MAC -> Kubuntu OpenVPN kommt nicht zustande

stefan6591

Aktives Mitglied
Thread Starter
Dabei seit
25.12.2005
Beiträge
194
Reaktionspunkte
0
Hallo,

ich habe versucht ein Kubuntu 8.04 als OpenVPN Server zu betreiben und einen Tunnel über Mac Leo aufzubauen. Jedoch kommt dieser nicht zustande.
Ich habe folgende Anleitung verwendet:

http://wiki.openvpn.eu/index.php/OVPN-Linux

kann das sein, dass die Client.ovpn inkorrekt ist, oder dass die ipbereiche falsch gesetzt sind, bei mir speilt sich alles in 192.168.1.0 24 Netz ab.

Die Zertifikate sind ebenfalls nach o. g. Anleitung erstellt worden.

Danke.

VPN-Client: Tunnelblick
Hier der Log und die Server und Clientkonfig.

Client Konfig: (Client.ovpn)

#Festlegen als was fungiert wird
tls-client
pull

# Methode festlegen tun oder tap
dev tap

# Protokoll auswaehlen udp oder tcp
proto udp

# IP/Name und Port des Servers
remote 192.168.1.9 1194

# Auflösen des Hostnames des Servers (wegen nicht permanent mit dem Internet verbundenen Rechnern)
resolv-retry infinite

# Localen Port festlegen oder freigeben
nobind


# Verbindung immer gleich halten
persist-key
persist-tun

#zu verwendende Zertifikate und Schlüssel
ca /Users/mitarbeiter/Library/openvpn/vpn-ca.pem
cert /Users/mitarbeiter/Library/openvpn/Client1_cert.pem
key /Users/mitarbeiter/Library/openvpn/Client1_key.pem

# Verschlüsselung
cipher AES-256-CBC

# Komprimiernug
comp-lzo

# Authentifizierungsmethode
auth SHA1

# "Gesprächigkeit" des Tunnels
verb 3

# Silence repeating messages
mute 20
//--------------------------------------------------
ServerKonfig: (Server.ovpn)

# Port Standardport 1194
port 1194

# Die Revoke Liste überprüfen
#crl-verify /etc/ssl/crl.pem

# TCP oder UDP?
proto udp
mode server
tls-server

dev tap

#Unsere Server IP
ifconfig 192.168.1.9 255.255.255.0
ifconfig-pool 192.168.1.60 192.168.100.69
#Server IP Adresse (Adressbereich. in dem Fall alles von 10.10.10.0)
#server

#Wo liegen unsere Zertifikate
ca /etc/ssl/vpn-ca.pem
cert /etc/ssl/Zertifikate/server_cert.pem
key /etc/ssl/private/server_key.pem

#Diffie-Hellmann Parameter
dh /etc/ssl/dh2048.pem

#Die Selbe IP in der nächsten Sitzung vergeben
#ifconfig-pool-persist ipp.txt

#IPs in den IP Tables eintragen, DNS neu vergeben und über Den Server das Routing machen, dass man z.B. über den Tunnel auf ein
# lokales Intranet zuzugreifen
#push "route 10.0.0.0 255.0.0.0"
#push "dhcp-option DNS 192.168.1.xyz"
#push "redirect-gateway"
#push "route 0.0.0.0 0.0.0.0"

#Authentifizierungsmethode
auth SHA1

#Verschlüsselungs Algorithmus
cipher aes-256-cbc

#Benutze Komprimierung
comp-lzo

#Setzt die Rechte
user nobody
group nogroup

#Wird wegen user nobody/group nobody benötigt.
persist-key
persist-tun

#Logging 0, (Zum testen:5)
verb 7
//--------------------------------------------------

Log von Tunnelblick

Thu 01/01/70 01:00 AM: SUCCESS: pid=370
Thu 01/01/70 01:00 AM: SUCCESS: real-time state notification set to ON
Thu 01/01/70 01:00 AM: SUCCESS: real-time log notification set to ON
Tue 06/23/09 04:13 PM: OpenVPN 2.1_rc15 i386-apple-darwin9.5.0 [SSL] [LZO2] built on Nov 19 2008
Tue 06/23/09 04:13 PM: MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
Tue 06/23/09 04:13 PM: waiting...
Tue 06/23/09 04:13 PM: MANAGEMENT: Client connected from 127.0.0.1:1337
Thu 01/01/70 01:00 AM: END
Thu 01/01/70 01:00 AM: SUCCESS: hold release succeeded
Tue 06/23/09 04:13 PM: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue 06/23/09 04:13 PM: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu 01/01/70 01:00 AM: but not yet verified
Tue 06/23/09 04:13 PM: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue 06/23/09 04:13 PM: WARNING: file '/Users/mitarbeiter/Library/openvpn/Client1_key.pem' is group or others accessible
Tue 06/23/09 04:13 PM: LZO compression initialized
Tue 06/23/09 04:13 PM: Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue 06/23/09 04:13 PM: Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Tue 06/23/09 04:13 PM: Local Options hash (VER=V4): 'c6c7c21a'
Tue 06/23/09 04:13 PM: Expected Remote Options hash (VER=V4): '1a6d5c5d'
Tue 06/23/09 04:13 PM: Socket Buffers: R=[42080->65536] S=[9216->65536]
Tue 06/23/09 04:13 PM: UDPv4 link local: [undef]
Tue 06/23/09 04:13 PM: UDPv4 link remote: 192.168.1.9:22
Tue 06/23/09 04:13 PM:
Tue 06/23/09 04:13 PM:
Tue 06/23/09 04:13 PM: sid=f20b257b 01ff3dc3
Tue 06/23/09 04:13 PM: error=self signed certificate: /C=DE/ST=BW/L=BO/O=AD/OU=AD/CN=yanto/emailAddress=mail@skleebauer.de
Tue 06/23/09 04:13 PM: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue 06/23/09 04:13 PM: TLS Error: TLS object -> incoming plaintext read error
Tue 06/23/09 04:13 PM: TLS Error: TLS handshake failed
Tue 06/23/09 04:13 PM: TCP/UDP: Closing socket
Tue 06/23/09 04:13 PM: process restarting
Tue 06/23/09 04:13 PM:
Thu 01/01/70 01:00 AM: SUCCESS: hold release succeeded
Tue 06/23/09 04:13 PM: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue 06/23/09 04:13 PM: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue 06/23/09 04:13 PM: Re-using SSL/TLS context
Tue 06/23/09 04:13 PM: LZO compression initialized
Tue 06/23/09 04:13 PM: Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue 06/23/09 04:13 PM: Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Tue 06/23/09 04:13 PM: Local Options hash (VER=V4): 'c6c7c21a'
Tue 06/23/09 04:13 PM: Expected Remote Options hash (VER=V4): '1a6d5c5d'
Tue 06/23/09 04:13 PM: Socket Buffers: R=[42080->65536] S=[9216->65536]
Tue 06/23/09 04:13 PM: UDPv4 link local: [undef]
Tue 06/23/09 04:13 PM: UDPv4 link remote: 192.168.1.9:22
Tue 06/23/09 04:13 PM:
Tue 06/23/09 04:13 PM:
Tue 06/23/09 04:13 PM: sid=8649a938 8fa55ebb
Tue 06/23/09 04:13 PM: error=self signed certificate: /C=DE/ST=BW/L=BO/O=AD/OU=AD/CN=yanto/emailAddress=mail@skleebauer.de
Tue 06/23/09 04:13 PM: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue 06/23/09 04:13 PM: TLS Error: TLS object -> incoming plaintext read error
Tue 06/23/09 04:13 PM: TLS Error: TLS handshake failed
Tue 06/23/09 04:13 PM: TCP/UDP: Closing socket
Tue 06/23/09 04:13 PM: process restarting
Tue 06/23/09 04:13 PM:
Thu 01/01/70 01:00 AM: SUCCESS: hold release succeeded
Tue 06/23/09 04:13 PM: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue 06/23/09 04:13 PM: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue 06/23/09 04:13 PM: Re-using SSL/TLS context
Tue 06/23/09 04:13 PM: LZO compression initialized
Tue 06/23/09 04:13 PM: Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue 06/23/09 04:13 PM: Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Tue 06/23/09 04:13 PM: Local Options hash (VER=V4): 'c6c7c21a'
Tue 06/23/09 04:13 PM: Expected Remote Options hash (VER=V4): '1a6d5c5d'
Tue 06/23/09 04:13 PM: Socket Buffers: R=[42080->65536] S=[9216->65536]
Tue 06/23/09 04:13 PM: UDPv4 link local: [undef]
Tue 06/23/09 04:13 PM: UDPv4 link remote: 192.168.1.9:22
Tue 06/23/09 04:13 PM:
Tue 06/23/09 04:13 PM:
Tue 06/23/09 04:13 PM: sid=75015ea6 1c2b72c3
Tue 06/23/09 04:13 PM: error=self signed certificate: /C=DE/ST=BW/L=BO/O=AD/OU=AD/CN=yanto/emailAddress=mail@skleebauer.de
Tue 06/23/09 04:13 PM: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue 06/23/09 04:13 PM: TLS Error: TLS object -> incoming plaintext read error
Tue 06/23/09 04:13 PM: TLS Error: TLS handshake failed
Tue 06/23/09 04:13 PM: TCP/UDP: Closing socket
Tue 06/23/09 04:13 PM: process restarting
Tue 06/23/09 04:13 PM:
Thu 01/01/70 01:00 AM: SUCCESS: hold release succeeded
Tue 06/23/09 04:13 PM: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue 06/23/09 04:13 PM: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue 06/23/09 04:13 PM: Re-using SSL/TLS context
Tue 06/23/09 04:13 PM: LZO compression initialized
Tue 06/23/09 04:13 PM: Control Channel MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue 06/23/09 04:13 PM: Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Tue 06/23/09 04:13 PM: Local Options hash (VER=V4): 'c6c7c21a'
Tue 06/23/09 04:13 PM: Expected Remote Options hash (VER=V4): '1a6d5c5d'
Tue 06/23/09 04:13 PM: Socket Buffers: R=[42080->65536] S=[9216->65536]
Tue 06/23/09 04:13 PM: UDPv4 link local: [undef]
Tue 06/23/09 04:13 PM: UDPv4 link remote: 192.168.1.9:22
Tue 06/23/09 04:13 PM:
Tue 06/23/09 04:13 PM:
 
Zurück
Oben Unten