OpenVPN auf Linux Vserver , Routing - Verbindungs Problem.

Einrichten des lokalen Netzes, Verbindung zu anderen Computern und Diensten.
Antworten
Benutzeravatar
h4ppy
Beiträge: 51
Registriert: 03.06.2004 19:14:35
Lizenz eigener Beiträge: MIT Lizenz
Wohnort: Swiss

OpenVPN auf Linux Vserver , Routing - Verbindungs Problem.

Beitrag von h4ppy » 03.03.2011 01:01:59

So Freunde, ich habe da folgendes Problem:
Habe auf dem Vserver mit Anleitung http://linux-vserver.org/Frequently_Ask ... a_guest.3F ein OpenVpn erstellt. soweit so gut.
Problem: Client ist Verbunden aber kann den VPN Server oder Andere Clients nicht sehen.
HOST SYSTEM:

Code: Alles auswählen

tun16     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
sicherheits halber habe ich noch eingetragen

Code: Alles auswählen

# iptables -t nat -A POSTROUTING -o tun16 -j MASQUERADE
# echo 1 > /proc/sys/net/ipv4/ip_forward
Auf dem GAST der OpenVPN server

Code: Alles auswählen

#server.conf 
ifconfig-noexec
route-noexec
client-to-client
server 10.8.0.0 255.255.255.0
port 1194 
proto udp 
dev tun16

ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem

comp-lzo
persist-key
persist-tun

client-config-dir   /etc/openvpn/ccd

push "route-gateway 10.8.0.1"
keepalive 10 160
verb 3
und der Client:

Code: Alles auswählen

client
remote  xxx.xxx.com 1194 

# route 10.8.0.1 netmask 255.255.255.0
#txqueuelen 100
# route-noexec

proto udp 
dev tap 

ca /etc/openvpn/ca.crt
cert /etc/openvpn/ted.crt
key /etc/openvpn/ted.key
                                                                         
comp-lzo                                                                                                                                                 
#float                                                                                                                                                                           
verb 3
ping 10
ping-restart 180 
ping-timer-rem
So bis jetzt alle schön , nun die verbindung:
LOG SERVER SEITE:

Code: Alles auswählen

#openvpn /etc/openvpn/server.conf 
Thu Mar  3 00:43:27 2011 OpenVPN 2.1_rc11 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Thu Mar  3 00:43:27 2011 Diffie-Hellman initialized with 1024 bit key
Thu Mar  3 00:43:27 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Thu Mar  3 00:43:27 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar  3 00:43:27 2011 ROUTE default_gateway=78.46.X.X
Thu Mar  3 00:43:27 2011 TUN/TAP device tun16 opened
Thu Mar  3 00:43:27 2011 Note: Cannot set tx queue length on tun16: Operation not permitted (errno=1)
Thu Mar  3 00:43:27 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Mar  3 00:43:27 2011 Socket Buffers: R=[124928->131072] S=[124928->131072]
Thu Mar  3 00:43:27 2011 UDPv4 link local (bound): [undef]:1194
Thu Mar  3 00:43:27 2011 UDPv4 link remote: [undef]
Thu Mar  3 00:43:27 2011 MULTI: multi_init called, r=256 v=256
Thu Mar  3 00:43:27 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Thu Mar  3 00:43:27 2011 Initialization Sequence Completed
Thu Mar  3 00:43:36 2011 MULTI: multi_create_instance called
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 Re-using SSL/TLS context
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 LZO compression initialized
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 Local Options hash (VER=V4): '530fdded'
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 Expected Remote Options hash (VER=V4): '41690919'
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 TLS: Initial packet from 84.72.130.59:1194, sid=000e49f4 7c124b25
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 VERIFY OK: depth=1, /C=CH/ST=XXXX/L=XXXX/O=XXXX_AG/OU=IT/CN=xxx.xxx.com/emailAddress=admin@xxx.com
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 VERIFY OK: depth=0, /C=CH/ST=XXXX/L=XXXX/O=XXXX_AG/O=XXX/CN=ted/emailAddress=xxx@xxx.com
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Mar  3 00:43:36 2011 84.72.130.59:1194 [ted] Peer Connection Initiated with 84.72.130.59:1194
Thu Mar  3 00:43:36 2011 ted/84.72.130.59:1194 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/ted
Thu Mar  3 00:43:36 2011 ted/84.72.130.59:1194 MULTI: Learn: 10.8.0.19 -> ted/84.72.130.59:1194
Thu Mar  3 00:43:36 2011 ted/84.72.130.59:1194 MULTI: primary virtual IP for ted/84.72.130.59:1194: 10.8.0.19
Thu Mar  3 00:43:39 2011 ted/84.72.130.59:1194 PUSH: Received control message: 'PUSH_REQUEST'
Thu Mar  3 00:43:39 2011 ted/84.72.130.59:1194 SENT CONTROL [ted]: 'PUSH_REPLY,route-gateway 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 160,ifconfig 10.8.0.19 255.255.255.0' (status=1)
UND CLIENT LOG

Code: Alles auswählen

root@ted:/etc/openvpn# openvpn /etc/openvpn/client.conf
Thu Mar  3 00:42:54 2011 OpenVPN 2.1.3 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 22 2010
Thu Mar  3 00:42:54 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Mar  3 00:42:54 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Mar  3 00:42:54 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Thu Mar  3 00:42:54 2011 LZO compression initialized
Thu Mar  3 00:42:54 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Mar  3 00:42:54 2011 Socket Buffers: R=[124928->131072] S=[124928->131072]
Thu Mar  3 00:42:54 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Mar  3 00:42:54 2011 Local Options hash (VER=V4): 'd79ca330'
Thu Mar  3 00:42:54 2011 Expected Remote Options hash (VER=V4): 'f7df56b8'
Thu Mar  3 00:42:54 2011 UDPv4 link local (bound): [undef]
Thu Mar  3 00:42:54 2011 UDPv4 link remote: [AF_INET]78.46.XXX.XXX:1194
Thu Mar  3 00:42:54 2011 TLS: Initial packet from [AF_INET]78.46.XXX.XXX:1194, sid=8d88737a 2ff8cd43
Thu Mar  3 00:42:54 2011 VERIFY OK: depth=1, /C=CH/ST=XXXXXX/L=XXXX/O=XXXX_AG/OU=IT/CN=xxx.xxx.com/emailAddress=admin@xxx.com
Thu Mar  3 00:42:54 2011 VERIFY OK: nsCertType=SERVER
Thu Mar  3 00:42:54 2011 VERIFY OK: depth=0, /C=CH/ST=XXXXXX/L=XXXX/O=XXXX_AG/OU=IT/CN=xxx.xxx.com/emailAddress=admin@xxx.com
Thu Mar  3 00:42:54 2011 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Thu Mar  3 00:42:54 2011 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Thu Mar  3 00:42:54 2011 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Thu Mar  3 00:42:54 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Mar  3 00:42:54 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar  3 00:42:54 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Mar  3 00:42:54 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar  3 00:42:54 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Mar  3 00:42:54 2011 [xxx.xxx.com] Peer Connection Initiated with [AF_INET]78.46.XX.XXX:1194
Thu Mar  3 00:42:57 2011 SENT CONTROL [xxx.xxx.xxx]: 'PUSH_REQUEST' (status=1)
Thu Mar  3 00:42:57 2011 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 160,ifconfig 10.8.0.19 255.255.255.0'
Thu Mar  3 00:42:57 2011 OPTIONS IMPORT: timers and/or timeouts modified
Thu Mar  3 00:42:57 2011 OPTIONS IMPORT: --ifconfig/up options modified
Thu Mar  3 00:42:57 2011 OPTIONS IMPORT: route options modified
Thu Mar  3 00:42:57 2011 OPTIONS IMPORT: route-related options modified
Thu Mar  3 00:42:57 2011 ROUTE default_gateway=192.168.9.1
Thu Mar  3 00:42:57 2011 TUN/TAP device tap0 opened
Thu Mar  3 00:42:57 2011 TUN/TAP TX queue length set to 100
Thu Mar  3 00:42:57 2011 /sbin/ifconfig tap0 10.8.0.19 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Thu Mar  3 00:42:57 2011 OpenVPN ROUTE: omitted no-op route: 10.8.0.1/255.255.255.255 -> 10.8.0.1
Thu Mar  3 00:42:57 2011 Initialization Sequence Completed
Der client bekommt IP , alles wunderbar, kann aber den Server oder andere cleints nicht im VPN nicht Pingen oder zu denen Verbinden, wo ist das Problem?
Hat vieleich so eine constalation am Start und config zu hand?

PS:Ohne Vserver bekomme funktioniert alles wunderbar.Aber es is mir wichtig das es auf dem Vsever rennt.
Debian 7 + KDE
In der Kürze liegt die Würze - Wer Fehler findet, darf sie behalten.
Nach oben
Benutzeravatar
HelsAett
Beiträge: 749
Registriert: 18.03.2003 18:25:00

Re: OpenVPN auf Linux Vserver , Routing - Verbindungs Proble

Beitrag von HelsAett » 04.03.2011 08:12:10

hast du mal deine Route geprüft, bin kein Fachmann in Sachen Netzwerk aber

Client Log

Code: Alles auswählen

Thu Mar  3 00:42:57 2011 /sbin/ifconfig tap0 10.8.0.19 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Thu Mar  3 00:42:57 2011 OpenVPN ROUTE: omitted no-op route: 10.8.0.1/255.255.255.255 -> 10.8.0.1
255.255.255.255 wenn der Rest alles 255.255.255.0 ist
Nach oben
Antworten

Zurück zu „Netzwerk“