[問題] openVPN client [windows] 設定

Discussion:

(时间太久无法回复)

非常念舊

2014-11-02 09:38:12 UTC

一直失敗..

我的 server 架在 ubuntu 環境， client 使用在 windows環境

然後 windows 是 64 位元，感覺 for windows 64 bit 的 openVPN怪怪的..

我 server.conf 裡是設定 dev tun ， windows 安裝 openVPN 時，也會安裝

TAP-Windows Adapter V9 這虛擬網卡，那我這樣 client.ovpn 裡到底是要

給他設定 dev tun 還是　device node pvpn2(TAP-Windows Adapter類型)？

而我到變更介面卡設定查看　pvpn2 這張網卡說沒有插網路電纜，這又是怎回事阿？

我的目的是希望連到 ip 172.16.51.14 的 vpn server，以下是我的 server.conf

和 client.conf，希望有經驗前輩指點我一下，謝謝。

=========================================================================

local 172.16.51.14
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
a /etc/openvpn/ca.crt
cert /etc/openvpn/openVPN_server.crt
key /etc/openvpn/openVPN_server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 8.8.8.8"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20

============================================================================

client
dev tun
dev-node pvpn2
proto udp
remote 172.16.51.14 1194
resolv-retry infinite
nobind

persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key

;auth-user-pass
ns-cert-type server

;tls-auth tls.key 1
comp-lzo
verb 3

--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 61.220.220.235
※ 文章網址: http://www.ptt.cc/bbs/Linux/M.1414921093.A.9FE.html

非常念舊

2014-11-03 06:05:06 UTC

Permalink

OK 我用下命令的可以連線成功了

但是我用 webmin 的 openVPN模組有點疑問

http://ppt.cc/fpHB

在 New VPN Server with symmetrical key 這步不太會填

我知道在 client 的　remote 填我要登入的 server ip (172.16.51.14)

那 server 的 remote 是要填甚麼....?

ifconfig(Transport network) local:__________ peer:__________

又該怎麼填呢..?

這和我上ㄧ篇的 server.conf 設定不太同，謝謝。

--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 60.251.223.31
※ 文章網址: http://www.ptt.cc/bbs/Linux/M.1414994707.A.3A8.html

非常念舊

2014-11-03 10:00:00 UTC

Permalink

OK 終於是可以連線了

但連線無法持久，狀況是這樣:

如果我啟動 server , /etc/init.d/openvpn start， tun0 會出來都沒事

如果我用 client 端連上去，馬上，server端的 tun0 消失，

我必須要重新啟動 openvpn server，才可以連。請問有人遭遇這問題過嗎?

謝謝。以下是連線log:

Tue Nov 04 17:59:09 2014 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Oct 28 2014
Tue Nov 04 17:59:09 2014 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
Enter Management Password:
Tue Nov 04 17:59:10 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 04 17:59:10 2014 UDPv4 link local: [undef]
Tue Nov 04 17:59:10 2014 UDPv4 link remote: [AF_INET]172.16.51.14:1194
Tue Nov 04 17:59:10 2014 VERIFY OK: depth=1, C=TW, ST=Taiwan, L=Taoyuan, O=Tailyn, emailAddress=***@tailyn.com.tw
Tue Nov 04 17:59:10 2014 VERIFY OK: depth=0, C=TW, ST=Taiwan, L=Taoyuan, O=Tailyn, OU=Office, CN=vpn_server, emailAddress=***@tailyn.com.tw
Tue Nov 04 17:59:10 2014 Data Channel Encrypt: Cipher 'DES-CFB' initialized with 64 bit key
Tue Nov 04 17:59:10 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 04 17:59:10 2014 Data Channel Decrypt: Cipher 'DES-CFB' initialized with 64 bit key
Tue Nov 04 17:59:10 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 04 17:59:10 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Nov 04 17:59:10 2014 [vpn_server] Peer Connection Initiated with [AF_INET]172.16.51.14:1194
Tue Nov 04 17:59:12 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Nov 04 17:59:12 2014 open_tun, tt->ipv6=0
Tue Nov 04 17:59:12 2014 TAP-WIN32 device [pvpn] opened: \\.\Global\{674C1CBE-94F5-467D-90DC-40154685D8AD}.tap
Tue Nov 04 17:59:12 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {674C1CBE-94F5-467D-90DC-40154685D8AD} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Nov 04 17:59:12 2014 Successful ARP Flush on interface [26] {674C1CBE-94F5-467D-90DC-40154685D8AD}
Tue Nov 04 17:59:17 2014 Initialization Sequence Completed
Tue Nov 04 17:59:24 2014 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Nov 04 17:59:24 2014 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Nov 04 17:59:24 2014 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Nov 04 17:59:24 2014 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Nov 04 17:59:24 2014 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Tue Nov 04 17:59:24 2014 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 122.146.76.147
※ 文章網址: http://www.ptt.cc/bbs/Linux/M.1415008419.A.12A.html
※ 編輯: gn00618777 (122.146.76.147), 11/03/2014 17:59:59

非常念舊

2014-11-04 02:36:32 UTC

Permalink

想測試 client 連線, server ip位址 172.16.51.14, tun0 位址: 10.8.0.1

client 連上server之後，獲得ip位址 10.8.0.6，並做以下測試。

client 端自己 ping 10.8.0.6 ----> 可以

client 端 ping 遠端的 server(10.8.0.1) -----> 不能

　 client 端 ping 遠端的 client2 ----> 不能

請問我該怎麼去設定呢? 謝謝。以下為 server.conf
================================================================

local 172.16.51.14
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/openVPN_server.crt
key /etc/openvpn/openVPN_server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
client-to-client
persist-key
persist-tun
status openvpn-status.log
verb 3:

另外我的 iptables 該如何設定? 謝謝。

--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 118.163.147.121
※ 文章網址: http://www.ptt.cc/bbs/Linux/M.1415067965.A.46C.html
[1;31m→ [33mdearlove[m[33m: 要允許input和forward [m 11/04 10:31
※ 編輯: gn00618777 (61.220.220.235), 11/04/2014 10:36:30