Problemas na implantação do OpenVPN

1. Problemas na implantação do OpenVPN

Luiz Fernando De Melo Araújo
raladoo

(usa Suse)

Enviado em 28/11/2008 - 11:02h

Salve galera blz...
Pela primeira vez estou criando uma VPN e para isso estou utilizando o OpenVPN em modo Bridge
Seguindo alguns exemplos que achei na internet e aqui no site tambem, consegui criar alguns arquivos de configuração.

Aparentemente o serviço OpenVPN no linux esta rodando, o firewall esta liberado a porta 1194...

Porem não estou conseguindo concluir este projeto, não sei se falta algo ou se fiz alguma coisa errado, por isso peço a ajuda de voces.

Desde já agradeço a atenção.



Problema que ocorre no client windows



connect to 201.26.146.180:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)





Distribuição utilizada

OpenSuse 11.0
OpenVPN GUI v1.0.3 - Client Windows
OpenVPN 2.0.9
OpenSSL - Para gerar os certificados
LZO - Compactador
LZO-devel
Bridge-utils



# eth0 esta conectada a internet. (ip fixo 201.26.146.180)
# eth1 esta conectada a rede interna.


bridge-start



#!/bin/bash

#Define a Bridge interface
br="br0"

tap="tap0"

#Definindo a interface fisica
eth="eth1"
eth_ip="192.168.0.4"
eth_gw="192.168.0.4"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.0.255"

for t in $tap; do
openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
brctl addif $br $t
done

for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

route add default gw $eth_gw dev $br






bridge-stop



#!/bin/bash
br="br0"
tap="tap0"

ifconfig $br down
brctl delbr $br

for t in $tap; do
openvpn --rmtun --dev $t
done






boot.local (Carrega as pontes e tambem seta o firewall)



#! /bin/sh
#
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany. All rights reserved.
#
# Author: Werner Fink <[email protected]>, 1996
# Burchard Steinbild, 1996
#
# /etc/init.d/boot.local
#
# script with local commands to be executed from init on system startup
#
# Here you should add things, that should happen directly after booting
# before we're going to the first run level.
#
# Iniciando a bridge da Open Vpn
/etc/bridge-start
#
# Ativando o compartilhamento de rede
echo 1 > /proc/sys/net/ipv4/ip_forward
#
# Escrevendo as regras do firewall da Open Vpn
/sbin/modprobe ppp_generic
/sbin/modprobe ppp_synctty
/sbin/modprobe n_hdlc
/sbin/modprobe tun
#
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A FORWARD -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT







server.conf (Arquivo de configuração do servidor)



tls-server
local 201.26.146.180
port 1194
proto tcp
dev tap0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.0.4 255.255.255.0 192.168.0.101 192.168.0.200
push "route-gateway 192.168.0.4"
push "route 192.168.0.4 255.255.255.0 192.168.0.1"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 4
mute 20
tls-timeout 10
crl-verify /etc/ssl/ca/crl.pem






client.ovpn (Arquivo de configuração do client windows xp)



client
dev tap
proto tcp
remote 201.26.146.180
port 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server

# CERTIFICADOS
ca ca.crt
dh h1024.pem
cert admin.crt
key admin.key

comp-lzo
verb 4
mute 20






Log do open vpn no servidor



Thu Nov 27 17:17:21 2008 us=594919 Current Parameter Settings:
Thu Nov 27 17:17:21 2008 us=595307 config = '/etc/openvpn/server.conf'
Thu Nov 27 17:17:21 2008 us=595365 mode = 1
Thu Nov 27 17:17:21 2008 us=595407 persist_config = DISABLED
Thu Nov 27 17:17:21 2008 us=595450 persist_mode = 1
Thu Nov 27 17:17:21 2008 us=595492 show_ciphers = DISABLED
Thu Nov 27 17:17:21 2008 us=595534 show_digests = DISABLED
Thu Nov 27 17:17:21 2008 us=595576 show_engines = DISABLED
Thu Nov 27 17:17:21 2008 us=595618 genkey = DISABLED
Thu Nov 27 17:17:21 2008 us=595661 key_pass_file = '[UNDEF]'
Thu Nov 27 17:17:21 2008 us=595703 show_tls_ciphers = DISABLED
Thu Nov 27 17:17:21 2008 us=595746 proto = 1
Thu Nov 27 17:17:21 2008 us=595789 local = '201.26.146.180'
Thu Nov 27 17:17:21 2008 us=595831 remote_list = NULL
Thu Nov 27 17:17:21 2008 us=595881 remote_random = DISABLED
Thu Nov 27 17:17:21 2008 us=595924 local_port = 1194
Thu Nov 27 17:17:21 2008 us=595967 remote_port = 1194
Thu Nov 27 17:17:21 2008 us=596009 remote_float = DISABLED
Thu Nov 27 17:17:21 2008 us=596051 ipchange = '[UNDEF]'
Thu Nov 27 17:17:21 2008 us=596094 bind_local = ENABLED
Thu Nov 27 17:17:21 2008 us=596136 NOTE: --mute triggered...
Thu Nov 27 17:17:21 2008 us=596212 156 variation(s) on previous 20 message(s) suppressed by --mute
Thu Nov 27 17:17:21 2008 us=596261 OpenVPN 2.0.9 i586-suse-linux [SSL] [LZO] [EPOLL] built on Jun 7 2008
Thu Nov 27 17:17:21 2008 us=628835 Diffie-Hellman initialized with 1024 bit key
Thu Nov 27 17:17:21 2008 us=637371 TLS-Auth MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 27 17:17:21 2008 us=637661 TUN/TAP device tap0 opened
Thu Nov 27 17:17:21 2008 us=637740 TUN/TAP TX queue length set to 100
Thu Nov 27 17:17:21 2008 us=637874 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 27 17:17:21 2008 us=639163 Listening for incoming TCP connection on 201.26.146.180:1194
Thu Nov 27 17:17:21 2008 us=639524 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Nov 27 17:17:21 2008 us=639608 TCPv4_SERVER link local (bound): 201.26.146.180:1194
Thu Nov 27 17:17:21 2008 us=639651 TCPv4_SERVER link remote: [undef]
Thu Nov 27 17:17:21 2008 us=639724 MULTI: multi_init called, r=256 v=256
Thu Nov 27 17:17:21 2008 us=639928 IFCONFIG POOL: base=192.168.0.101 size=100
Thu Nov 27 17:17:21 2008 us=640045 IFCONFIG POOL LIST
Thu Nov 27 17:17:21 2008 us=640174 MULTI: TCP INIT maxclients=1024 maxevents=1028
Thu Nov 27 17:17:21 2008 us=640289 Initialization Sequence Completed





Log do openvpn no windows xp



Fri Nov 28 08:34:13 2008 us=265000 Current Parameter Settings:
Fri Nov 28 08:34:13 2008 us=265000 config = 'client.ovpn'
Fri Nov 28 08:34:13 2008 us=265000 mode = 0
Fri Nov 28 08:34:13 2008 us=265000 show_ciphers = DISABLED
Fri Nov 28 08:34:13 2008 us=265000 show_digests = DISABLED
Fri Nov 28 08:34:13 2008 us=265000 show_engines = DISABLED
Fri Nov 28 08:34:13 2008 us=265000 genkey = DISABLED
Fri Nov 28 08:34:13 2008 us=265000 key_pass_file = '[UNDEF]'
Fri Nov 28 08:34:13 2008 us=265000 show_tls_ciphers = DISABLED
Fri Nov 28 08:34:13 2008 us=265000 Connection profiles [default]:
Fri Nov 28 08:34:13 2008 us=265000 proto = tcp-client
Fri Nov 28 08:34:13 2008 us=265000 local = '[UNDEF]'
Fri Nov 28 08:34:13 2008 us=265000 local_port = 0
Fri Nov 28 08:34:13 2008 us=265000 remote = '201.26.146.180'
Fri Nov 28 08:34:13 2008 us=265000 remote_port = 1194
Fri Nov 28 08:34:13 2008 us=265000 remote_float = DISABLED
Fri Nov 28 08:34:13 2008 us=265000 bind_defined = DISABLED
Fri Nov 28 08:34:13 2008 us=265000 bind_local = DISABLED
Fri Nov 28 08:34:13 2008 us=265000 connect_retry_seconds = 5
Fri Nov 28 08:34:13 2008 us=265000 connect_timeout = 10
Fri Nov 28 08:34:13 2008 us=265000 NOTE: --mute triggered...
Fri Nov 28 08:34:13 2008 us=265000 249 variation(s) on previous 20 message(s) suppressed by --mute
Fri Nov 28 08:34:13 2008 us=265000 OpenVPN 2.1_rc13 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Oct 7 2008
Fri Nov 28 08:34:13 2008 us=328000 LZO compression initialized
Fri Nov 28 08:34:13 2008 us=343000 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Nov 28 08:34:13 2008 us=359000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Nov 28 08:34:13 2008 us=359000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Nov 28 08:34:13 2008 us=359000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Nov 28 08:34:13 2008 us=375000 Local Options hash (VER=V4): '31fdf004'
Fri Nov 28 08:34:13 2008 us=375000 Expected Remote Options hash (VER=V4): '3e6d1056'
Fri Nov 28 08:34:13 2008 us=375000 Attempting to establish TCP connection with 201.26.146.180:1194
Fri Nov 28 08:34:34 2008 us=328000 TCP: connect to 201.26.146.180:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Fri Nov 28 08:35:00 2008 us=281000 TCP: connect to 201.26.146.180:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Fri Nov 28 08:35:26 2008 us=234000 TCP: connect to 201.26.146.180:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Fri Nov 28 08:35:52 2008 us=171000 TCP: connect to 201.26.146.180:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)



  


2. Firewall...

Daniel
hpvoltage

(usa Debian)

Enviado em 01/12/2008 - 11:42h

Amigo,

vendo a mensagem, tentei dar um telnet no IP Válido e Porta e eles não respondem. Verifique novamente as regras no firewall. Abraços!!
OBS: é uma dica, evite colocar IP Válido no artigo.

Um forte abraço e mande notícias






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts