Freesco, NND, CDN, EOS :: Wyświetl temat

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.2 * 255.255.255.255 UH 0 0 0 tun0
83.xx.xxx.xxx * 255.255.255.248 U 0 0 0 eth0
192.168.2.0 192.168.2.2 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default axn225.internet 0.0.0.0 UG 0 0 0 eth0

TCP bank-bartek:2995 192.168.1.115:http WYSťANO_SYN

tcp 192.168.2.6:2995 192.168.1.115:www SYN_SENT

10:06:29.374237 IP 10.8.0.6.2259 > APJA.www: S 3439504821:3439504821(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
10:06:34.831406 IP 10.8.0.6.2261 > APJA.www: S 2701895054:2701895054(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
10:06:37.823508 IP 10.8.0.6.2261 > APJA.www: S 2701895054:2701895054(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
10:06:41.002643 IP 10.8.0.6.2263 > APJA.www: S 640145994:640145994(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
10:06:43.760198 IP 10.8.0.6.2261 > APJA.www: S 2701895054:2701895054(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
10:06:43.861508 IP 10.8.0.6.2263 > APJA.www: S 640145994:640145994(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
10:06:49.896945 IP 10.8.0.6.2263 > APJA.www: S 640145994:640145994(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>

10:07:54.849307 IP 10.8.0.6.2270 > ww-in-f99.google.com.www: P 862922461:862923148(687) ack 2348766110 win 64240
10:07:54.984304 IP ww-in-f99.google.com.www > 10.8.0.6.2270: P 1:204(203) ack 687 win 133
10:07:54.985722 IP ww-in-f99.google.com.www > 10.8.0.6.2270: . 204:1572(1368) ack 687 win 133
10:07:54.987020 IP ww-in-f99.google.com.www > 10.8.0.6.2270: P 1572:2734(1162) ack 687 win 133
10:07:55.185408 IP 10.8.0.6.2270 > ww-in-f99.google.com.www: . ack 204 win 64037
10:07:55.281197 IP ww-in-f99.google.com.www > 10.8.0.6.2270: P 2734:3142(408) ack 687 win 133
10:07:55.342821 IP 10.8.0.6.2270 > ww-in-f99.google.com.www: . ack 204 win 64037 <nop,nop,sack sack 1 {2734:3142} >
10:07:55.889464 IP 10.8.0.6.2263 > APJA.www: S 640145994:640145994(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
10:07:55.950452 IP ww-in-f99.google.com.www > 10.8.0.6.2270: . 204:1572(1368) ack 687 win 133
10:07:56.192929 IP 10.8.0.6.2270 > ww-in-f99.google.com.www: . ack 1572 win 64240 <nop,nop,sack sack 1 {2734:3142} >
10:07:56.285718 IP ww-in-f99.google.com.www > 10.8.0.6.2270: P 1572:2734(1162) ack 687 win 133
10:07:56.370144 IP 10.8.0.6.2270 > ww-in-f99.google.com.www: . ack 3142 win 64240

Po Pana odpowiedzi sprawdziłem dokładnie i działa gdy
dam pare IP:MAC ff:ff:ff:ff:ff:ff i tak mam wypełnioną całą pulę podsieci oprócz wpisanych klientów i teraz IP. Może to kiepskie rozwiązanie bo mac sobie można zmienic na ff:ff.. . Powinienem dać jakieś wymyślone ale to malo wazne w tej kwestii. Jak dam jakis inny mac niż fff to wtedy nawet ping nie idzie.

Autor:	mario_000 [ poniedziałek, 16 marca 2009, 12:46 ]
Tytuł:	openvpn NND HELP
Witam W dniu dzisiejszym próbowałem połączyć się zdalnie poprzez openvpn i wystąpił problem z certyfikatem wyskakuje mi przy kliencie taki komunikat : "Unable to connect because your certyfikate has expired or the system time is incorect" (o co chodzi ) Poniżej zamieszczam log z klienta : Mon Mar 16 11:35:01 2009 us=117000 Current Parameter Settings: Mon Mar 16 11:35:01 2009 us=117000 config = 'cert.ovpn' Mon Mar 16 11:35:01 2009 us=117000 mode = 0 Mon Mar 16 11:35:01 2009 us=117000 show_ciphers = DISABLED Mon Mar 16 11:35:01 2009 us=117000 show_digests = DISABLED Mon Mar 16 11:35:01 2009 us=117000 show_engines = DISABLED Mon Mar 16 11:35:01 2009 us=117000 genkey = DISABLED Mon Mar 16 11:35:01 2009 us=117000 key_pass_file = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 show_tls_ciphers = DISABLED Mon Mar 16 11:35:01 2009 us=117000 Connection profiles [default]: Mon Mar 16 11:35:01 2009 us=117000 proto = tcp-client Mon Mar 16 11:35:01 2009 us=117000 local = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 local_port = 0 Mon Mar 16 11:35:01 2009 us=117000 remote = '79.188.160.115' Mon Mar 16 11:35:01 2009 us=117000 remote_port = 1194 Mon Mar 16 11:35:01 2009 us=117000 remote_float = DISABLED Mon Mar 16 11:35:01 2009 us=117000 bind_defined = DISABLED Mon Mar 16 11:35:01 2009 us=117000 bind_local = DISABLED Mon Mar 16 11:35:01 2009 us=117000 connect_retry_seconds = 5 Mon Mar 16 11:35:01 2009 us=117000 connect_timeout = 10 Mon Mar 16 11:35:01 2009 us=117000 connect_retry_max = 0 Mon Mar 16 11:35:01 2009 us=117000 socks_proxy_server = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 socks_proxy_port = 0 Mon Mar 16 11:35:01 2009 us=117000 socks_proxy_retry = DISABLED Mon Mar 16 11:35:01 2009 us=117000 Connection profiles END Mon Mar 16 11:35:01 2009 us=117000 remote_random = DISABLED Mon Mar 16 11:35:01 2009 us=117000 ipchange = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 dev = 'tun' Mon Mar 16 11:35:01 2009 us=117000 dev_type = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 dev_node = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 lladdr = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 topology = 1 Mon Mar 16 11:35:01 2009 us=117000 tun_ipv6 = DISABLED Mon Mar 16 11:35:01 2009 us=117000 ifconfig_local = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 ifconfig_remote_netmask = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 ifconfig_noexec = DISABLED Mon Mar 16 11:35:01 2009 us=117000 ifconfig_nowarn = DISABLED Mon Mar 16 11:35:01 2009 us=117000 shaper = 0 Mon Mar 16 11:35:01 2009 us=117000 tun_mtu = 1500 Mon Mar 16 11:35:01 2009 us=117000 tun_mtu_defined = ENABLED Mon Mar 16 11:35:01 2009 us=117000 link_mtu = 1500 Mon Mar 16 11:35:01 2009 us=117000 link_mtu_defined = DISABLED Mon Mar 16 11:35:01 2009 us=117000 tun_mtu_extra = 0 Mon Mar 16 11:35:01 2009 us=117000 tun_mtu_extra_defined = DISABLED Mon Mar 16 11:35:01 2009 us=117000 fragment = 0 Mon Mar 16 11:35:01 2009 us=117000 mtu_discover_type = -1 Mon Mar 16 11:35:01 2009 us=117000 mtu_test = 0 Mon Mar 16 11:35:01 2009 us=117000 mlock = DISABLED Mon Mar 16 11:35:01 2009 us=117000 keepalive_ping = 0 Mon Mar 16 11:35:01 2009 us=117000 keepalive_timeout = 0 Mon Mar 16 11:35:01 2009 us=117000 inactivity_timeout = 0 Mon Mar 16 11:35:01 2009 us=117000 ping_send_timeout = 15 Mon Mar 16 11:35:01 2009 us=117000 ping_rec_timeout = 0 Mon Mar 16 11:35:01 2009 us=117000 ping_rec_timeout_action = 0 Mon Mar 16 11:35:01 2009 us=117000 ping_timer_remote = DISABLED Mon Mar 16 11:35:01 2009 us=117000 remap_sigusr1 = 0 Mon Mar 16 11:35:01 2009 us=117000 explicit_exit_notification = 0 Mon Mar 16 11:35:01 2009 us=117000 persist_tun = ENABLED Mon Mar 16 11:35:01 2009 us=117000 persist_local_ip = DISABLED Mon Mar 16 11:35:01 2009 us=117000 persist_remote_ip = DISABLED Mon Mar 16 11:35:01 2009 us=117000 persist_key = ENABLED Mon Mar 16 11:35:01 2009 us=117000 mssfix = 1450 Mon Mar 16 11:35:01 2009 us=117000 resolve_retry_seconds = 1000000000 Mon Mar 16 11:35:01 2009 us=117000 username = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 groupname = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 chroot_dir = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 cd_dir = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 writepid = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=117000 up_script = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=133000 down_script = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=133000 down_pre = DISABLED Mon Mar 16 11:35:01 2009 us=133000 up_restart = DISABLED Mon Mar 16 11:35:01 2009 us=133000 up_delay = DISABLED Mon Mar 16 11:35:01 2009 us=133000 daemon = DISABLED Mon Mar 16 11:35:01 2009 us=133000 inetd = 0 Mon Mar 16 11:35:01 2009 us=133000 log = DISABLED Mon Mar 16 11:35:01 2009 us=133000 suppress_timestamps = DISABLED Mon Mar 16 11:35:01 2009 us=133000 nice = 0 Mon Mar 16 11:35:01 2009 us=133000 verbosity = 4 Mon Mar 16 11:35:01 2009 us=133000 mute = 0 Mon Mar 16 11:35:01 2009 us=133000 gremlin = 0 Mon Mar 16 11:35:01 2009 us=133000 status_file = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=133000 status_file_version = 1 Mon Mar 16 11:35:01 2009 us=133000 status_file_update_freq = 60 Mon Mar 16 11:35:01 2009 us=133000 occ = ENABLED Mon Mar 16 11:35:01 2009 us=133000 rcvbuf = 0 Mon Mar 16 11:35:01 2009 us=133000 sndbuf = 0 Mon Mar 16 11:35:01 2009 us=133000 sockflags = 0 Mon Mar 16 11:35:01 2009 us=180000 fast_io = DISABLED Mon Mar 16 11:35:01 2009 us=180000 lzo = 7 Mon Mar 16 11:35:01 2009 us=180000 route_script = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=180000 route_default_gateway = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=180000 route_default_metric = 0 Mon Mar 16 11:35:01 2009 us=180000 route_noexec = DISABLED Mon Mar 16 11:35:01 2009 us=180000 route_delay = 5 Mon Mar 16 11:35:01 2009 us=180000 route_delay_window = 30 Mon Mar 16 11:35:01 2009 us=180000 route_delay_defined = ENABLED Mon Mar 16 11:35:01 2009 us=180000 route_nopull = DISABLED Mon Mar 16 11:35:01 2009 us=180000 route_gateway_via_dhcp = DISABLED Mon Mar 16 11:35:01 2009 us=180000 allow_pull_fqdn = DISABLED Mon Mar 16 11:35:01 2009 us=180000 management_addr = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=180000 management_port = 0 Mon Mar 16 11:35:01 2009 us=180000 management_user_pass = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=180000 management_log_history_cache = 250 Mon Mar 16 11:35:01 2009 us=211000 management_echo_buffer_size = 100 Mon Mar 16 11:35:01 2009 us=211000 management_write_peer_info_file = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=211000 management_client_user = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=211000 management_client_group = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=211000 management_flags = 0 Mon Mar 16 11:35:01 2009 us=211000 shared_secret_file = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=211000 key_direction = 0 Mon Mar 16 11:35:01 2009 us=211000 ciphername_defined = ENABLED Mon Mar 16 11:35:01 2009 us=211000 ciphername = 'BF-CBC' Mon Mar 16 11:35:01 2009 us=211000 authname_defined = ENABLED Mon Mar 16 11:35:01 2009 us=211000 authname = 'SHA1' Mon Mar 16 11:35:01 2009 us=211000 keysize = 0 Mon Mar 16 11:35:01 2009 us=211000 engine = DISABLED Mon Mar 16 11:35:01 2009 us=211000 replay = ENABLED Mon Mar 16 11:35:01 2009 us=211000 mute_replay_warnings = DISABLED Mon Mar 16 11:35:01 2009 us=242000 replay_window = 64 Mon Mar 16 11:35:01 2009 us=242000 replay_time = 15 Mon Mar 16 11:35:01 2009 us=242000 packet_id_file = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=242000 use_iv = ENABLED Mon Mar 16 11:35:01 2009 us=242000 test_crypto = DISABLED Mon Mar 16 11:35:01 2009 us=242000 tls_server = DISABLED Mon Mar 16 11:35:01 2009 us=242000 tls_client = ENABLED Mon Mar 16 11:35:01 2009 us=242000 key_method = 2 Mon Mar 16 11:35:01 2009 us=242000 ca_file = 'G:/klucz/certyfikat_rootca.pem' Mon Mar 16 11:35:01 2009 us=242000 ca_path = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=242000 dh_file = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=242000 cert_file = 'G:/klucz/certyfikat_admin.pem' Mon Mar 16 11:35:01 2009 us=242000 priv_key_file = 'G:/klucz/klucz_admin.pem' Mon Mar 16 11:35:01 2009 us=242000 pkcs12_file = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=242000 cryptoapi_cert = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=242000 cipher_list = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=273000 tls_verify = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=273000 tls_remote = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=273000 crl_file = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=273000 ns_cert_type = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=273000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=289000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=289000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=289000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=289000 remote_cert_ku[i] = 0 Mon Mar 16 11:35:01 2009 us=289000 remote_cert_eku = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=289000 tls_timeout = 2 Mon Mar 16 11:35:01 2009 us=289000 renegotiate_bytes = 0 Mon Mar 16 11:35:01 2009 us=289000 renegotiate_packets = 0 Mon Mar 16 11:35:01 2009 us=289000 renegotiate_seconds = 3600 Mon Mar 16 11:35:01 2009 us=289000 handshake_window = 60 Mon Mar 16 11:35:01 2009 us=289000 transition_window = 3600 Mon Mar 16 11:35:01 2009 us=289000 single_session = DISABLED Mon Mar 16 11:35:01 2009 us=289000 tls_exit = DISABLED Mon Mar 16 11:35:01 2009 us=289000 tls_auth_file = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=289000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=289000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=289000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=320000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=336000 pkcs11_protected_authentication = DISABLED Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=336000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=351000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=351000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=351000 pkcs11_private_mode = 00000000 Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=351000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=383000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=383000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=383000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=383000 pkcs11_cert_private = DISABLED Mon Mar 16 11:35:01 2009 us=383000 pkcs11_pin_cache_period = -1 Mon Mar 16 11:35:01 2009 us=383000 pkcs11_id = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=383000 pkcs11_id_management = DISABLED Mon Mar 16 11:35:01 2009 us=383000 server_network = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=383000 server_netmask = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=383000 server_bridge_ip = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=383000 server_bridge_netmask = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=383000 server_bridge_pool_start = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=383000 server_bridge_pool_end = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=383000 ifconfig_pool_defined = DISABLED Mon Mar 16 11:35:01 2009 us=383000 ifconfig_pool_start = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=398000 ifconfig_pool_end = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=398000 ifconfig_pool_netmask = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=398000 ifconfig_pool_persist_filename = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=398000 ifconfig_pool_persist_refresh_freq = 600 Mon Mar 16 11:35:01 2009 us=398000 n_bcast_buf = 256 Mon Mar 16 11:35:01 2009 us=398000 tcp_queue_limit = 64 Mon Mar 16 11:35:01 2009 us=398000 real_hash_size = 256 Mon Mar 16 11:35:01 2009 us=398000 virtual_hash_size = 256 Mon Mar 16 11:35:01 2009 us=398000 client_connect_script = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=398000 learn_address_script = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=398000 client_disconnect_script = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=398000 client_config_dir = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=398000 ccd_exclusive = DISABLED Mon Mar 16 11:35:01 2009 us=398000 tmp_dir = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=398000 push_ifconfig_defined = DISABLED Mon Mar 16 11:35:01 2009 us=414000 push_ifconfig_local = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=414000 push_ifconfig_remote_netmask = 0.0.0.0 Mon Mar 16 11:35:01 2009 us=414000 enable_c2c = DISABLED Mon Mar 16 11:35:01 2009 us=414000 duplicate_cn = DISABLED Mon Mar 16 11:35:01 2009 us=414000 cf_max = 0 Mon Mar 16 11:35:01 2009 us=414000 cf_per = 0 Mon Mar 16 11:35:01 2009 us=414000 max_clients = 1024 Mon Mar 16 11:35:01 2009 us=414000 max_routes_per_client = 256 Mon Mar 16 11:35:01 2009 us=414000 client_cert_not_required = DISABLED Mon Mar 16 11:35:01 2009 us=414000 username_as_common_name = DISABLED Mon Mar 16 11:35:01 2009 us=414000 auth_user_pass_verify_script = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=414000 auth_user_pass_verify_script_via_file = DISABLED Mon Mar 16 11:35:01 2009 us=414000 client = DISABLED Mon Mar 16 11:35:01 2009 us=414000 pull = ENABLED Mon Mar 16 11:35:01 2009 us=414000 auth_user_pass_file = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=429000 show_net_up = DISABLED Mon Mar 16 11:35:01 2009 us=429000 route_method = 0 Mon Mar 16 11:35:01 2009 us=429000 ip_win32_defined = DISABLED Mon Mar 16 11:35:01 2009 us=429000 ip_win32_type = 3 Mon Mar 16 11:35:01 2009 us=429000 dhcp_masq_offset = 0 Mon Mar 16 11:35:01 2009 us=429000 dhcp_lease_time = 31536000 Mon Mar 16 11:35:01 2009 us=429000 tap_sleep = 0 Mon Mar 16 11:35:01 2009 us=429000 dhcp_options = DISABLED Mon Mar 16 11:35:01 2009 us=429000 dhcp_renew = DISABLED Mon Mar 16 11:35:01 2009 us=429000 dhcp_pre_release = DISABLED Mon Mar 16 11:35:01 2009 us=429000 dhcp_release = DISABLED Mon Mar 16 11:35:01 2009 us=429000 domain = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=429000 netbios_scope = '[UNDEF]' Mon Mar 16 11:35:01 2009 us=429000 netbios_node_type = 0 Mon Mar 16 11:35:01 2009 us=429000 disable_nbt = DISABLED Mon Mar 16 11:35:01 2009 us=429000 OpenVPN 2.1_rc13 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Oct 7 2008 Mon Mar 16 11:35:01 2009 us=461000 WARNING: --ping should normally be used with --ping-restart or --ping-exit Mon Mar 16 11:35:01 2009 us=461000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Mon Mar 16 11:35:01 2009 us=476000 LZO compression initialized Mon Mar 16 11:35:01 2009 us=476000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ] Mon Mar 16 11:35:01 2009 us=476000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Mon Mar 16 11:35:01 2009 us=476000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Mon Mar 16 11:35:01 2009 us=476000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Mon Mar 16 11:35:01 2009 us=492000 Local Options hash (VER=V4): '69109d17' Mon Mar 16 11:35:01 2009 us=492000 Expected Remote Options hash (VER=V4): 'c0103fa8' Mon Mar 16 11:35:01 2009 us=492000 Attempting to establish TCP connection with xx.xxx.xxx.xxx:1194 Mon Mar 16 11:35:01 2009 us=492000 TCP connection established with xx.xxx.xxx.xxx:1194 Mon Mar 16 11:35:01 2009 us=492000 Socket Buffers: R=[8192->8192] S=[8192->8192] Mon Mar 16 11:35:01 2009 us=492000 TCPv4_CLIENT link local: [undef] Mon Mar 16 11:35:01 2009 us=492000 TCPv4_CLIENT link remote: xx.xxx.xxx.xxx:1194 Mon Mar 16 11:35:01 2009 us=492000 TLS: Initial packet from xx.xxx.xxx.xxx:1194, sid=63a7818d a7056b45 Mon Mar 16 11:35:01 2009 us=570000 VERIFY OK: depth=1, /C=PL/ST=Polska/L=Warszawa/O=xxx/OU=xxx ... xxx@xxx.pl Mon Mar 16 11:35:01 2009 us=570000 VERIFY ERROR: depth=0, error=certificate has expired: /C=PL/ST=Polska/O=xxx/OU=xxx/CN=Mariusz ... xxx@xxx.pl Mon Mar 16 11:35:01 2009 us=570000 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Mon Mar 16 11:35:01 2009 us=570000 TLS Error: TLS object -> incoming plaintext read error Mon Mar 16 11:35:01 2009 us=570000 TLS Error: TLS handshake failed Mon Mar 16 11:35:01 2009 us=570000 Fatal TLS error (check_tls_errors_co), restarting Mon Mar 16 11:35:01 2009 us=570000 TCP/UDP: Closing socket Mon Mar 16 11:35:01 2009 us=570000 SIGUSR1[soft,tls-error] received, process restarting Mon Mar 16 11:35:01 2009 us=570000 Restart pause, 5 second(s) Mon Mar 16 11:35:06 2009 us=578000 WARNING: --ping should normally be used with --ping-restart or --ping-exit Mon Mar 16 11:35:06 2009 us=578000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Mon Mar 16 11:35:06 2009 us=578000 Re-using SSL/TLS context Mon Mar 16 11:35:06 2009 us=578000 LZO compression initialized Mon Mar 16 11:35:06 2009 us=578000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ] Mon Mar 16 11:35:06 2009 us=578000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Mon Mar 16 11:35:06 2009 us=578000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Mon Mar 16 11:35:06 2009 us=578000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Mon Mar 16 11:35:06 2009 us=578000 Local Options hash (VER=V4): '69109d17' Mon Mar 16 11:35:06 2009 us=578000 Expected Remote Options hash (VER=V4): 'c0103fa8' Mon Mar 16 11:35:06 2009 us=578000 Attempting to establish TCP connection with xx.xx.xxx.xxx:1194 Mon Mar 16 11:35:06 2009 us=578000 TCP/UDP: Closing socket Mon Mar 16 11:35:06 2009 us=578000 SIGTERM[hard,init_instance] received, process exiting POMÓŻCIE !!! z góry WIELKIE podziękowania [/img]

Autor:	mario_000 [ poniedziałek, 16 marca 2009, 13:13 ]
Tytuł:
a i jeszcze jedno datę i czs mam ustawioną prawidłową

Autor:	tasiorek [ poniedziałek, 16 marca 2009, 17:39 ]
Tytuł:
Zmien na chwile rozszerzenie certyfikatow z .pem na .crt i sprawdz kiedy konczy sie ich waznosc.

Autor:	mario_000 [ poniedziałek, 16 marca 2009, 18:48 ]
Tytuł:
zauwazyłem ze skończyła sie waznosc certyfikatu certyfikat_bramy.pem na serwerze. Stworzyłem nowy i klapa. Wykasowałem wszystkie założyłem od nowa jednemu uzytkwnikowi i teraz nie moze sie połączyć. co 5 sekund wznawia i klapa

Autor:	tasiorek [ wtorek, 17 marca 2009, 11:39 ]
Tytuł:
Przydalyby sie logi, bo samo klapa niewiele mowi.

Freesco, NND, CDN, EOS http://forum.freesco.pl/

openvpn NND HELP http://forum.freesco.pl/viewtopic.php?f=22&t=17561	Strona 1 z 1

Autor:	mario_000 [ wtorek, 17 marca 2009, 15:55 ]
Tytuł:
Pozakładałem na serwerze wszystkie certyfikaty od nowa i zaczeło działać. Jedyny minus tego działania to to że muszę także odnowa zakładac dla użytkowników. A czy istnieje możliwość przesłania plików z serwera NND na komp lokalny np. poprzez putty ??? POZDRAWIAM

Autor:	tasiorek [ wtorek, 17 marca 2009, 17:10 ]
Tytuł:
Tak np. przez winscp

Autor:	mario_000 [ czwartek, 19 marca 2009, 11:56 ]
Tytuł:
Dzięki serdecznie za pomoc.

Autor:	galdas1 [ niedziela, 29 marca 2009, 01:01 ]
Tytuł:
Witam. Widzę zaczęty temat więc się podepnę: Postawiłem na serwerze openvpn. Moja siec lokalna na eth1 to 192.168.1.0/24. Na eth0 DSL. Klientem z xp łaczę się i Vpn się zestawia. Pinguje 192.168.1.1 czyli eth0 serwerka. Pinguje 192.168.2.1 czyli tun0 na serwerku. Moj ip to 192.168.2.6. Ok standardowo chcę dostać się do innych hostów w sieci. Do firewalla dodaje : iptables -I INPUT -i eth0 -p tcp -m tcp --dport 1194 -j ACCEPT iptables -I INPUT -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT iptables -I FORWARD -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT Pokazuje: "iptables -L INPUT: ACCEPT all -- 192.168.2.0/24 192.168.1.0/24 ACCEPT tcp -- anywhere anywhere tcp dpt:1194 ACCEPT all -- anywhere anywhere DROP tcp -- anywhere anywhere multiport dports 135,445 .... .... iptables -L FORWARD target prot opt source destination ACCEPT all -- 192.168.2.0/24 192.168.1.0/24 DROP tcp -- Remik anywhere tcp dpt:smtp .... ....." JEszcze tablica routingu w windowsie : Aktywne trasy: Miejsce docelowe w sieci Maska sieci Brama Interfejs Metryka 0.0.0.0 0.0.0.0 83.4.80.174 83.4.80.174 1 83.4.80.174 255.255.255.255 127.0.0.1 127.0.0.1 50 83.255.255.255 255.255.255.255 83.4.80.174 83.4.80.174 50 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.2.5 192.168.2.6 1 <-------------- trasa jest 192.168.2.1 255.255.255.255 192.168.2.5 192.168.2.6 1 192.168.2.4 255.255.255.252 192.168.2.6 192.168.2.6 30 192.168.2.6 255.255.255.255 127.0.0.1 127.0.0.1 30 192.168.2.255 255.255.255.255 192.168.2.6 192.168.2.6 30 213.25.2.102 255.255.255.255 83.4.80.174 83.4.80.174 1 224.0.0.0 240.0.0.0 192.168.2.6 192.168.2.6 30 224.0.0.0 240.0.0.0 83.4.80.174 83.4.80.174 1 255.255.255.255 255.255.255.255 83.4.80.174 83.4.80.174 1 255.255.255.255 255.255.255.255 192.168.2.6 2 1 255.255.255.255 255.255.255.255 192.168.2.6 192.168.2.6 1 Domy˜lna brama: 83.4.80.174. tablica na serwerku : Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.2 * 255.255.255.255 UH 0 0 0 tun0 xxx.xxx.xxx.xxx * 255.255.255.248 U 0 0 0 eth0 192.168.2.0 192.168.2.2 255.255.255.0 UG 0 0 0 tun0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default axn225.internet 0.0.0.0 UG 0 0 0 eth0 Po tych zabiegach mam w sici kilka APekow, wiec poszczam ping 192.168.1.101 i sukces : Badanie 192.168.1.101 z uľyciem 32 bajt˘w danych: Odpowied« z 192.168.1.101: bajt˘w=32 czas=52ms TTL=254 Odpowied« z 192.168.1.101: bajt˘w=32 czas=46ms TTL=254 Odpowied« z 192.168.1.101: bajt˘w=32 czas=46ms TTL=254 Odpowied« z 192.168.1.101: bajt˘w=32 czas=46ms TTL=254 Statystyka badania ping dla 192.168.1.101: Pakiety: Wysˆane = 4, Odebrane = 4, Utracone = 0 (0% straty), Szacunkowy czas bˆĄdzenia pakiet˘w w millisekundach: Minimum = 46 ms, Maksimum = 52 ms, Czas ˜redni = 47 ms Ucieszony wpisuje w przegladarce 192.168.1.101 iiiii wielka kupa Pingi ida super a po http nie moge sie dostac. Walcze juz pol dnia i nie wiem co jest 5 firewall na xp brak. Ma ktos jakis pomysl jak wrzucic jakis konfig to prosze mowic.

Autor:	Saturas [ niedziela, 29 marca 2009, 08:58 ]
Tytuł:
'Brama domyślna' chyba jest zew. operatora. Komputer odwołuje się do bramy i tyle.

Autor:	tasiorek [ poniedziałek, 30 marca 2009, 10:09 ]
Tytuł:
Sprobuj mskowac polaczenia do tych apekow: iptables -t nat -I POSTROUTING -s 192.168.2.0/24 -d 192.168.1.0/24 -j MASQUERADE

Autor:	galdas1 [ wtorek, 31 marca 2009, 19:33 ]
Tytuł:
Witam Niestety nie pomogło. Najdziwniejsze że ping czyli pakiety icmp trafiają do każdego ip z podsieci 192.168.1.0/24. A http już nie.

Autor:	galdas1 [ piątek, 17 kwietnia 2009, 10:42 ]
Tytuł:
Witam wracam do kwestii po pewnym czasie. Problem mam nadal już nawet zrobiłem tak: Policy INPUT na ACCEPT Policy Forward na ACCEPT iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -d 0.0.0.0/0 -j MASQUERADE route na serwerku Cytuj: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.2 * 255.255.255.255 UH 0 0 0 tun0 83.xx.xxx.xxx * 255.255.255.248 U 0 0 0 eth0 192.168.2.0 192.168.2.2 255.255.255.0 UG 0 0 0 tun0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default axn225.internet 0.0.0.0 UG 0 0 0 eth0 Ip jaki dostaje to 192.168.2.6 Ping ze stacji do np urządzenia ok Z serwera do stacji ok Jednak juz po porci np 80 klapa: Na stacji widać że : Cytuj: TCP bank-bartek:2995 192.168.1.115:http WYSťANO_SYN a na serwerku Cytuj: tcp 192.168.2.6:2995 192.168.1.115:www SYN_SENT Jednak na tym koniec . Ma ktoś jakiś pomysł ??

Autor:	galdas1 [ wtorek, 21 kwietnia 2009, 13:07 ]
Tytuł:
Może jednak ktoś ma jakiś pomysł ??

Autor:	galdas1 [ niedziela, 29 marca 2009, 12:32 ]
Tytuł:
Brama domyślna jest to brama tzw ostatniego celu a więc idą tam pakiety które nie znajdą drogi w tablicy routingu. U mnie jest trasa do mojej podsieci 192.168.1.0/24 więc brama domyślna nie ma tu nic do tego a poza tym pakiety icmp wracają więc znajdują drogę !!! Jakieś inne sugestie.

Autor:	tasiorek [ czwartek, 30 kwietnia 2009, 14:38 ]
Tytuł:
Cos sciemniasz. Ping dzialal, pomimo zlego wpisu w tablicy arp?

Strona 1 z 1	Strefa czasowa UTC+2godz.
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/

Autor:	galdas1 [ czwartek, 30 kwietnia 2009, 10:08 ]
Tytuł:
Teraz to dziwne !!!! Na serwerze VPN (moj serwer) odpalam maskarade adresów z VPN-CLIENT na eth0 - wyjscie na swiat. Na client VPN brama domyślna to ip tunelu i wszystko śmiga. Dostęp do internetu przez tunel VPN na cliencie. Niestety jeżeli chce wejsć przez www lub cokolwiek innego np. ssh na urządzenie w sieci lokalnej to dupa. Tylko ping bangla. INPUT i FORWARD już nawet dałem na ACCEPT. Maskarada dla adresow z VPN do -o eth1(moja lokalka tez) i niestety. tcpdump tun0: Cytuj: 10:06:29.374237 IP 10.8.0.6.2259 > APJA.www: S 3439504821:3439504821(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> 10:06:34.831406 IP 10.8.0.6.2261 > APJA.www: S 2701895054:2701895054(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> 10:06:37.823508 IP 10.8.0.6.2261 > APJA.www: S 2701895054:2701895054(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> 10:06:41.002643 IP 10.8.0.6.2263 > APJA.www: S 640145994:640145994(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> 10:06:43.760198 IP 10.8.0.6.2261 > APJA.www: S 2701895054:2701895054(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> 10:06:43.861508 IP 10.8.0.6.2263 > APJA.www: S 640145994:640145994(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> 10:06:49.896945 IP 10.8.0.6.2263 > APJA.www: S 640145994:640145994(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> A jak dam np na www.google.pl to wszystko widać: Cytuj: 10:07:54.849307 IP 10.8.0.6.2270 > ww-in-f99.google.com.www: P 862922461:862923148(687) ack 2348766110 win 64240 10:07:54.984304 IP ww-in-f99.google.com.www > 10.8.0.6.2270: P 1:204(203) ack 687 win 133 10:07:54.985722 IP ww-in-f99.google.com.www > 10.8.0.6.2270: . 204:1572(1368) ack 687 win 133 10:07:54.987020 IP ww-in-f99.google.com.www > 10.8.0.6.2270: P 1572:2734(1162) ack 687 win 133 10:07:55.185408 IP 10.8.0.6.2270 > ww-in-f99.google.com.www: . ack 204 win 64037 10:07:55.281197 IP ww-in-f99.google.com.www > 10.8.0.6.2270: P 2734:3142(408) ack 687 win 133 10:07:55.342821 IP 10.8.0.6.2270 > ww-in-f99.google.com.www: . ack 204 win 64037 <nop,nop,sack sack 1 {2734:3142} > 10:07:55.889464 IP 10.8.0.6.2263 > APJA.www: S 640145994:640145994(0) win 64240 <mss 1368,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> 10:07:55.950452 IP ww-in-f99.google.com.www > 10.8.0.6.2270: . 204:1572(1368) ack 687 win 133 10:07:56.192929 IP 10.8.0.6.2270 > ww-in-f99.google.com.www: . ack 1572 win 64240 <nop,nop,sack sack 1 {2734:3142} > 10:07:56.285718 IP ww-in-f99.google.com.www > 10.8.0.6.2270: P 1572:2734(1162) ack 687 win 133 10:07:56.370144 IP 10.8.0.6.2270 > ww-in-f99.google.com.www: . ack 3142 win 64240 DZIALA Zapewne to banał ale mi zajęło to kilka dobrych dni (Szukałem wszędzie i zupełnie gdzie indziej:)). Rada na przyszłość, bo może ktoś trafi na podobny problem. Jeżeli mamy na serwerku statyczne powiązane mac i ip w pliku ethers to nie zapomnijcie dodac odpowiednich wpisow. Ja mialem tam wszystkich klientów ale już AP nie usmiech dla ip AP małem jakiś zmyślony MAC. Pozdrawiam i dzięki za wcześniejsze posty !