Trato conectar algunos dispositivos a un servidor OpenVPN. No puedo modificar los archivos de configuración de los clientes, sólo ciertas opciones sencillas y desde la interfaz web de los dispositivos. Así que voy probando configuraciones del servidor y tratando de resolver errores.
Actualmente, la interfaz tun0 es correctamente creada, sin embargo el cliente no recibe una dirección IP. El log del cliente es el siguiente:
Código:
Jan 9 10:47:08 daemon.notice openvpn(client_test_1)[2285]: [server01] Inactivity timeout (--ping-restart), restarting
Jan 9 10:47:08 daemon.notice openvpn(client_test_1)[2285]: TCP/UDP: Closing socket
Jan 9 10:47:08 daemon.notice openvpn(client_test_1)[2285]: SIGUSR1[soft,ping-restart] received, process restarting
Jan 9 10:47:08 daemon.notice openvpn(client_test_1)[2285]: Restart pause, 2 second(s)
Jan 9 10:47:10 daemon.warn openvpn(client_test_1)[2285]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 9 10:47:10 daemon.warn openvpn(client_test_1)[2285]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: Re-using SSL/TLS context
Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: LZO compression initialized
Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: Socket Buffers: R=[163840->131072] S=[163840->131072]
Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: UDPv4 link local: [undef]
Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: UDPv4 link remote: 192.168.1.208:1194
Jan 9 10:47:10 daemon.notice openvpn(client_test_1)[2285]: TLS: Initial packet from 192.168.1.208:1194, sid=7718d875 d1020cb9
Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: VERIFY OK: depth=1, /C=ES/ST=MD/L=M/O=VPN-CON/OU=lab/CN=john/name=john/emailAddress=john@john.com
Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: VERIFY OK: depth=0, /C=ES/ST=MD/L=M/O=VPN-CON/OU=changeme/CN=server01/name=changeme/emailAddress=mail@host.domain
Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 9 10:47:11 daemon.notice openvpn(client_test_1)[2285]: [server01] Peer Connection Initiated with 192.168.1.208:1194
Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: SENT CONTROL [server01]: 'PUSH_REQUEST' (status=1)
Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: PUSH: Received control message: 'PUSH_REPLY,route 172.21.0.1,ping 27,ping-restart 60'
Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: OPTIONS IMPORT: route options modified
Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: Preserving previous TUN/TAP instance: tun0
Jan 9 10:47:13 daemon.notice openvpn(client_test_1)[2285]: Initialization Sequence Completed
Jan 9 10:47:23 local2.info chat[4187]: abort on (BUSY)
Jan 9 10:47:23 local2.info chat[4187]: abort on (NO CARRIER)
Jan 9 10:47:23 local2.info chat[4187]: abort on (ERROR)
Jan 9 10:47:23 local2.info chat[4187]: report (CONNECT)
Jan 9 10:47:23 local2.info chat[4187]: timeout set to 10 seconds
Jan 9 10:47:23 local2.info chat[4187]: send (ATZ^M)
Jan 9 10:47:23 local2.info chat[4187]: send (AT&F^M)
Jan 9 10:47:23 local2.info chat[4187]: expect (OK)
Jan 9 10:47:23 local2.info chat[4187]: ATZ^M^M
Jan 9 10:47:23 local2.info chat[4187]: OK
Jan 9 10:47:23 local2.info chat[4187]: -- got it
Jan 9 10:47:23 local2.info chat[4187]: send (ATE1^M)
Jan 9 10:47:23 local2.info chat[4187]: expect (OK)
Jan 9 10:47:23 local2.info chat[4187]: ^M
Jan 9 10:47:23 local2.info chat[4187]: T&F^MATE1^M^M
Jan 9 10:47:23 local2.info chat[4187]: OK
Jan 9 10:47:23 local2.info chat[4187]: -- got it
Jan 9 10:47:23 local2.info chat[4187]: send (AT+CGDCONT=1,"IP",""^M)
Jan 9 10:47:23 local2.info chat[4187]: timeout set to 30 seconds
Jan 9 10:47:23 local2.info chat[4187]: expect (OK)
Jan 9 10:47:23 local2.info chat[4187]: ^M
Jan 9 10:47:23 local2.info chat[4187]: AT+CGDCONT=1,"IP",""^M^M
Jan 9 10:47:23 local2.info chat[4187]: ERROR
Jan 9 10:47:23 local2.info chat[4187]: -- failed
Jan 9 10:47:23 local2.info chat[4187]: Failed (ERROR)
Jan 9 10:47:23 daemon.err pppd[2735]: Connect script failed
Y actualmente el server.conf es el siguiente:
Código:
# IP Tunnel configuration
mode server
ifconfig 172.21.0.1 172.21.0.5
topology net30
push "route 172.21.0.1"
# local
lport 1194
# tun options
proto udp
tun-mtu 1500
fragment 1300
mssfix
float
fast-io
# Authentication
tls-server
cipher BF-CBC
tls-cipher "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA"
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server01.crt
key /etc/openvpn/easy-rsa/2.0/keys/server01.key
#client-cert-not-required
#username-as-common-name
# Keepalive, Compression, Logging
comp-lzo
reneg-sec 86400
keepalive 27 60
ping-timer-rem
persist-tun
persist-key
verb 4
mute 20
log /var/log/openvpn.log
connect-freq 4 1
max-clients 2048
max-routes-per-client 8
#allow userscripts
script-security 2
status /var/log/openvpn/status.log 1
#client-connect /etc/openvpn/client-connect.sh
#client-disconnect /etc/openvpn/client-disconnect.sh
#auth-user-pass-verify /etc/openvpn/authuser.pl via-file
#client-config-dir /etc/openvpn/ccd
user root
group root
management localhost 9001
tmp-dir /tmp
dev tun0
Agradecería cualquier ayuda o ideas para resolver esto.
Saludos.