Member
Статус: Не в сети Регистрация: 22.05.2013 Фото: 16
Всем привет!
Openvpn 2.3.1-I001-x86_64, Windows 2008 R2 SP1, брандмауэр включен, из того что возможно будет интересно знать, стоит secret net 6, kaspersky security 10. Есть ещё uniper SRX210H к которому прямого доступа нет, ssh тоже нет, только веб.
Решил настроить OpenVPN вместо pptp т.к. у клиента как я уже написал есть Juniper и пробросить порт 1723 не получается в виду ограниченного опыта...
В общем настроил всё на локальном тестовом сервере по этой инструкции:
Изнутри работает, единственное со внешки ещё не успел попробовать подключатся, позже попробую.
У клиента всё по аналогии настроил, пинги по виртуальному ip проходят, единственное порт изменил на 443.
Пробую подключиться, пишет:
Thu Nov 30 13:38:44 2017 NOTE: --user option is not implemented on Windows Thu Nov 30 13:38:44 2017 NOTE: --group option is not implemented on Windows Thu Nov 30 13:38:44 2017 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration Thu Nov 30 13:38:44 2017 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017 Thu Nov 30 13:38:44 2017 Windows version 6.2 (Windows 8 or greater) 64bit Thu Nov 30 13:38:44 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10 Thu Nov 30 13:38:45 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 13:38:45 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 13:38:45 2017 UDP link local: (not bound) Thu Nov 30 13:38:45 2017 UDP link remote: [AF_INET]10.0.0.19:443 Thu Nov 30 13:39:45 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Nov 30 13:39:45 2017 TLS Error: TLS handshake failed Thu Nov 30 13:39:45 2017 SIGUSR1[soft,tls-error] received, process restarting Thu Nov 30 13:39:50 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 13:39:50 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 13:39:50 2017 UDP link local: (not bound) Thu Nov 30 13:39:50 2017 UDP link remote: [AF_INET]10.0.0.19:443
В конфиге изменил UDP на TCP, пишет следущее:
Thu Nov 30 14:23:15 2017 NOTE: --user option is not implemented on Windows Thu Nov 30 14:23:15 2017 NOTE: --group option is not implemented on Windows Thu Nov 30 14:23:15 2017 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration Thu Nov 30 14:23:15 2017 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017 Thu Nov 30 14:23:15 2017 Windows version 6.2 (Windows 8 or greater) 64bit Thu Nov 30 14:23:15 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10 Thu Nov 30 14:23:16 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 14:23:16 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 14:23:16 2017 Attempting to establish TCP connection with [AF_INET]10.0.0.19:443 [nonblock] Thu Nov 30 14:25:16 2017 TCP: connect to [AF_INET]10.0.0.19:443 failed: Unknown error Thu Nov 30 14:25:16 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting Thu Nov 30 14:25:21 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 14:25:21 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 14:25:21 2017 Attempting to establish TCP connection with [AF_INET]10.0.0.19:443 [nonblock] Thu Nov 30 14:27:21 2017 TCP: connect to [AF_INET]10.0.0.19:443 failed: Unknown error Thu Nov 30 14:27:21 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting Thu Nov 30 14:27:26 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 14:27:26 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 14:27:26 2017 Attempting to establish TCP connection with [AF_INET]10.0.0.19:443 [nonblock] Thu Nov 30 14:29:26 2017 TCP: connect to [AF_INET]10.0.0.19:443 failed: Unknown error Thu Nov 30 14:29:26 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting Thu Nov 30 14:29:31 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 14:29:31 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 14:29:31 2017 Attempting to establish TCP connection with [AF_INET]10.0.0.19:443 [nonblock] Thu Nov 30 14:31:31 2017 TCP: connect to [AF_INET]10.0.0.19:443 failed: Unknown error Thu Nov 30 14:31:31 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting Thu Nov 30 14:31:36 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 14:31:36 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 14:31:36 2017 Attempting to establish TCP connection with [AF_INET]10.0.0.19:443 [nonblock] Thu Nov 30 14:33:36 2017 TCP: connect to [AF_INET]10.0.0.19:443 failed: Unknown error Thu Nov 30 14:33:36 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting Thu Nov 30 14:33:46 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 14:33:46 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 14:33:46 2017 Attempting to establish TCP connection with [AF_INET]10.0.0.19:443 [nonblock] Thu Nov 30 14:35:46 2017 TCP: connect to [AF_INET]10.0.0.19:443 failed: Unknown error Thu Nov 30 14:35:46 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting Thu Nov 30 14:36:06 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 14:36:06 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 14:36:06 2017 Attempting to establish TCP connection with [AF_INET]10.0.0.19:443 [nonblock] Thu Nov 30 14:38:06 2017 TCP: connect to [AF_INET]10.0.0.19:443 failed: Unknown error Thu Nov 30 14:38:06 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting Thu Nov 30 14:38:46 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 14:38:46 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 14:38:46 2017 Attempting to establish TCP connection with [AF_INET]10.0.0.19:443 [nonblock] Thu Nov 30 14:40:46 2017 TCP: connect to [AF_INET]10.0.0.19:443 failed: Unknown error Thu Nov 30 14:40:46 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting Thu Nov 30 14:42:06 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Nov 30 14:42:06 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.0.19:443 Thu Nov 30 14:42:06 2017 Attempting to establish TCP connection with [AF_INET]10.0.0.19:443 [nonblock] Thu Nov 30 14:44:06 2017 TCP: connect to [AF_INET]10.0.0.19:443 failed: Unknown error Thu Nov 30 14:44:06 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Поняв что я делаю не так, сейчас вопрос получается в следующем, как повернуть всё это дело на внешний адрес?
Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 105
Вы не можете начинать темы Вы не можете отвечать на сообщения Вы не можете редактировать свои сообщения Вы не можете удалять свои сообщения Вы не можете добавлять вложения