Mailinglist Archive: opensuse-de (841 mails)
| < Previous | Next > |
Openvpn ich bekomme das routinmh nicht hin
- From: Ralf Prengel <ralf.prengel@xxxxxxxxxxx>
- Date: Fri, 25 Jun 2010 10:46:19 +0200
- Message-id: <4C246CDB.6020801@xxxxxxxxxxx>
Ok,
ich bin da im Moment offensichtlich komplett "überfordert".
Der Status:
Ich bekomme via UMTS eine Openvpn Verbindung aufgebaut.
Der DSL Router hat die IP 192.168.7.168 der VPN Server die IP 192.168.7.190
Wie bekomme ich es hin das jetzt das System 192.168.7.190 per ping und ssh erreichbar ist?
Danke
die Ausgabe auf dem Bildschrirm des Servers beim Verbindungsaufbau.
openvpn /etc/openvpn/server.conf
Fri Jun 25 10:16:50 2010 OpenVPN 2.1_rc20 i586-suse-linux [SSL] [LZO2] [EPOLL] [PKCS11] built on Dec 17 2009
Fri Jun 25 10:16:50 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jun 25 10:16:50 2010 Diffie-Hellman initialized with 1024 bit key
Fri Jun 25 10:16:50 2010 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jun 25 10:16:50 2010 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.7.0/255.255.255.0] and remote VPN [192.168.7.1/255.255.255.255]
Fri Jun 25 10:16:50 2010 ROUTE default_gateway=192.168.7.168
Fri Jun 25 10:16:50 2010 TUN/TAP device tun0 opened
Fri Jun 25 10:16:50 2010 TUN/TAP TX queue length set to 100
Fri Jun 25 10:16:50 2010 /bin/ip link set dev tun0 up mtu 1500
Fri Jun 25 10:16:50 2010 /bin/ip addr add dev tun0 local 192.168.7.1 peer 192.168.7.2
Fri Jun 25 10:16:50 2010 WARNING: potential route subnet conflict between local LAN [192.168.7.0/255.255.255.0] and remote VPN [192.168.7.0/255.255.255.0]
Fri Jun 25 10:16:50 2010 /bin/ip route add 192.168.7.0/24 via 192.168.7.2
RTNETLINK answers: File exists
Fri Jun 25 10:16:50 2010 ERROR: Linux route add command failed: external program exited with error status: 2
Fri Jun 25 10:16:50 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jun 25 10:16:50 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Fri Jun 25 10:16:50 2010 UDPv4 link local (bound): [undef]:1194
Fri Jun 25 10:16:50 2010 UDPv4 link remote: [undef]
Fri Jun 25 10:16:50 2010 MULTI: multi_init called, r=256 v=256
Fri Jun 25 10:16:50 2010 IFCONFIG POOL: base=192.168.7.4 size=62
Fri Jun 25 10:16:50 2010 IFCONFIG POOL LIST
Fri Jun 25 10:16:50 2010 vpnhost1,192.168.7.60
Fri Jun 25 10:16:50 2010 Initialization Sequence Completed
Fri Jun 25 10:17:04 2010 MULTI: multi_create_instance called
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 Re-using SSL/TLS context
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 LZO compression initialized
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 Local Options hash (VER=V4): '530fdded'
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 Expected Remote Options hash (VER=V4): '41690919'
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 TLS: Initial packet from 77.25.254.100:48782, sid=aefe61c8 c4380e9d
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 VERIFY OK: depth=1, /C=de/ST=nrw/L=dortmund/O=top-lamp/OU=lager02/CN=isdnip/emailAddress=mleimann@xxxxxxxxxxxx
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 VERIFY OK: depth=0, /C=de/ST=nrw/L=dortmund/O=top-lamp/OU=lager02/CN=vpnhost1/emailAddress=me@xxxxxxxxxxxxxxx
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 [vpnhost1] Peer Connection Initiated with 77.25.254.100:48782
Fri Jun 25 10:17:06 2010 vpnhost1/77.25.254.100:48782 MULTI: Learn: 192.168.7.62 -> vpnhost1/77.25.254.100:48782
Fri Jun 25 10:17:06 2010 vpnhost1/77.25.254.100:48782 MULTI: primary virtual IP for vpnhost1/77.25.254.100:48782: 192.168.7.62
Fri Jun 25 10:17:09 2010 vpnhost1/77.25.254.100:48782 PUSH: Received control message: 'PUSH_REQUEST'
Fri Jun 25 10:17:09 2010 vpnhost1/77.25.254.100:48782 SENT CONTROL [vpnhost1]: 'PUSH_REPLY,route 192.168.7.0 255.255.255.0,redirect-gateway def1,route 192.168.7.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.7.62 192.168.7.61' (status=1)
Fri Jun 25 10:17:09 2010 vpnhost1/77.25.254.100:48782 SENT CONTROL [vpnhost1]: 'PUSH_REPLY,route 192.168.7.0 255.255.255.0,redirect-gateway def1,route 192.168.7.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.7.62 192.168.7.61' (status=1)
^CFri Jun 25 10:19:06 2010 event_wait : Interrupted system call (code=4)
Fri Jun 25 10:19:06 2010 TCP/UDP: Closing socket
Fri Jun 25 10:19:06 2010 Closing TUN/TAP interface
Fri Jun 25 10:19:06 2010 /bin/ip addr del dev tun0 local 192.168.7.1 peer 192.168.7.2
Fri Jun 25 10:19:06 2010 SIGINT[hard,] received, process exiting
meine server.conf
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 192.168.7.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 192.168.7.50 255.255.255.0 192.168.7.60 192.168.7.70
;server-bridge
push "route 192.168.7.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
--
Um die Liste abzubestellen, schicken Sie eine Mail an:
opensuse-de+unsubscribe@xxxxxxxxxxxx
Um eine Liste aller verfuegbaren Kommandos zu bekommen, schicken
Sie eine Mail an: opensuse-de+help@xxxxxxxxxxxx
ich bin da im Moment offensichtlich komplett "überfordert".
Der Status:
Ich bekomme via UMTS eine Openvpn Verbindung aufgebaut.
Der DSL Router hat die IP 192.168.7.168 der VPN Server die IP 192.168.7.190
Wie bekomme ich es hin das jetzt das System 192.168.7.190 per ping und ssh erreichbar ist?
Danke
die Ausgabe auf dem Bildschrirm des Servers beim Verbindungsaufbau.
openvpn /etc/openvpn/server.conf
Fri Jun 25 10:16:50 2010 OpenVPN 2.1_rc20 i586-suse-linux [SSL] [LZO2] [EPOLL] [PKCS11] built on Dec 17 2009
Fri Jun 25 10:16:50 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jun 25 10:16:50 2010 Diffie-Hellman initialized with 1024 bit key
Fri Jun 25 10:16:50 2010 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jun 25 10:16:50 2010 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.7.0/255.255.255.0] and remote VPN [192.168.7.1/255.255.255.255]
Fri Jun 25 10:16:50 2010 ROUTE default_gateway=192.168.7.168
Fri Jun 25 10:16:50 2010 TUN/TAP device tun0 opened
Fri Jun 25 10:16:50 2010 TUN/TAP TX queue length set to 100
Fri Jun 25 10:16:50 2010 /bin/ip link set dev tun0 up mtu 1500
Fri Jun 25 10:16:50 2010 /bin/ip addr add dev tun0 local 192.168.7.1 peer 192.168.7.2
Fri Jun 25 10:16:50 2010 WARNING: potential route subnet conflict between local LAN [192.168.7.0/255.255.255.0] and remote VPN [192.168.7.0/255.255.255.0]
Fri Jun 25 10:16:50 2010 /bin/ip route add 192.168.7.0/24 via 192.168.7.2
RTNETLINK answers: File exists
Fri Jun 25 10:16:50 2010 ERROR: Linux route add command failed: external program exited with error status: 2
Fri Jun 25 10:16:50 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jun 25 10:16:50 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Fri Jun 25 10:16:50 2010 UDPv4 link local (bound): [undef]:1194
Fri Jun 25 10:16:50 2010 UDPv4 link remote: [undef]
Fri Jun 25 10:16:50 2010 MULTI: multi_init called, r=256 v=256
Fri Jun 25 10:16:50 2010 IFCONFIG POOL: base=192.168.7.4 size=62
Fri Jun 25 10:16:50 2010 IFCONFIG POOL LIST
Fri Jun 25 10:16:50 2010 vpnhost1,192.168.7.60
Fri Jun 25 10:16:50 2010 Initialization Sequence Completed
Fri Jun 25 10:17:04 2010 MULTI: multi_create_instance called
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 Re-using SSL/TLS context
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 LZO compression initialized
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 Local Options hash (VER=V4): '530fdded'
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 Expected Remote Options hash (VER=V4): '41690919'
Fri Jun 25 10:17:04 2010 77.25.254.100:48782 TLS: Initial packet from 77.25.254.100:48782, sid=aefe61c8 c4380e9d
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 VERIFY OK: depth=1, /C=de/ST=nrw/L=dortmund/O=top-lamp/OU=lager02/CN=isdnip/emailAddress=mleimann@xxxxxxxxxxxx
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 VERIFY OK: depth=0, /C=de/ST=nrw/L=dortmund/O=top-lamp/OU=lager02/CN=vpnhost1/emailAddress=me@xxxxxxxxxxxxxxx
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jun 25 10:17:06 2010 77.25.254.100:48782 [vpnhost1] Peer Connection Initiated with 77.25.254.100:48782
Fri Jun 25 10:17:06 2010 vpnhost1/77.25.254.100:48782 MULTI: Learn: 192.168.7.62 -> vpnhost1/77.25.254.100:48782
Fri Jun 25 10:17:06 2010 vpnhost1/77.25.254.100:48782 MULTI: primary virtual IP for vpnhost1/77.25.254.100:48782: 192.168.7.62
Fri Jun 25 10:17:09 2010 vpnhost1/77.25.254.100:48782 PUSH: Received control message: 'PUSH_REQUEST'
Fri Jun 25 10:17:09 2010 vpnhost1/77.25.254.100:48782 SENT CONTROL [vpnhost1]: 'PUSH_REPLY,route 192.168.7.0 255.255.255.0,redirect-gateway def1,route 192.168.7.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.7.62 192.168.7.61' (status=1)
Fri Jun 25 10:17:09 2010 vpnhost1/77.25.254.100:48782 SENT CONTROL [vpnhost1]: 'PUSH_REPLY,route 192.168.7.0 255.255.255.0,redirect-gateway def1,route 192.168.7.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.7.62 192.168.7.61' (status=1)
^CFri Jun 25 10:19:06 2010 event_wait : Interrupted system call (code=4)
Fri Jun 25 10:19:06 2010 TCP/UDP: Closing socket
Fri Jun 25 10:19:06 2010 Closing TUN/TAP interface
Fri Jun 25 10:19:06 2010 /bin/ip addr del dev tun0 local 192.168.7.1 peer 192.168.7.2
Fri Jun 25 10:19:06 2010 SIGINT[hard,] received, process exiting
meine server.conf
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 192.168.7.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 192.168.7.50 255.255.255.0 192.168.7.60 192.168.7.70
;server-bridge
push "route 192.168.7.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
--
Um die Liste abzubestellen, schicken Sie eine Mail an:
opensuse-de+unsubscribe@xxxxxxxxxxxx
Um eine Liste aller verfuegbaren Kommandos zu bekommen, schicken
Sie eine Mail an: opensuse-de+help@xxxxxxxxxxxx
| < Previous | Next > |