Bekomme keinen VPN-Gateway hin (OpenVPN)

Einrichten des lokalen Netzes, Verbindung zu anderen Computern und Diensten.
Antworten
vpnuser
Beiträge: 7
Registriert: 28.10.2007 23:28:58

Bekomme keinen VPN-Gateway hin (OpenVPN)

Beitrag von vpnuser » 28.10.2007 23:31:18

Hallo,

ich möchte auf einem Server einen VPN-Gateway installieren, mit dem man auch surfen kann. Nun wollte ich das ganze zu Hause erstmal per VMWare testen.

Habe dieses Tut nachgemacht:
http://openvpn-wiki.de/wiki//index.php/ ... etgateways

Also die VM wo auch der OpenVM Server (Linux) läuft hat die IP 192.168.0.74
(VMWare Bridged Netzwerkkarte mit Gateway zur Router-IP [192.168.0.100], Inetzugang funktioniert)

Die Client/Server Config entsprecht denen des Tuts. [mit ausnahme das ich tcp eingestellt habe]


Danach:

Code: Alles auswählen

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
Nunja verbinden kann ich mich problemlos...allerdings läuft mein Internettraffic nicht darüber...er versucht es zwar, allerdings bleibt das Internet tot...


Hier mal die Log nach dem verbinden vom server:

Code: Alles auswählen

debian:/etc/openvpn# openvpn --config /etc/openvpn/server.conf
Mon Oct 29 01:59:07 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jan 21 2007
Mon Oct 29 01:59:07 2007 Diffie-Hellman initialized with 1024 bit key
Mon Oct 29 01:59:07 2007 TLS-Auth MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Oct 29 01:59:07 2007 TUN/TAP device tun0 opened
Mon Oct 29 01:59:07 2007 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Mon Oct 29 01:59:07 2007 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Mon Oct 29 01:59:07 2007 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Mon Oct 29 01:59:07 2007 GID set to nogroup
Mon Oct 29 01:59:07 2007 UID set to nobody
Mon Oct 29 01:59:07 2007 Listening for incoming TCP connection on [undef]:1195
Mon Oct 29 01:59:07 2007 TCPv4_SERVER link local (bound): [undef]:1195
Mon Oct 29 01:59:07 2007 TCPv4_SERVER link remote: [undef]
Mon Oct 29 01:59:07 2007 MULTI: multi_init called, r=256 v=256
Mon Oct 29 01:59:07 2007 IFCONFIG POOL: base=10.8.0.4 size=62
Mon Oct 29 01:59:07 2007 IFCONFIG POOL LIST
Mon Oct 29 01:59:07 2007 XXX,10.8.0.4
Mon Oct 29 01:59:07 2007 MULTI: TCP INIT maxclients=1024 maxevents=1028
Mon Oct 29 01:59:07 2007 Initialization Sequence Completed
Mon Oct 29 01:59:13 2007 MULTI: multi_create_instance called
Mon Oct 29 01:59:13 2007 Re-using SSL/TLS context
Mon Oct 29 01:59:13 2007 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Oct 29 01:59:13 2007 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Mon Oct 29 01:59:13 2007 Local Options hash (VER=V4): '7e068940'
Mon Oct 29 01:59:13 2007 Expected Remote Options hash (VER=V4): 'db02a8f8'
Mon Oct 29 01:59:13 2007 TCP connection established with 192.168.0.1:12694
Mon Oct 29 01:59:13 2007 TCPv4_SERVER link local: [undef]
Mon Oct 29 01:59:13 2007 TCPv4_SERVER link remote: 192.168.0.1:12694
Mon Oct 29 01:59:13 2007 192.168.0.1:12694 TLS: Initial packet from 192.168.0.1:12694, sid=7e7f64e6 c56727a7
Mon Oct 29 01:59:14 2007 192.168.0.1:12694 VERIFY OK: depth=1, /C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Mon Oct 29 01:59:14 2007 192.168.0.1:12694 VERIFY OK: depth=0, /C=KG/ST=NA/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Mon Oct 29 01:59:14 2007 192.168.0.1:12694 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 29 01:59:14 2007 192.168.0.1:12694 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 29 01:59:14 2007 192.168.0.1:12694 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 29 01:59:14 2007 192.168.0.1:12694 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 29 01:59:14 2007 192.168.0.1:12694 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Oct 29 01:59:14 2007 192.168.0.1:12694 [XXX] Peer Connection Initiated with 192.168.0.1:12694
Mon Oct 29 01:59:14 2007 XXX/192.168.0.1:12694 MULTI: Learn: 10.8.0.6 -> XXX/192.168.0.1:12694
Mon Oct 29 01:59:14 2007 XXX/192.168.0.1:12694 MULTI: primary virtual IP for XXX/192.168.0.1:12694: 10.8.0.6
Mon Oct 29 01:59:15 2007 XXX/192.168.0.1:12694 PUSH: Received control message: 'PUSH_REQUEST'
Mon Oct 29 01:59:15 2007 XXX/192.168.0.1:12694 SENT CONTROL [XXX]: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Und hier mal ein Screenshot vom Netzwerkadapter, merkwürdig ist hier der Gateway .0.5....:

Bild

Ausgabe vom VPN Client:

Code: Alles auswählen

Sun Oct 28 23:57:54 2007 NOTE: --user option is not implemented on Windows
Sun Oct 28 23:57:54 2007 NOTE: --group option is not implemented on Windows
Sun Oct 28 23:57:54 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
Sun Oct 28 23:57:54 2007 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Oct 28 23:57:56 2007 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Oct 28 23:57:56 2007 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Sun Oct 28 23:57:56 2007 Local Options hash (VER=V4): 'db02a8f8'
Sun Oct 28 23:57:56 2007 Expected Remote Options hash (VER=V4): '7e068940'
Sun Oct 28 23:57:56 2007 Attempting to establish TCP connection with 192.168.0.74:1195
Sun Oct 28 23:57:56 2007 TCP connection established with 192.168.0.74:1195
Sun Oct 28 23:57:56 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Oct 28 23:57:56 2007 TCPv4_CLIENT link local: [undef]
Sun Oct 28 23:57:56 2007 TCPv4_CLIENT link remote: 192.168.0.74:1195
Sun Oct 28 23:57:56 2007 TLS: Initial packet from 192.168.0.74:1195, sid=527153af c5d4804f
Sun Oct 28 23:57:56 2007 VERIFY OK: depth=1, /C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Sun Oct 28 23:57:56 2007 VERIFY OK: depth=0, /C=KG/ST=NA/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Sun Oct 28 23:57:57 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 28 23:57:57 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 28 23:57:57 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 28 23:57:57 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 28 23:57:57 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Oct 28 23:57:57 2007 [XXX] Peer Connection Initiated with 192.168.0.74:1195
Sun Oct 28 23:57:58 2007 SENT CONTROL [XXX]: 'PUSH_REQUEST' (status=1)
Sun Oct 28 23:57:58 2007 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Oct 28 23:57:58 2007 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 28 23:57:58 2007 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 28 23:57:58 2007 OPTIONS IMPORT: route options modified
Sun Oct 28 23:57:58 2007 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{4F1FFE74-D233-4377-BEE6-AF7283FF0974}.tap
Sun Oct 28 23:57:58 2007 TAP-Win32 Driver Version 9.3 
Sun Oct 28 23:57:58 2007 TAP-Win32 MTU=1500
Sun Oct 28 23:57:58 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {4F1FFE74-D233-4377-BEE6-AF7283FF0974} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Oct 28 23:57:58 2007 Successful ARP Flush on interface [327685] {4F1FFE74-D233-4377-BEE6-AF7283FF0974}
Sun Oct 28 23:58:03 2007 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Oct 28 23:58:03 2007 route ADD 192.168.0.74 MASK 255.255.255.255 192.168.0.100
Sun Oct 28 23:58:03 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 23:58:03 2007 route ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Oct 28 23:58:03 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 23:58:03 2007 route ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Oct 28 23:58:03 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 23:58:03 2007 route ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Sun Oct 28 23:58:03 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 23:58:03 2007 Initialization Sequence Completed
Sun Oct 28 23:58:25 2007 write TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054)
Sun Oct 28 23:58:25 2007 Connection reset, restarting [-1]
Sun Oct 28 23:58:25 2007 TCP/UDP: Closing socket
Sun Oct 28 23:58:25 2007 SIGUSR1[soft,connection-reset] received, process restarting
Sun Oct 28 23:58:25 2007 Restart pause, 5 second(s)
Sun Oct 28 23:58:30 2007 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Oct 28 23:58:30 2007 Re-using SSL/TLS context
Sun Oct 28 23:58:30 2007 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Oct 28 23:58:30 2007 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Sun Oct 28 23:58:30 2007 Local Options hash (VER=V4): 'db02a8f8'
Sun Oct 28 23:58:30 2007 Expected Remote Options hash (VER=V4): '7e068940'
Sun Oct 28 23:58:30 2007 Attempting to establish TCP connection with 192.168.0.74:1195
Sun Oct 28 23:58:30 2007 TCP connection established with 192.168.0.74:1195
Sun Oct 28 23:58:30 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Oct 28 23:58:30 2007 TCPv4_CLIENT link local: [undef]
Sun Oct 28 23:58:30 2007 TCPv4_CLIENT link remote: 192.168.0.74:1195
Nach oben
Antworten

Zurück zu „Netzwerk“