Portaal Portaal Pingviini veeb foorumi pealeht
  Viki  |  IRC  |  Otsing  |  Küsimused ja vastused  |  Profiil  |  Privaatsõnumite vaatamiseks logi sisse  | Logi sisse või Registreeru
<empty>

OpenVPN Ping
 Vaata järgmist teemat
Vaata eelmist teemat
Postita uus teemaVasta teemale Pingviini veeb foorumi pealeht » Linux » Linux - võrk » OpenVPN Ping
Autor Sõnum
itvendpowered

 Pingviini aktivist
Pingviini aktivist


Vanus: 35
Liitunud: 30.08.2006
Postitused: 342
Asukoht: Tallinn
Distributsioon: RHEL / Debian
 estonia.gif
postituspostitatud: 28.04.2010, 00:45  postituse pealkiri:  OpenVPN Ping  
Masinad VPN võrgus ei pingi üksteist. Muud asjad töötavad kasutaja sisselogimine jne.

OpenVPN 2.1.1
FreeRADIUS 2.1.8

OpenVPN CONF

Kood:
dev tun
fast-io
persist-tun
persist-key
server 10.8.0.0 255.255.255.0
management 127.0.0.1 7505
float
username-as-common-name
client-config-dir ccd
client-to-client
client-cert-not-required
ping-timer-rem
keepalive 10 60
comp-lzo
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
status penvpn-status.log
log openvpn.log
log-append openvpn.log
verb 3
mute 10


OpenVPN LOG

Kood:
Wed Apr 28 01:25:55 2010 OpenVPN 2.1.1 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Jan 26 2010
Wed Apr 28 01:25:55 2010 MANAGEMENT: TCP Socket listening on 127.0.0.1:7505
Wed Apr 28 01:25:55 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Apr 28 01:25:55 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Apr 28 01:25:55 2010 RADIUS-PLUGIN: Configfile name: /etc/openvpn/radiusplugin.cnf.
Wed Apr 28 01:25:55 2010 PLUGIN_INIT: POST /etc/openvpn/radiusplugin.so '[/etc/openvpn/radiusplugin.so] [/etc/openvpn/radiusplugin.cnf]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT
Wed Apr 28 01:25:55 2010 Diffie-Hellman initialized with 1024 bit key
Wed Apr 28 01:25:55 2010 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Wed Apr 28 01:25:55 2010 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Apr 28 01:25:55 2010 ROUTE: default_gateway=UNDEF
Wed Apr 28 01:25:55 2010 TUN/TAP device tun0 opened
Wed Apr 28 01:25:55 2010 TUN/TAP TX queue length set to 100
Wed Apr 28 01:25:55 2010 /sbin/ip link set dev tun0 up mtu 1500
Wed Apr 28 01:25:55 2010 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Wed Apr 28 01:25:55 2010 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Wed Apr 28 01:25:55 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Apr 28 01:25:55 2010 Socket Buffers: R=[111616->131072] S=[111616->131072]
Wed Apr 28 01:25:55 2010 UDPv4 link local (bound): [undef]:1194
Wed Apr 28 01:25:55 2010 UDPv4 link remote: [undef]
Wed Apr 28 01:25:55 2010 MULTI: multi_init called, r=256 v=256
Wed Apr 28 01:25:55 2010 IFCONFIG POOL: base=10.8.0.4 size=62
Wed Apr 28 01:25:55 2010 Initialization Sequence Completed
Wed Apr 28 01:26:10 2010 MULTI: multi_create_instance called
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 Re-using SSL/TLS context
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 LZO compression initialized
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 Local Options hash (VER=V4): '530fdded'
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 Expected Remote Options hash (VER=V4): '41690919'
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 TLS: Initial packet from 192.168.0.208:3595, sid=dd182aa0 f378e7a8
Wed Apr 28 01:26:10 2010 RADIUS-PLUGIN: FOREGROUND THREAD: Auth_user_pass_verify thread started.
Wed Apr 28 01:26:10 2010 RADIUS-PLUGIN: FOREGROUND THREAD: New user.
Wed Apr 28 01:26:10 2010 RADIUS-PLUGIN: No attributes Acct Interim Interval or bad length.
Wed Apr 28 01:26:10 2010 RADIUS-PLUGIN: FOREGROUND THREAD: Add user to map.
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 TLS: Username/Password authentication succeeded for username 'itvendvpn' [CN SET]
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Wed Apr 28 01:26:10 2010 192.168.0.208:3595 [itvendvpn] Peer Connection Initiated with 192.168.0.208:3595
Wed Apr 28 01:26:10 2010 itvendvpn/192.168.0.208:3595 OPTIONS IMPORT: reading client specific options from: ccd/itvendvpn
Wed Apr 28 01:26:10 2010 itvendvpn/192.168.0.208:3595 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0
Wed Apr 28 01:26:10 2010 itvendvpn/192.168.0.208:3595 MULTI: Learn: 10.8.0.5 -> itvendvpn/192.168.0.208:3595
Wed Apr 28 01:26:10 2010 itvendvpn/192.168.0.208:3595 MULTI: primary virtual IP for itvendvpn/192.168.0.208:3595: 10.8.0.5
Wed Apr 28 01:26:12 2010 itvendvpn/192.168.0.208:3595 PUSH: Received control message: 'PUSH_REQUEST'
Wed Apr 28 01:26:12 2010 itvendvpn/192.168.0.208:3595 SENT CONTROL [itvendvpn]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.5 10.8.0.6' (status=1)
Wed Apr 28 01:26:49 2010 MULTI: multi_create_instance called
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 Re-using SSL/TLS context
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 LZO compression initialized
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 Local Options hash (VER=V4): '530fdded'
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 Expected Remote Options hash (VER=V4): '41690919'
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 TLS: Initial packet from 192.168.0.238:1592, sid=03e37650 786a7ad9
Wed Apr 28 01:26:49 2010 RADIUS-PLUGIN: FOREGROUND THREAD: New user.
Wed Apr 28 01:26:49 2010 RADIUS-PLUGIN: No attributes Acct Interim Interval or bad length.
Wed Apr 28 01:26:49 2010 RADIUS-PLUGIN: FOREGROUND THREAD: Add user to map.
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 TLS: Username/Password authentication succeeded for username 'test' [CN SET]
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Wed Apr 28 01:26:49 2010 192.168.0.238:1592 [test] Peer Connection Initiated with 192.168.0.238:1592
Wed Apr 28 01:26:49 2010 test/192.168.0.238:1592 OPTIONS IMPORT: reading client specific options from: ccd/test
Wed Apr 28 01:26:49 2010 test/192.168.0.238:1592 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0
Wed Apr 28 01:26:49 2010 test/192.168.0.238:1592 MULTI: Learn: 10.8.0.21 -> test/192.168.0.238:1592
Wed Apr 28 01:26:49 2010 test/192.168.0.238:1592 MULTI: primary virtual IP for test/192.168.0.238:1592: 10.8.0.21
Wed Apr 28 01:26:51 2010 test/192.168.0.238:1592 PUSH: Received control message: 'PUSH_REQUEST'
Wed Apr 28 01:26:51 2010 test/192.168.0.238:1592 SENT CONTROL [test]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.21 10.8.0.22' (status=1)
Wed Apr 28 01:29:18 2010 MULTI: multi_create_instance called
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 Re-using SSL/TLS context
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 LZO compression initialized
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 Local Options hash (VER=V4): '530fdded'
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 Expected Remote Options hash (VER=V4): '41690919'
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 TLS: Initial packet from 192.168.0.238:1602, sid=9631e82d d874199c
Wed Apr 28 01:29:18 2010 RADIUS-PLUGIN: FOREGROUND THREAD: New user.
Wed Apr 28 01:29:18 2010 RADIUS-PLUGIN: No attributes Acct Interim Interval or bad length.
Wed Apr 28 01:29:18 2010 RADIUS-PLUGIN: FOREGROUND THREAD: Add user to map.
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 TLS: Username/Password authentication succeeded for username 'test' [CN SET]
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Wed Apr 28 01:29:18 2010 192.168.0.238:1602 [test] Peer Connection Initiated with 192.168.0.238:1602
Wed Apr 28 01:29:18 2010 test/192.168.0.238:1602 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_DISCONNECT status=0
Wed Apr 28 01:29:18 2010 MULTI: new connection by client 'test' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Wed Apr 28 01:29:18 2010 OPTIONS IMPORT: reading client specific options from: ccd/test
Wed Apr 28 01:29:18 2010 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0
Wed Apr 28 01:29:18 2010 MULTI: Learn: 10.8.0.21 -> test/192.168.0.238:1602
Wed Apr 28 01:29:18 2010 MULTI: primary virtual IP for test/192.168.0.238:1602: 10.8.0.21
Wed Apr 28 01:29:21 2010 test/192.168.0.238:1602 PUSH: Received control message: 'PUSH_REQUEST'
Wed Apr 28 01:29:21 2010 test/192.168.0.238:1602 SENT CONTROL [test]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.21 10.8.0.22' (status=1)

_________________
Maailmas võiks ikka rahu olla aga ahnus on suurem kui soov rahule.
atrox
 Pingviini aktivist
Pingviini aktivist


Vanus: 41
Liitunud: 15.03.2010
Postitused: 108

Distributsioon: openSUSE
 estonia.gif
postituspostitatud: 28.04.2010, 07:55  postituse pealkiri:  (teema puudub)  
Tulemüüris ICMP keelatud?


itvendpowered

 Pingviini aktivist
Pingviini aktivist


Vanus: 35
Liitunud: 30.08.2006
Postitused: 342
Asukoht: Tallinn
Distributsioon: RHEL / Debian
 estonia.gif
postituspostitatud: 28.04.2010, 15:31  postituse pealkiri:  (teema puudub)  
Geenius oled wSmile Mull pole yhelgi masinal tulemüüri peal koikk ALLOWED selles jama ongi ikka ei pingi ma arvan et mul rutingud valesti vms.

_________________
Maailmas võiks ikka rahu olla aga ahnus on suurem kui soov rahule.
atrox
 Pingviini aktivist
Pingviini aktivist


Vanus: 41
Liitunud: 15.03.2010
Postitused: 108

Distributsioon: openSUSE
 estonia.gif
postituspostitatud: 28.04.2010, 15:39  postituse pealkiri:  (teema puudub)  
Kui sul kõik teised protokollid peale ICMP läbi jooksevad, siis on vähe kahtlane, et asi ruutingutes on. Sellise lakoonilise kirjelduse peale ei olegi mingit muud nõu anda Razz

Kust kuhu sa mida pingid? Mida tcpdump räägib? jne


itvendpowered

 Pingviini aktivist
Pingviini aktivist


Vanus: 35
Liitunud: 30.08.2006
Postitused: 342
Asukoht: Tallinn
Distributsioon: RHEL / Debian
 estonia.gif
postituspostitatud: 28.04.2010, 16:03  postituse pealkiri:  (teema puudub)  
Noo jah eks ma pean ise korda tegema.

_________________
Maailmas võiks ikka rahu olla aga ahnus on suurem kui soov rahule.
itvendpowered

 Pingviini aktivist
Pingviini aktivist


Vanus: 35
Liitunud: 30.08.2006
Postitused: 342
Asukoht: Tallinn
Distributsioon: RHEL / Debian
 estonia.gif
postituspostitatud: 28.04.2010, 16:54  postituse pealkiri:  (teema puudub)  
atrox kirjutas:
Tulemüüris ICMP keelatud?


Tänud. sõber ei kontrollinud oma Tulemüüri nii kindlalt kui mina tall oli windowsis mite akna avamisel linuke märkimata Allow ICMP Ja mina mõtlen et mull server vildakas.

_________________
Maailmas võiks ikka rahu olla aga ahnus on suurem kui soov rahule.
Näita (aja järgi):      
Postita uus teemaVasta teemale Pingviini veeb foorumi pealeht » Linux » Linux - võrk » OpenVPN Ping





Vaata järgmist teemat
Vaata eelmist teemat

Powered by phpBB2 Plus based on phpBB © 2001/7 phpBB Group