Часовой пояс: UTC + 3 часа




Начать новую тему Новая тема / Ответить на тему Ответить  Сообщений: 8 
  Пред. тема | След. тема 
В случае проблем с отображением форума, отключите блокировщик рекламы
Автор Сообщение
 

Member
Статус: Не в сети
Регистрация: 10.06.2008
Откуда: Москва
Фото: 5
Народ, все привет нужна помощь местных гуру по OpenVPN…
Есть сервер вин 7 с OVPN Локальный ip 192.168.2.10 (сеть 192.168.2.0/24) шлюз 192.168.2.1 dns там же.
Имею статический ip на выходе и доменное имя с привязкой.
Прокинут маршрут и открыты порты до сервера. 192.168.2.10:55555
Ip адрес виртуального сервера 10.10.10.1 255.255.255.0
Настройки сервера :

mode server #Режим работы – Сервер
port 55555 #порт на котором работает сервер (слушает клиентов)
route-delay 10
proto tcp-server #Протокол передачи данных
tls-server #Криптографический протокол передачи
duplicate-cn
mssfix
dev tun #Какой режим туннелирования использльзовать L3
tun-mtu 1500
auth MD5
ca C:\\VPN\\config\\MyServer\\ca.crt
cert C:\\VPN\\config\\MyServer\\MyServer.crt #Ключи, сертифекаты и шифрование канала......
key C:\\VPN\\config\\MyServer\\MyServer.key
dh C:\\VPN\\config\\MyServer\\dh1024.pem
server 10.10.10.0 255.255.255.0 #Пулл адресов
push "route 192.168.2.0 255.255.255.0" #Передача клиентам маршрута до локальной сети
client-to-client # видимость клиентов между собой
keepalive 10 120 # жизнь пакета
cipher AES-128-CBC #Метод шифрования
comp-lzo #сжатия данных в туннеле
persist-key
persist-tun
verb 3



Настройка клиента:

client
remote ******(доменное имя)
port 55555
proto tcp-client
tls-client
route-delay 10
nobind
dev tun
auth MD5
tun-mtu 1500
ca ca.crt
cert Sergey.crt
key Sergey.key
cipher AES-128-CBC
route-method exe
route-delay 2
comp-lzo
persist-key
persist-tun
verb 3


Клиент и сервер коннектются замечательно…. Клиент получает ip 10.10.1.6
Видимость по ip 10.10.10.1(вирт. ip сервера с физ. локал. ip 192.168.2.10) расшаренные ресурсы есть, а вот сеть 192.168.2.0 не видит не фига… и по ip 192.168.2.10 не видно ресурсов.
Что делать?
На сервере был изменен ключ…. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
IpEnableRouter значение 1

Добавлено спустя 1 час 19 минут 59 секунд:
Всем спасибо.... тему в принципе можно закрывать по данному вопросу, оказалось тупил режим л3 туннеля, как только перевел на л2(tap) и обратно все законектилось.....
Хотя можно и оставить если такой темы нету.... на форуме по поводу настроек конфига для openVPN......



Партнер
 

Member
Статус: Не в сети
Регистрация: 10.06.2008
Откуда: Москва
Фото: 5
Так как, создавал тему по openVPN, решил для всех желающих запилить видео... с манами по настройки данной программы...
Инструкция по созданию OpenVPN сервера: Все части вместе...... 3 части + дополнение, и реальный тест с игрой.

1 часть...

2 часть...

3 часть...

Дополнение.....

Тест с игрой......


Рабочие конфиги:::
Сервер... Маршрутизация на хосте..... режим работы l2 tap....
dev-node "joni" #имя нашего адаптера
mode server #Режим работы – Сервер
port 55555 #порт на котором работает сервер (слушает клиентов)



dev tap #Какой режим туннелирования использльзовать L2

proto tcp-server #Протокол передачи данных

tls-server #Криптографический протокол передачи
tls-auth C:\\CLOVPN\\config\\tls_key\\mykey.key 0

duplicate-cn #вкл. множества клиентов с одним ключом

auth MD5 #проверка по хешу

tun-mtu 1500 #размер пакета
tun-mtu-extra 32
mssfix 1450

ca C:\\CLOVPN\\config\\server\\ca.crt
cert C:\\CLOVPN\\config\\server\\joniServer.crt #Ключи, сертифекаты и шифрование канала......
key C:\\CLOVPN\\config\\server\\joniServer.key
dh C:\\CLOVPN\\config\\server\\dh1024.pem

server 10.10.10.0 255.255.255.0


status openvpn-status.log
log-append openvpn.log

client-to-client #видимость клиентов между собой
keepalive 10 120 #жизнь пакета
cipher AES-128-CBC #Метод шифрования
comp-lzo #сжатия данных в туннеле

persist-key #не перечитывать ключ и туннель при перезапуске сервера
persist-tun

verb 3 #уровень режима отладки
#время на создание маршрута
route-delay 10
route-method exe

route 10.10.10.0 255.255.255.0 #Видимость сервера локалки
route-gateway 10.10.10.1

push "route 192.168.2.0 255.255.255.0" #передача клиентам маршрут внутрь моей локалки


Клиент....
#dev-node "Имя адаптера"
remote ****** #вместо звездочек удаленный ip адрес.
client
port 55555
dev tap
proto tcp-client
tls-client
tls-auth mykey.key 1
remote-cert-tls server
route-delay 2
auth MD5
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca ca.crt
cert имя сертификата клиента.crt
key имя ключа клиента.key
pull
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
route-method exe
route-delay 3


Сервер... и клиент.. режим работы l3 tun....
В конфиг сервера внести изменения..
добавить - topology subnet и dev tun
dev tap и duplicate-cn за комментировать....
в клиенте...
добавить - dev tun
dev tap за комментировать...


Последний раз редактировалось хона 09.03.2016 10:39, всего редактировалось 1 раз.

 

Заблокирован
Заблокирован
Статус: Не в сети
Регистрация: 20.01.2007
я сначала подумал что ты у ГРУ просишь помощи, ну да ладно...

_________________
Sitronix - Господин Полковник Sitronix
_____________________________
9900K@5ГГц, 32Гб + RTX 4090


 

Member
Статус: Не в сети
Регистрация: 10.06.2008
Откуда: Москва
Фото: 5
Sitronix писал(а):
я сначала подумал что ты у ГРУ просишь помощи, ну да ладно...

Да именно.... было так, пару недель назад, что дало толчок самому освоить все хитрости... данной программы. Надеюсь, что кому нибудь пригодиться, так как на крик о помощи при настройки была тишина,...


 

Member
Статус: Не в сети
Регистрация: 27.09.2006
Откуда: Питер
Спасибо за видео - авось, и пригодится :-)

_________________
Сколько волка не корми, у слона все равно толще


 

Member
Статус: Не в сети
Регистрация: 28.08.2011
Откуда: Красноярск
opnvpn
Thu Apr 07 15:55:46 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Thu Apr 07 15:55:46 2016 Windows version 6.1 (Windows 7)
Thu Apr 07 15:55:46 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Thu Apr 07 15:55:46 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Apr 07 15:55:46 2016 Diffie-Hellman initialized with 1024 bit key
Thu Apr 07 15:55:46 2016 Control Channel Authentication: using 'C:\OpenVPN\config\te.key' as a OpenVPN static key file
Thu Apr 07 15:55:46 2016 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Apr 07 15:55:46 2016 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Apr 07 15:55:46 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 07 15:55:46 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=12 HWADDR=00:0c:29:cf:9d:18
Thu Apr 07 15:55:46 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr 07 15:55:46 2016 open_tun, tt->ipv6=0
Thu Apr 07 15:55:46 2016 TAP-WIN32 device [vpn] opened: \\.\Global\{357A157A-F837-4FB2-936B-4A4BC04FD72D}.tap
Thu Apr 07 15:55:46 2016 TAP-Windows Driver Version 9.21
Thu Apr 07 15:55:46 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.1/255.255.255.0 on interface {357A157A-F837-4FB2-936B-4A4BC04FD72D} [DHCP-serv: 10.10.10.0, lease-time: 31536000]
Thu Apr 07 15:55:46 2016 Sleeping for 10 seconds...
Thu Apr 07 15:55:56 2016 Successful ARP Flush on interface [15] {357A157A-F837-4FB2-936B-4A4BC04FD72D}
Thu Apr 07 15:55:56 2016 C:\Windows\system32\route.exe ADD 10.10.10.0 MASK 255.255.255.0 10.10.10.1
Thu Apr 07 15:55:56 2016 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Thu Apr 07 15:55:56 2016 Listening for incoming TCP connection on [undef]
Thu Apr 07 15:55:56 2016 TCPv4_SERVER link local (bound): [undef]
Thu Apr 07 15:55:56 2016 TCPv4_SERVER link remote: [undef]
Thu Apr 07 15:55:56 2016 MULTI: multi_init called, r=256 v=256
Thu Apr 07 15:55:56 2016 IFCONFIG POOL: base=10.10.10.2 size=253, ipv6=0
Thu Apr 07 15:55:56 2016 MULTI: TCP INIT maxclients=60 maxevents=64
Thu Apr 07 15:55:56 2016 Initialization Sequence Completed
Thu Apr 07 16:02:53 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Thu Apr 07 16:02:53 2016 Windows version 6.1 (Windows 7)
Thu Apr 07 16:02:53 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Thu Apr 07 16:02:53 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Apr 07 16:02:54 2016 Diffie-Hellman initialized with 1024 bit key
Thu Apr 07 16:02:54 2016 Control Channel Authentication: using 'C:\OpenVPN\config\te.key' as a OpenVPN static key file
Thu Apr 07 16:02:54 2016 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Apr 07 16:02:54 2016 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Apr 07 16:02:54 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 07 16:02:54 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=12 HWADDR=00:0c:29:cf:9d:18
Thu Apr 07 16:02:54 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr 07 16:02:54 2016 open_tun, tt->ipv6=0
Thu Apr 07 16:02:54 2016 TAP-WIN32 device [vpn] opened: \\.\Global\{357A157A-F837-4FB2-936B-4A4BC04FD72D}.tap
Thu Apr 07 16:02:54 2016 TAP-Windows Driver Version 9.21
Thu Apr 07 16:02:54 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.1/255.255.255.0 on interface {357A157A-F837-4FB2-936B-4A4BC04FD72D} [DHCP-serv: 10.10.10.0, lease-time: 31536000]
Thu Apr 07 16:02:54 2016 Sleeping for 10 seconds...
Thu Apr 07 16:03:04 2016 Successful ARP Flush on interface [15] {357A157A-F837-4FB2-936B-4A4BC04FD72D}
Thu Apr 07 16:03:04 2016 C:\Windows\system32\route.exe ADD 10.10.10.0 MASK 255.255.255.0 10.10.10.1
Thu Apr 07 16:03:04 2016 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Thu Apr 07 16:03:04 2016 Listening for incoming TCP connection on [undef]
Thu Apr 07 16:03:04 2016 TCPv4_SERVER link local (bound): [undef]
Thu Apr 07 16:03:04 2016 TCPv4_SERVER link remote: [undef]
Thu Apr 07 16:03:04 2016 MULTI: multi_init called, r=256 v=256
Thu Apr 07 16:03:04 2016 IFCONFIG POOL: base=10.10.10.2 size=253, ipv6=0
Thu Apr 07 16:03:04 2016 MULTI: TCP INIT maxclients=60 maxevents=64
Thu Apr 07 16:03:04 2016 Initialization Sequence Completed
Thu Apr 07 16:03:06 2016 TCP connection established with [AF_INET]192.168.1.1:1047
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS: Initial packet from [AF_INET]192.168.1.1:1047, sid=3249c276 9cbd9d32
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS Error: TLS handshake failed
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:12 2016 TCP connection established with [AF_INET]192.168.1.1:1048
Thu Apr 07 16:03:13 2016 192.168.1.1:1048 TLS: Initial packet from [AF_INET]192.168.1.1:1048, sid=b5dc5a78 bceae67c
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 TLS Error: TLS handshake failed
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:19 2016 TCP connection established with [AF_INET]192.168.1.1:1049
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 TLS: Initial packet from [AF_INET]192.168.1.1:1049, sid=c1b2bb3e c67fd265
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 TLS Error: TLS handshake failed
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:25 2016 TCP connection established with [AF_INET]192.168.1.1:1050
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 TLS: Initial packet from [AF_INET]192.168.1.1:1050, sid=6e638be9 e18f3d4b
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 TLS Error: TLS handshake failed
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:31 2016 TCP connection established with [AF_INET]192.168.1.1:1051
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 TLS: Initial packet from [AF_INET]192.168.1.1:1051, sid=296e8c92 10db5862
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 TLS Error: TLS handshake failed
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:37 2016 TCP connection established with [AF_INET]192.168.1.1:1052
Thu Apr 07 16:03:38 2016 192.168.1.1:1052 TLS: Initial packet from [AF_INET]192.168.1.1:1052, sid=2b8794ff ec9b77d0
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 TLS Error: TLS handshake failed
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:44 2016 TCP connection established with [AF_INET]192.168.1.1:1053
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 TLS: Initial packet from [AF_INET]192.168.1.1:1053, sid=96e40123 55e0f75b
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 TLS Error: TLS handshake failed
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:50 2016 TCP connection established with [AF_INET]192.168.1.1:1054
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 TLS: Initial packet from [AF_INET]192.168.1.1:1054, sid=2524ca7f 1ec24244
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 TLS Error: TLS handshake failed
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 SIGUSR1[soft,tls-error] received, client-instance restarting


openvpnstatus
OpenVPN CLIENT LIST
Updated,Thu Apr 07 16:04:04 2016
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
UNDEF,192.168.1.1:1056,84,52,Thu Apr 07 16:04:02 2016
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,1
END


ни как не может подключится взял уже тупо твои конфиги и нехрена. серверна винде 7 клиент на xp
постоянно идет переподключения и по другим портам он тупа начинает их перебирать.

Добавлено спустя :
opnvpn
Thu Apr 07 15:55:46 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Thu Apr 07 15:55:46 2016 Windows version 6.1 (Windows 7)
Thu Apr 07 15:55:46 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Thu Apr 07 15:55:46 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Apr 07 15:55:46 2016 Diffie-Hellman initialized with 1024 bit key
Thu Apr 07 15:55:46 2016 Control Channel Authentication: using 'C:\OpenVPN\config\te.key' as a OpenVPN static key file
Thu Apr 07 15:55:46 2016 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Apr 07 15:55:46 2016 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Apr 07 15:55:46 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 07 15:55:46 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=12 HWADDR=00:0c:29:cf:9d:18
Thu Apr 07 15:55:46 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr 07 15:55:46 2016 open_tun, tt->ipv6=0
Thu Apr 07 15:55:46 2016 TAP-WIN32 device [vpn] opened: \\.\Global\{357A157A-F837-4FB2-936B-4A4BC04FD72D}.tap
Thu Apr 07 15:55:46 2016 TAP-Windows Driver Version 9.21
Thu Apr 07 15:55:46 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.1/255.255.255.0 on interface {357A157A-F837-4FB2-936B-4A4BC04FD72D} [DHCP-serv: 10.10.10.0, lease-time: 31536000]
Thu Apr 07 15:55:46 2016 Sleeping for 10 seconds...
Thu Apr 07 15:55:56 2016 Successful ARP Flush on interface [15] {357A157A-F837-4FB2-936B-4A4BC04FD72D}
Thu Apr 07 15:55:56 2016 C:\Windows\system32\route.exe ADD 10.10.10.0 MASK 255.255.255.0 10.10.10.1
Thu Apr 07 15:55:56 2016 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Thu Apr 07 15:55:56 2016 Listening for incoming TCP connection on [undef]
Thu Apr 07 15:55:56 2016 TCPv4_SERVER link local (bound): [undef]
Thu Apr 07 15:55:56 2016 TCPv4_SERVER link remote: [undef]
Thu Apr 07 15:55:56 2016 MULTI: multi_init called, r=256 v=256
Thu Apr 07 15:55:56 2016 IFCONFIG POOL: base=10.10.10.2 size=253, ipv6=0
Thu Apr 07 15:55:56 2016 MULTI: TCP INIT maxclients=60 maxevents=64
Thu Apr 07 15:55:56 2016 Initialization Sequence Completed
Thu Apr 07 16:02:53 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Thu Apr 07 16:02:53 2016 Windows version 6.1 (Windows 7)
Thu Apr 07 16:02:53 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Thu Apr 07 16:02:53 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Apr 07 16:02:54 2016 Diffie-Hellman initialized with 1024 bit key
Thu Apr 07 16:02:54 2016 Control Channel Authentication: using 'C:\OpenVPN\config\te.key' as a OpenVPN static key file
Thu Apr 07 16:02:54 2016 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Apr 07 16:02:54 2016 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Apr 07 16:02:54 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 07 16:02:54 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=12 HWADDR=00:0c:29:cf:9d:18
Thu Apr 07 16:02:54 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr 07 16:02:54 2016 open_tun, tt->ipv6=0
Thu Apr 07 16:02:54 2016 TAP-WIN32 device [vpn] opened: \\.\Global\{357A157A-F837-4FB2-936B-4A4BC04FD72D}.tap
Thu Apr 07 16:02:54 2016 TAP-Windows Driver Version 9.21
Thu Apr 07 16:02:54 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.1/255.255.255.0 on interface {357A157A-F837-4FB2-936B-4A4BC04FD72D} [DHCP-serv: 10.10.10.0, lease-time: 31536000]
Thu Apr 07 16:02:54 2016 Sleeping for 10 seconds...
Thu Apr 07 16:03:04 2016 Successful ARP Flush on interface [15] {357A157A-F837-4FB2-936B-4A4BC04FD72D}
Thu Apr 07 16:03:04 2016 C:\Windows\system32\route.exe ADD 10.10.10.0 MASK 255.255.255.0 10.10.10.1
Thu Apr 07 16:03:04 2016 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Thu Apr 07 16:03:04 2016 Listening for incoming TCP connection on [undef]
Thu Apr 07 16:03:04 2016 TCPv4_SERVER link local (bound): [undef]
Thu Apr 07 16:03:04 2016 TCPv4_SERVER link remote: [undef]
Thu Apr 07 16:03:04 2016 MULTI: multi_init called, r=256 v=256
Thu Apr 07 16:03:04 2016 IFCONFIG POOL: base=10.10.10.2 size=253, ipv6=0
Thu Apr 07 16:03:04 2016 MULTI: TCP INIT maxclients=60 maxevents=64
Thu Apr 07 16:03:04 2016 Initialization Sequence Completed
Thu Apr 07 16:03:06 2016 TCP connection established with [AF_INET]192.168.1.1:1047
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS: Initial packet from [AF_INET]192.168.1.1:1047, sid=3249c276 9cbd9d32
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS Error: TLS handshake failed
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:12 2016 TCP connection established with [AF_INET]192.168.1.1:1048
Thu Apr 07 16:03:13 2016 192.168.1.1:1048 TLS: Initial packet from [AF_INET]192.168.1.1:1048, sid=b5dc5a78 bceae67c
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 TLS Error: TLS handshake failed
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:14 2016 192.168.1.1:1048 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:19 2016 TCP connection established with [AF_INET]192.168.1.1:1049
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 TLS: Initial packet from [AF_INET]192.168.1.1:1049, sid=c1b2bb3e c67fd265
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 TLS Error: TLS handshake failed
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:20 2016 192.168.1.1:1049 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:25 2016 TCP connection established with [AF_INET]192.168.1.1:1050
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 TLS: Initial packet from [AF_INET]192.168.1.1:1050, sid=6e638be9 e18f3d4b
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 TLS Error: TLS handshake failed
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:26 2016 192.168.1.1:1050 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:31 2016 TCP connection established with [AF_INET]192.168.1.1:1051
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 TLS: Initial packet from [AF_INET]192.168.1.1:1051, sid=296e8c92 10db5862
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 TLS Error: TLS handshake failed
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:32 2016 192.168.1.1:1051 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:37 2016 TCP connection established with [AF_INET]192.168.1.1:1052
Thu Apr 07 16:03:38 2016 192.168.1.1:1052 TLS: Initial packet from [AF_INET]192.168.1.1:1052, sid=2b8794ff ec9b77d0
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 TLS Error: TLS handshake failed
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:39 2016 192.168.1.1:1052 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:44 2016 TCP connection established with [AF_INET]192.168.1.1:1053
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 TLS: Initial packet from [AF_INET]192.168.1.1:1053, sid=96e40123 55e0f75b
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 TLS Error: TLS handshake failed
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:45 2016 192.168.1.1:1053 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Apr 07 16:03:50 2016 TCP connection established with [AF_INET]192.168.1.1:1054
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 TLS: Initial packet from [AF_INET]192.168.1.1:1054, sid=2524ca7f 1ec24244
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=RU, L=Moskow, O=OpenVPN, OU=changeme, CN=tony, name=changeme, emailAddress=mail@host.domain
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 TLS Error: TLS handshake failed
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:51 2016 192.168.1.1:1054 SIGUSR1[soft,tls-error] received, client-instance restarting


openvpnstatus
OpenVPN CLIENT LIST
Updated,Thu Apr 07 16:04:04 2016
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
UNDEF,192.168.1.1:1056,84,52,Thu Apr 07 16:04:02 2016
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,1
END


ни как не может подключится взял уже тупо твои конфиги и нехрена. серверна винде 7 клиент на xp
постоянно идет переподключения и по другим портам он тупа начинает их перебирать.

_________________
[img]http://i.imgur.com/GeiVj.png[/img]


 

Member
Статус: Не в сети
Регистрация: 10.06.2008
Откуда: Москва
Фото: 5
В твоих логах ошибка с сертификатом и рукопожатием на уровне tls протокола. Пересоздать сертификаты и статик ключ.
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 TLS Error: TLS handshake failed
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 Fatal TLS error (check_tls_errors_co), restarting
Thu Apr 07 16:03:07 2016 192.168.1.1:1047 SIGUSR1[soft,tls-error] received, client-instance restarting

Выруби роутинг ты же в локалке и роутишь сам на себя - если включен. И желательно сменить ip подсети, что и данный лог об этом говорит
NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.

______________________________________________________________

Тебе нужно решить какую схему выбрать... представлю две на выбор


пинги

______________________________________________________________

Режим работы tun
Сервер
mode server
port 55555
topology subnet
dev tun
proto tcp-server
tls-server
tls-auth C:\\CLOVPN\\config\\tls_key\\mykey.key 0
duplicate-cn
auth MD5
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca C:\\CLOVPN\\config\\server\\ca.crt
cert C:\\CLOVPN\\config\\server\\Server.crt
key C:\\CLOVPN\\config\\server\\Server.key
dh C:\\CLOVPN\\config\\server\\dh1024.pem
ifconfig 10.10.10.10 255.255.255.0
ifconfig-pool 10.10.10.11 10.10.10.100
status openvpn-status.log
log-append openvpn.log
client-to-client
keepalive 10 120
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
route-delay 5


Клиент
remote 192.168.0.X #вместо X ip сервера
client
port 55555
dev tun
proto tcp-client
tls-client
tls-auth mykey.key 1
remote-cert-tls server
auth MD5
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca ca.crt
cert client.crt
key client.key
pull
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
route-delay 3


лог сервера
Fri Apr 08 07:52:00 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Feb 1 2016
Fri Apr 08 07:52:00 2016 Windows version 6.1 (Windows 7)
Fri Apr 08 07:52:00 2016 library versions: OpenSSL 1.0.1r 28 Jan 2016, LZO 2.09
Fri Apr 08 07:52:00 2016 Diffie-Hellman initialized with 1024 bit key
Fri Apr 08 07:52:00 2016 Control Channel Authentication: using 'C:\CLOVPN\config\tls_key\mykey.key' as a OpenVPN static key file
Fri Apr 08 07:52:00 2016 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Apr 08 07:52:00 2016 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Apr 08 07:52:00 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Apr 08 07:52:00 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Apr 08 07:52:00 2016 open_tun, tt->ipv6=0
Fri Apr 08 07:52:00 2016 TAP-WIN32 device [OVPN] opened: \\.\Global\{F30E600E-83BB-44EC-9B62-73387E8CFBA1}.tap
Fri Apr 08 07:52:00 2016 TAP-Windows Driver Version 9.21
Fri Apr 08 07:52:00 2016 Set TAP-Windows TUN subnet mode network/local/netmask = 10.10.10.0/10.10.10.10/255.255.255.0 [SUCCEEDED]
Fri Apr 08 07:52:00 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.10/255.255.255.0 on interface {F30E600E-83BB-44EC-9B62-73387E8CFBA1} [DHCP-serv: 10.10.10.254, lease-time: 31536000]
Fri Apr 08 07:52:00 2016 Sleeping for 5 seconds...
Fri Apr 08 07:52:05 2016 Successful ARP Flush on interface [21] {F30E600E-83BB-44EC-9B62-73387E8CFBA1}
Fri Apr 08 07:52:05 2016 Listening for incoming TCP connection on [undef]
Fri Apr 08 07:52:05 2016 TCPv4_SERVER link local (bound): [undef]
Fri Apr 08 07:52:05 2016 TCPv4_SERVER link remote: [undef]
Fri Apr 08 07:52:05 2016 MULTI: multi_init called, r=256 v=256
Fri Apr 08 07:52:05 2016 IFCONFIG POOL: base=10.10.10.11 size=90, ipv6=0
Fri Apr 08 07:52:05 2016 MULTI: TCP INIT maxclients=60 maxevents=64
Fri Apr 08 07:52:05 2016 Initialization Sequence Completed

лог с подключением клиента
Fri Apr 08 07:54:19 2016 TCP connection established with [AF_INET]192.168.2.1:59923
Fri Apr 08 07:54:20 2016 192.168.2.1:59923 TLS: Initial packet from [AF_INET]192.168.2.1:59923, sid=1d268e3f 274ad290
Fri Apr 08 07:54:20 2016 192.168.2.1:59923 VERIFY OK: depth=1, C=RU, ST=RU, L=Moskow, O=MyServer, OU=changeme, CN=changeme, name=changeme, emailAddress=hona2012@yandex.ru
Fri Apr 08 07:54:20 2016 192.168.2.1:59923 VERIFY OK: depth=0, C=RU, ST=RU, L=Moskow, O=MyServer, OU=changeme, CN=NINA, name=changeme, emailAddress=hona2012@yandex.ru
Fri Apr 08 07:54:20 2016 192.168.2.1:59923 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Apr 08 07:54:20 2016 192.168.2.1:59923 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Apr 08 07:54:20 2016 192.168.2.1:59923 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Apr 08 07:54:20 2016 192.168.2.1:59923 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Apr 08 07:54:20 2016 192.168.2.1:59923 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Fri Apr 08 07:54:20 2016 192.168.2.1:59923 [NINA] Peer Connection Initiated with [AF_INET]192.168.2.1:59923
Fri Apr 08 07:54:20 2016 NINA/192.168.2.1:59923 MULTI_sva: pool returned IPv4=10.10.10.11, IPv6=(Not enabled)
Fri Apr 08 07:54:20 2016 NINA/192.168.2.1:59923 MULTI: Learn: 10.10.10.11 -> NINA/192.168.2.1:59923
Fri Apr 08 07:54:20 2016 NINA/192.168.2.1:59923 MULTI: primary virtual IP for NINA/192.168.2.1:59923: 10.10.10.11
Fri Apr 08 07:54:23 2016 NINA/192.168.2.1:59923 PUSH: Received control message: 'PUSH_REQUEST'
Fri Apr 08 07:54:23 2016 NINA/192.168.2.1:59923 send_push_reply(): safe_cap=940
Fri Apr 08 07:54:23 2016 NINA/192.168.2.1:59923 SENT CONTROL [NINA]: 'PUSH_REPLY,ping 10,ping-restart 120,ifconfig 10.10.10.11 255.255.255.0' (status=1)


___________________________________________________________

Режим работы tap
Сервер
mode server
port 55555
duplicate-cn
dev tap
proto tcp-server
tls-server
tls-auth C:\\CLOVPN\\config\\tls_key\\mykey.key 0
auth MD5
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca C:\\CLOVPN\\config\\server\\ca.crt
cert C:\\CLOVPN\\config\\server\\Server.crt
key C:\\CLOVPN\\config\\server\\Server.key
dh C:\\CLOVPN\\config\\server\\dh1024.pem
ifconfig 10.10.10.10 255.255.255.0
ifconfig-pool 10.10.10.11 10.10.10.100
status openvpn-status.log
log-append openvpn.log
client-to-client
keepalive 10 120
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
route-delay 5
route-method exe


Клиент
remote 192.168.0.X #вместо X ip сервера
client
port 55555
dev tap
proto tcp-client
tls-client
tls-auth mykey.key 1
remote-cert-tls server
auth MD5
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca ca.crt
cert client.crt
key client.key
pull
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
route-delay 3
route-method exe


лог сервера
Fri Apr 08 08:05:12 2016 Control Channel Authentication: using 'C:\CLOVPN\config\tls_key\mykey.key' as a OpenVPN static key file
Fri Apr 08 08:05:12 2016 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Apr 08 08:05:12 2016 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Apr 08 08:05:12 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Apr 08 08:05:12 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Apr 08 08:05:12 2016 open_tun, tt->ipv6=0
Fri Apr 08 08:05:12 2016 TAP-WIN32 device [OVPN] opened: \\.\Global\{F30E600E-83BB-44EC-9B62-73387E8CFBA1}.tap
Fri Apr 08 08:05:12 2016 TAP-Windows Driver Version 9.21
Fri Apr 08 08:05:12 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.10/255.255.255.0 on interface {F30E600E-83BB-44EC-9B62-73387E8CFBA1} [DHCP-serv: 10.10.10.0, lease-time: 31536000]
Fri Apr 08 08:05:12 2016 Sleeping for 5 seconds...
Fri Apr 08 08:05:17 2016 Successful ARP Flush on interface [21] {F30E600E-83BB-44EC-9B62-73387E8CFBA1}
Fri Apr 08 08:05:17 2016 Listening for incoming TCP connection on [undef]
Fri Apr 08 08:05:17 2016 TCPv4_SERVER link local (bound): [undef]
Fri Apr 08 08:05:17 2016 TCPv4_SERVER link remote: [undef]
Fri Apr 08 08:05:17 2016 MULTI: multi_init called, r=256 v=256
Fri Apr 08 08:05:17 2016 IFCONFIG POOL: base=10.10.10.11 size=90, ipv6=0
Fri Apr 08 08:05:17 2016 MULTI: TCP INIT maxclients=60 maxevents=64
Fri Apr 08 08:05:17 2016 Initialization Sequence Completed


лог с подключением клиента
Fri Apr 08 08:06:41 2016 TCP connection established with [AF_INET]192.168.2.1:59980
Fri Apr 08 08:06:42 2016 192.168.2.1:59980 TLS: Initial packet from [AF_INET]192.168.2.1:59980, sid=3c0261d1 f4f63f35
Fri Apr 08 08:06:42 2016 192.168.2.1:59980 VERIFY OK: depth=1, C=RU, ST=RU, L=Moskow, O=MyServer, OU=changeme, CN=changeme, name=changeme, emailAddress=hona2012@yandex.ru
Fri Apr 08 08:06:42 2016 192.168.2.1:59980 VERIFY OK: depth=0, C=RU, ST=RU, L=Moskow, O=MyServer, OU=changeme, CN=NINA, name=changeme, emailAddress=hona2012@yandex.ru
Fri Apr 08 08:06:42 2016 192.168.2.1:59980 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Apr 08 08:06:42 2016 192.168.2.1:59980 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Apr 08 08:06:42 2016 192.168.2.1:59980 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Apr 08 08:06:42 2016 192.168.2.1:59980 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Apr 08 08:06:42 2016 192.168.2.1:59980 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Fri Apr 08 08:06:42 2016 192.168.2.1:59980 [NINA] Peer Connection Initiated with [AF_INET]192.168.2.1:59980
Fri Apr 08 08:06:42 2016 NINA/192.168.2.1:59980 MULTI_sva: pool returned IPv4=10.10.10.11, IPv6=(Not enabled)
Fri Apr 08 08:06:44 2016 NINA/192.168.2.1:59980 PUSH: Received control message: 'PUSH_REQUEST'
Fri Apr 08 08:06:44 2016 NINA/192.168.2.1:59980 send_push_reply(): safe_cap=940
Fri Apr 08 08:06:44 2016 NINA/192.168.2.1:59980 SENT CONTROL [NINA]: 'PUSH_REPLY,ping 10,ping-restart 120,ifconfig 10.10.10.11 255.255.255.0' (status=1)
Fri Apr 08 08:06:44 2016 NINA/192.168.2.1:59980 MULTI: Learn: 00:ff:46:ec:65:c1 -> NINA/192.168.2.1:59980


 

Member
Статус: Не в сети
Регистрация: 28.08.2011
Откуда: Красноярск
хона писал(а):
В твоих логах ошибка с сертификатом и рукопожатием на уровне tls протокола. Пересоздать сертификаты и статик ключ.

Все ок, спасибо !:)

_________________
[img]http://i.imgur.com/GeiVj.png[/img]


Показать сообщения за:  Поле сортировки  
Начать новую тему Новая тема / Ответить на тему Ответить  Сообщений: 8 
-

Часовой пояс: UTC + 3 часа


Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 8


Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете добавлять вложения

Перейти:  

Лаборатория














Новости

Создано на основе phpBB® Forum Software © phpBB Group
Русская поддержка phpBB | Kolobok smiles © Aiwan