0 255.255.255.0”
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push “redirect-gateway”
;push “dhcp-option DNS 10.8.0.1”
;push “dhcp-option WINS 10.8.0.1”
;client-to-client
;duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 0
tls-server
;cipher BF-CBC
;cipher AES-128-CBC
;cipher DES-EDE3-CBC
user root
group root
comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 3
;mute 20
之後執行了
service openvpn start
出現了
正在啟動 openvpn: [[32m 確定 [37m]
又執行了
ifconfig
出現了
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.0.1 P-t-P:192.168.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
這樣子對嗎?
看來沒有錯, 已經正常啟動了!
client1.key
ta.key
無法下載回來 .用ftp的指令..回來檔案內容是空的
Fri Jul 30 14:05:50 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Fri Jul 30 14:05:50 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Jul 30 14:05:50 2010 Cannot open file key file ‘ta.key’: 系統找不到指定的檔案。 (errno=2)
Fri Jul 30 14:05:50 2010 Exiting
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00- 00
inet addr:192.168.0.1 P-t-P:192.168.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
HWaddr…沒有位置呢??
Wed Aug 04 10:24:25 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Wed Aug 04 10:24:25 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 04 10:24:25 2010 Control Channel Authentication: using ‘ta.key’ as a OpenVPN static key file
Wed Aug 04 10:24:25 2010 Outgoing Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Wed Aug 04 10:24:25 2010 Incoming Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Wed Aug 04 10:24:25 2010 LZO compression initialized
Wed Aug 04 10:24:25 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Aug 04 10:24:25 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 04 10:24:25 2010 Local Options hash (VER=V4): ‘504e774e’
Wed Aug 04 10:24:25 2010 Expected Remote Options hash (VER=V4): ‘14168603’
Wed Aug 04 10:24:25 2010 UDPv4 link local: [undef]
Wed Aug 04 10:24:25 2010 UDPv4 link remote: 203.70.232.152:1194
Wed Aug 04 10:25:26 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 04 10:25:26 2010 TLS Error: TLS handshake failed
Wed Aug 04 10:25:26 2010 TCP/UDP: Closing socket
Wed Aug 04 10:25:26 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 04 10:25:26 2010 Restart pause, 2 second(s)
Wed Aug 04 10:25:28 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 04 10:25:28 2010 Re-using SSL/TLS context
Wed Aug 04 10:25:28 2010 LZO compression initialized
Wed Aug 04 10:25:28 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Aug 04 10:25:28 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 04 10:25:28 2010 Local Options hash (VER=V4): ‘504e774e’
Wed Aug 04 10:25:28 2010 Expected Remote Options hash (VER=V4): ‘14168603’
Wed Aug 04 10:25:28 2010 UDPv4 link local: [undef]
Wed Aug 04 10:25:28 2010 UDPv4 link remote: 203.70.232.152:1194
Wed Aug 04 10:26:27 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 04 10:26:27 2010 TLS Error: TLS handshake failed
Wed Aug 04 10:26:27 2010 TCP/UDP: Closing socket
Wed Aug 04 10:26:27 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 04 10:26:27 2010 Restart pause, 2 second(s)
Wed Aug 04 10:26:29 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 04 10:26:29 2010 Re-using SSL/TLS context
Wed Aug 04 10:26:29 2010 LZO compression initialized
Wed Aug 04 10:26:29 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Aug 04 10:26:29 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 04 10:26:29 2010 Local Options hash (VER=V4): ‘504e774e’
Wed Aug 04 10:26:29 2010 Expected Remote Options hash (VER=V4): ‘14168603’
Wed Aug 04 10:26:29 2010 UDPv4 link local: [undef]
Wed Aug 04 10:26:29 2010 UDPv4 link remote: 203.70.232.152:1194
Wed Aug 04 10:27:29 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 04 10:27:29 2010 TLS Error: TLS handshake failed
Wed Aug 04 10:27:29 2010 TCP/UDP: Closing socket
Wed Aug 04 10:27:29 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 04 10:27:29 2010 Restart pause, 2 second(s)
Wed Aug 04 10:27:31 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 04 10:27:31 2010 Re-using SSL/TLS context
Wed Aug 04 10:27:31 2010 LZO compression initialized
Wed Aug 04 10:27:31 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Aug 04 10:27:31 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 04 10:27:31 2010 Local Options hash (VER=V4): ‘504e774e’
Wed Aug 04 10:27:31 2010 Expected Remote Options hash (VER=V4): ‘14168603’
Wed Aug 04 10:27:31 2010 UDPv4 link local: [undef]
Wed Aug 04 10:27:31 2010 UDPv4 link remote: 203.70.232.152:1194
Wed Aug 04 10:28:32 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 04 10:28:32 2010 TLS Error: TLS handshake failed
Wed Aug 04 10:28:32 2010 TCP/UDP: Closing socket
Wed Aug 04 10:28:32 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 04 10:28:32 2010 Restart pause, 2 second(s)
Wed Aug 04 10:28:34 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 04 10:28:34 2010 Re-using SSL/TLS context
Wed Aug 04 10:28:34 2010 LZO compression initialized
Wed Aug 04 10:28:34 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Aug 04 10:28:34 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 04 10:28:34 2010 Local Options hash (VER=V4): ‘504e774e’
Wed Aug 04 10:28:34 2010 Expected Remote Options hash (VER=V4): ‘14168603’
Wed Aug 04 10:28:34 2010 UDPv4 link local: [undef]
Wed Aug 04 10:28:34 2010 UDPv4 link remote: 203.70.232.152:1194
Wed Aug 04 10:29:34 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 04 10:29:34 2010 TLS Error: TLS handshake failed
Wed Aug 04 10:29:34 2010 TCP/UDP: Closing socket
Wed Aug 04 10:29:34 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 04 10:29:34 2010 Restart pause, 2 second(s)
Wed Aug 04 10:29:36 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 04 10:29:36 2010 Re-using SSL/TLS context
Wed Aug 04 10:29:36 2010 LZO compression initialized
Wed Aug 04 10:29:36 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Aug 04 10:29:36 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 04 10:29:36 2010 Local Options hash (VER=V4): ‘504e774e’
Wed Aug 04 10:29:36 2010 Expected Remote Options hash (VER=V4): ‘14168603’
Wed Aug 04 10:29:36 2010 UDPv4 link local: [undef]
Wed Aug 04 10:29:36 2010 UDPv4 link remote: 203.70.232.152:1194
Wed Aug 04 10:30:36 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 04 10:30:36 2010 TLS Error: TLS handshake failed
Wed Aug 04 10:30:36 2010 TCP/UDP: Closing socket
Wed Aug 04 10:30:36 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 04 10:30:36 2010 Restart pause, 2 second(s)
Wed Aug 04 10:30:38 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 04 10:30:38 2010 Re-using SSL/TLS context
Wed Aug 04 10:30:38 2010 LZO compression initialized
Wed Aug 04 10:30:38 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Aug 04 10:30:38 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 04 10:30:38 2010 Local Options hash (VER=V4): ‘504e774e’
Wed Aug 04 10:30:38 2010 Expected Remote Options hash (VER=V4): ‘14168603’
Wed Aug 04 10:30:38 2010 UDPv4 link local: [undef]
Wed Aug 04 10:30:38 2010 UDPv4 link remote: 203.70.232.152:1194
Wed Aug 04 10:31:39 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 04 10:31:39 2010 TLS Error: TLS handshake failed
Wed Aug 04 10:31:39 2010 TCP/UDP: Closing socket
Wed Aug 04 10:31:39 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 04 10:31:39 2010 Restart pause, 2 second(s)
Wed Aug 04 10:31:41 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 04 10:31:41 2010 Re-using SSL/TLS context
Wed Aug 04 10:31:41 2010 LZO compression initialized
Wed Aug 04 10:31:41 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Aug 04 10:31:41 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 04 10:31:41 2010 Local Options hash (VER=V4): ‘504e774e’
Wed Aug 04 10:31:41 2010 Expected Remote Options hash (VER=V4): ‘14168603’
Wed Aug 04 10:31:41 2010 UDPv4 link local: [undef]
Wed Aug 04 10:31:41 2010 UDPv4 link remote: 203.70.232.152:1194
Wed Aug 04 10:32:40 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 04 10:32:40 2010 TLS Error: TLS handshake failed
Wed Aug 04 10:32:40 2010 TCP/UDP: Closing socket
Wed Aug 04 10:32:40 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 04 10:32:40 2010 Restart pause, 2 second(s)
Wed Aug 04 10:32:42 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 04 10:32:42 2010 Re-using SSL/TLS context
Wed Aug 04 10:32:42 2010 LZO compression initialized
Wed Aug 04 10:32:42 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Aug 04 10:32:42 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 04 10:32:42 2010 Local Options hash (VER=V4): ‘504e774e’
Wed Aug 04 10:32:42 2010 Expected Remote Options hash (VER=V4): ‘14168603’
Wed Aug 04 10:32:42 2010 UDPv4 link local: [undef]
Wed Aug 04 10:32:42 2010 UDPv4 link remote: 203.70.232.152:1194
Wed Aug 04 10:33:43 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 04 10:33:43 2010 TLS Error: TLS handshake failed
Wed Aug 04 10:33:43 2010 TCP/UDP: Closing socket
Wed Aug 04 10:33:43 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 04 10:33:43 2010 Restart pause, 2 second(s)
Wed Aug 04 10:33:45 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 04 10:33:45 2010 Re-using SSL/TLS context
Wed Aug 04 10:33:45 2010 LZO compression initialized
Wed Aug 04 10:33:45 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Aug 04 10:33:45 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 04 10:33:45 2010 Local Options hash (VER=V4): ‘504e774e’
Wed Aug 04 10:33:45 2010 Expected Remote Options hash (VER=V4): ‘14168603’
Wed Aug 04 10:33:45 2010 UDPv4 link local: [undef]
Wed Aug 04 10:33:45 2010 UDPv4 link remote: 203.70.232.152:1194
無法連線呢
openvpn –genkey –secret ta.key
這個有做嗎?
ta.key 有問題
這個應該是正常的^^
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
——————–
我猜, 可能是防火牆的問題..
請教一下,我的server也是無法啟動。我有看了一下
#tail -f /var/log/messages | grep openvpn
結果show 出一些:
openvpn tpvmlpd2[4029]: device type not supported
openvpn tpvmlpd2[4030]: device type not supported
openvpn tpvmlpd2[4031]: device type not supported
openvpn tpvmlpd2[4032]: device type not supported
openvpn tpvmlpd2[4035]: device type not supported
openvpn tpvmlpd2[4036]: device type not supported
openvpn tpvmlpd2[4037]: device type not supported
openvpn tpvmlpd2[4038]: device type not supported
openvpn tpvmlpd2[4039]: device type not supported
openvpn tpvmlpd2[3621]: aborting
想請教一下有可能是怎樣的問題呢?? PS:我是用 VMware Workstation 做的模擬測試,不知道有沒有關係,還有我是用i386的版本,不是64bit的
device 應該只有 tap / tun , 可能是其中一項不支援!
[…] 前情提要:OpenVPN 建置筆記(第5集) […]
[…] OpenVPN 建置筆記(第5集) […]