OpenVPN - [56] :: В помощь системному администратору

На Windows 2003 server поднял openvpn server ,подскажите что неправильно в конфигурации.

ключ и сертиф деле так

To generate TLS keys:

Create new empty index and serial files (once only)
1. vars
2. clean-all

Build a CA key (once only)
1. vars
2. build-ca

Build a DH file (for server side, once only)
1. vars
2. build-dh

Build a private key/certficate for the openvpn server
1. vars
2. build-key-server OpenVpn

server config

port 444
proto tcp
dev tun
server 10.10.0.0 255.255.0.0
ca D:\\sll\\ca.crt
cert D:\\sll\\OpenVPN.crt
key D:\\sll\\OpenVPN.key
dh D:\\sll\\dh1024.pem

clien на кпк

remote 10.203.228.33 444
client
proto tcp
nobind
dev tun
verb 3
ca "\\Program Files\\OpenVPN\\config\\ca.crt"
cert "\\Program Files\\OpenVPN\\config\\OpenVPN.crt"
key "\\Program Files\\OpenVPN\\config\\OpenVPN.key"
redirect-gateway

лог с серва

Wed Apr 04 09:44:41 2012 OpenVPN 2.1_rc20 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Oct 1 2009
Wed Apr 04 09:44:41 2012 WARNING: --keepalive option is missing from server config
Wed Apr 04 09:44:41 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Apr 04 09:44:42 2012 TAP-WIN32 device [Подключение по локальной сети 4] opened: \\.\Global\{10EE5B65-EB2B-41ED-A280-46C8FC3A88E3}.tap
Wed Apr 04 09:44:42 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.10.0.1/255.255.255.252 on interface {10EE5B65-EB2B-41ED-A280-46C8FC3A88E3} [DHCP-serv: 10.10.0.2, lease-time: 31536000]
Wed Apr 04 09:44:42 2012 Sleeping for 10 seconds...
Wed Apr 04 09:44:52 2012 Listening for incoming TCP connection on [undef]:444
Wed Apr 04 09:44:52 2012 TCPv4_SERVER link local (bound): [undef]:444
Wed Apr 04 09:44:52 2012 TCPv4_SERVER link remote: [undef]
Wed Apr 04 09:44:52 2012 Initialization Sequence Completed
Wed Apr 04 09:59:22 2012 Re-using SSL/TLS context
Wed Apr 04 09:59:22 2012 TCP connection established with 10.203.230.33:1032
Wed Apr 04 09:59:22 2012 TCPv4_SERVER link local: [undef]
Wed Apr 04 09:59:22 2012 TCPv4_SERVER link remote: 10.203.230.33:1032
Wed Apr 04 10:00:22 2012 10.203.230.33:1032 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Apr 04 10:00:22 2012 10.203.230.33:1032 TLS Error: TLS handshake failed
Wed Apr 04 10:00:22 2012 10.203.230.33:1032 Fatal TLS error (check_tls_errors_co), restarting

лог с кпк
Wed Apr 04 09:58:38 2012 OpenVPN 2.1.0 Win32-MSVC++ [SSL] [LZO2] built on Dec 11 2009
Wed Apr 04 09:58:39 2012 MANAGEMENT: TCP Socket listening on 127.0.0.1:10000
Wed Apr 04 09:58:39 2012 Need hold release from management interface, waiting...
Wed Apr 04 09:58:39 2012 MANAGEMENT: Client connected from 127.0.0.1:10000
Wed Apr 04 09:58:39 2012 MANAGEMENT: CMD 'state on'
Wed Apr 04 09:58:39 2012 MANAGEMENT: CMD 'hold off'
Wed Apr 04 09:58:39 2012 MANAGEMENT: CMD 'hold release'
Wed Apr 04 09:58:39 2012 Using Windows Connection Manager with destination '{18AD9FBD-F716-ACB6-FD8A-1965DB95B814}' resolving to provider guid {18AD9FBD-F716-ACB6-FD8A-1965DB95B814} (exclusive)
Wed Apr 04 09:58:39 2012 Acquisition of Windows Connection Manager provider succeeded...
Wed Apr 04 09:58:39 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 04 09:58:39 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Apr 04 09:58:39 2012 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Apr 04 09:58:39 2012 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Wed Apr 04 09:58:39 2012 Local Options hash (VER=V4): 'db02a8f8'
Wed Apr 04 09:58:39 2012 Expected Remote Options hash (VER=V4): '7e068940'
Wed Apr 04 09:58:39 2012 Attempting to establish TCP connection with 10.203.228.33:444
Wed Apr 04 09:58:39 2012 MANAGEMENT: >STATE:1333519119,TCP_CONNECT,,,
Wed Apr 04 09:58:40 2012 TCP connection established with 10.203.228.33:444
Wed Apr 04 09:58:40 2012 Socket Buffers: R=[32768->32768] S=[16384->16384]
Wed Apr 04 09:58:40 2012 TCPv4_CLIENT link local (bound): [undef]
Wed Apr 04 09:58:40 2012 TCPv4_CLIENT link remote: 10.203.228.33:444
Wed Apr 04 09:58:40 2012 MANAGEMENT: >STATE:1333519120,WAIT,,,
Wed Apr 04 09:58:41 2012 MANAGEMENT: >STATE:1333519121,AUTH,,,
Wed Apr 04 09:58:41 2012 TLS: Initial packet from 10.203.228.33:444, sid=befcc400 0a41ae73
Wed Apr 04 09:58:53 2012 TCP/UDP: Closing socket
Wed Apr 04 09:58:53 2012 SIGTERM[hard,] received, process exiting
Wed Apr 04 09:58:53 2012 MANAGEMENT: >STATE:1333519133,EXITING,SIGTERM,,
Wed Apr 04 09:58:53 2012 Releasing Windows Connection Manager provider

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR
Версия для печати • Подписаться • Добавить в закладки
Страницы: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138