Óñòàíîâêà OpenVPN â îñíîâíóþ ïàìÿòü äëÿ ÍÎÂÈ×ÊÎÂ

**Dayran** · 16-03-2010, 18:02

Íàñòðîèë âñ¸ êàê íàïèñàíî â ïåðâîì ïîñòå, çà èñêëþ÷åíèåì òîãî, ÷òî óñòàíîâèë âñ¸ íà âèíò. Ê ñåðâåðó â âèíäå ïîëó÷àåòñÿ ïðèêîíåêòèòñÿ, íî âîò èíåò ïðè ýòîì íå ðàáîòàåò. Ñòðàíèöû îòêðûâàþòñÿ ÷åðåç îäíó, à àñüêà âîîáùå íå ðàáîòàåò. Ïîðò ÿ óêàçàë äðóãîé(íå 5190). Â ÷¸ì ìîæåò áûòü ïðîáëåìà?

**Dayran** · 23-03-2010, 08:16

Îïÿòü âñ¸ ïðîâåðèë-ïåðïðîâåðèë, ïðîáëåìà îñòà¸òñÿ. Ê ðîóòåðó êîííåêò åñòü, íî èíòåðíåòà ïðè ýòîì íåò. Âîò ëîãè:

Tue Mar 23 12:43:06 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Mar 23 12:43:06 2010 TAP-WIN32 device [tun0] opened: \\.\Global\{C7DDBED2-6ECF-4E93-A5F6-925EBA959AD2}.tap
Tue Mar 23 12:43:06 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.252 on interface {C7DDBED2-6ECF-4E93-A5F6-925EBA959AD2} [DHCP-serv: 10.8.0.1, lease-time: 31536000]
Tue Mar 23 12:43:06 2010 Successful ARP Flush on interface [14] {C7DDBED2-6ECF-4E93-A5F6-925EBA959AD2}
Tue Mar 23 12:43:06 2010 Attempting to establish TCP connection with 77.221.194.254:50190
Tue Mar 23 12:43:06 2010 TCP connection established with 77.221.194.254:50190
Tue Mar 23 12:43:06 2010 TCPv4_CLIENT link local: [undef]
Tue Mar 23 12:43:06 2010 TCPv4_CLIENT link remote: 77.221.194.254:50190
Tue Mar 23 12:43:16 2010 Peer Connection Initiated with 77.221.194.254:50190
Tue Mar 23 12:43:17 2010 ROUTE: route addition failed using CreateIpForwardEntry: Íåâåðíû îäèí èëè íåñêîëüêî àðãóìåíòîâ. [if_index=11]
Tue Mar 23 12:43:17 2010 ROUTE: route addition failed using CreateIpForwardEntry: Íåâåðíû îäèí èëè íåñêîëüêî àðãóìåíòîâ. [if_index=14]
Tue Mar 23 12:43:17 2010 Initialization Sequence Completed

**Power** · 23-03-2010, 13:07

Originally Posted by Dayran

Îïÿòü âñ¸ ïðîâåðèë-ïåðïðîâåðèë, ïðîáëåìà îñòà¸òñÿ. Ê ðîóòåðó êîííåêò åñòü, íî èíòåðíåòà ïðè ýòîì íåò. Âîò ëîãè:

Âèäèìî, ïðîáëåìà â ýòîì:

Code:

Tue Mar 23 12:43:17 2010 ROUTE: route addition failed using CreateIpForwardEntry: Íåâåðíû îäèí èëè íåñêîëüêî àðãóìåíòîâ. [if_index=11]
Tue Mar 23 12:43:17 2010 ROUTE: route addition failed using CreateIpForwardEntry: Íåâåðíû îäèí èëè íåñêîëüêî àðãóìåíòîâ. [if_index=14]

×òî-òî íå òàê ñ ìàðøðóòàìè. Íóæíî óâèäåòü êîíêðåòíûå íàñòðîéêè êëèåíòà è ñåðâåðà.

**Dayran** · 23-03-2010, 14:28

client.ovpn íà êîìïå:

remote 77.221.194.254
dev tun0
port 50190
proto tcp-client
ifconfig 10.8.0.2 10.8.0.1
secret static.key
redirect-gateway

server.conf íà ðîóòåðå:

dev tun0
port 50190
proto tcp-server
ifconfig 10.8.0.1 10.8.0.2
secret static.key

**Power** · 23-03-2010, 16:56

Originally Posted by Dayran

client.ovpn íà êîìïå:

server.conf íà ðîóòåðå:

Ïîïðîáóéòå äîáàâèòü â client.ovpn

Code:

route-method exe

**nvsport** · 18-04-2010, 19:22

Âîîáùåì âñå íàñòðîèë êàê â ïåðâîì ïîñòå,íî íè÷åãî íå ðàáîòàåò íå õî÷åò êîííåêòèòñÿ è âñå! â ëîãàõ ïèøåò âîò ýòî

Code:

Jan  1 06:00:18 rc.unslung: start service /opt/etc/init.d/S20openvpn
Jan  1 06:00:19 kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
Jan  1 06:00:19 kernel: devfs_register(net/tun): could not append to parent, err: -17
Jan  1 06:00:19 rc.unslung: start service /opt/etc/init.d/S24openvpn
Jan  1 06:00:59 dropbear[196]: Child connection from ::ffff:192.168.1.2:3673
Jan  1 06:01:25 dropbear[196]: password auth succeeded for 'root' from ::ffff:192.168.1.2:3673
Jan  1 06:02:16 dnsmasq[77]: DHCPREQUEST(br0) 192.168.1.2 00:1f:d0:22:1c:55

**nvsport** · 20-04-2010, 07:20

Âñå ðàáîòàåò ðåáÿò,ñîâåòóþ íå ïîëüçîâàòñÿ wgetîì,áðàë êëþ÷ ñ http íå ïðàâèëüíî

**asdlsd** · 23-04-2010, 20:03

Originally Posted by JipJip

Îê. Ïî ïîâîäó èñïûòàíèé èñõîäÿùåãî òðàôèêà ñ ðîóòåðà ïåðåõîäèì â ëè÷êó, ÿ ïîñòàðàþñü èëè ñàì çàìåðèòü (íàïð çàéäó òóäà ïî ssh, ñ ñàìîãî ðîóòåðà ïîäêëþ÷þñü íà ëþáîé âíåøèé ftp è çàêà÷àþ íà íåãî òåñòîâûé ôàéë ) èëè ïîäíÿòü è îòêðûòü äîñòóï ê ftp/http.
Íî ÷òî äåëàòü ñ âõîäÿùèì îò óä. êëèåíòà íà ðîóòåð (ADSL ìîäåì) ñ ó÷åòîì ÷òî íà óä. êëèåíòå íå ADSL ?

×òî òàì ïîëó÷èëîñü ó âàñ??? ó ìåíÿ ïðîâ Yota (íà ðîóòåðå ñòîèò êëèåíò) ñêîðîñòü ïî òóíóëþ íà ïðèåì 140êáàéò/ñåê (ïðè udp) è 40 êáàéò (ïðè tcp). Òàê ñêîðîñòü ïîðÿäêà 5-6 ìáèò/ñåê. Ïî÷åìó ðåæåòñÿ íåïîíÿòíî...

**Venberg** · 01-05-2010, 22:37

Íåîáõîäèìî íîâàÿ áèáëèîòåêà openssl
Â òåêóùåé âåðñèè áàíàëüíî íå ïîääåðæèâàåòñÿ SHA512. À ó ìåíÿ âñÿ ñåòü ñ SHA512 ïîñëå ïðîøëîãîäíèõ ïðîáëåì ñî ñòîéêîñòüþ SHA-1

**Venberg** · 02-05-2010, 00:27

Ñòîëêíóëñÿ ñî ñëåäóþùåé ïðîáëåìîé.
Ñóùåñòâóþùèé openssl íå ïîääåðæèâàåò hash àëãîðèòì SHA512. Î÷åíü íóæíà âåðñèÿ îò ïðîøëîãî ãîäà.
Ïûòàëñÿ ñîáðàòü ñðåäó óñòàíîâêè, íî äëÿ Centos íå îêàçàëîñü ìíîãèõ êîìïîíåíò.
Ìîæåò ó êîãî åñòü âîçìîæíîñòü ñîáðàòü áîëåå íîâûé openssl?

Çàðàíåå îãðîìíîå ñïàñèáî.

**Venberg** · 02-05-2010, 00:38

Ïîõîæå íóæåí openssl 0.9.8 îò ïðîøëîãî ãîäà.

**vectorm** · 02-05-2010, 15:43

Originally Posted by Venberg

Ïîõîæå íóæåí openssl 0.9.8 îò ïðîøëîãî ãîäà.

Åùå 1 áåññìûñëåííûé ïîâòîð - è RO íà íåäåëþ ìèíèìóì. Óâàæàéòå äðóãèõ.

**Warcan** · 20-07-2010, 13:19

Ïðèâåòñòâóþ âñåõ!!!
Ó ìåíÿ âîçíèêëà ïðîáëåìà ïåðåñòàë çàïóñêàòüñÿ openvpn ñåðâåð. Âîáøåì ïðîáëåìà ïîìîåìó ñâÿçàíà ñ èíòåðôåéñîì tun. Åñëè ÿ ïûòàþñü çàïóñòèòü âðó÷íóþ ïîëó÷àþ ñëåäóþùåå ñîîáùåíèå.
insmod: a module named tun already exists
Íó è äî êó÷è ifconfig tun0 down/up âèæó âîò ýòî ifconfig: SIOCGIFFLAGS: No such device. Íà ñêîëüêî ÿ ïîíèìàþ ýòî ãîâîðèò î òîì ÷òî ýòîãî èíòåðôåéñà íåò. Õîòÿ /dev/net åñòü tun. åñòåñòâåííî ñîçäàòü íîâûé ÿ íå ìîãó. Òàê âîò íå ïîäñêàæèòå êàê ìíå åãî óäàëèòü è ñîçäàòü çàíîâî?

**gera_b** · 23-07-2010, 02:16

Порядочно замучался. Помогите.
Нет рутинга от одной клиентской подсети к другой. Есть только к той, что за сервером.
Перелопатил все ветки по OpenVPN этого форума и многих других. Все решения не заработали. Кажется где-то накосячил, но не могу найти где.

Дано:
LAN1 10.1.71.0
LAN2 10.1.81.0
LAN3 10.1.72.0
VPN 10.8.0.0

Маршрут:
LAN2,3-VPN-LAN1 — работают ОК.

Code:

LAN3$ traceroute 10.1.71.43
traceroute to 10.1.71.43 (10.1.71.43), 30 hops max, 38 byte packets
 1  10.8.0.1 (10.8.0.1)  148.840 ms  145.418 ms  124.843 ms
 2  10.1.71.43 (10.1.71.43)  142.809 ms  149.498 ms  134.865 ms

Маршрут:
LAN3-VPN-LAN2 и в обратную сторону не работает.

Code:

LAN3$ traceroute 10.1.81.42
traceroute to 10.1.81.42 (10.1.81.42), 30 hops max, 38 byte packets
 1  10.8.0.10 (10.8.0.10)  241.257 ms  220.434 ms  221.801 ms
 2  10.8.0.10 (10.8.0.10)  237.806 ms  238.527 ms  258.845 ms

Конфиг сервера:

Code:

port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/gw.crt
key /usr/local/etc/openvpn/keys/gw.key  # This file should be kept secret
dh /usr/local/etc/openvpn/keys/dh1024.pem
tls-server
server 10.8.0.0 255.255.255.0
push "route 10.1.71.0 255.255.255.0"
push "route 10.1.72.0 255.255.255.0"
push "route 10.1.81.0 255.255.255.0"
client-config-dir /usr/local/etc/openvpn/ccd/
route 10.1.81.0 255.255.255.0
route 10.1.72.0 255.255.255.0
route 10.8.0.0 255.255.255.0
client-to-client
keepalive 10 120
tls-auth /usr/local/etc/openvpn/keys/ta.key 0 # This file is secret
cipher AES-128-CBC   # AES
comp-lzo
max-clients 10
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
crl-verify crl.pem

Клиентский конфиг:

Code:

client
dev tun
proto udp
remote {VPN} 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ./keys/ca.crt
cert ./keys/gw2.crt
key ./keys/gw2.key
tls-auth ./keys/ta.key 1
cipher AES-128-CBC
comp-lzo
verb 3

ccd. Файл "gw2":

Code:

iroute 10.1.81.0 255.255.255.0

LAN 3:

Code:

$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
xx.255.77.16    0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
10.8.0.13       0.0.0.0         255.255.255.255 UH        0 0          0 tun0
10.8.0.0        10.8.0.13       255.255.255.0   UG        0 0          0 tun0
10.1.72.0       10.8.0.13       255.255.255.0   UG        0 0          0 tun0
10.1.71.0       10.8.0.13       255.255.255.0   UG        0 0          0 tun0
10.1.81.0       10.8.0.13       255.255.255.0   UG        0 0          0 tun0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         xx.255.77.16    0.0.0.0         UG        0 0          0 ppp0

LAN 2:

Code:

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            x.x.164.57      UGS         0     5644    re0
10.1.71.0/24       link#2             UC          0        0    re1
10.1.71.255        ff:ff:ff:ff:ff:ff  UHLWb       1       56    re1
10.1.72.0/24       10.8.0.2           UGS         0       11   tun0
10.1.81.0/24       10.8.0.2           UGS         0        0   tun0
10.8.0.0/24        10.8.0.2           UGS         0        1   tun0
10.8.0.2           10.8.0.1           UH          3        0   tun0
x.x.164.56/30   link#1             UC          0        0    re0
127.0.0.1          127.0.0.1          UH          0      809    lo0

LAN 1:

Code:

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            x.x.164.57      UGS         0     7278    re0
10.1.71.0/24       link#2             UC          0        0    re1
10.1.71.255        ff:ff:ff:ff:ff:ff  UHLWb       1       58    re1
10.1.72.0/24       10.8.0.2           UGS         0       11   tun0
10.1.81.0/24       10.8.0.2           UGS         0        0   tun0
10.8.0.0/24        10.8.0.2           UGS         0        1   tun0
10.8.0.2           10.8.0.1           UH          3        0   tun0
x.x.164.56/30   link#1             UC          0        0    re0
127.0.0.1          127.0.0.1          UH          0      915    lo0

Помогите, пожалуйста. Больше некого попросить.

**cobain** · 20-08-2010, 13:30

Ñèòóàöèÿ. Ïðîâàéäåð äà¸ò íà ðîóòåð èíòåðíåò ÷åðåç pptp.
+åñòü ïðîâàéäåðñêàÿ ëîêàëêà 10.0.0.0/255.0.0.0
+åñòü äîìàøíÿÿ ñåòü 192.168.1.0/255.255.255.0
Âîïðîñ. Íóæíî íà ðîóòåðå ñîçäàòü ñîåäèíåíèå ñ OpenVPN ñåðâèñîì ÷òîáû ÷åðåç íåãî ëàçèòü ïî èíåòó.

Óñòàíîâèë ïàêåò openvpn. Ñîçäàë êîíôèã
openvpn-client.conf (çàò¸ð èìÿ ñåðâåðà)

Code:

dev tun
client
proto tcp-client
remote vpnserver.xxx 443
cd /opt/etc/openvpn
ca swissvpn.crt
auth-user-pass file_with_pass
reneg-sec 86400
ns-cert-type server

Ïîäêëþ÷åíèå è àóòåíòèôèêàöèÿ ïðîõîäÿò íîðìàëüíî.
Äàëåå íå óäàþòñÿ íàñòðîèòü ðîóòèíã è ïîäêëþ÷åíèå îáðûâàåòñÿ. Ëîã openvpn:

Code:

...
[server] Peer Connection Initiated with 80.254.79.101:443
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 80.254.79.157,dhcp-option DNS 80.254.77.39,route-gateway 93.94.245.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 93.94.245.121 255.255.255.128'
ROUTE default_gateway=169.254.250.32
TUN/TAP device tun0 opened
TUN/TAP TX queue length set to 100
/sbin/ifconfig tun0 93.94.245.121 netmask 255.255.255.128 mtu 1500 broadcast 93.94.245.127
/sbin/route add -net 80.254.79.101 netmask 255.255.255.255 gw 169.254.250.32
route: SIOCADDRT: Network is unreachable
ERROR: Linux route add command failed: external program exited with error status: 1
/sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 93.94.245.1
/sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 93.94.245.1
Initialization Sequence Completed

÷åðåç ìèíóòó
[server] Inactivity timeout (--ping-restart), restarting
...

èíòåðôåéñû èìåþò ñëåäóþùèå ïàðàìåòðû

Code:

br0       inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
vlan1     inet addr:10.33.18.224  Bcast:10.33.19.255  Mask:255.255.254.0
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:84.51.94.14  P-t-P:169.254.250.34  Mask:255.255.255.255

êîãäà ïîäíèìàåòñÿ tun0

Code:

tun0      inet addr:93.94.245.98  P-t-P:93.94.245.98  Mask:255.255.255.128

Òàáëèöà ðîóòèíãà

Code:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.34       10.33.18.1      255.255.255.255 UGH   0      0        0 vlan1
10.0.0.185      10.33.18.1      255.255.255.255 UGH   1      0        0 vlan1
10.0.0.120      10.33.18.1      255.255.255.255 UGH   1      0        0 vlan1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.10.0    10.33.18.1      255.255.255.0   UG    0      0        0 vlan1
10.33.18.0      0.0.0.0         255.255.254.0   U     0      0        0 vlan1
192.168.0.0     10.33.18.1      255.255.248.0   UG    0      0        0 vlan1
10.0.0.0        10.33.18.1      255.0.0.0       UG    0      0        0 vlan1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         169.254.250.34  0.0.0.0         UG    0      0        0 ppp0
0.0.0.0         10.33.18.1      0.0.0.0         UG    1      0        0 vlan

Ïîäñêàæèòå ïî÷åìó íå îòðàáàòûâàåò êîìàíäà
route add -net 80.254.79.101 netmask 255.255.255.255 gw 169.254.250.32
ïðè ñîçäàíèè openvpn ñîåäèíåíèÿ?

Thread: Óñòàíîâêà OpenVPN â îñíîâíóþ ïàìÿòü äëÿ ÍÎÂÈ×ÊÎÂ

Thread Tools

Display

Òðåòèé äåíü óæå êîëóïàþñü ïîìîãèò ðåáÿòà!!!

Íóæåí íîâûé OPENSSL äëÿ OPENVPN

Íå ðîóòèòñÿ openvpn êëèåíò

Similar Threads

FireFly ìåäèà-ñåðâåð äëÿ iTunes

Íå ïîëó÷àåòñÿ îòêðûòü 80 ïîðò

Óñòàíîâêà ïðîãðàìì äëÿ ÷àéíèêà (ñ âîçìîæíîñòüþ ìîäèôèêàöèè ñêðèïòîâ óñòàíîâêè)

Tags for this Thread

Posting Permissions