placa tun0 não aparece mais no openvpn

mbrainiac
(usa Debian)

Enviado em 16/11/2013 - 19:43h

Caros amigos

a placa tun0 não está subindo do tunel vpm com openvpn, como faço para ativá-la? Acontecendo no cliente

cliente debian7

eth0 Link encap:Ethernet Endereço de HW 08:00:27:76:09:7a
inet end.: 10.0.2.10 Bcast:10.0.2.255 Masc:255.255.255.0
endereço inet6: fe80::a00:27ff:fe76:97a/64 Escopo:Link
UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1
RX packets:1303 errors:0 dropped:0 overruns:0 frame:0
TX packets:1379 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:1000
RX bytes:899813 (878.7 KiB) TX bytes:152175 (148.6 KiB)

lo Link encap:Loopback Local
inet end.: 127.0.0.1 Masc:255.0.0.0
endereço inet6: ::1/128 Escopo:Máquina
UP LOOPBACKRUNNING MTU:16436 Métrica:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:0
RX bytes:240 (240.0 B) TX bytes:240 (240.0 B)







Sat Nov 16 20:48:59 2013 Re-using SSL/TLS context
Sat Nov 16 20:48:59 2013 LZO compression initialized
Sat Nov 16 20:48:59 2013 UDPv4 link local (bound): [undef]
Sat Nov 16 20:48:59 2013 UDPv4 link remote: [AF_INET]189.18.49.24:22222
Sat Nov 16 20:49:59 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Nov 16 20:49:59 2013 TLS Error: TLS handshake failed
Sat Nov 16 20:49:59 2013 SIGUSR1[soft,tls-error] received, process restarting
Sat Nov 16 20:50:01 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Nov 16 20:50:01 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 16 20:50:01 2013 Re-using SSL/TLS context
Sat Nov 16 20:50:01 2013 LZO compression initialized
Sat Nov 16 20:50:01 2013 UDPv4 link local (bound): [undef]
Sat Nov 16 20:50:01 2013 UDPv4 link remote: [AF_INET]189.18.49.24:22222
Sat Nov 16 20:51:01 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Nov 16 20:51:01 2013 TLS Error: TLS handshake failed
Sat Nov 16 20:51:01 2013 SIGUSR1[soft,tls-error] received, process restarting
Sat Nov 16 20:51:03 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Nov 16 20:51:03 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 16 20:51:03 2013 Re-using SSL/TLS context
Sat Nov 16 20:51:03 2013 LZO compression initialized
Sat Nov 16 20:51:03 2013 UDPv4 link local (bound): [undef]
Sat Nov 16 20:51:03 2013 UDPv4 link remote: [AF_INET]189.18.49.24:22222

mbrainiac
(usa Debian)

Enviado em 16/11/2013 - 20:04h

mesmo fazendo
#modprobe

# echo tun >> /etc/modules

não carrega

Carlos_Cunha
(usa Linux Mint)

Enviado em 16/11/2013 - 21:05h

Amigo, essa interface ira subir quando a VPN conectar de forma correta, tem certeza que o remote esta certo? a porta é essa mesmo???

mbrainiac
(usa Debian)

Enviado em 16/11/2013 - 21:11h

Oi amigo,

Sim é esta porta do outro 22222, não sei se foi pq fiz a besteira de carregar o modprobe

Ontem carregou, mas hoje hoje não mais

mbrainiac
(usa Debian)

Enviado em 17/11/2013 - 22:20h

no dlink di524 já liberei a porta 22222
mas qdo dou o comando:
telnet (ip publico do servidor) 22222
dá time out

Iptables server vpn

No servidor vpn faça:

1)liberar passagem do ip:(faça no server e client)
echo 1 > /proc/sys/net/ipv4/ip_forward

Editar: nano /etc/sysctl.conf
descomente a linha====>net.ipv4.ip_forward = 1




2)liberar porta (22222) e acessar serviços ou rede interna:
10.0.2.10/24 éo IP definido em interfaces static do cliente
servidor
# iptables -t filter -A INPUT -p udp --dport 22222 -j ACCEPT
# iptables -t filter -A FORWARD -p udp -s 10.0.2.10/24 --dport 22222 -j ACCEPT
# iptables -t filter -A FORWARD -p udp -d 10.0.2.10/24 --sport 22222 -j ACCEPT
# iptables -t nat -A POSTROUTING -s 10.0.2.10/24 -d 10.0.0.0/24 -j ACCEPT
# iptables -t nat -A POSTROUTING -d 10.0.2.10/24 -s 10.0.0.0/24 -j ACCEPT
# iptables -t nat -I POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

cliente
192.168.0.10/24 éo IP definido em interfaces static do
# iptables -t nat -A POSTROUTING -s 192.168.0.10/24 -d 10.0.0.0/24 -j ACCEPT
# iptables -t nat -A POSTROUTING -d 192.168.0.10/24 -s 10.0.0.0/24 -j ACCEPT
# iptables -t nat -I POSTROUTING -s 192.168.0.10/24 -o eth0 -j MASQUERADE
# iptables -t nat -I POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

3)salvar as configurações acima com:

# iptables-save > /etc/iptables.up.rules


4)restaurá-las após ligar/reiniciar o servidor:

# iptables-restore < /etc/iptables.up.rules




Cliente 3G
root@debianPURO:/etc/openvpn/keys# ifconfig
eth0 Link encap:Ethernet Endereço de HW 08:00:27:76:09:7a
inet end.: 10.0.2.10 Bcast:10.0.2.255 Masc:255.255.255.0
endereço inet6: fe80::a00:27ff:fe76:97a/64 Escopo:Link
UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:129 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:1000
RX bytes:600 (600.0 B) TX bytes:14438 (14.0 KiB)

lo Link encap:Loopback Local
inet end.: 127.0.0.1 Masc:255.0.0.0
endereço inet6: ::1/128 Escopo:Máquina
UP LOOPBACKRUNNING MTU:16436 Métrica:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:0
RX bytes:240 (240.0 B) TX bytes:240 (240.0 B)

root@debianPURO:/etc/openvpn/keys# ls
ca.crt cliente1.crt cliente2.crt dh1024.pem
chave.key cliente1.key cliente2.key

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 10.0.2.10
gateway 10.0.2.2
netmask 255.255.255.0
network 10.0.2.0

# /etc/openvpn/client.conf
remote 201.13.171.65
proto udp
port 22222
client
pull
dev tun0
comp-lzo
keepalive 10 120
persist-key
persist-tun
float
tls-client
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cliente1.crt
key /etc/openvpn/keys/cliente1.key
tls-auth /etc/openvpn/keys/chave.key

--script-security 2


Sun Nov 17 20:27:47 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 17 20:27:47 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Nov 17 20:27:47 2013 Re-using SSL/TLS context
Sun Nov 17 20:27:47 2013 LZO compression initialized
Sun Nov 17 20:27:47 2013 UDPv4 link local (bound): [undef]
Sun Nov 17 20:27:47 2013 UDPv4 link remote: [AF_INET]201.13.171.65:22222
Sun Nov 17 20:28:47 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Nov 17 20:28:47 2013 TLS Error: TLS handshake failed
Sun Nov 17 20:28:47 2013 SIGUSR1[soft,tls-error] received, process restarting
Sun Nov 17 20:28:49 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 17 20:28:49 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Nov 17 20:28:49 2013 Re-using SSL/TLS context
Sun Nov 17 20:28:49 2013 LZO compression initialized
Sun Nov 17 20:28:49 2013 UDPv4 link local (bound): [undef]
Sun Nov 17 20:28:49 2013 UDPv4 link remote: [AF_INET]201.13.171.65:22222



servidor dsl vivo speedy

eth0 Link encap:Ethernet Endereço de HW 08:00:27:e2:23:3f
inet end.: 192.168.0.10 Bcast:192.168.0.255 Masc:255.255.255.0
endereço inet6: fe80::a00:27ff:fee2:233f/64 Escopo:Link
UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1
RX packets:1096 errors:0 dropped:0 overruns:0 frame:0
TX packets:1306 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:1000
RX bytes:643873 (628.7 KiB) TX bytes:152990 (149.4 KiB)

lo Link encap:Loopback Local
inet end.: 127.0.0.1 Masc:255.0.0.0
endereço inet6: ::1/128 Escopo:Máquina
UP LOOPBACKRUNNING MTU:16436 Métrica:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:0
RX bytes:240 (240.0 B) TX bytes:240 (240.0 B)

tun0 Link encap:Não Especificado Endereço de HW 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet end.: 10.0.0.1 P-a-P:10.0.0.2 Masc:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Métrica:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:288 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:24192 (23.6 KiB)

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.10
gateway 192.168.0.1
network 192.168.0.0
netmask 255.255.255.0

root@debianPURO:/etc/openvpn/keys# ls
ca.crt cliente1.crt cliente2.crt dh1024.pem servidor.key
chave.key cliente1.key cliente2.key servidor.crt

# /etc/openvpn/server.conf
proto udp
port 22222
dev tun0
server 10.0.0.0 255.255.255.0
push "route 10.0.12.15 255.255.255.0"
push "route 177.171.135.102 255.255.255.0"
comp-lzo
keepalive 10 120
persist-key
persist-tun
float
ifconfig-pool-persist /etc/openvpn/ipp.txt
max-clients 10
#shaper 51200
tls-server
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/servidor.crt
key /etc/openvpn/keys/servidor.key
tls-auth /etc/openvpn/keys/chave.key

--script-security 2


root@debianPURO:/etc/openvpn# openvpn --config server.conf
Sun Nov 17 17:43:26 2013 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013
Sun Nov 17 17:43:26 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun Nov 17 17:43:26 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Nov 17 17:43:26 2013 WARNING: file '/etc/openvpn/keys/servidor.key' is group or others accessible
Sun Nov 17 17:43:26 2013 WARNING: file '/etc/openvpn/keys/chave.key' is group or others accessible
Sun Nov 17 17:43:26 2013 Control Channel Authentication: using '/etc/openvpn/keys/chave.key' as a OpenVPN static key file
Sun Nov 17 17:43:26 2013 TUN/TAP device tun0 opened
Sun Nov 17 17:43:26 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Nov 17 17:43:26 2013 /sbin/ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2 mtu 1500
Sun Nov 17 17:43:26 2013 UDPv4 link local (bound): [undef]
Sun Nov 17 17:43:26 2013 UDPv4 link remote: [undef]
Sun Nov 17 17:43:26 2013 Initialization Sequence Completed