nixp.ru v3.0

24 января 2017,
вторник,
22:25:21 MSK

DevOps с компанией «Флант»
Аватар пользователя vovans
vovans написал 30 марта 2005 года в 09:50 (2770 просмотров) Ведет себя как мужчина; открыл 27 тем в форуме, оставил 418 комментариев на сайте.

Поставил OpenVPN 2.0 на Слаку и Фрю (5.3). Далее делаю на Слаке:

openssl req -nodes -new -x509 -keyout my-ca.key -out my-ca.crt -days 3650
        openssl req -nodes -new -x509 -keyout office1.key -out office1.csr
        openssl req -nodes -new -x509 -keyout office2.key -out office2.csr
        openssl x509 -out office1.crt -in office1.csr
        openssl x509 -out office2.crt -in office2.csr
        openssl dhparam -out dh1024.pem 1024

Создаю конфиги. Для сервера (Фря):

dev tun
        port 5000
        ifconfig 10.1.1.1 10.1.1.2
        tls-server
        dh dh1024.pem
        ca my-ca.crt
        cert office1.crt
        key office1.key
        verb 3

Для Слаки:

dev tun
        port 5000
        ns-cert-type server
        remote 192.168.0.1
        ifconfig 10.1.1.2 10.1.1.1
        tls-client
        dh dh1024.pem
        ca my-ca.crt
        cert office2.crt
        key office2.key
        verb 3

Запускаю:

openvpn —config конфиг_для_фри

Стартует нормально, Выдаёт только: WARNING: file '/etc/ssl/my/private/office1.key' is group or others accessible

А вот на слаке вообще куча ошибок:

# openvpn --config конфиг_дя_слаки
Tue Mar 29 21:37:55 2005 OpenVPN 2.0_rc17 i686-pc-linux [SSL] [LZO] built on Mar 20 2005
Tue Mar 29 21:37:55 2005 WARNING: file '/etc/ssl/my/private/office2.key' is group or others accessible
Tue Mar 29 21:37:55 2005 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Mar 29 21:37:55 2005 TUN/TAP device tun0 opened
Tue Mar 29 21:37:55 2005 /sbin/ifconfig tun0 10.1.1.2 pointopoint 10.1.1.1 mtu 1500
Tue Mar 29 21:37:55 2005 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Tue Mar 29 21:37:55 2005 Local Options hash (VER=V4): 'bed69dfd'
Tue Mar 29 21:37:55 2005 Expected Remote Options hash (VER=V4): 'dd105312'
Tue Mar 29 21:37:55 2005 UDPv4 link local (bound): [undef]:5000
Tue Mar 29 21:37:55 2005 UDPv4 link remote: 192.168.0.1:5000
Tue Mar 29 21:37:55 2005 TLS Error: Unroutable control packet received from 192.168.0.1:5000 (si=3 op=P_ACK_V1)
Tue Mar 29 21:37:57 2005 TLS Error: Unroutable control packet received from 192.168.0.1:5000 (si=3 op=P_CONTROL_V1)
Tue Mar 29 21:37:57 2005 TLS Error: Unroutable control packet received from 192.168.0.1:5000 (si=3 op=P_CONTROL_V1)
Tue Mar 29 21:37:57 2005 TLS Error: Unroutable control packet received from 192.168.0.1:5000 (si=3 op=P_CONTROL_V1)

Есть идеи, предложения?

vovans

Несколько поменялся лог ошибки:

# openvpn --config office2
Wed Mar 30 11:11:15 2005 OpenVPN 2.0_rc17 i686-pc-linux [SSL] [LZO] built on Mar 20 2005
Wed Mar 30 11:11:15 2005 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Mar 30 11:11:15 2005 TUN/TAP device tun0 opened
Wed Mar 30 11:11:15 2005 /sbin/ifconfig tun0 10.1.1.2 pointopoint 10.1.1.1 mtu 1500
Wed Mar 30 11:11:15 2005 /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.1.1.1
Wed Mar 30 11:11:15 2005 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Wed Mar 30 11:11:15 2005 Local Options hash (VER=V4): 'bed69dfd'
Wed Mar 30 11:11:15 2005 Expected Remote Options hash (VER=V4): 'dd105312'
Wed Mar 30 11:11:15 2005 UDPv4 link local (bound): [undef]:5000
Wed Mar 30 11:11:15 2005 UDPv4 link remote: 192.168.0.1:5000
Wed Mar 30 11:11:15 2005 TLS: Initial packet from 192.168.0.1:5000, sid=2e4f91f0 03b48718
Wed Mar 30 11:11:15 2005 VERIFY ERROR: depth=0, error=self signed certificate: /C=RU/ST=Rostov_Reg/L=Rostov/O=PSMD/CN=darkstar.example.net/emailAddress=patriotica@m.ail.ru
Wed Mar 30 11:11:15 2005 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Mar 30 11:11:15 2005 TLS Error: TLS object -> incoming plaintext read error
Wed Mar 30 11:11:15 2005 TLS Error: TLS handshake failed
Wed Mar 30 11:11:15 2005 TCP/UDP: Closing socket
Wed Mar 30 11:11:15 2005 /sbin/route del -net 192.168.1.0 netmask 255.255.255.0
Wed Mar 30 11:11:16 2005 Closing TUN/TAP interface
Wed Mar 30 11:11:16 2005 SIGUSR1[soft,tls-error] received, process restarting
Wed Mar 30 11:11:16 2005 Restart pause, 2 second(s)
Wed Mar 30 11:11:18 2005 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Mar 30 11:11:18 2005 TUN/TAP device tun0 opened
Wed Mar 30 11:11:18 2005 /sbin/ifconfig tun0 10.1.1.2 pointopoint 10.1.1.1 mtu 1500
Wed Mar 30 11:11:18 2005 /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.1.1.1
Wed Mar 30 11:11:18 2005 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Wed Mar 30 11:11:18 2005 Local Options hash (VER=V4): 'bed69dfd'
Wed Mar 30 11:11:18 2005 Expected Remote Options hash (VER=V4): 'dd105312'
Wed Mar 30 11:11:18 2005 UDPv4 link local (bound): [undef]:5000
Wed Mar 30 11:11:18 2005 UDPv4 link remote: 192.168.0.1:5000
Wed Mar 30 11:11:18 2005 TLS Error: Unroutable control packet received from 192.168.0.1:5000 (si=3 op=P_CONTROL_V1)
Wed Mar 30 11:11:18 2005 TLS Error: Unroutable control packet received from 192.168.0.1:5000 (si=3 op=P_CONTROL_V1)
Wed Mar 30 11:11:18 2005 TLS Error: Unroutable control packet received from 192.168.0.1:5000 (si=3 op=P_CONTROL_V1)
Wed Mar 30 11:11:18 2005 TLS Error: Unroutable control packet received from 192.168.0.1:5000 (si=3 op=P_CONTROL_V1)
Wed Mar 30 11:11:18 2005 TLS: Initial packet from 192.168.0.1:5000, sid=37fbfb01 3e2e93a2
vovans

Ндааааа…… Не стартует оно, оказывается и на сервере:( Просто я не дожидался никогда, пока оно начнёт матом крыть.

# openvpn --config office1
OpenVPN 2.0_rc17 i686-pc-linux [SSL] [LZO] built on Mar 20 2005
Diffie-Hellman initialized with 1024 bit key
Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
TUN/TAP device tun0 opened
/sbin/ifconfig tun0 10.1.1.1 pointopoint 10.1.1.2 mtu 1500
/sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.1.1.2
Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Local Options hash (VER=V4): 'dd105312'
Expected Remote Options hash (VER=V4): 'bed69dfd'
UDPv4 link local (bound): 192.168.0.4:5000
UDPv4 link remote: 192.168.0.1:5000
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
TCP/UDP: Closing socket
/sbin/route del -net 192.168.0.0 netmask 255.255.255.0
Closing TUN/TAP interface
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 2 second(s)
Diffie-Hellman initialized with 1024 bit key
Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
TUN/TAP device tun0 opened
/sbin/ifconfig tun0 10.1.1.1 pointopoint 10.1.1.2 mtu 1500
/sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.1.1.2
Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Local Options hash (VER=V4): 'dd105312'
Expected Remote Options hash (VER=V4): 'bed69dfd'
UDPv4 link local (bound): 192.168.0.4:5000
UDPv4 link remote: 192.168.0.1:5000
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
TCP/UDP: Closing socket
/sbin/route del -net 192.168.0.0 netmask 255.255.255.0
Closing TUN/TAP interface
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 2 second(s)
ecobeingecobeing.ru
Экология и вегетарианство на благо всем живым существам Планеты.