這一集的重點為config 的檔設定,看起來應該比較簡單一點,比較繁複的作業,在前面大致上都完成了..


OpenVPN Logo
Logo Ref Open VPN Project
前情提要:OpenVPN 建置筆記(第4集)

首先由OpenVPN預先設計好的設定檔,server.conf 開始做修改。有一個sample 檔放在/usr/share/doc/openvpn-2.1_rc7/sample-config-files 這個目錄下。先複製到/etc/openvpn 下。


[root@openvpn ~]#cp /usr/share/doc/openvpn-2.1_rc7/sample-config-files/server.conf /etc/openvpn/server.conf

接著去做一個ta key, 去防Dos 及 UDP port flooding 攻擊。


[root@openvpn ~]#openvpn --genkey --secret ta.key

接著編輯一下 server.conf 這個設定檔!

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
#這個puch route 主要是要走100的網段到小瑞的袐密花園
push "route 192.168.100.0 255.255.255.0"
tls-auth ta.key 0
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

以上是小瑞的OpenVPN Server 端的設定檔。這個檔弄好,就可以啟動 VPN Server 囉。


[root@openvpn ~]#service openvpn start

這時候,執行一下ifconfig ,會看到多一個網路介面出來。


[root@openvpn ~]#ifconfig
tun0 Link encap:UNSPEC HWaddr
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255

接著來做一些防火牆的設定。先把樣版的firewall 複製到/etc/openvpn 下,來修改。


[root@openvpn ~]#cp /usr/share/doc/openvpn-2.1_rc7/sample-config-files/firewall.sh /etc/openvpn/.

對 firewall 做一些修改。(有加的及改的才有列出,其它的保留原來的寫法)


#!/bin/bash
echo "1" > /proc/sys/net/ipv4/ip_forward
PRIVATE=192.168.100.0/24
# Anything coming from the Internet should have a real Internet address
#iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
#iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
#iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP
#iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j DROP
#iptables -A INPUT -i eth0 -s 172.16.0.0/12 -j DROP
#iptables -A INPUT -i eth0 -s 10.0.0.0/8 -j DROP

# Check source address validity on packets going out to internet
#iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP

# Masquerade local subnet
# iptables -t nat -A POSTROUTING -s $PRIVATE -o eth0 -j MASQUERADE

改好後,執行這個scripts


[root@openvpn ~]#./firewall

目前server 端應該是OK 了,接著要來設定一下Client 端。

小瑞使用的client 端是Winxp Service Pack 2 ,請注意, “暈倒XP” 至少要在Service Pack2 以上的版本,才不會有問題。

先下載Windows 上使用的OpenVPN GUI 軟體,可以在http://openvpn.se/files/install_packages/上下載,小瑞使用的是openvpn-2.0.9-gui-1.0.3-install.exe ,看起來比較新一點。

下載後,執行安裝。安裝完後,會產生一張,TAP-WIN32 的網路介面卡,我把它改名字為OpenVPN_Tap。這個會後面的設定檔中,會用到這個名字。

軟體裝完後,在工具列的右下方,會出現一個OpenVPN GUI 的小圖示。
unconnect-openvpn-icon

接著到 C:\Program Files\OpenVPN\config 下面的建立一個nuface_client1 的目錄。

將Server 上的幾個Key File 下載到client端,ca.crt / client1.crt / client1.key / client1.csr / ta.key
最好使用安全的方式,FTP 到小瑞的電腦,請參考 各項網路服務 + SSL 應用,不過目前都在內網中,所以小瑞偷懶,就直接FTP 捉下來,放到C:\Program Files\OpenVPN\config\nuface_client1 目錄下

接著在該目錄下,建立一個nuface_client1.ovpn 檔案,內容如下:


client
dev tun
dev-node OpenVPN_Tap
proto udp
remote 192.168.2.198 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3

接著就可以在右下角的OpenVPN 小圖示上,按右鍵,選擇connect
openvpn connect process

連線過程的畫面
OpenVPN 連線過程

連線成功的畫面
OpenVPN 連線成功Icon

目前己經跟OpenVPN Server 成功建立連線,也取得IP
openvpn 取得IP

於Dos命令列模式 下使用route print 檢視一下routing table,查看,要往192.168.100.0/24 網段的封包。目前會走到10.8.0.6,由OpenVPN_Tap這張卡送出,也就是走VPN 的連線。

ip route

到此大致搞定,接著要來設定小瑞的另一台袐密花園,這個留到下一集再來說吧!待續囉! ^_^

OpenVPN 建置筆記(第6集)

日期:2010/04/02 | 留言:34 個 | 作者:Rico | 瀏覽:
分類:MIS易筋經,網路篇
標籤:, , , ,
  1. 2010/05/14 at 17:29:00 | 1
    lwh

    port 1194
    proto udp
    dev tun
    ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
    key /etc/openvpn/easy-rsa/2.0/keys/server.key
    dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
    server 10.8.0.0 255.255.255.0
    push “route 192.168.100.0 255.255.255.0”
    tls-auth ta.key 0
    comp-lzo
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3

  2. 2010/05/14 at 17:29:25 | 2
    lwh

    [root@abc ~]# service openvpn start
    正在啟動 openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied

  3. 2010/05/14 at 17:34:40 | 3
    lwh

    修改ㄋserver.conf,但出現失敗,不知問題點救救命

  4. 2010/05/14 at 22:18:12 | 4
    lwh

    push “route 192.168.100.0 255.255.255.0”

  5. 2010/05/15 at 01:01:47 | 5
    Rico

    push “route 192.168.100.0 255.255.255.0″,這個應該不是這樣的, 應該是–> puch "route 192.168.100.0 255.255.255.0" , 另外 lzo 好像有問題, 查一下yun info lzo 是否有安裝, 如果沒有, 可能要先裝一下!

  6. 2010/05/15 at 09:42:14 | 6
    lwh

    eth0 Link encap:Ethernet HWaddr 00:40:F4:22:B1:E3
    inet addr:114.33.138.54 Bcast:114.33.138.255 Mask:255.255.255.0
    inet6 addr: fe80::240:f4ff:fe22:b1e3/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:5162 errors:0 dropped:0 overruns:0 frame:0
    TX packets:5384 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:816810 (797.6 KiB) TX bytes:531015 (518.5 KiB)
    Interrupt:217 Base address:0xe000

    eth1 Link encap:Ethernet HWaddr 00:26:5A:08:31:73
    inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
    Interrupt:209 Base address:0xc000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:2402 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2402 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:4323488 (4.1 MiB) TX bytes:4323488 (4.1 MiB)

    ppp0 Link encap:Point-to-Point Protocol
    inet addr:114.33.138.54 P-t-P:168.95.98.254 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
    RX packets:2195 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2364 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:590396 (576.5 KiB) TX bytes:292353 (285.5 KiB)

    You have new mail in /var/spool/mail/root

  7. 2010/05/15 at 09:42:57 | 7
    lwh

    達人求救

  8. 2010/05/17 at 09:07:58 | 8
    lwh

  9. 2010/05/17 at 09:09:12 | 9
    lwh

    server 10.8.0.0 255.255.255.0
    push “route 192.168.100.0 255.255.255.0”
    tls-auth ta.key 0
    comp-lzo
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3

  10. 2010/05/17 at 09:13:40 | 10
    lwh

    奇怪屋我在etc/openvpn/service.conf顯現的是push “route 192.168.100.0 255.255.255.0″不知貼上變成上面一樣,唉傷腦筋

  11. 2010/05/17 at 09:15:58 | 11
    lwh

    [root@abc ~]# service openvpn start
    正在啟動 openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
    還是失敗,

  12. 2010/05/17 at 09:20:27 | 12
    lwh

    [root@abc ~]# yum info lzo
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
    * addons: http://ftp.nsysu.edu.tw
    * base: http://ftp.nsysu.edu.tw
    * extras: http://ftp.nsysu.edu.tw
    * updates: http://ftp.nsysu.edu.tw
    Installed Packages
    Name : lzo
    Arch : i386
    Version : 1.08
    Release : 4.rf
    Size : 430 k
    Repo : installed
    Summary : Portable lossless data compression library
    URL : http://www.oberhumer.com/opensource/lzo/
    License : GPL
    Description: LZO is a portable lossless data compression library written in ANSI
    : C. It offers pretty fast compression and *very* fast decompression.
    : Decompression requires no memory. In addition there are slower
    : compression levels achieving a quite competitive compression ratio
    : while still decompressing at this very high speed.

    [root@abc ~]# service openvpn start
    正在啟動 openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
    [失敗]
    [root@abc ~]#

  13. 2010/05/17 at 11:00:44 | 13
    lwh

    更正 push “route 192.168.100.0 255.255.255.0”

  14. 2010/05/17 at 11:06:03 | 14
    lwh

    真怪貼上究會變符號

  15. 2010/05/17 at 16:47:07 | 15
    lwh

    push “route 192.168.100.0 255.255.255.0″嗯正確的

  16. 2010/05/18 at 00:12:33 | 16
    Rico

    Permission denied –> 這個訊息,告訴你,它不讓你執行OpenVPN 這個程式, 很有可能是 selinux 的問題, 你可以把這個選項關閉, 重開機再試看看! /etc/selinux/config 這個檔案, 把其中的SELINUX=disabled 後, 重開機試試!

  17. 2010/05/25 at 16:43:33 | 17
    lwh

    [root@hung ~]# service openvpn start
    正在啟動 openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
    [失敗]
    [root@hung ~]# ipconfig
    bash: ipconfig: command not found
    [root@hung ~]# ifconfig
    eth0 Link encap:Ethernet HWaddr 00:40:F4:22:B1:E3
    inet addr:192.168.7.1 Bcast:192.168.7.255 Mask:255.255.255.0
    inet6 addr: fe80::240:f4ff:fe22:b1e3/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:14139 errors:0 dropped:0 overruns:0 frame:0
    TX packets:15498 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:2039057 (1.9 MiB) TX bytes:12277806 (11.7 MiB)
    Interrupt:217 Base address:0xe000

    eth1 Link encap:Ethernet HWaddr 00:26:5A:08:31:73
    inet addr:114.33.138.54 Bcast:114.33.138.255 Mask:255.255.255.0
    inet6 addr: fe80::226:5aff:fe08:3173/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:69033 errors:0 dropped:0 overruns:0 frame:0
    TX packets:47657 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:84702013 (80.7 MiB) TX bytes:5052248 (4.8 MiB)
    Interrupt:209 Base address:0xc000
    又失敗,會變成國父革命

  18. 2010/05/25 at 16:53:24 | 18
    lwh

    push “route 192.168.7.0 255.255.255.0”
    這是我內部網段 ,改成這樣可以嗎
    我將server.conf 開始做修改。有一個sample 檔,內容全部刪掉,將您寫的貼上並儲存,不知是否可行

  19. 2010/07/23 at 16:50:49 | 19
    pro

    當我下了這個指令 service openvpn start
    出現了
    Starting openvpn: /usr/sbin/openvpn: error while loading shared libraries: liblzo.so.1: cannot enable executable stack as shared object requires: Permission denied
    [FAILED]

    也查了個yun info lzo
    他沒有安裝,要如何決解
    bash: yun: command not found

    ifconfig
    出現了這個
    eth0 Link encap:Ethernet HWaddr 00:25:64:91:35:69
    inet addr:192.168.89.66 Bcast:192.168.89.255 Mask:255.255.255.0
    inet6 addr: fe80::225:64ff:fe91:3569/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:8444 errors:0 dropped:0 overruns:0 frame:0
    TX packets:5059 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:922013 (900.4 KiB) TX bytes:607300 (593.0 KiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:14 errors:0 dropped:0 overruns:0 frame:0
    TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:900 (900.0 b) TX bytes:900 (900.0 b)

    peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
    inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
    UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
    RX packets:8465 errors:0 dropped:0 overruns:0 frame:0
    TX packets:5104 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:924405 (902.7 KiB) TX bytes:613100 (598.7 KiB)
    Memory:fe6e0000-fe700000

    vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
    inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
    UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
    RX packets:5073 errors:0 dropped:0 overruns:0 frame:0
    TX packets:8450 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:610676 (596.3 KiB) TX bytes:922557 (900.9 KiB)

    virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
    inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:6400 (6.2 KiB)

    xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
    UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
    RX packets:4334 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:438695 (428.4 KiB) TX bytes:0 (0.0 b)

  20. 2010/07/23 at 21:43:11 | 20
    Rico

    yun info lzo -> 應該是 yum , 打錯字了哦 ^_^

  21. 2010/07/30 at 09:36:16 | 21
    pro

    vi /etc/openvpn/server.conf 內的內容

    ;local a.b.c.d
    port 1194
    proto tcp
    ;proto udp
    ;dev tap
    dev tun
    ;dev-node MyTap
    ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
    key /etc/openvpn/easy-rsa/2.0/keys/server.key
    dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
    ;server 10.8.0.0 255.255.255.0
    server 192.168.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
    ;push “route 192.168.10.0 255.255.255.0”
    ;push “route 192.168.20.0 255.255.255.0”
    ;client-config-dir ccd
    ;route 192.168.40.128 255.255.255.248
    ;client-config-dir ccd
    ;route 10.9.0.0 255.255.255.252
    ;learn-address ./script
    ;push “redirect-gateway”
    ;push “dhcp-option DNS 10.8.0.1”
    ;push “dhcp-option WINS 10.8.0.1”
    ;client-to-client
    ;duplicate-cn
    keepalive 10 120
    tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 0
    tls-server
    ;cipher BF-CBC
    ;cipher AES-128-CBC
    ;cipher DES-EDE3-CBC
    user root
    group root
    comp-lzo
    ;max-clients 100
    ;user nobody
    ;group nobody
    persist-key
    persist-tun
    status openvpn-status.log
    ;log openvpn.log
    ;log-append openvpn.log
    status /var/log/openvpn-status.log
    log /var/log/openvpn.log
    verb 3
    ;mute 20

    之後執行了
    service openvpn start
    出現了
    正在啟動 openvpn: [ 確定 ]

    又執行了
    ifconfig
    出現了

    tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:192.168.0.1 P-t-P:192.168.0.2 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    這樣子對嗎?

  22. 2010/07/30 at 09:48:32 | 22
    Rico

    看來沒有錯, 已經正常啟動了!

  23. 2010/07/30 at 12:11:07 | 23
    pro

    client1.key
    ta.key
    無法下載回來 .用ftp的指令..回來檔案內容是空的

  24. 2010/07/30 at 14:07:12 | 24
    pro

    Fri Jul 30 14:05:50 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
    Fri Jul 30 14:05:50 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Fri Jul 30 14:05:50 2010 Cannot open file key file ‘ta.key’: 系統找不到指定的檔案。 (errno=2)
    Fri Jul 30 14:05:50 2010 Exiting

  25. 2010/07/30 at 17:27:36 | 25
    pro

    tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00- 00
    inet addr:192.168.0.1 P-t-P:192.168.0.2 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    HWaddr…沒有位置呢??

  26. 2010/08/04 at 10:36:24 | 26
    mark

    Wed Aug 04 10:24:25 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
    Wed Aug 04 10:24:25 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Aug 04 10:24:25 2010 Control Channel Authentication: using ‘ta.key’ as a OpenVPN static key file
    Wed Aug 04 10:24:25 2010 Outgoing Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
    Wed Aug 04 10:24:25 2010 Incoming Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
    Wed Aug 04 10:24:25 2010 LZO compression initialized
    Wed Aug 04 10:24:25 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Wed Aug 04 10:24:25 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Aug 04 10:24:25 2010 Local Options hash (VER=V4): ‘504e774e’
    Wed Aug 04 10:24:25 2010 Expected Remote Options hash (VER=V4): ‘14168603’
    Wed Aug 04 10:24:25 2010 UDPv4 link local: [undef]
    Wed Aug 04 10:24:25 2010 UDPv4 link remote: 203.70.232.152:1194
    Wed Aug 04 10:25:26 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Aug 04 10:25:26 2010 TLS Error: TLS handshake failed
    Wed Aug 04 10:25:26 2010 TCP/UDP: Closing socket
    Wed Aug 04 10:25:26 2010 SIGUSR1[soft,tls-error] received, process restarting
    Wed Aug 04 10:25:26 2010 Restart pause, 2 second(s)
    Wed Aug 04 10:25:28 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Aug 04 10:25:28 2010 Re-using SSL/TLS context
    Wed Aug 04 10:25:28 2010 LZO compression initialized
    Wed Aug 04 10:25:28 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Wed Aug 04 10:25:28 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Aug 04 10:25:28 2010 Local Options hash (VER=V4): ‘504e774e’
    Wed Aug 04 10:25:28 2010 Expected Remote Options hash (VER=V4): ‘14168603’
    Wed Aug 04 10:25:28 2010 UDPv4 link local: [undef]
    Wed Aug 04 10:25:28 2010 UDPv4 link remote: 203.70.232.152:1194
    Wed Aug 04 10:26:27 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Aug 04 10:26:27 2010 TLS Error: TLS handshake failed
    Wed Aug 04 10:26:27 2010 TCP/UDP: Closing socket
    Wed Aug 04 10:26:27 2010 SIGUSR1[soft,tls-error] received, process restarting
    Wed Aug 04 10:26:27 2010 Restart pause, 2 second(s)
    Wed Aug 04 10:26:29 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Aug 04 10:26:29 2010 Re-using SSL/TLS context
    Wed Aug 04 10:26:29 2010 LZO compression initialized
    Wed Aug 04 10:26:29 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Wed Aug 04 10:26:29 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Aug 04 10:26:29 2010 Local Options hash (VER=V4): ‘504e774e’
    Wed Aug 04 10:26:29 2010 Expected Remote Options hash (VER=V4): ‘14168603’
    Wed Aug 04 10:26:29 2010 UDPv4 link local: [undef]
    Wed Aug 04 10:26:29 2010 UDPv4 link remote: 203.70.232.152:1194
    Wed Aug 04 10:27:29 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Aug 04 10:27:29 2010 TLS Error: TLS handshake failed
    Wed Aug 04 10:27:29 2010 TCP/UDP: Closing socket
    Wed Aug 04 10:27:29 2010 SIGUSR1[soft,tls-error] received, process restarting
    Wed Aug 04 10:27:29 2010 Restart pause, 2 second(s)
    Wed Aug 04 10:27:31 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Aug 04 10:27:31 2010 Re-using SSL/TLS context
    Wed Aug 04 10:27:31 2010 LZO compression initialized
    Wed Aug 04 10:27:31 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Wed Aug 04 10:27:31 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Aug 04 10:27:31 2010 Local Options hash (VER=V4): ‘504e774e’
    Wed Aug 04 10:27:31 2010 Expected Remote Options hash (VER=V4): ‘14168603’
    Wed Aug 04 10:27:31 2010 UDPv4 link local: [undef]
    Wed Aug 04 10:27:31 2010 UDPv4 link remote: 203.70.232.152:1194
    Wed Aug 04 10:28:32 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Aug 04 10:28:32 2010 TLS Error: TLS handshake failed
    Wed Aug 04 10:28:32 2010 TCP/UDP: Closing socket
    Wed Aug 04 10:28:32 2010 SIGUSR1[soft,tls-error] received, process restarting
    Wed Aug 04 10:28:32 2010 Restart pause, 2 second(s)
    Wed Aug 04 10:28:34 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Aug 04 10:28:34 2010 Re-using SSL/TLS context
    Wed Aug 04 10:28:34 2010 LZO compression initialized
    Wed Aug 04 10:28:34 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Wed Aug 04 10:28:34 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Aug 04 10:28:34 2010 Local Options hash (VER=V4): ‘504e774e’
    Wed Aug 04 10:28:34 2010 Expected Remote Options hash (VER=V4): ‘14168603’
    Wed Aug 04 10:28:34 2010 UDPv4 link local: [undef]
    Wed Aug 04 10:28:34 2010 UDPv4 link remote: 203.70.232.152:1194
    Wed Aug 04 10:29:34 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Aug 04 10:29:34 2010 TLS Error: TLS handshake failed
    Wed Aug 04 10:29:34 2010 TCP/UDP: Closing socket
    Wed Aug 04 10:29:34 2010 SIGUSR1[soft,tls-error] received, process restarting
    Wed Aug 04 10:29:34 2010 Restart pause, 2 second(s)
    Wed Aug 04 10:29:36 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Aug 04 10:29:36 2010 Re-using SSL/TLS context
    Wed Aug 04 10:29:36 2010 LZO compression initialized
    Wed Aug 04 10:29:36 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Wed Aug 04 10:29:36 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Aug 04 10:29:36 2010 Local Options hash (VER=V4): ‘504e774e’
    Wed Aug 04 10:29:36 2010 Expected Remote Options hash (VER=V4): ‘14168603’
    Wed Aug 04 10:29:36 2010 UDPv4 link local: [undef]
    Wed Aug 04 10:29:36 2010 UDPv4 link remote: 203.70.232.152:1194
    Wed Aug 04 10:30:36 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Aug 04 10:30:36 2010 TLS Error: TLS handshake failed
    Wed Aug 04 10:30:36 2010 TCP/UDP: Closing socket
    Wed Aug 04 10:30:36 2010 SIGUSR1[soft,tls-error] received, process restarting
    Wed Aug 04 10:30:36 2010 Restart pause, 2 second(s)
    Wed Aug 04 10:30:38 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Aug 04 10:30:38 2010 Re-using SSL/TLS context
    Wed Aug 04 10:30:38 2010 LZO compression initialized
    Wed Aug 04 10:30:38 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Wed Aug 04 10:30:38 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Aug 04 10:30:38 2010 Local Options hash (VER=V4): ‘504e774e’
    Wed Aug 04 10:30:38 2010 Expected Remote Options hash (VER=V4): ‘14168603’
    Wed Aug 04 10:30:38 2010 UDPv4 link local: [undef]
    Wed Aug 04 10:30:38 2010 UDPv4 link remote: 203.70.232.152:1194
    Wed Aug 04 10:31:39 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Aug 04 10:31:39 2010 TLS Error: TLS handshake failed
    Wed Aug 04 10:31:39 2010 TCP/UDP: Closing socket
    Wed Aug 04 10:31:39 2010 SIGUSR1[soft,tls-error] received, process restarting
    Wed Aug 04 10:31:39 2010 Restart pause, 2 second(s)
    Wed Aug 04 10:31:41 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Aug 04 10:31:41 2010 Re-using SSL/TLS context
    Wed Aug 04 10:31:41 2010 LZO compression initialized
    Wed Aug 04 10:31:41 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Wed Aug 04 10:31:41 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Aug 04 10:31:41 2010 Local Options hash (VER=V4): ‘504e774e’
    Wed Aug 04 10:31:41 2010 Expected Remote Options hash (VER=V4): ‘14168603’
    Wed Aug 04 10:31:41 2010 UDPv4 link local: [undef]
    Wed Aug 04 10:31:41 2010 UDPv4 link remote: 203.70.232.152:1194
    Wed Aug 04 10:32:40 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Aug 04 10:32:40 2010 TLS Error: TLS handshake failed
    Wed Aug 04 10:32:40 2010 TCP/UDP: Closing socket
    Wed Aug 04 10:32:40 2010 SIGUSR1[soft,tls-error] received, process restarting
    Wed Aug 04 10:32:40 2010 Restart pause, 2 second(s)
    Wed Aug 04 10:32:42 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Aug 04 10:32:42 2010 Re-using SSL/TLS context
    Wed Aug 04 10:32:42 2010 LZO compression initialized
    Wed Aug 04 10:32:42 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Wed Aug 04 10:32:42 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Aug 04 10:32:42 2010 Local Options hash (VER=V4): ‘504e774e’
    Wed Aug 04 10:32:42 2010 Expected Remote Options hash (VER=V4): ‘14168603’
    Wed Aug 04 10:32:42 2010 UDPv4 link local: [undef]
    Wed Aug 04 10:32:42 2010 UDPv4 link remote: 203.70.232.152:1194
    Wed Aug 04 10:33:43 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Aug 04 10:33:43 2010 TLS Error: TLS handshake failed
    Wed Aug 04 10:33:43 2010 TCP/UDP: Closing socket
    Wed Aug 04 10:33:43 2010 SIGUSR1[soft,tls-error] received, process restarting
    Wed Aug 04 10:33:43 2010 Restart pause, 2 second(s)
    Wed Aug 04 10:33:45 2010 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Wed Aug 04 10:33:45 2010 Re-using SSL/TLS context
    Wed Aug 04 10:33:45 2010 LZO compression initialized
    Wed Aug 04 10:33:45 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Wed Aug 04 10:33:45 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Wed Aug 04 10:33:45 2010 Local Options hash (VER=V4): ‘504e774e’
    Wed Aug 04 10:33:45 2010 Expected Remote Options hash (VER=V4): ‘14168603’
    Wed Aug 04 10:33:45 2010 UDPv4 link local: [undef]
    Wed Aug 04 10:33:45 2010 UDPv4 link remote: 203.70.232.152:1194

    無法連線呢

  27. 2010/08/11 at 17:20:34 | 27
    Rico

    openvpn –genkey –secret ta.key
    這個有做嗎?

  28. 2010/08/11 at 17:22:03 | 28
    Rico

    ta.key 有問題

  29. 2010/08/11 at 17:22:21 | 29
    Rico

    這個應該是正常的^^

  30. 2010/08/11 at 17:24:18 | 30
    Rico

    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    ——————–
    我猜, 可能是防火牆的問題..

  31. 2013/10/17 at 18:36:46 | 31
    vincent

    請教一下,我的server也是無法啟動。我有看了一下
    #tail -f /var/log/messages | grep openvpn
    結果show 出一些:
    openvpn tpvmlpd2[4029]: device type not supported
    openvpn tpvmlpd2[4030]: device type not supported
    openvpn tpvmlpd2[4031]: device type not supported
    openvpn tpvmlpd2[4032]: device type not supported
    openvpn tpvmlpd2[4035]: device type not supported
    openvpn tpvmlpd2[4036]: device type not supported
    openvpn tpvmlpd2[4037]: device type not supported
    openvpn tpvmlpd2[4038]: device type not supported
    openvpn tpvmlpd2[4039]: device type not supported
    openvpn tpvmlpd2[3621]: aborting
    想請教一下有可能是怎樣的問題呢?? PS:我是用 VMware Workstation 做的模擬測試,不知道有沒有關係,還有我是用i386的版本,不是64bit的

  32. 2013/10/18 at 18:10:25 | 32
    Rico

    device 應該只有 tap / tun , 可能是其中一項不支援!

  1. |
    2010/04/07 at 14:14:13 | 1

    […] 前情提要:OpenVPN 建置筆記(第5集) […]

  2. |
    2018/05/11 at 16:03:08 | 2

    […] OpenVPN 建置筆記(第5集) […]

*

Copyright -0001 紐菲斯的部落格