[tetaneutral] OpenVPN.
Rémy Carbon
remy.carbon at orange.fr
Wed Sep 17 16:10:15 CEST 2014
Merci Bertrand, Emmanuel, Paul, Yannick.
Je précise la situation :
Un serveur debian avec samba opérationnel dessus.
Network : 192.168.67.0.
Dhcp correct.
OpenVPN configuré comme ci-après.
Port 1194 redirigé vers l'@ip du serveur sur la Livebox 1000A.
Ssh vers le serveur ok.
Tout fonctionne bien quotidiennement en lan.
Mais quand j’essaie de connecter un client, rien n’apparaît dans les log
et la connexion ne se fait pas.
(Les log sont des exemples, ne vous fiez pas aux dates).
Voila.
Rémy.
*******************************************************************
cat /etc/network/interfaces.ovpn
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
### Interface Bridgee pour OpenVPN
auto br0
iface br0 inet manual
bridge-ports eth0
post-up /etc/openvpn/scripts/ovup && service openvpn start
pre-down service openvpn stop
post-down /etc/openvpn/scripts/ovdown
*******************************************************************
cat /etc/openvpn/sambaVPN.conf
port 1194
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/samba.crt
key /etc/openvpn/easy-rsa/keys/samba.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server-bridge
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
# log-append /var/log/openvpn/openvpn.log
verb 3
crl-verify /etc/openvpn/easy-rsa/keys/crl.pem
*******************************************************************
cat /etc/openvpn/openvpn.log
Tue Aug 12 12:42:47 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2]
[EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2
(2.2RC2)] built on Jun 18 2013
Tue Aug 12 12:42:47 2014 NOTE: when bridging your LAN adapter with the
TAP adapter, note that the new bridge adapter will often take on its own
IP address that is different from what the LAN adapter was previously set to
Tue Aug 12 12:42:47 2014 NOTE: OpenVPN 2.1 requires '--script-security
2' or higher to call user-defined scripts or executables
Tue Aug 12 12:42:47 2014 Diffie-Hellman initialized with 1024 bit key
Tue Aug 12 12:42:47 2014 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0
ET:0 EL:0 ]
Tue Aug 12 12:42:47 2014 Socket Buffers: R=[229376->131072]
S=[229376->131072]
Tue Aug 12 12:42:47 2014 TUN/TAP device tap0 opened
Tue Aug 12 12:42:47 2014 TUN/TAP TX queue length set to 100
Tue Aug 12 12:42:47 2014 Data Channel MTU parms [ L:1574 D:1450 EF:42
EB:135 ET:32 EL:0 AF:3/1 ]
Tue Aug 12 12:42:47 2014 UDPv4 link local (bound): [undef]
Tue Aug 12 12:42:47 2014 UDPv4 link remote: [undef]
Tue Aug 12 12:42:47 2014 MULTI: multi_init called, r=256 v=256
Tue Aug 12 12:42:47 2014 Initialization Sequence Completed
*******************************************************************
cat /etc/openvpn/openvpn-status.log (exemple).
cat openvpn-status.log
OpenVPN CLIENT LIST
Updated,Mon Aug 25 10:32:33 2014
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
More information about the tetaneutral
mailing list