免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
楼主: wenzk

[vpn] [原创]用OpenVPN构建安全VPN [OpenVPN + CA] [复制链接]

论坛徽章:
0
发表于 2005-03-03 19:24 |显示全部楼层

[原创]用OpenVPN构建安全VPN [OpenVPN + CA]

Mar  3 19:12:31 localhost openvpn[29340]: TLS Error: Unroutable control packet received from 192.168.1.72:1194 (si=3 op=P_ACK_V1)
Mar  3 19:12:32 localhost openvpn[29340]: TLS Error: Unroutable control packet received from 192.168.1.72:1194 (si=3 op=P_CONTROL_V1)
Mar  3 19:12:32 localhost last message repeated 7 times
Mar  3 19:12:33 localhost openvpn[29340]: TLS Error: Unroutable control packet received from 192.168.1.72:1194 (si=3 op=P_ACK_V1)
Mar  3 19:12:34 localhost openvpn[29340]: TLS Error: Unroutable control packet received from 192.168.1.72:1194 (si=3 op=P_CONTROL_V1)
Mar  3 19:12:34 localhost last message repeated 7 times
Mar  3 19:12:35 localhost openvpn[29340]: TLS Error: Unroutable control packet received from 192.168.1.72:1194 (si=3 op=P_ACK_V1)

是那的问题阿?

论坛徽章:
0
发表于 2005-03-03 19:29 |显示全部楼层

[原创]用OpenVPN构建安全VPN [OpenVPN + CA]

服务端应该没问题把,,如果是我就把客户端格了作过了
cat /etc/openvpn/server.conf
local 192.168.1.72
port 1194
;proto tcp
proto udp
dev tap
;dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
crl-verify vpncrl.pem
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway"
;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 10.8.0.1"
client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
;log-append openvpn.log
verb 4

论坛徽章:
0
发表于 2005-03-03 19:29 |显示全部楼层

[原创]用OpenVPN构建安全VPN [OpenVPN + CA]

原帖由 "wheel" 发表:
TLS Error: Unroutable control packet received from 192.168.1.72:1194 (si=3 op=P_ACK_V1)

是那的问题阿?


这个问题重来都没有遇到过,需要发现原因,多试几次其他机器就知道了

论坛徽章:
0
发表于 2005-03-03 19:40 |显示全部楼层

[原创]用OpenVPN构建安全VPN [OpenVPN + CA]

原帖由 "wheel" 发表:
服务端应该没问题把,,如果是我就把客户端格了作过了
cat /etc/openvpn/server.conf
local 192.168.1.72
port 1194
;proto tcp
proto udp
dev tap
;dev tun
ca ca.crt
cert server.crt
key server.key # ..........


服务器没有问题,刚才在rddesktop的时候断了,速度有点慢,连上后就好多了:)

论坛徽章:
0
发表于 2005-03-03 19:45 |显示全部楼层

[原创]用OpenVPN构建安全VPN [OpenVPN + CA]

Mar  3 19:42:36 localhost openvpn[29409]: TLS: Initial packet from 192.168.1.72:1194, sid=a4c56f25 278c7eaa
Mar  3 19:42:36 localhost openvpn[29409]: VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=CN/ST=Liaoning/L=Shenyang/O=ELM_OpenVPN_ORG/CN=ROOT_CA/emailAddress=chenqs@clo.com.cn
Mar  3 19:42:36 localhost openvpn[29409]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mar  3 19:42:36 localhost openvpn[29409]: TLS Error: TLS object ->; incoming plaintext read error
Mar  3 19:42:36 localhost openvpn[29409]: TLS Error: TLS handshake failed
Mar  3 19:42:37 localhost openvpn[29409]: Fatal TLS error (check_tls_errors_co), restarting
Mar  3 19:42:37 localhost openvpn[29409]: TCP/UDP: Closing socket
Mar  3 19:42:37 localhost openvpn[29409]: SIGUSR1[soft,tls-error] received, process restarting
Mar  3 19:42:37 localhost openvpn[29409]: Restart pause, 5 second(s)

论坛徽章:
0
发表于 2005-03-03 20:04 |显示全部楼层

[原创]用OpenVPN构建安全VPN [OpenVPN + CA]

windows下客户端也报错阿
Thu Mar 03 23:59:55 2005 us=923806 LZO compression initialized
Thu Mar 03 23:59:55 2005 us=924006 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Mar 03 23:59:55 2005 us=925556 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:23 ET:32 EL:0 AF:3/1 ]
Thu Mar 03 23:59:55 2005 us=925630 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Thu Mar 03 23:59:55 2005 us=925652 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Thu Mar 03 23:59:55 2005 us=925693 Local Options hash (VER=V4): '13a273ba'
Thu Mar 03 23:59:55 2005 us=925721 Expected Remote Options hash (VER=V4): '360696c5'
Thu Mar 03 23:59:55 2005 us=925767 Socket Buffers: R=[8192->;8192] S=[8192->;8192]
Thu Mar 03 23:59:55 2005 us=925797 UDPv4 link local: [undef]
Thu Mar 03 23:59:55 2005 us=925815 UDPv4 link remote: 192.168.1.72:1194
Thu Mar 03 23:59:55 2005 us=931433 TLS: Initial packet from 192.168.1.72:1194, sid=75c4433d 186e72f7
Thu Mar 03 23:59:56 2005 us=21579 VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=CN/ST=Liaoning/L=Shenyang/O=ELM_OpenVPN_ORG/CN=ROOT_CA/emailAddress=chenqs@clo.com.cn
Thu Mar 03 23:59:56 2005 us=21756 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu Mar 03 23:59:56 2005 us=21777 TLS Error: TLS object ->; incoming plaintext read error
Thu Mar 03 23:59:56 2005 us=21792 TLS Error: TLS handshake failed
Thu Mar 03 23:59:56 2005 us=21968 TCP/UDP: Closing socket
Thu Mar 03 23:59:56 2005 us=22092 SIGUSR1[soft,tls-error] received, process restarting
Thu Mar 03 23:59:56 2005 us=22110 Restart pause, 2 second(s)
Thu Mar 03 23:59:58 2005 us=10401 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Mar 03 23:59:58 2005 us=10477 Re-using SSL/TLS context
Thu Mar 03 23:59:58 2005 us=10551 LZO compression initialized
Thu Mar 03 23:59:58 2005 us=10652 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Mar 03 23:59:58 2005 us=10984 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:23 ET:32 EL:0 AF:3/1 ]
Thu Mar 03 23:59:58 2005 us=11080 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Thu Mar 03 23:59:58 2005 us=11103 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Thu Mar 03 23:59:58 2005 us=11139 Local Options hash (VER=V4): '13a273ba'
Thu Mar 03 23:59:58 2005 us=11167 Expected Remote Options hash (VER=V4): '360696c5'
Thu Mar 03 23:59:58 2005 us=11242 Socket Buffers: R=[8192->;8192] S=[8192->;8192]
Thu Mar 03 23:59:58 2005 us=11265 UDPv4 link local: [undef]
Thu Mar 03 23:59:58 2005 us=11284 UDPv4 link remote: 192.168.1.72:1194
Thu Mar 03 23:59:58 2005 us=11560 TCP/UDP: Closing socket
Thu Mar 03 23:59:58 2005 us=11640 SIGTERM[hard,] received, process exiting

论坛徽章:
0
发表于 2005-03-03 20:46 |显示全部楼层

[原创]用OpenVPN构建安全VPN [OpenVPN + CA]

[quote]原帖由 "wheel"]eceived, process exiting[/quote 发表:


经检查确认,是你现在那台server 1.72生成的证书和签发的证书有点问题,传到别的机器上用openssl verify -CAfile ca.crt elm.crt出错

换其他机器生成证书就OK了:)

good,luck

由于你在server的配置文件上写了
push "redirect-gateway"
所以连接上后把你原有的网关都给删除了

现在那两台机器已经无法访问了

论坛徽章:
0
发表于 2005-03-04 00:39 |显示全部楼层

[原创]用OpenVPN构建安全VPN [OpenVPN + CA]

求助.
[root@wl2004 openvpn]# /etc/init.d/openvpn start
Starting openvpn:                                          [失败]
less /var/log/openvpn.log
options error: --server directive network/netmask combination is invalid
Use --help for more information.

论坛徽章:
0
发表于 2005-03-04 00:43 |显示全部楼层

[原创]用OpenVPN构建安全VPN [OpenVPN + CA]

我知道了是server.conf中的server 192.100.0.0 255.255.0.0的问题.

论坛徽章:
0
发表于 2005-03-04 08:10 |显示全部楼层

[原创]用OpenVPN构建安全VPN [OpenVPN + CA]

大家使用的时候最好把所有的中外注释都给去掉,否则怕有问题
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

SACC2019中国系统架构师大会

【数字转型 架构演进】SACC2019中国系统架构师大会,7折限时优惠重磅来袭!
2019年10月31日~11月2日第11届中国系统架构师大会(SACC2019)将在北京隆重召开。四大主线并行的演讲模式,1个主会场、20个技术专场、超千人参与的会议规模,100+来自互联网、金融、制造业、电商等领域的嘉宾阵容,将为广大参会者提供一场最具价值的技术交流盛会。

限时七折期:2019年8月31日前


----------------------------------------

大会官网>>
  

北京盛拓优讯信息技术有限公司. 版权所有 16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122
中国互联网协会会员  联系我们:huangweiwei@it168.com
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP