[tetaneutral] OpenVPN.
Emmanuel Thierry
ml at sekil.fr
Wed Sep 17 16:22:08 CEST 2014
Oui, donc le serveur ne voit rien. Que disent les logs du client ?
Si tu lances une capture wireshark sur le serveur lors de la connexion du client, vois-tu les paquets passer ?
Emmanuel
Le 17 sept. 2014 à 16:10, Rémy Carbon a écrit :
> Merci Bertrand, Emmanuel, Paul, Yannick.
>
> Je précise la situation :
> Un serveur debian avec samba opérationnel dessus.
> Network : 192.168.67.0.
> Dhcp correct.
> OpenVPN configuré comme ci-après.
> Port 1194 redirigé vers l'@ip du serveur sur la Livebox 1000A.
> Ssh vers le serveur ok.
> Tout fonctionne bien quotidiennement en lan.
>
> Mais quand j’essaie de connecter un client, rien n’apparaît dans les log et la connexion ne se fait pas.
> (Les log sont des exemples, ne vous fiez pas aux dates).
>
> Voila.
> Rémy.
>
> *******************************************************************
> cat /etc/network/interfaces.ovpn
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> ### Interface Bridgee pour OpenVPN
> auto br0
> iface br0 inet manual
> bridge-ports eth0
> post-up /etc/openvpn/scripts/ovup && service openvpn start
> pre-down service openvpn stop
> post-down /etc/openvpn/scripts/ovdown
>
> *******************************************************************
> cat /etc/openvpn/sambaVPN.conf
> port 1194
> proto udp
> dev tap0
> ca /etc/openvpn/easy-rsa/keys/ca.crt
> cert /etc/openvpn/easy-rsa/keys/samba.crt
> key /etc/openvpn/easy-rsa/keys/samba.key # This file should be kept secret
> dh /etc/openvpn/easy-rsa/keys/dh1024.pem
> server-bridge
> keepalive 10 120
> comp-lzo
> persist-key
> persist-tun
> status /etc/openvpn/openvpn-status.log
> # log-append /var/log/openvpn/openvpn.log
> verb 3
> crl-verify /etc/openvpn/easy-rsa/keys/crl.pem
>
> *******************************************************************
> cat /etc/openvpn/openvpn.log
>
> Tue Aug 12 12:42:47 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
> Tue Aug 12 12:42:47 2014 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
> Tue Aug 12 12:42:47 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
> Tue Aug 12 12:42:47 2014 Diffie-Hellman initialized with 1024 bit key
> Tue Aug 12 12:42:47 2014 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
> Tue Aug 12 12:42:47 2014 Socket Buffers: R=[229376->131072] S=[229376->131072]
> Tue Aug 12 12:42:47 2014 TUN/TAP device tap0 opened
> Tue Aug 12 12:42:47 2014 TUN/TAP TX queue length set to 100
> Tue Aug 12 12:42:47 2014 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
> Tue Aug 12 12:42:47 2014 UDPv4 link local (bound): [undef]
> Tue Aug 12 12:42:47 2014 UDPv4 link remote: [undef]
> Tue Aug 12 12:42:47 2014 MULTI: multi_init called, r=256 v=256
> Tue Aug 12 12:42:47 2014 Initialization Sequence Completed
>
> *******************************************************************
> cat /etc/openvpn/openvpn-status.log (exemple).
>
> cat openvpn-status.log
> OpenVPN CLIENT LIST
> Updated,Mon Aug 25 10:32:33 2014
> Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
> ROUTING TABLE
> Virtual Address,Common Name,Real Address,Last Ref
> GLOBAL STATS
> Max bcast/mcast queue length,0
> END
>
> _______________________________________________
> tetaneutral mailing list
> tetaneutral at lists.tetaneutral.net
> http://lists.tetaneutral.net/listinfo/tetaneutral
More information about the tetaneutral
mailing list