Код: Выделить всё
error=certificate is not yet valid
Выведи во первых date, во вторых
Код: Выделить всё
# openssl x509 -in /usr/local/etc/openvpn/keys/server.crt -noout -text
Код: Выделить всё
error=certificate is not yet valid
Код: Выделить всё
# openssl x509 -in /usr/local/etc/openvpn/keys/server.crt -noout -text
Код: Выделить всё
Mon Nov 30 23:19:45 UTC 2009
Код: Выделить всё
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=KG, ST=NA, L=BISHKEK, O=server, OU=server, CN=server/emailAddress=me@myhost.mydomain
Validity
Not Before: Nov 30 19:54:02 2009 GMT
Not After : Nov 28 19:54:02 2019 GMT
Subject: C=KG, ST=NA, O=server, OU=server, CN=server/emailAddress=me@myhost.mydomain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:f1:ce:37:60:60:ac:8d:83:86:73:f9:85:ed:f7:
c7:f7:03:3d:47:f2:54:a9:05:25:51:fb:47:f1:ff:
74:bd:e3:4b:ce:c1:55:d4:81:87:7a:4d:6a:f7:25:
17:42:ea:2a:a4:ba:2d:87:4f:e1:68:20:52:fb:c3:
db:74:4c:2d:16:4b:80:a6:b9:53:c7:c1:cf:a5:69:
d6:5d:55:92:b9:3d:ce:9c:da:b9:c1:db:00:89:45:
60:02:d0:0e:85:05:c5:fc:9c:f4:2d:15:0b:db:74:
4a:3f:cb:b3:7a:41:55:e1:a2:a5:49:b2:19:26:9c:
80:ed:bb:67:a7:b5:04:42:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Server Certificate
X509v3 Subject Key Identifier:
23:3B:C1:91:63:68:C0:D2:96:0F:35:3B:B0:8E:FD:7D:F0:AC:02:51
X509v3 Authority Key Identifier:
keyid:19:0F:E2:82:3F:FB:75:18:2C:6A:0B:79:53:1F:FA:2F:D3:5A:83:65
DirName:/C=KG/ST=NA/L=BISHKEK/O=server/OU=server/CN=server/emailAddress=me@myhost.mydomain
serial:A9:12:74:4D:96:95:D3:12
Signature Algorithm: md5WithRSAEncryption
39:d4:5f:be:f6:91:7c:51:80:f8:0a:e8:38:56:47:57:e0:47:
3e:9a:c6:13:a3:65:80:82:be:a8:78:20:97:db:51:8c:fa:7a:
b7:7e:98:0d:db:3f:fa:37:3e:69:da:23:71:77:ac:3a:40:1d:
0c:d8:d0:13:55:9c:00:63:f0:b3:af:05:5d:a7:3e:5a:3a:c7:
9f:d1:b2:a6:e2:a7:33:34:26:33:c7:cd:4c:f5:d2:71:87:73:
d3:f8:46:23:fe:df:78:91:25:7a:5a:c1:6f:c1:3c:cf:33:f5:
7b:12:ff:9a:f4:f8:c7:7b:1b:b8:76:d8:00:57:00:68:80:cd:
44:a3
Код: Выделить всё
Tue Dec 01 01:01:29 2009 us=528449 OpenVPN 2.0.6 Win32-MinGW [SSL] [LZO] built on Apr 5 2006
Tue Dec 01 01:01:29 2009 us=530721 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Dec 01 01:01:29 2009 us=530750 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 01:01:29 2009 us=541778 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 01:01:29 2009 us=541824 LZO compression initialized
Tue Dec 01 01:01:29 2009 us=541952 Control Channel MTU parms [ L:1540 D:164 EF:64 EB:0 ET:0 EL:0 ]
Tue Dec 01 01:01:29 2009 us=578187 Data Channel MTU parms [ L:1540 D:1450 EF:40 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Dec 01 01:01:29 2009 us=578243 Local Options String: 'V4,dev-type tun,link-mtu 1540,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth MD5,keysize 128,tls-auth,key-method 2,tls-client'
Tue Dec 01 01:01:29 2009 us=578259 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1540,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth MD5,keysize 128,tls-auth,key-method 2,tls-server'
Tue Dec 01 01:01:29 2009 us=578290 Local Options hash (VER=V4): 'e6beeeed'
Tue Dec 01 01:01:29 2009 us=578311 Expected Remote Options hash (VER=V4): '9183b24b'
Tue Dec 01 01:01:29 2009 us=578340 Attempting to establish TCP connection with 84.x.x.x:4000
Tue Dec 01 01:01:31 2009 us=782272 TCP connection established with 84.x.x.x:4000
Tue Dec 01 01:01:31 2009 us=782320 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Dec 01 01:01:31 2009 us=784640 TCPv4_CLIENT link local: [undef]
Tue Dec 01 01:01:31 2009 us=784663 TCPv4_CLIENT link remote: 84.x.x.x:4000
Tue Dec 01 01:01:33 2009 us=215028 TLS: Initial packet from 84.x.x.x:4000, sid=8ddef9fe 40b1f6eb
Tue Dec 01 01:01:49 2009 us=76834 VERIFY OK: depth=1, /C=KG/ST=NA/L=BISHKEK/O=server/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Dec 01 01:01:49 2009 us=78923 VERIFY OK: nsCertType=SERVER
Tue Dec 01 01:01:49 2009 us=78945 VERIFY OK: depth=0, /C=KG/ST=NA/O=server/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Dec 01 01:02:18 2009 us=652765 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Dec 01 01:02:18 2009 us=652799 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 01:02:18 2009 us=652858 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Dec 01 01:02:18 2009 us=652874 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 01:02:18 2009 us=653489 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Dec 01 01:02:18 2009 us=653523 [server] Peer Connection Initiated with 84.x.x.x:4000
Tue Dec 01 01:02:19 2009 us=663487 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Dec 01 01:02:22 2009 us=66262 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.10.200.1,ping 10,ping-restart 120,ifconfig 10.10.200.2 10.10.200.1'
Tue Dec 01 01:02:22 2009 us=66425 OPTIONS IMPORT: timers and/or timeouts modified
Tue Dec 01 01:02:22 2009 us=66439 OPTIONS IMPORT: --ifconfig/up options modified
Tue Dec 01 01:02:22 2009 us=66450 OPTIONS IMPORT: route options modified
Tue Dec 01 01:02:22 2009 us=78902 TAP-WIN32 device [NULL] opened: \\.\Global\{B18C88DC-6939-41C6-A4AF-6644B0E9AF52}.tap
Tue Dec 01 01:02:22 2009 us=79130 TAP-Win32 Driver Version 8.1
Tue Dec 01 01:02:22 2009 us=79252 TAP-Win32 MTU=1500
Tue Dec 01 01:02:22 2009 us=79378 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.10.200.2/255.255.255.252 on interface {B18C88DC-6939-41C6-A4AF-6644B0E9AF52} [DHCP-serv: 10.10.200.1, lease-time: 31536000]
Tue Dec 01 01:02:22 2009 us=81037 Successful ARP Flush on interface [3] {B18C88DC-6939-41C6-A4AF-6644B0E9AF52}
Tue Dec 01 01:02:22 2009 us=90186 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:22 2009 us=90214 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:23 2009 us=108581 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:23 2009 us=108608 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:24 2009 us=301635 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:24 2009 us=301663 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:25 2009 us=504344 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:25 2009 us=504373 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:26 2009 us=708155 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:26 2009 us=708183 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:27 2009 us=910789 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:27 2009 us=910817 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:29 2009 us=113901 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:29 2009 us=113930 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:30 2009 us=317192 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:30 2009 us=317220 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:31 2009 us=520178 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:31 2009 us=520206 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:32 2009 us=567374 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:32 2009 us=567402 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:33 2009 us=942035 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:33 2009 us=942063 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:34 2009 us=989057 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:34 2009 us=989085 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:36 2009 us=36114 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:36 2009 us=36142 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:37 2009 us=83763 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:37 2009 us=83791 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:38 2009 us=131784 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:38 2009 us=131812 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:39 2009 us=176518 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:39 2009 us=176546 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:40 2009 us=223499 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:40 2009 us=223527 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:41 2009 us=270551 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:41 2009 us=270578 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:42 2009 us=504814 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:42 2009 us=504842 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:44 2009 us=317314 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:44 2009 us=317342 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:45 2009 us=551850 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:45 2009 us=551879 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:46 2009 us=786116 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:46 2009 us=786144 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:48 2009 us=20602 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:48 2009 us=20630 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:49 2009 us=255017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:49 2009 us=255045 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:50 2009 us=489316 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:50 2009 us=489344 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 01:02:51 2009 us=723891 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 01:02:51 2009 us=723925 route ADD 192.168.1.0 MASK 255.255.255.0 10.10.200.1
вот сдеь написано что адрес не достижим... а как он его тогда получил?
Tue Dec 01 01:02:51 2009 us=726316 Warning: route gateway is not reachable on any active network adapters: 10.10.200.1
Tue Dec 01 01:02:51 2009 us=726341 Route addition via IPAPI failed
а вот сдесь брет походу... айпи с такой маской и перенапровление на тот же ip ???
Tue Dec 01 01:02:51 2009 us=726357 OpenVPN ROUTE: omitted no-op route: 10.10.200.1/255.255.255.255 -> 10.10.200.1
Tue Dec 01 01:02:51 2009 us=726373 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
Код: Выделить всё
route-method exe
route-delay 2
Код: Выделить всё
ifconfig-push 10.10.200.2 255.255.255.0
Код: Выделить всё
push "route-gateway 10.10.200.1"
push "ip-win32 netsh"
Код: Выделить всё
Tue Dec 01 07:12:21 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Dec 01 07:12:21 2009 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Dec 01 07:12:21 2009 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 07:12:21 2009 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 07:12:21 2009 LZO compression initialized
Tue Dec 01 07:12:21 2009 Control Channel MTU parms [ L:1588 D:164 EF:64 EB:0 ET:0 EL:0 ]
Tue Dec 01 07:12:21 2009 Data Channel MTU parms [ L:1588 D:1450 EF:56 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Dec 01 07:12:21 2009 Local Options hash (VER=V4): '03fe54a1'
Tue Dec 01 07:12:21 2009 Expected Remote Options hash (VER=V4): '511f7afe'
Tue Dec 01 07:12:21 2009 Attempting to establish TCP connection with 194.x.x.x:5000
Tue Dec 01 07:12:21 2009 TCP connection established with 194.x.x.x:5000
Tue Dec 01 07:12:21 2009 TCPv4_CLIENT link local: [undef]
Tue Dec 01 07:12:21 2009 TCPv4_CLIENT link remote: 194.x.x.x:5000
Tue Dec 01 07:12:21 2009 TLS: Initial packet from 194.x.x.x:5000, sid=2f42d46e fba28075
Tue Dec 01 07:12:23 2009 VERIFY OK: depth=1, /C=RU/ST=MOSCOW_REGION/L=KOROLEV/O=JSC_VLK/OU=IT-DEPARTMENT/CN=DARKSTAR/emailAddress=root@vlk.ru
Tue Dec 01 07:12:23 2009 VERIFY OK: nsCertType=SERVER
Tue Dec 01 07:12:23 2009 VERIFY OK: depth=0, /C=RU/ST=MOSCOW_REGION/O=JSC_VLK/OU=IT-DEPARTMENT/CN=DARKSTAR/emailAddress=root@vlk.ru
Tue Dec 01 07:12:25 2009 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Dec 01 07:12:25 2009 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 07:12:25 2009 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Dec 01 07:12:25 2009 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 07:12:25 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Dec 01 07:12:25 2009 [DARKSTAR] Peer Connection Initiated with 194.x.x.x:5000
Tue Dec 01 07:12:26 2009 SENT CONTROL [DARKSTAR]: 'PUSH_REQUEST' (status=1)
Tue Dec 01 07:12:26 2009 PUSH: Received control message: 'PUSH_REPLY,route 172.17.2.0 255.255.255.0,dhcp-option DNS 172.17.2.100,route-gateway 172.17.3.1,ip-win32 netsh,route-gateway 172.17.3.1,ping 10,ping-restart 120,ifconfig 172.17.3.9 255.255.0.0'
Tue Dec 01 07:12:26 2009 OPTIONS IMPORT: timers and/or timeouts modified
Tue Dec 01 07:12:26 2009 OPTIONS IMPORT: --ifconfig/up options modified
Tue Dec 01 07:12:26 2009 OPTIONS IMPORT: route options modified
Tue Dec 01 07:12:26 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Dec 01 07:12:26 2009 netsh interface ip set address "Local Area Connection 2" static 172.17.3.9 255.255.0.0
Tue Dec 01 07:12:29 2009 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{CB2A3798-BA49-4443-8B2B-B4E8C9AE1EDB}.tap
Tue Dec 01 07:12:29 2009 TAP-Win32 Driver Version 8.4
Tue Dec 01 07:12:29 2009 TAP-Win32 MTU=1500
Tue Dec 01 07:12:29 2009 Successful ARP Flush on interface [16] {CB2A3798-BA49-4443-8B2B-B4E8C9AE1EDB}
Tue Dec 01 07:12:30 2009 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Tue Dec 01 07:12:30 2009 route ADD 172.17.2.0 MASK 255.255.255.0 172.17.3.1
Tue Dec 01 07:12:31 2009 Initialization Sequence Completed
Все будет прекрасно работать, вот тебе пример из дома:такой вопрос я себе это не предстовляю как это будит работать ? смогу я на виндовой машине видеть компы в сети к которой подключаюсь?
Код: Выделить всё
ifconfig-push 10.10.200.2 10.10.200.1
Код: Выделить всё
port 4000
proto tcp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh1024.pem
server 10.10.200.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
client-config-dir ccd
route 10.10.200.0 255.255.255.252
tls-server
tls-auth /usr/local/etc/openvpn/keys/ta.key 0
tls-timeout 120
auth MD5
cipher BF-CBC
keepalive 10 120
comp-lzo
max-clients 5
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
mute 10
Код: Выделить всё
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 84.x.x.x UGS 1 19813570 tun0
10.10.200.0/30 10.10.200.2 UGS 0 0 tun1 =>
10.10.200.0/24 10.10.200.2 UGS 0 0 tun1
10.10.200.2 10.10.200.1 UH 2 0 tun1
84.x.x.x 84.x.x.x UGH 1 0 tun0
127.0.0.1 127.0.0.1 UH 0 620 lo0
192.168.1.0/24 link#1 UC 0 0 re0
192.168.1.15 00:50:8b:62:a0:e0 UHLW 1 69797 re0 780
192.168.1.100 link#1 UHLW 1 0 re0
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 1 969 re0
Код: Выделить всё
Tue Dec 1 11:13:39 2009 MULTI: multi_create_instance called
Tue Dec 1 11:13:39 2009 Re-using SSL/TLS context
Tue Dec 1 11:13:39 2009 LZO compression initialized
Tue Dec 1 11:13:39 2009 Control Channel MTU parms [ L:1540 D:164 EF:64 EB:0 ET:0 EL:0 ]
Tue Dec 1 11:13:39 2009 Data Channel MTU parms [ L:1540 D:1450 EF:40 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Dec 1 11:13:39 2009 Local Options hash (VER=V4): '9183b24b'
Tue Dec 1 11:13:39 2009 Expected Remote Options hash (VER=V4): 'e6beeeed'
Tue Dec 1 11:13:39 2009 TCP connection established with 94.241.60.184:3314
Tue Dec 1 11:13:39 2009 TCPv4_SERVER link local: [undef]
Tue Dec 1 11:13:39 2009 TCPv4_SERVER link remote: 94.241.60.184:3314
Tue Dec 1 11:13:39 2009 94.241.60.184:3314 TLS: Initial packet from 94.241.60.184:3314, sid=2d00dc34 fabae67a
Tue Dec 1 11:13:42 2009 94.241.60.184:3314 VERIFY OK: depth=1, /C=KG/ST=NA/L=BISHKEK/O=server/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Dec 1 11:13:42 2009 94.241.60.184:3314 VERIFY OK: depth=0, /C=KG/ST=NA/O=server/OU=server/CN=client/emailAddress=me@myhost.mydomain
Tue Dec 1 11:13:42 2009 94.241.60.184:3314 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Dec 1 11:13:42 2009 94.241.60.184:3314 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 1 11:13:42 2009 94.241.60.184:3314 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Dec 1 11:13:42 2009 94.241.60.184:3314 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 1 11:13:43 2009 94.241.60.184:3314 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Dec 1 11:13:43 2009 94.241.60.184:3314 [client] Peer Connection Initiated with 94.241.60.184:3314
Tue Dec 1 11:13:43 2009 client/94.241.60.184:3314 OPTIONS IMPORT: reading client specific options from: ccd/client
Tue Dec 1 11:13:43 2009 client/94.241.60.184:3314 MULTI: Learn: 10.10.200.2 -> client/94.241.60.184:3314
Tue Dec 1 11:13:43 2009 client/94.241.60.184:3314 MULTI: primary virtual IP for client/94.241.60.184:3314: 10.10.200.2
Tue Dec 1 11:13:44 2009 client/94.241.60.184:3314 PUSH: Received control message: 'PUSH_REQUEST'
Tue Dec 1 11:13:44 2009 client/94.241.60.184:3314 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.10.200.1,ping 10,ping-restart 120,ifconfig 10.10.200.2 10.10.200.1' (status=1)
Tue Dec 1 11:44:54 2009 client/94.241.60.184:3314 MULTI: bad source address from client [192.168.0.2], packet dropped
Tue Dec 1 11:44:57 2009 client/94.241.60.184:3314 MULTI: bad source address from client [192.168.0.2], packet dropped
Код: Выделить всё
Tue Dec 01 11:14:13 2009 OpenVPN 2.0.6 Win32-MinGW [SSL] [LZO] built on Apr 5 2006
Tue Dec 01 11:14:13 2009 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Dec 01 11:14:13 2009 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 11:14:13 2009 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 11:14:13 2009 LZO compression initialized
Tue Dec 01 11:14:13 2009 Control Channel MTU parms [ L:1540 D:164 EF:64 EB:0 ET:0 EL:0 ]
Tue Dec 01 11:14:13 2009 Data Channel MTU parms [ L:1540 D:1450 EF:40 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Dec 01 11:14:13 2009 Local Options hash (VER=V4): 'e6beeeed'
Tue Dec 01 11:14:13 2009 Expected Remote Options hash (VER=V4): '9183b24b'
Tue Dec 01 11:14:13 2009 Attempting to establish TCP connection with 84.x.x.x:4000
Tue Dec 01 11:14:13 2009 TCP connection established with 84.x.x.x:4000
Tue Dec 01 11:14:13 2009 TCPv4_CLIENT link local: [undef]
Tue Dec 01 11:14:13 2009 TCPv4_CLIENT link remote: 84.x.x.x:4000
Tue Dec 01 11:14:13 2009 TLS: Initial packet from 84.x.x.x:4000, sid=0c773c15 bacb4582
Tue Dec 01 11:14:14 2009 VERIFY OK: depth=1, /C=KG/ST=NA/L=BISHKEK/O=server/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Dec 01 11:14:14 2009 VERIFY OK: nsCertType=SERVER
Tue Dec 01 11:14:14 2009 VERIFY OK: depth=0, /C=KG/ST=NA/O=server/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Dec 01 11:14:17 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Dec 01 11:14:17 2009 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 11:14:17 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Dec 01 11:14:17 2009 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Tue Dec 01 11:14:17 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Dec 01 11:14:17 2009 [server] Peer Connection Initiated with 84.x.x.x:4000
Tue Dec 01 11:14:18 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Dec 01 11:14:18 2009 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.10.200.1,ping 10,ping-restart 120,ifconfig 10.10.200.2 10.10.200.1'
Tue Dec 01 11:14:18 2009 OPTIONS IMPORT: timers and/or timeouts modified
Tue Dec 01 11:14:18 2009 OPTIONS IMPORT: --ifconfig/up options modified
Tue Dec 01 11:14:18 2009 OPTIONS IMPORT: route options modified
Tue Dec 01 11:14:18 2009 TAP-WIN32 device [NULL] opened: \\.\Global\{B8FE1130-1D2F-40F2-A19D-C465E22FD242}.tap
Tue Dec 01 11:14:18 2009 TAP-Win32 Driver Version 8.1
Tue Dec 01 11:14:18 2009 TAP-Win32 MTU=1500
Tue Dec 01 11:14:18 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.10.200.2/255.255.255.252 on interface {B8FE1130-1D2F-40F2-A19D-C465E22FD242} [DHCP-serv: 10.10.200.1, lease-time: 31536000]
Tue Dec 01 11:14:18 2009 Successful ARP Flush on interface [2097157] {B8FE1130-1D2F-40F2-A19D-C465E22FD242}
Tue Dec 01 11:14:18 2009 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Dec 01 11:14:18 2009 Route: Waiting for TUN/TAP interface to come up...
Tue Dec 01 11:14:19 2009 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Tue Dec 01 11:14:19 2009 route ADD 192.168.1.0 MASK 255.255.255.0 10.10.200.1
Tue Dec 01 11:14:20 2009 Route addition via IPAPI succeeded
Tue Dec 01 11:14:20 2009 OpenVPN ROUTE: omitted no-op route: 10.10.200.1/255.255.255.255 -> 10.10.200.1
Tue Dec 01 11:14:20 2009 Initialization Sequence Completed
Код: Выделить всё
MULTI: bad source address from client [192.168.0.2], packet dropped
Код: Выделить всё
iroute 192.168.0.0 255.255.255.0
Код: Выделить всё
route 192.168.0.0 255.255.255.0
Код: Выделить всё
push "route 192.168.1.0 255.255.255.0"
iroute 192.168.0.0 255.255.255.0
Код: Выделить всё
route 192.168.0.0 255.255.255.0
Код: Выделить всё
client-to-client
Код: Выделить всё
ifconfig-push 10.10.200.2 10.10.200.1
iroute 192.168.0.0 255.255.255.0
Код: Выделить всё
server 10.10.200.0 255.255.255.0
#задаем МАРШРУТ который передаём клиентту
# и маску подсети для того чтобы он "видел"
# сеть за опенвпн сервером (сеть 192.168.1.0/24)
push "route 192.168.1.0 255.255.255.0"
# указываем где хранятся файлы с
# настройками IP-адресов клиентов
client-config-dir ccd
# добавляем маршрут сервер-клиент
route 10.10.200.0 255.255.255.252
Код: Выделить всё
[global]
workgroup = MSHOME
netbios mane = Server
server string = UNIN
я так понемаю, сдесь нужно указать какие хосты из какой подсети будут заходить ( 192.168.0. )
hosts allow = 192.168.1. 192.168.0.
я так понемаю, сдесь нужно указать вторую подсеть, 0.0/24 что и делаю
interfaces = 192.168.1.0/24 192.168.0.0/24
Код: Выделить всё
nameserver 127.0.0.1
nameserver 84.x.x.a
nameserver 84.x.x.b
Код: Выделить всё
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; 192.168.1.1; 192.168.1.2; }; \\ вот сдесь я так понел нужно добавить 192.168.0.1 ??
forwarders {
84.x.x.a; 84.x.x.b;
};
Код: Выделить всё
interfaces = msk0
bind interfaces only = Yes
Я же тебе сказал что делать. Это как минимум. Вообще сделай add 1 allow ip from any to any, запусти и сам посмотри что и куда у тебя ходит:RAGNAR писал(а):Тема актуальна еще!!! дальше пинга непошло компы в сети не выдяться но пингануть можно всё
Код: Выделить всё
# tcpdump -Xvvv