[tetaneutral] OpenVPN.
Paul GERMAIN
paul.germain.fr at gmail.com
Wed Sep 17 16:33:06 CEST 2014
Côté serveur, le service est bien en écoute?
en local:
nmap -sU localhost
si ok, retester avec l'@ wan (depuis l'extérieur)
Paul
2014-09-17 16:22 GMT+02:00 Emmanuel Thierry <ml at sekil.fr>:
> Oui, donc le serveur ne voit rien. Que disent les logs du client ?
> Si tu lances une capture wireshark sur le serveur lors de la connexion du
> client, vois-tu les paquets passer ?
>
> Emmanuel
>
> Le 17 sept. 2014 à 16:10, Rémy Carbon a écrit :
>
> > Merci Bertrand, Emmanuel, Paul, Yannick.
> >
> > Je précise la situation :
> > Un serveur debian avec samba opérationnel dessus.
> > Network : 192.168.67.0.
> > Dhcp correct.
> > OpenVPN configuré comme ci-après.
> > Port 1194 redirigé vers l'@ip du serveur sur la Livebox 1000A.
> > Ssh vers le serveur ok.
> > Tout fonctionne bien quotidiennement en lan.
> >
> > Mais quand j’essaie de connecter un client, rien n’apparaît dans les log
> et la connexion ne se fait pas.
> > (Les log sont des exemples, ne vous fiez pas aux dates).
> >
> > Voila.
> > Rémy.
> >
> > *******************************************************************
> > cat /etc/network/interfaces.ovpn
> > # This file describes the network interfaces available on your system
> > # and how to activate them. For more information, see interfaces(5).
> >
> > # The loopback network interface
> > auto lo
> > iface lo inet loopback
> >
> > ### Interface Bridgee pour OpenVPN
> > auto br0
> > iface br0 inet manual
> > bridge-ports eth0
> > post-up /etc/openvpn/scripts/ovup && service openvpn start
> > pre-down service openvpn stop
> > post-down /etc/openvpn/scripts/ovdown
> >
> > *******************************************************************
> > cat /etc/openvpn/sambaVPN.conf
> > port 1194
> > proto udp
> > dev tap0
> > ca /etc/openvpn/easy-rsa/keys/ca.crt
> > cert /etc/openvpn/easy-rsa/keys/samba.crt
> > key /etc/openvpn/easy-rsa/keys/samba.key # This file should be kept
> secret
> > dh /etc/openvpn/easy-rsa/keys/dh1024.pem
> > server-bridge
> > keepalive 10 120
> > comp-lzo
> > persist-key
> > persist-tun
> > status /etc/openvpn/openvpn-status.log
> > # log-append /var/log/openvpn/openvpn.log
> > verb 3
> > crl-verify /etc/openvpn/easy-rsa/keys/crl.pem
> >
> > *******************************************************************
> > cat /etc/openvpn/openvpn.log
> >
> > Tue Aug 12 12:42:47 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2]
> [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2
> (2.2RC2)] built on Jun 18 2013
> > Tue Aug 12 12:42:47 2014 NOTE: when bridging your LAN adapter with the
> TAP adapter, note that the new bridge adapter will often take on its own IP
> address that is different from what the LAN adapter was previously set to
> > Tue Aug 12 12:42:47 2014 NOTE: OpenVPN 2.1 requires '--script-security
> 2' or higher to call user-defined scripts or executables
> > Tue Aug 12 12:42:47 2014 Diffie-Hellman initialized with 1024 bit key
> > Tue Aug 12 12:42:47 2014 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0
> ET:0 EL:0 ]
> > Tue Aug 12 12:42:47 2014 Socket Buffers: R=[229376->131072]
> S=[229376->131072]
> > Tue Aug 12 12:42:47 2014 TUN/TAP device tap0 opened
> > Tue Aug 12 12:42:47 2014 TUN/TAP TX queue length set to 100
> > Tue Aug 12 12:42:47 2014 Data Channel MTU parms [ L:1574 D:1450 EF:42
> EB:135 ET:32 EL:0 AF:3/1 ]
> > Tue Aug 12 12:42:47 2014 UDPv4 link local (bound): [undef]
> > Tue Aug 12 12:42:47 2014 UDPv4 link remote: [undef]
> > Tue Aug 12 12:42:47 2014 MULTI: multi_init called, r=256 v=256
> > Tue Aug 12 12:42:47 2014 Initialization Sequence Completed
> >
> > *******************************************************************
> > cat /etc/openvpn/openvpn-status.log (exemple).
> >
> > cat openvpn-status.log
> > OpenVPN CLIENT LIST
> > Updated,Mon Aug 25 10:32:33 2014
> > Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
> > ROUTING TABLE
> > Virtual Address,Common Name,Real Address,Last Ref
> > GLOBAL STATS
> > Max bcast/mcast queue length,0
> > END
> >
> > _______________________________________________
> > tetaneutral mailing list
> > tetaneutral at lists.tetaneutral.net
> > http://lists.tetaneutral.net/listinfo/tetaneutral
>
> _______________________________________________
> tetaneutral mailing list
> tetaneutral at lists.tetaneutral.net
> http://lists.tetaneutral.net/listinfo/tetaneutral
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tetaneutral.net/pipermail/tetaneutral/attachments/20140917/7678e84c/attachment.htm>
More information about the tetaneutral
mailing list