| Freesco, NND, CDN, EOS http://forum.freesco.pl/ |
|
| OpenVPN Mac'Book http://forum.freesco.pl/viewtopic.php?f=22&t=17383 |
Strona 1 z 1 |
| Autor: | mario_000 [ piątek, 19 grudnia 2008, 17:43 ] |
| Tytuł: | OpenVPN Mac'Book |
Witam Posiadam router NND na którym mam uruchomionego openvpn, wszystko śmigało bez zarzutu dopóki nie postanowiłem podłączyć do serwera Mac booka z leopardem. Czy da się zmusić Macbooka do łączenia z openvpn'em. Zna ktoś może konfiguracją bądź rozwiązanianie problemu. Próbowałem Tunnelbelic pokazuje mi status autoryzacja i "guzik" nie łączy się. Poradźcie coś. Mario 
|
|
| Autor: | JakubC [ niedziela, 21 grudnia 2008, 21:55 ] |
| Tytuł: | |
Musisz poszukać na swoim maczku jakiś konkretniejszych informacji. Spróbuj odpalić tam klienta z konsoli - to powinno powiedzieć nam co się stało. Poza tym mógłbyś zajrzeć do logów serwera vpn. |
|
| Autor: | mario_000 [ poniedziałek, 22 grudnia 2008, 16:01 ] |
| Tytuł: | |
Witam Udało mi się tak skonfigurować że Mac już się łączy z serwerem nie mogę tylko z maca poprzez pulpit zdalny wejść na żadnego zdalnego kompa. Poniżej podaje logi może ktoś z mądrzejszą głową mi pomoże Thu 01/01/70 01:00 AM: SUCCESS: pid=491 Thu 01/01/70 01:00 AM: SUCCESS: real-time state notification set to ON Thu 01/01/70 01:00 AM: SUCCESS: real-time log notification set to ON Mon 12/22/08 09:50 AM: management_client_user = '[UNDEF]' Mon 12/22/08 09:50 AM: management_client_group = '[UNDEF]' Mon 12/22/08 09:50 AM: management_flags = 6 Mon 12/22/08 09:50 AM: shared_secret_file = '[UNDEF]' Mon 12/22/08 09:50 AM: key_direction = 0 Mon 12/22/08 09:50 AM: ciphername_defined = ENABLED Mon 12/22/08 09:50 AM: ciphername = 'BF-CBC' Mon 12/22/08 09:50 AM: authname_defined = ENABLED Mon 12/22/08 09:50 AM: authname = 'SHA1' Mon 12/22/08 09:50 AM: prng_hash = 'SHA1' Mon 12/22/08 09:50 AM: prng_nonce_secret_len = 16 Mon 12/22/08 09:50 AM: keysize = 0 Mon 12/22/08 09:50 AM: engine = DISABLED Mon 12/22/08 09:50 AM: replay = ENABLED Mon 12/22/08 09:50 AM: mute_replay_warnings = DISABLED Mon 12/22/08 09:50 AM: replay_window = 64 Mon 12/22/08 09:50 AM: replay_time = 15 Mon 12/22/08 09:50 AM: packet_id_file = '[UNDEF]' Mon 12/22/08 09:50 AM: use_iv = ENABLED Mon 12/22/08 09:50 AM: test_crypto = DISABLED Mon 12/22/08 09:50 AM: tls_server = DISABLED Mon 12/22/08 09:50 AM: tls_client = ENABLED Mon 12/22/08 09:50 AM: key_method = 2 Mon 12/22/08 09:50 AM: ca_file = '/users/marek/library/openvpn/ certyfikat_rootca.pem' Mon 12/22/08 09:50 AM: ca_path = '[UNDEF]' Mon 12/22/08 09:50 AM: dh_file = '[UNDEF]' Mon 12/22/08 09:50 AM: cert_file = '/users/marek/library/ openvpn/certyfikat_mb.pem' Mon 12/22/08 09:50 AM: priv_key_file = '/users/marek/library/ openvpn/klucz_mb.pem' Mon 12/22/08 09:50 AM: pkcs12_file = '[UNDEF]' Mon 12/22/08 09:50 AM: cipher_list = '[UNDEF]' Mon 12/22/08 09:50 AM: tls_verify = '[UNDEF]' Mon 12/22/08 09:50 AM: tls_remote = '[UNDEF]' Mon 12/22/08 09:50 AM: crl_file = '[UNDEF]' Mon 12/22/08 09:50 AM: ns_cert_type = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_ku[i] = 0 Mon 12/22/08 09:50 AM: remote_cert_eku = '[UNDEF]' Mon 12/22/08 09:50 AM: tls_timeout = 2 Mon 12/22/08 09:50 AM: renegotiate_bytes = 0 Mon 12/22/08 09:50 AM: renegotiate_packets = 0 Mon 12/22/08 09:50 AM: renegotiate_seconds = 3600 Mon 12/22/08 09:50 AM: handshake_window = 60 Mon 12/22/08 09:50 AM: transition_window = 3600 Mon 12/22/08 09:50 AM: single_session = DISABLED Mon 12/22/08 09:50 AM: tls_exit = DISABLED Mon 12/22/08 09:50 AM: tls_auth_file = '[UNDEF]' Mon 12/22/08 09:50 AM: server_network = 0.0.0.0 Mon 12/22/08 09:50 AM: server_netmask = 0.0.0.0 Mon 12/22/08 09:50 AM: server_bridge_ip = 0.0.0.0 Mon 12/22/08 09:50 AM: server_bridge_netmask = 0.0.0.0 Mon 12/22/08 09:50 AM: server_bridge_pool_start = 0.0.0.0 Mon 12/22/08 09:50 AM: server_bridge_pool_end = 0.0.0.0 Mon 12/22/08 09:50 AM: ifconfig_pool_defined = DISABLED Mon 12/22/08 09:50 AM: ifconfig_pool_start = 0.0.0.0 Mon 12/22/08 09:50 AM: ifconfig_pool_end = 0.0.0.0 Mon 12/22/08 09:50 AM: ifconfig_pool_netmask = 0.0.0.0 Mon 12/22/08 09:50 AM: ifconfig_pool_persist_filename = '[UNDEF]' Mon 12/2ą2/08 09:50 AM: ifconfig_pool_persist_refresh_freq = 600 Mon 12/22/08 09:50 AM: n_bcast_buf = 256 Mon 12/22/08 09:50 AM: tcp_queue_limit = 64 Mon 12/22/08 09:50 AM: real_hash_size = 256 Mon 12/22/08 09:50 AM: virtual_hash_size = 256 Mon 12/22/08 09:50 AM: client_connect_script = '[UNDEF]' Mon 12/22/08 09:50 AM: learn_address_script = '[UNDEF]' Mon 12/22/08 09:50 AM: client_disconnect_script = '[UNDEF]' Mon 12/22/08 09:50 AM: client_config_dir = '[UNDEF]' Mon 12/22/08 09:50 AM: ccd_exclusive = DISABLED Mon 12/22/08 09:50 AM: tmp_dir = '[UNDEF]' Mon 12/22/08 09:50 AM: push_ifconfig_defined = DISABLED Mon 12/22/08 09:50 AM: push_ifconfig_local = 0.0.0.0 Mon 12/22/08 09:50 AM: push_ifconfig_remote_netmask = 0.0.0.0 Mon 12/22/08 09:50 AM: enable_c2c = DISABLED Mon 12/22/08 09:50 AM: duplicate_cn = DISABLED Mon 12/22/08 09:50 AM: cf_max = 0 Mon 12/22/08 09:50 AM: cf_per = 0 Mon 12/22/08 09:50 AM: max_clients = 1024 Mon 12/22/08 09:50 AM: max_routes_per_client = 256 Mon 12/22/08 09:50 AM: auth_user_pass_verify_script = '[UNDEF]' Mon 12/22/08 09:50 AM: auth_user_pass_verify_script_via_file = DISABLED Mon 12/22/08 09:50 AM: ssl_flags = 0 Mon 12/22/08 09:50 AM: port_share_host = '[UNDEF]' Mon 12/22/08 09:50 AM: port_share_port = 0 Mon 12/22/08 09:50 AM: client = DISABLED Mon 12/22/08 09:50 AM: pull = ENABLED Mon 12/22/08 09:50 AM: auth_user_pass_file = '[UNDEF]' Mon 12/22/08 09:50 AM: OpenVPN 2.1_rc15 i386-apple-darwin9.5.0 [SSL] [LZO2] built on Nov 19 2008 Mon 12/22/08 09:50 AM: MANAGEMENT: TCP Socket listening on 127.0.0.1:1338 Mon 12/22/08 09:50 AM: waiting... Mon 12/22/08 09:50 AM: MANAGEMENT: Client connected from 127.0.0.1:1338 Thu 01/01/70 01:00 AM: END Thu 01/01/70 01:00 AM: SUCCESS: hold release succeeded Mon 12/22/08 09:50 AM: WARNING: --ping should normally be used with -- ping-restart or --ping-exit Mon 12/22/08 09:50 AM: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Mon 12/22/08 09:50 AM: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu 01/01/70 01:00 AM: but not yet verified Mon 12/22/08 09:50 AM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon 12/22/08 09:50 AM: WARNING: file '/users/marek/library/ openvpn/klucz_mbudner.pem' is group or others accessible Mon 12/22/08 09:50 AM: LZO compression initialized Mon 12/22/08 09:50 AM: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ] Mon 12/22/08 09:50 AM: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB: 135 ET:0 EL:0 AF:3/1 ] Mon 12/22/08 09:50 AM: tls-client' Mon 12/22/08 09:50 AM: tls-server' Mon 12/22/08 09:50 AM: Local Options hash (VER=V4): '69109d17' Mon 12/22/08 09:50 AM: Expected Remote Options hash (VER=V4): 'c0103fa8' Mon 12/22/08 09:50 AM: Attempting to establish TCP connection with 79.xxx.xxx.xxx:1194 [nonblock] Mon 12/22/08 09:50 AM: Mon 12/22/08 09:51 AM: will try again in 5 seconds: Operation timed out Mon 12/22/08 09:51 AM: Mon 12/22/08 09:51 AM: TCP connection established with 79.xxx.xxx.xxx:1194 Mon 12/22/08 09:51 AM: Socket Buffers: R=[525624->65536] S=[131768- >65536] Mon 12/22/08 09:51 AM: TCPv4_CLIENT link local: [undef] Mon 12/22/08 09:51 AM: TCPv4_CLIENT link remote: 79.xxx.xxx.xxx:1194 Mon 12/22/08 09:51 AM: Mon 12/22/08 09:51 AM: Mon 12/22/08 09:51 AM: sid=28a17b52 368aa5d3 Mon 12/22/08 09:51 AM: /C=PL/ST=Polska/L=Warszawa/O=xxx/OU=xxx ... ess=p@p.pl Mon 12/22/08 09:51 AM: /C=PL/ST=Polska/O=xxx/OU=xxx/CN=Mariusz ... ess=p@p.pl Mon 12/22/08 09:51 AM: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon 12/22/08 09:51 AM: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon 12/22/08 09:51 AM: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon 12/22/08 09:51 AM: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon 12/22/08 09:51 AM: 1024 bit RSA Mon 12/22/08 09:51 AM: [Mariusz] Peer Connection Initiated with 79.xxx.xxx.xxx:1194 Mon 12/22/08 09:51 AM: Mon 12/22/08 09:51 AM: SENT CONTROL [Mariusz]: 'PUSH_REQUEST' (status=1) Mon 12/22/08 09:51 AM: ifconfig 192.168.10.50 192.168.10.49' Mon 12/22/08 09:51 AM: OPTIONS IMPORT: timers and/or timeouts modified Mon 12/22/08 09:51 AM: OPTIONS IMPORT: --ifconfig/up options modified Mon 12/22/08 09:51 AM: OPTIONS IMPORT: route options modified Mon 12/22/08 09:51 AM: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon 12/22/08 09:51 AM: ROUTE default_gateway=192.168.1.1 Mon 12/22/08 09:51 AM: TUN/TAP device /dev/tun0 opened Mon 12/22/08 09:51 AM: Mon 12/22/08 09:51 AM: /sbin/ifconfig tun0 delete Mon 12/22/08 09:51 AM: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Mon 12/22/08 09:51 AM: /sbin/ifconfig tun0 192.168.10.50 192.168.10.49 mtu 1500 netmask 255.255.255.255 up Mon 12/22/08 09:51 AM: Mon 12/22/08 09:51 AM: WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0] Mon 12/22/08 09:51 AM: /sbin/route add -net 192.168.1.0 192.168.10.49 255.255.255.0 Mon 12/22/08 09:51 AM: /sbin/route add -net 192.168.10.1 192.168.10.49 255.255.255.255 Mon 12/22/08 09:51 AM: Initialization Sequence Completed Mon 12/22/08 09:51 AM: 79.xxx.xxx.xxx |
|
| Autor: | tasiorek [ poniedziałek, 22 grudnia 2008, 16:39 ] |
| Tytuł: | |
mario_000 pisze: Mon 12/22/08 09:51 AM: WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0] Mon 12/22/08 09:51 AM: /sbin/route add -net 192.168.1.0 192.168.10.49 255.255.255.0 Mon 12/22/08 09:51 AM: /sbin/route add -net 192.168.10.1 192.168.10.49 255.255.255.255
Masz takie same klasy adresowe w obydwoch podsieciach. |
|
| Autor: | mario_000 [ wtorek, 23 grudnia 2008, 11:29 ] |
| Tytuł: | |
No faktycznie. Ale tak samo mam na windowsach te same klasy adresowe i działa bez problemu. Czyżby system Leopard na Macu był mądrzejszy i to mu przeszkadzało. |
|
| Autor: | tasiorek [ wtorek, 23 grudnia 2008, 12:51 ] |
| Tytuł: | |
Jest tylko jeden sposob, zeby sie o tym przekonac. |
|
| Autor: | PathFinder [ piątek, 26 grudnia 2008, 22:33 ] |
| Tytuł: | |
nie no, nie mozesz miec tych samych adresów na vpn'ie i po lanie, zmien vpn'a na np. 192.168.2.0/24 i będzie śmigało, problem w tym, że on nie wie którego interfejsu użyć, wyskakuje Ci, że ponowi próbę za 5 sek, bo nie może sie podłączyć do samego siebie 
|
|
| Autor: | mario_000 [ czwartek, 15 stycznia 2009, 16:37 ] |
| Tytuł: | |
Ok. Dzięki za pomoc. Zawsze mogę na forumowiczów liczyć. Pozmieniałem adres sieci i ruszyło .Więc temat uznajmy za zamknięty. Jeszcze raz dzieki |
|
| Strona 1 z 1 | Strefa czasowa UTC+2godz. |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|