99 / 43 / 16
Регистрация: 25.10.2011
Сообщений: 246
|
|
1 | |
OpenVPN не работает11.07.2015, 16:16. Показов 2129. Ответов 0
Метки нет (Все метки)
Почитал кучу статей, в итоге так ничего и не завелось
Сервер - ubuntu 14.04 server OpenVPN 2.3.2 Конфиг: Код
# Which local IP address should OpenVPN # listen on? (optional) ;local a.b.c.d port 1194 # TCP or UDP server? ;proto tcp proto udp ;dev tap dev tun ;dev-node MyTap ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 ;server-bridge ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 # Then add this line to ccd/Thelonious: # ifconfig-push 10.9.0.1 10.9.0.2 ;learn-address ./script ;push "redirect-gateway def1 bypass-dhcp" ;push "dhcp-option DNS 208.67.222.222" ;push "dhcp-option DNS 208.67.220.220" ;client-to-client ;duplicate-cn keepalive 10 120 ;tls-auth ta.key 0 # This file is secret ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES comp-lzo ;max-clients 100 ;user nobody ;group nogroup persist-key persist-tun status openvpn-status.log ;log openvpn.log ;log-append openvpn.log verb 3 ;mute 20 openvpn 2.0.9-gui-1.0.3 Конфиг: Код
client #dev tap dev tun ;dev-node MyTap #proto tcp proto udp remote 185.53.168.189 1194 #remote my-server-2 1194 ;remote-random resolv-retry infinite # Most clients don't need to bind to # a specific local port number. #nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nobody # Try to preserve some state across restarts. persist-key persist-tun ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ca ca.crt cert client1.crt key client1.key dh dh2048.pem ;ns-cert-type server ;tls-auth ta.key 1 ;cipher x comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 Код
Sat Jul 11 00:00:31 2015 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Sat Jul 11 00:00:31 2015 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Sat Jul 11 00:00:31 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sat Jul 11 00:00:31 2015 LZO compression initialized Sat Jul 11 00:00:31 2015 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Jul 11 00:00:31 2015 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sat Jul 11 00:00:31 2015 Local Options hash (VER=V4): '41690919' Sat Jul 11 00:00:31 2015 Expected Remote Options hash (VER=V4): '530fdded' Sat Jul 11 00:00:31 2015 UDPv4 link local (bound): [undef]:1194 Sat Jul 11 00:00:31 2015 UDPv4 link remote: 185.53.168.189:1194 Sat Jul 11 00:00:31 2015 TLS: Initial packet from 185.53.168.189:1194, sid=8f7d021e 94eebd5f Sat Jul 11 00:00:32 2015 VERIFY ERROR: depth=1, error=certificate signature failure: /C=DE/ST=CA/L=Berlin/O=Hermein/OU=MyOrganizationalUnit/CN=Hermein_CA/name=EasyRSA/emailAddress=hermeiner@gmail.com Sat Jul 11 00:00:32 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Sat Jul 11 00:00:32 2015 TLS Error: TLS object -> incoming plaintext read error Sat Jul 11 00:00:32 2015 TLS Error: TLS handshake failed Sat Jul 11 00:00:32 2015 TCP/UDP: Closing socket Sat Jul 11 00:00:32 2015 SIGUSR1[soft,tls-error] received, process restarting Sat Jul 11 00:00:32 2015 Restart pause, 2 second(s) Sat Jul 11 00:00:34 2015 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Sat Jul 11 00:00:34 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sat Jul 11 00:00:34 2015 Re-using SSL/TLS context Sat Jul 11 00:00:34 2015 LZO compression initialized Sat Jul 11 00:00:34 2015 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Jul 11 00:00:34 2015 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sat Jul 11 00:00:34 2015 Local Options hash (VER=V4): '41690919' Sat Jul 11 00:00:34 2015 Expected Remote Options hash (VER=V4): '530fdded' Sat Jul 11 00:00:34 2015 UDPv4 link local (bound): [undef]:1194 Sat Jul 11 00:00:34 2015 UDPv4 link remote: 185.53.168.189:1194 Sat Jul 11 00:00:34 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:34 2015 TLS: Initial packet from 185.53.168.189:1194, sid=ffc4e6d1 9cd8ffa1 Sat Jul 11 00:00:34 2015 VERIFY ERROR: depth=1, error=certificate signature failure: /C=DE/ST=CA/L=Berlin/O=Hermein/OU=MyOrganizationalUnit/CN=Hermein_CA/name=EasyRSA/emailAddress=hermeiner@gmail.com Sat Jul 11 00:00:34 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Sat Jul 11 00:00:34 2015 TLS Error: TLS object -> incoming plaintext read error Sat Jul 11 00:00:34 2015 TLS Error: TLS handshake failed Sat Jul 11 00:00:34 2015 TCP/UDP: Closing socket Sat Jul 11 00:00:34 2015 SIGUSR1[soft,tls-error] received, process restarting Sat Jul 11 00:00:34 2015 Restart pause, 2 second(s) Sat Jul 11 00:00:36 2015 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Sat Jul 11 00:00:36 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sat Jul 11 00:00:36 2015 Re-using SSL/TLS context Sat Jul 11 00:00:36 2015 LZO compression initialized Sat Jul 11 00:00:36 2015 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Jul 11 00:00:36 2015 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sat Jul 11 00:00:36 2015 Local Options hash (VER=V4): '41690919' Sat Jul 11 00:00:36 2015 Expected Remote Options hash (VER=V4): '530fdded' Sat Jul 11 00:00:36 2015 UDPv4 link local (bound): [undef]:1194 Sat Jul 11 00:00:36 2015 UDPv4 link remote: 185.53.168.189:1194 Sat Jul 11 00:00:37 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_ACK_V1) Sat Jul 11 00:00:38 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:38 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:38 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:38 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:39 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:39 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_ACK_V1) Sat Jul 11 00:00:40 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:40 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:41 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:41 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_ACK_V1) Sat Jul 11 00:00:42 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:42 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:43 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:43 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_ACK_V1) Sat Jul 11 00:00:44 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:44 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_ACK_V1) Sat Jul 11 00:00:46 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:46 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_ACK_V1) Sat Jul 11 00:00:48 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:48 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_CONTROL_V1) Sat Jul 11 00:00:49 2015 TLS Error: Unroutable control packet received from 185.53.168.189:1194 (si=3 op=P_ACK_V1) Добавлено через 3 минуты Лог сервера: Код
Jul 10 21:00:16 vm1571 ovpn-server[1469]: 188.162.64.19:13862 TLS: new session incoming connection from [AF_INET]188.162.64.19:13862 Jul 10 21:01:11 vm1571 ovpn-server[1469]: 188.162.64.19:13862 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jul 10 21:01:11 vm1571 ovpn-server[1469]: 188.162.64.19:13862 TLS Error: TLS handshake failed Jul 10 21:01:11 vm1571 ovpn-server[1469]: 188.162.64.19:13862 SIGUSR1[soft,tls-error] received, client-instance restarting Jul 10 21:02:21 vm1571 ovpn-server[1469]: 188.162.64.19:13862 TLS: Initial packet from [AF_INET]188.162.64.19:13862, sid=f1f59c66 3c363432 Jul 10 21:02:24 vm1571 ovpn-server[1469]: 188.162.64.19:13862 TLS: new session incoming connection from [AF_INET]188.162.64.19:13862 Jul 10 21:02:26 vm1571 ovpn-server[1469]: 188.162.64.19:13862 TLS: new session incoming connection from [AF_INET]188.162.64.19:13862 Jul 10 21:03:21 vm1571 ovpn-server[1469]: 188.162.64.19:13862 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jul 10 21:03:21 vm1571 ovpn-server[1469]: 188.162.64.19:13862 TLS Error: TLS handshake failed Jul 10 21:03:21 vm1571 ovpn-server[1469]: 188.162.64.19:13862 SIGUSR1[soft,tls-error] received, client-instance restarting Jul 10 21:00:17 vm1571 console-kit-daemon[1296]: GLib-CRITICAL: Source ID 2091 was not found when attempting to remove it Jul 10 21:04:07 vm1571 console-kit-daemon[1296]: GLib-CRITICAL: Source ID 2139 was not found when attempting to remove it Jul 10 21:09:01 vm1571 CRON[1759]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)) Jul 10 21:16:22 vm1571 ovpn-server[1469]: 188.162.64.19:14914 TLS: Initial packet from [AF_INET]188.162.64.19:14914, sid=ac434471 40194630 Jul 10 21:16:24 vm1571 ovpn-server[1469]: 188.162.64.19:14914 TLS: new session incoming connection from [AF_INET]188.162.64.19:14914 Jul 10 21:17:01 vm1571 CRON[1825]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Jul 10 21:17:16 vm1571 ovpn-server[1469]: message repeated 2 times: [ 188.162.64.19:14914 TLS: new session incoming connection from [AF_INET]188.162.64.19:14914] Jul 10 21:17:22 vm1571 ovpn-server[1469]: 188.162.64.19:14914 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jul 10 21:17:22 vm1571 ovpn-server[1469]: 188.162.64.19:14914 TLS Error: TLS handshake failed Jul 10 21:17:22 vm1571 ovpn-server[1469]: 188.162.64.19:14914 SIGUSR1[soft,tls-error] received, client-instance restarting Jul 10 21:17:23 vm1571 ovpn-server[1469]: 188.162.64.19:14914 TLS: Initial packet from [AF_INET]188.162.64.19:14914, sid=00b8c26c 927464a7 Jul 10 21:17:26 vm1571 ovpn-server[1469]: 188.162.64.19:14914 TLS: new session incoming connection from [AF_INET]188.162.64.19:14914 Jul 10 21:17:29 vm1571 ovpn-server[1469]: 188.162.64.19:14914 TLS: new session incoming connection from [AF_INET]188.162.64.19:14914 Jul 10 21:18:23 vm1571 ovpn-server[1469]: 188.162.64.19:14914 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jul 10 21:18:23 vm1571 ovpn-server[1469]: 188.162.64.19:14914 TLS Error: TLS handshake failed Jul 10 21:18:23 vm1571 ovpn-server[1469]: 188.162.64.19:14914 SIGUSR1[soft,tls-error] received, client-instance restarting все решилось установкой другого клиента openvpn, но теперь новая проблема: доступен только мой сервер, остальные сайты не открываются Добавлено через 13 часов 44 минуты В общем поставил Pritunl В настройках сервера ставим Only VPN В настройках клиента добавляем redirect-gateway Статья на хабре
0
|
11.07.2015, 16:16 | |
Ответы с готовыми решениями:
0
Настройка Openvpn NAT и openvpn Openvpn and iptables Не работает OpenVPN на некоторых ПК |
11.07.2015, 16:16 | |
11.07.2015, 16:16 | |
Помогаю со студенческими работами здесь
1
Не работает интернет после подключения OpenVpn Openvpn + Webmin OpenVPN admin Openvpn OpenVPN Искать еще темы с ответами Или воспользуйтесь поиском по форуму: |