Título: cliente openvpn no recibe IP
Publicado por: young0320 en 9 Enero 2014, 12:07 pm
Buenas, Trato conectar algunos dispositivos a un servidor OpenVPN. No puedo modificar los archivos de configuración de los clientes, sólo ciertas opciones sencillas y desde la interfaz web de los dispositivos. Así que voy probando configuraciones del servidor y tratando de resolver errores. Actualmente, la interfaz tun0 es correctamente creada, sin embargo el cliente no recibe una dirección IP. El log del cliente es el siguiente: Jan 9 10:47:08 daemon.notice openvpn(client_test_1)[2285]: [server01] Inactivity timeout (--ping-restart), restarting Jan 9 10:47:08 daemon.notice openvpn(client_test_1)[2285]: TCP/UDP: Closing socket Jan 9 10:47:08 daemon.notice openvpn(client_test_1)[2285]: SIGUSR1[soft,ping-restart] received, process restarting Jan 9 10:47:08 daemon.notice openvpn(client_test_1)[2285]: Restart pause, 2 second(s) Jan 9 10:47:10 daemon.warn openvpn(client_test_1)[2285]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jan 9 10:47:10 daemon.warn openvpn(client_test_1)[2285]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: Re-using SSL/TLS context Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: LZO compression initialized Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: Socket Buffers: R=[163840->131072] S=[163840->131072] Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: UDPv4 link local: [undef] Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: UDPv4 link remote: 192.168.1.208:1194 Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: TLS: Initial packet from 192.168.1.208:1194, sid=7718d875 d1020cb9 Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: VERIFY OK: depth=1, /C=ES/ST=MD/L=M/O=VPN-CON/OU=lab/CN=john/name=john/emailAddress=john@john.com Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: VERIFY OK: depth=0, /C=ES/ST=MD/L=M/O=VPN-CON/OU=changeme/CN=server01/name=changeme/emailAddress=mail@host.domain Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: [server01] Peer Connection Initiated with 192.168.1.208:1194 Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: SENT CONTROL [server01]: 'PUSH_REQUEST' (status=1) Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: PUSH: Received control message: 'PUSH_REPLY,route 172.21.0.1,ping 27,ping-restart 60' Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: OPTIONS IMPORT: timers and/or timeouts modified Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: OPTIONS IMPORT: route options modified Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: Preserving previous TUN/TAP instance: tun0 Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: Initialization Sequence Completed Jan 9 10:47:23 local2.info chat[4187]: abort on (BUSY) Jan 9 10:47:23 local2.info chat[4187]: abort on (NO CARRIER) Jan 9 10:47:23 local2.info chat[4187]: abort on (ERROR) Jan 9 10:47:23 local2.info chat[4187]: report (CONNECT) Jan 9 10:47:23 local2.info chat[4187]: timeout set to 10 seconds Jan 9 10:47:23 local2.info chat[4187]: send (ATZ^M) Jan 9 10:47:23 local2.info chat[4187]: send (AT&F^M) Jan 9 10:47:23 local2.info chat[4187]: expect (OK) Jan 9 10:47:23 local2.info chat[4187]: ATZ^M^M Jan 9 10:47:23 local2.info chat[4187]: OK Jan 9 10:47:23 local2.info chat[4187]: -- got it Jan 9 10:47:23 local2.info chat[4187]: send (ATE1^M) Jan 9 10:47:23 local2.info chat[4187]: expect (OK) Jan 9 10:47:23 local2.info chat[4187]: ^M Jan 9 10:47:23 local2.info chat[4187]: T&F^MATE1^M^M Jan 9 10:47:23 local2.info chat[4187]: OK Jan 9 10:47:23 local2.info chat[4187]: -- got it Jan 9 10:47:23 local2.info chat[4187]: send (AT+CGDCONT=1,"IP",""^M) Jan 9 10:47:23 local2.info chat[4187]: timeout set to 30 seconds Jan 9 10:47:23 local2.info chat[4187]: expect (OK) Jan 9 10:47:23 local2.info chat[4187]: ^M Jan 9 10:47:23 local2.info chat[4187]: AT+CGDCONT=1,"IP",""^M^M Jan 9 10:47:23 local2.info chat[4187]: ERROR Jan 9 10:47:23 local2.info chat[4187]: -- failed Jan 9 10:47:23 local2.info chat[4187]: Failed (ERROR) Jan 9 10:47:23 daemon.err pppd[2735]: Connect script failed Y actualmente el server.conf es el siguiente: # IP Tunnel configuration mode server
ifconfig 172.21.0.1 172.21.0.5 topology net30 push "route 172.21.0.1"
# local lport 1194
# tun options proto udp tun-mtu 1500 fragment 1300 mssfix float fast-io
# Authentication tls-server cipher BF-CBC tls-cipher "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA" dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server01.crt key /etc/openvpn/easy-rsa/2.0/keys/server01.key #client-cert-not-required #username-as-common-name
# Keepalive, Compression, Logging comp-lzo reneg-sec 86400 keepalive 27 60 ping-timer-rem persist-tun persist-key verb 4 mute 20 log /var/log/openvpn.log
connect-freq 4 1 max-clients 2048 max-routes-per-client 8
#allow userscripts script-security 2 status /var/log/openvpn/status.log 1
#client-connect /etc/openvpn/client-connect.sh #client-disconnect /etc/openvpn/client-disconnect.sh
#auth-user-pass-verify /etc/openvpn/authuser.pl via-file #client-config-dir /etc/openvpn/ccd
user root group root management localhost 9001
tmp-dir /tmp
dev tun0 Agradecería cualquier ayuda o ideas para resolver esto. Saludos.
Título: Re: cliente openvpn no recibe IP
Publicado por: young0320 en 10 Enero 2014, 16:22 pm
Bien, tengo alguna pista.
La parte final son comandos para la conexión 3g. Algo se puede entender,
Jan 9 10:47:23 local2.info chat[4187]: AT+CGDCONT=1,"IP",""^M^M Jan 9 10:47:23 local2.info chat[4187]: ERROR
Está esperando la IP de la red 3g seguido del APN del proveedor. Como no lo recive, devuelve error y la conexión no se completa.
Solucionado esto, el cliente se me desvanece o desconecta...(pero esto ya es otra cosa).
|