Gast
2007-10-28, 22:29:19
Hallo,
ich möchte auf einem Server einen VPN-Gateway installieren, mit dem man auch surfen kann. Nun wollte ich das ganze zu Hause erstmal per VMWare testen.
Habe dieses Tut nachgemacht:
http://openvpn-wiki.de/wiki//index.php/Konfiguration_eines_Internetgateways
Also die VM wo auch der OpenVM Server (Linux) läuft hat die IP 192.168.0.74
(VMWare Bridged Netzwerkkarte mit Gateway zur Router-IP [192.168.0.100], Inetzugang funktioniert)
Die Client/Server Config entsprecht denen des Tuts.
Danach:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
Nunja verbinden kann ich mich problemlos...allerdings läuft mein Internettraffic nicht darüber und anpingen kann ich ihn auch nicht...er versucht es zwar, allerdings bleibt das Internet tot...
Fakt ist, das der VPN Server ständig:
192.168.0.1:1194 MULTI: bad source adress vom client [192.168.0.1], packet dropped ausspuckt ... (192.168.0.1 ist mein PC von dem aus ich verbinde)
Hier mal die Log nach dem verbinden vom server, scheinen einige fehler drin zu sein:
debian:/etc/openvpn# openvpn --config /etc/openvpn/server.conf
Sun Oct 28 21:45:20 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jan 21 2007
Sun Oct 28 21:45:20 2007 Diffie-Hellman initialized with 1024 bit key
Sun Oct 28 21:45:20 2007 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 28 21:45:20 2007 TUN/TAP device tun4 opened
Sun Oct 28 21:45:20 2007 /sbin/ifconfig tun4 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sun Oct 28 21:45:20 2007 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
SIOCADDRT: Die Datei existiert bereits
Sun Oct 28 21:45:20 2007 ERROR: Linux route add command failed: shell command exited with error status: 7
Sun Oct 28 21:45:20 2007 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Oct 28 21:45:20 2007 UDPv4 link local (bound): [undef]:1198
Sun Oct 28 21:45:20 2007 UDPv4 link remote: [undef]
Sun Oct 28 21:45:20 2007 MULTI: multi_init called, r=256 v=256
Sun Oct 28 21:45:20 2007 IFCONFIG POOL: base=10.8.0.4 size=62
Sun Oct 28 21:45:20 2007 Initialization Sequence Completed
Sun Oct 28 21:45:30 2007 MULTI: multi_create_instance called
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Re-using SSL/TLS context
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Local Options hash (VER=V4): '239669a8'
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Expected Remote Options hash (VER=V4): '3514370b'
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 TLS: Initial packet from 192.168.0.1:1194, sid=59a8aed2 2d62e79b
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 VERIFY OK: depth=1, /C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 VERIFY OK: depth=0, /C=KG/ST=NA/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 [XXX] Peer Connection Initiated with 192.168.0.1:1194
Sun Oct 28 21:45:30 2007 XXX/192.168.0.1:1194 MULTI: Learn: 10.8.0.6 -> XXX/192.168.0.1:1194
Sun Oct 28 21:45:30 2007 XXX/192.168.0.1:1194 MULTI: primary virtual IP for XXX/192.168.0.1:1194: 10.8.0.6
Sun Oct 28 21:45:31 2007 XXX/192.168.0.1:1194 PUSH: Received control message: 'PUSH_REQUEST'
Sun Oct 28 21:45:31 2007 XXX/192.168.0.1:1194 SENT CONTROL [XXX]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 130.149.4.20,dhcp-option DNS 134.109.132.51,route 10.8.0.1,ping 20,ping-restart 180,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Und hier mal ein Screenshot vom Netzwerkadapter, merkwürdig ist hier der Gateway .0.5....:
http://www.imageup.de/img365/d.JP.13fd.jpg (http://www.imageup.de/my.php?image=d.JP.13fd.jpg)
Ausgabe vom VPN Client:
Sun Oct 28 22:03:26 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
Sun Oct 28 22:03:26 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Oct 28 22:03:29 2007 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 28 22:03:29 2007 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Oct 28 22:03:29 2007 Local Options hash (VER=V4): '3514370b'
Sun Oct 28 22:03:29 2007 Expected Remote Options hash (VER=V4): '239669a8'
Sun Oct 28 22:03:29 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Oct 28 22:03:29 2007 UDPv4 link local (bound): [undef]:1194
Sun Oct 28 22:03:29 2007 UDPv4 link remote: 192.168.0.74:1194
Sun Oct 28 22:03:29 2007 TLS: Initial packet from 192.168.0.74:1194, sid=3b8e69ac 6cc08c8a
Sun Oct 28 22:03:29 2007 VERIFY OK: depth=1, /C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Sun Oct 28 22:03:29 2007 VERIFY OK: nsCertType=SERVER
Sun Oct 28 22:03:29 2007 VERIFY OK: depth=0, /C=KG/ST=NA/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Sun Oct 28 22:03:29 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 28 22:03:29 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 28 22:03:29 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 28 22:03:29 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 28 22:03:29 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Oct 28 22:03:29 2007 [XXX] Peer Connection Initiated with 192.168.0.74:1194
Sun Oct 28 22:03:30 2007 SENT CONTROL [XXX]: 'PUSH_REQUEST' (status=1)
Sun Oct 28 22:03:30 2007 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 130.149.4.20,dhcp-option DNS 134.109.132.51,route 10.8.0.1,ping 20,ping-restart 180,ifconfig 10.8.0.6 10.8.0.5'
Sun Oct 28 22:03:30 2007 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 28 22:03:30 2007 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 28 22:03:30 2007 OPTIONS IMPORT: route options modified
Sun Oct 28 22:03:30 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 28 22:03:30 2007 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{4F1FFE74-D233-4377-BEE6-AF7283FF0974}.tap
Sun Oct 28 22:03:30 2007 TAP-Win32 Driver Version 9.3
Sun Oct 28 22:03:30 2007 TAP-Win32 MTU=1500
Sun Oct 28 22:03:30 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {4F1FFE74-D233-4377-BEE6-AF7283FF0974} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Oct 28 22:03:30 2007 Successful ARP Flush on interface [327685] {4F1FFE74-D233-4377-BEE6-AF7283FF0974}
Sun Oct 28 22:03:35 2007 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Oct 28 22:03:35 2007 route ADD 192.168.0.74 MASK 255.255.255.255 192.168.0.100
Sun Oct 28 22:03:35 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 22:03:35 2007 route ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Oct 28 22:03:35 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 22:03:35 2007 route ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Oct 28 22:03:35 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 22:03:35 2007 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sun Oct 28 22:03:35 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 22:03:35 2007 Initialization Sequence Completed
ich möchte auf einem Server einen VPN-Gateway installieren, mit dem man auch surfen kann. Nun wollte ich das ganze zu Hause erstmal per VMWare testen.
Habe dieses Tut nachgemacht:
http://openvpn-wiki.de/wiki//index.php/Konfiguration_eines_Internetgateways
Also die VM wo auch der OpenVM Server (Linux) läuft hat die IP 192.168.0.74
(VMWare Bridged Netzwerkkarte mit Gateway zur Router-IP [192.168.0.100], Inetzugang funktioniert)
Die Client/Server Config entsprecht denen des Tuts.
Danach:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
Nunja verbinden kann ich mich problemlos...allerdings läuft mein Internettraffic nicht darüber und anpingen kann ich ihn auch nicht...er versucht es zwar, allerdings bleibt das Internet tot...
Fakt ist, das der VPN Server ständig:
192.168.0.1:1194 MULTI: bad source adress vom client [192.168.0.1], packet dropped ausspuckt ... (192.168.0.1 ist mein PC von dem aus ich verbinde)
Hier mal die Log nach dem verbinden vom server, scheinen einige fehler drin zu sein:
debian:/etc/openvpn# openvpn --config /etc/openvpn/server.conf
Sun Oct 28 21:45:20 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jan 21 2007
Sun Oct 28 21:45:20 2007 Diffie-Hellman initialized with 1024 bit key
Sun Oct 28 21:45:20 2007 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 28 21:45:20 2007 TUN/TAP device tun4 opened
Sun Oct 28 21:45:20 2007 /sbin/ifconfig tun4 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sun Oct 28 21:45:20 2007 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
SIOCADDRT: Die Datei existiert bereits
Sun Oct 28 21:45:20 2007 ERROR: Linux route add command failed: shell command exited with error status: 7
Sun Oct 28 21:45:20 2007 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Oct 28 21:45:20 2007 UDPv4 link local (bound): [undef]:1198
Sun Oct 28 21:45:20 2007 UDPv4 link remote: [undef]
Sun Oct 28 21:45:20 2007 MULTI: multi_init called, r=256 v=256
Sun Oct 28 21:45:20 2007 IFCONFIG POOL: base=10.8.0.4 size=62
Sun Oct 28 21:45:20 2007 Initialization Sequence Completed
Sun Oct 28 21:45:30 2007 MULTI: multi_create_instance called
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Re-using SSL/TLS context
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Local Options hash (VER=V4): '239669a8'
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Expected Remote Options hash (VER=V4): '3514370b'
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 TLS: Initial packet from 192.168.0.1:1194, sid=59a8aed2 2d62e79b
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 VERIFY OK: depth=1, /C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 VERIFY OK: depth=0, /C=KG/ST=NA/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Oct 28 21:45:30 2007 192.168.0.1:1194 [XXX] Peer Connection Initiated with 192.168.0.1:1194
Sun Oct 28 21:45:30 2007 XXX/192.168.0.1:1194 MULTI: Learn: 10.8.0.6 -> XXX/192.168.0.1:1194
Sun Oct 28 21:45:30 2007 XXX/192.168.0.1:1194 MULTI: primary virtual IP for XXX/192.168.0.1:1194: 10.8.0.6
Sun Oct 28 21:45:31 2007 XXX/192.168.0.1:1194 PUSH: Received control message: 'PUSH_REQUEST'
Sun Oct 28 21:45:31 2007 XXX/192.168.0.1:1194 SENT CONTROL [XXX]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 130.149.4.20,dhcp-option DNS 134.109.132.51,route 10.8.0.1,ping 20,ping-restart 180,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Und hier mal ein Screenshot vom Netzwerkadapter, merkwürdig ist hier der Gateway .0.5....:
http://www.imageup.de/img365/d.JP.13fd.jpg (http://www.imageup.de/my.php?image=d.JP.13fd.jpg)
Ausgabe vom VPN Client:
Sun Oct 28 22:03:26 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
Sun Oct 28 22:03:26 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Oct 28 22:03:29 2007 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 28 22:03:29 2007 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Oct 28 22:03:29 2007 Local Options hash (VER=V4): '3514370b'
Sun Oct 28 22:03:29 2007 Expected Remote Options hash (VER=V4): '239669a8'
Sun Oct 28 22:03:29 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Oct 28 22:03:29 2007 UDPv4 link local (bound): [undef]:1194
Sun Oct 28 22:03:29 2007 UDPv4 link remote: 192.168.0.74:1194
Sun Oct 28 22:03:29 2007 TLS: Initial packet from 192.168.0.74:1194, sid=3b8e69ac 6cc08c8a
Sun Oct 28 22:03:29 2007 VERIFY OK: depth=1, /C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Sun Oct 28 22:03:29 2007 VERIFY OK: nsCertType=SERVER
Sun Oct 28 22:03:29 2007 VERIFY OK: depth=0, /C=KG/ST=NA/O=OpenVPN-TEST/OU=XXX/CN=XXX/emailAddress=me@myhost.mydomain
Sun Oct 28 22:03:29 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 28 22:03:29 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 28 22:03:29 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 28 22:03:29 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 28 22:03:29 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Oct 28 22:03:29 2007 [XXX] Peer Connection Initiated with 192.168.0.74:1194
Sun Oct 28 22:03:30 2007 SENT CONTROL [XXX]: 'PUSH_REQUEST' (status=1)
Sun Oct 28 22:03:30 2007 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 130.149.4.20,dhcp-option DNS 134.109.132.51,route 10.8.0.1,ping 20,ping-restart 180,ifconfig 10.8.0.6 10.8.0.5'
Sun Oct 28 22:03:30 2007 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 28 22:03:30 2007 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 28 22:03:30 2007 OPTIONS IMPORT: route options modified
Sun Oct 28 22:03:30 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 28 22:03:30 2007 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{4F1FFE74-D233-4377-BEE6-AF7283FF0974}.tap
Sun Oct 28 22:03:30 2007 TAP-Win32 Driver Version 9.3
Sun Oct 28 22:03:30 2007 TAP-Win32 MTU=1500
Sun Oct 28 22:03:30 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {4F1FFE74-D233-4377-BEE6-AF7283FF0974} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Oct 28 22:03:30 2007 Successful ARP Flush on interface [327685] {4F1FFE74-D233-4377-BEE6-AF7283FF0974}
Sun Oct 28 22:03:35 2007 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Oct 28 22:03:35 2007 route ADD 192.168.0.74 MASK 255.255.255.255 192.168.0.100
Sun Oct 28 22:03:35 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 22:03:35 2007 route ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Oct 28 22:03:35 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 22:03:35 2007 route ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Oct 28 22:03:35 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 22:03:35 2007 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sun Oct 28 22:03:35 2007 Route addition via IPAPI succeeded [adaptive]
Sun Oct 28 22:03:35 2007 Initialization Sequence Completed