Moin moin,
hab die einträge rausgelöscht. Aber nochmal eine Frage von mir, in der Hoffnung das ich das nicht falsch verstanden habe.
Netz A indem der VPN-Server steht, kann das gleiche Netz sein wie das Netz B indem der VPN-Client steht?!
Hab Folgendes erfolgreich ausprobiert:
OpenVPN-Server(Fritz!Box) Netz 192.168.210.0/24
OpenVPN-Client(Windows) Netz 192.168.10.0/24
Ping in das 192.168.210.0/24 Netz funktioniert Problemlos
Folgendes ohne erfolg ausprobiert:
OpenVPN-Server(Fritz!Box) Netz 192.168.210.0/24
OpenVPN-Client(Windows) Netz 192.168.210.0/24
Ping in das 192.168.210.0/24 Netz funktioniert nicht :-/ OpenVPN Server auf der Fritz!Box bzw. die Fritz!Box selbst startet neu?! :-/
Folgendes wiederum ohne erfolg ausprobiert:
OpenVPN-Server(Fritz!Box 7270) Netz 192.168.210.0/24
OpenVPN-Client(Fritz!Box 7050) Netz 192.168.210.0/24
Ping in das 192.168.210.0/24 Netz funktioniert auch nicht.
Hier das Log des Servers:
Code:
/var/mod/root # cat /var/tmp/debug_openvpn.out
Sun Mar 21 21:10:35 2010 OpenVPN 2.1_rc15 mipsel-linux [SSL] [LZO2] [EPOLL] built on Mar 15 2010
Sun Mar 21 21:10:35 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Mar 21 21:10:35 2010 Diffie-Hellman initialized with 1024 bit key
Sun Mar 21 21:10:35 2010 WARNING: file '/tmp/flash/box.key' is group or others accessible
Sun Mar 21 21:10:35 2010 Control Channel Authentication: using '/tmp/flash/static.key' as a OpenVPN static key file
Sun Mar 21 21:10:35 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 21 21:10:35 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 21 21:10:35 2010 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
Sun Mar 21 21:10:35 2010 TLS-Auth MTU parms [ L:1582 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Mar 21 21:10:35 2010 TUN/TAP device tap0 opened
Sun Mar 21 21:10:35 2010 TUN/TAP TX queue length set to 100
Sun Mar 21 21:10:35 2010 /sbin/ifconfig tap0 192.168.210.10 netmask 255.255.255.0 mtu 1492 broadcast 192.168.210.255
Sun Mar 21 21:10:35 2010 Data Channel MTU parms [ L:1582 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Mar 21 21:10:35 2010 Socket Buffers: R=[108544->131072] S=[108544->131072]
Sun Mar 21 21:10:35 2010 UDPv4 link local (bound): [undef]:1194
Sun Mar 21 21:10:35 2010 UDPv4 link remote: [undef]
Sun Mar 21 21:10:35 2010 MULTI: multi_init called, r=256 v=256
Sun Mar 21 21:10:35 2010 IFCONFIG POOL: base=192.168.210.30 size=6
Sun Mar 21 21:10:35 2010 Initialization Sequence Completed
Sun Mar 21 21:10:41 2010 MULTI: multi_create_instance called
Sun Mar 21 21:10:41 2010 79.208.239.231:2058 Re-using SSL/TLS context
Sun Mar 21 21:10:41 2010 79.208.239.231:2058 LZO compression initialized
Sun Mar 21 21:10:41 2010 79.208.239.231:2058 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
Sun Mar 21 21:10:41 2010 79.208.239.231:2058 Control Channel MTU parms [ L:1582 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Mar 21 21:10:41 2010 79.208.239.231:2058 Data Channel MTU parms [ L:1582 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Mar 21 21:10:41 2010 79.208.239.231:2058 TLS: Initial packet from 79.208.239.231:2058, sid=d2775aa0 6ceb4a32
Sun Mar 21 21:10:43 2010 79.208.239.231:2058 VERIFY OK: depth=1, /C=DE/ST=Bayern/L=City/O=home.net.local/CN=m4xL/emailAddress=max.m4xL@local
Sun Mar 21 21:10:43 2010 79.208.239.231:2058 VERIFY OK: depth=0, /C=DE/ST=Bayern/O=home.net.local/CN=m4xL22/emailAddress=max.m4xL@local
Sun Mar 21 21:10:43 2010 79.208.239.231:2058 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Mar 21 21:10:43 2010 79.208.239.231:2058 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 21 21:10:43 2010 79.208.239.231:2058 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Mar 21 21:10:43 2010 79.208.239.231:2058 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 21 21:10:43 2010 79.208.239.231:2058 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar 21 21:10:43 2010 79.208.239.231:2058 [m4xL22] Peer Connection Initiated with 79.208.239.231:2058
Sun Mar 21 21:10:44 2010 m4xL22/79.208.239.231:2058 PUSH: Received control message: 'PUSH_REQUEST'
Sun Mar 21 21:10:44 2010 m4xL22/79.208.239.231:2058 SENT CONTROL [m4xL22]: 'PUSH_REPLY,dhcp-option DNS 192.168.210.10,dhcp-option DNS 192.168.210.1,route 192.168.210.10 ,route-gateway 192.168.210.10,ping 10,ping-restart 120,ifconfig 192.168.210.30 255.255.255.0' (status=1)
Sun Mar 21 21:10:44 2010 m4xL22/79.208.239.231:2058 MULTI: Learn: f6:5d:f8:35:42:36 -> m4xL22/79.208.239.231:2058
Hier das Log des Clients:
Code:
/var/mod/root # cat /var/tmp/debug_openvpn.out
Sun Mar 21 21:10:34 2010 OpenVPN 2.1_rc15 mipsel-linux [SSL] [LZO2] [EPOLL] built on Mar 14 2010
Sun Mar 21 21:10:35 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Mar 21 21:10:35 2010 WARNING: file '/tmp/flash/box.key' is group or others accessible
Sun Mar 21 21:10:35 2010 WARNING: file '/tmp/flash/static.key' is group or others accessible
Sun Mar 21 21:10:35 2010 Control Channel Authentication: using '/tmp/flash/static.key' as a OpenVPN static key file
Sun Mar 21 21:10:35 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 21 21:10:35 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 21 21:10:35 2010 LZO compression initialized
Sun Mar 21 21:10:35 2010 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
Sun Mar 21 21:10:35 2010 Control Channel MTU parms [ L:1582 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Mar 21 21:10:35 2010 Data Channel MTU parms [ L:1582 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Mar 21 21:10:35 2010 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sun Mar 21 21:10:35 2010 UDPv4 link local: [undef]
Sun Mar 21 21:10:35 2010 UDPv4 link remote: 79.208.136.92:1194
Sun Mar 21 21:10:35 2010 TLS: Initial packet from 79.208.136.92:1194, sid=729b8fcb 5002a1ba
Sun Mar 21 21:10:35 2010 VERIFY OK: depth=1, /C=DE/ST=Bayern/L=City/O=home.net.local/CN=m4xL/emailAddress=max.m4xL@local
Sun Mar 21 21:10:35 2010 VERIFY OK: nsCertType=SERVER
Sun Mar 21 21:10:35 2010 VERIFY OK: depth=0, /C=DE/ST=Bayern/O=home.net.local/CN=m4xL/emailAddress=max.m4xL@local
Sun Mar 21 21:10:36 2010 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Mar 21 21:10:36 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 21 21:10:36 2010 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Mar 21 21:10:36 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 21 21:10:36 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar 21 21:10:36 2010 [m4xL] Peer Connection Initiated with 79.208.136.92:1194
Sun Mar 21 21:10:38 2010 SENT CONTROL [m4xL]: 'PUSH_REQUEST' (status=1)
Sun Mar 21 21:10:38 2010 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.210.10,dhcp-option DNS 192.168.210.1,route 192.168.210.10 ,route-gateway 192.168.210.10,ping 10,ping-restart 120,ifconfig 192.168.210.30 255.255.255.0'
Sun Mar 21 21:10:38 2010 OPTIONS IMPORT: timers and/or timeouts modified
Sun Mar 21 21:10:38 2010 OPTIONS IMPORT: --ifconfig/up options modified
Sun Mar 21 21:10:38 2010 OPTIONS IMPORT: route options modified
Sun Mar 21 21:10:38 2010 OPTIONS IMPORT: route-related options modified
Sun Mar 21 21:10:38 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Mar 21 21:10:38 2010 TUN/TAP device tap0 opened
Sun Mar 21 21:10:38 2010 TUN/TAP TX queue length set to 100
Sun Mar 21 21:10:38 2010 /sbin/ifconfig tap0 192.168.210.30 netmask 255.255.255.0 mtu 1492 broadcast 192.168.210.255
Sun Mar 21 21:10:38 2010 OpenVPN ROUTE: omitted no-op route: 192.168.210.10/255.255.255.255 -> 192.168.210.10
Sun Mar 21 21:10:38 2010 Initialization Sequence Completed
Server Konfiguration:
Code:
/var/mod/root # cat /var/mod/etc/openvpn.conf
# OpenVPN 2.1 Config, Sun Mar 21 21:10:35 CET 2010
proto udp
dev tap0
#Helperline for rc.openvpn to add tap0 to lan bridge
ca /tmp/flash/ca.crt
cert /tmp/flash/box.crt
key /tmp/flash/box.key
dh /tmp/flash/dh.pem
tls-server
tls-auth /tmp/flash/static.key 0
port 1194
push "dhcp-option DNS 192.168.210.10"
push "dhcp-option DNS 192.168.210.1"
mode server
ifconfig-pool 192.168.210.30 192.168.210.35
push "route 192.168.210.10 "
ifconfig 192.168.210.10 255.255.255.0
push "route-gateway 192.168.210.10"
max-clients 3
tun-mtu 1492
mssfix
log /var/tmp/debug_openvpn.out
verb 3
daemon
cipher AES-256-CBC
comp-lzo
float
keepalive 10 120
Client Konfiguration:
Code:
/var/mod/root # cat /var/mod/etc/openvpn.conf
# OpenVPN 2.1 Config, Sun Mar 21 21:10:34 CET 2010
proto udp
dev tap0
#Helperline for rc.openvpn to add tap0 to lan bridge
ca /tmp/flash/ca.crt
cert /tmp/flash/box.crt
key /tmp/flash/box.key
tls-client
ns-cert-type server
tls-auth /tmp/flash/static.key 1
remote dyndns.org
nobind
pull
tun-mtu 1492
mssfix
log /var/tmp/debug_openvpn.out
verb 3
daemon
cipher AES-256-CBC
comp-lzo
float
keepalive 10 120
resolv-retry infinite
Hab grad nochmal das zweite Netz umgestellt auf 192.168.211.0/24 Ping geht auch nicht durch :-/
Gruß m4xL