Generate 2048 Bit Openvpn Static Key
Posted on by admin
Generate 2048 Bit Openvpn Static Key 9,4/10 2836 votes
@johnpoz: are you using auth or crypt. Did you check it with the commands given? If your using auth your using a key direction, etc. So if you read that how is it stated its the KEY;). Persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the. # # 2048 bit OpenVPN static.
Всех приветствую !With the 'tls-auth' directive is it possible to sign OpenVPN packages with a static 160 bit HMAC hash key, by default. Key # Generate the static OpenVPN. Create SSL tunnels with OpenVPN.
OS-OpenSuse 42.3
OpenVPN-2.3 easyrsa- 3.0.5
Server.conf
Download bus ukts indonesia. Код:
port 1194
proto tcp
dev tun
server 192.168.99.0 255.255.255.0
push 'route 192.168.90.0 255.255.255.0'
ca ca.crt
cert blic-vpn.crt
key blic-vpn.key
dh dh.pem
tls-auth ta.key 0
crl-verify crl.pem
key-direction 0
cipher AES-256-CBC
auth SHA256
explicit-exit-notify 0
ifconfig-pool-persist ipp.txt
mute 10
persist-key
persist-tun
max-clients 50
keepalive 10 900
user nobody
group nobody
status openvpn-status.log 1
status-version 3
log-append openvpn-server.log
verb 9
Client.confproto tcp
dev tun
server 192.168.99.0 255.255.255.0
push 'route 192.168.90.0 255.255.255.0'
ca ca.crt
cert blic-vpn.crt
key blic-vpn.key
dh dh.pem
tls-auth ta.key 0
crl-verify crl.pem
key-direction 0
cipher AES-256-CBC
auth SHA256
explicit-exit-notify 0
ifconfig-pool-persist ipp.txt
mute 10
persist-key
persist-tun
max-clients 50
keepalive 10 900
user nobody
group nobody
status openvpn-status.log 1
status-version 3
log-append openvpn-server.log
verb 9
Код:
client
dev tun
remote 192.168.80.21
proto tcp
ca ca.crt
cert adm.crt
key adm.key
cipher AES-256-CBC
auth SHA256
key-direction 1
route-method exe
route-delay 2
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
tls-auth ta.key 1
auth-nocache
dev tun
remote 192.168.80.21
proto tcp
ca ca.crt
cert adm.crt
key adm.key
cipher AES-256-CBC
auth SHA256
key-direction 1
route-method exe
route-delay 2
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
tls-auth ta.key 1
auth-nocache
Создал тестовый OpenVPN и столкнулся со следующим:
Интерфейс tun подымается
Логи клиента при попытке подключиться к серверу:
Код:
Sat Jan 12 00:51:28 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Sat Jan 12 00:51:28 2019 Windows version 6.1 (Windows 7) 64bit
Sat Jan 12 00:51:28 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Sat Jan 12 00:51:28 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 12 00:51:28 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:28 2019 Attempting to establish TCP connection with [AF_INET]192.168.80.21:1194 [nonblock]
Sat Jan 12 00:51:29 2019 TCP connection established with [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:29 2019 TCP_CLIENT link local: (not bound)
Sat Jan 12 00:51:29 2019 TCP_CLIENT link remote: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:30 2019 Connection reset, restarting [-1]
Sat Jan 12 00:51:30 2019 SIGUSR1[soft,connection-reset] received, process restarting
Sat Jan 12 00:51:35 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 12 00:51:35 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:35 2019 Attempting to establish TCP connection with [AF_INET]192.168.80.21:1194 [nonblock]
Sat Jan 12 00:51:36 2019 TCP connection established with [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:36 2019 TCP_CLIENT link local: (not bound)
Sat Jan 12 00:51:36 2019 TCP_CLIENT link remote: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:36 2019 Connection reset, restarting [-1]
Sat Jan 12 00:51:36 2019 SIGUSR1[soft,connection-reset] received, process restarting
Sat Jan 12 00:51:38 2019 SIGTERM[hard,init_instance] received, process exiting
Как только я комментирую на сервере строку отвечающую за проверку сертификатов:Sat Jan 12 00:51:28 2019 Windows version 6.1 (Windows 7) 64bit
Sat Jan 12 00:51:28 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Sat Jan 12 00:51:28 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 12 00:51:28 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:28 2019 Attempting to establish TCP connection with [AF_INET]192.168.80.21:1194 [nonblock]
Sat Jan 12 00:51:29 2019 TCP connection established with [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:29 2019 TCP_CLIENT link local: (not bound)
Sat Jan 12 00:51:29 2019 TCP_CLIENT link remote: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:30 2019 Connection reset, restarting [-1]
Sat Jan 12 00:51:30 2019 SIGUSR1[soft,connection-reset] received, process restarting
Sat Jan 12 00:51:35 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 12 00:51:35 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:35 2019 Attempting to establish TCP connection with [AF_INET]192.168.80.21:1194 [nonblock]
Sat Jan 12 00:51:36 2019 TCP connection established with [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:36 2019 TCP_CLIENT link local: (not bound)
Sat Jan 12 00:51:36 2019 TCP_CLIENT link remote: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:51:36 2019 Connection reset, restarting [-1]
Sat Jan 12 00:51:36 2019 SIGUSR1[soft,connection-reset] received, process restarting
Sat Jan 12 00:51:38 2019 SIGTERM[hard,init_instance] received, process exiting
#crl-verify crl.pem
Клиент подключается и работает как положено.
Лог клиента после удачного подключения:
Generate 2048 Bit Openvpn Static Key Word
Код:
Generate 2048 Bit Openvpn Static Key Cipher
Sat Jan 12 00:56:17 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Sat Jan 12 00:56:17 2019 Windows version 6.1 (Windows 7) 64bit
Sat Jan 12 00:56:17 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Sat Jan 12 00:56:17 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 12 00:56:17 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:56:17 2019 Attempting to establish TCP connection with [AF_INET]192.168.80.21:1194 [nonblock]
Sat Jan 12 00:56:18 2019 TCP connection established with [AF_INET]192.168.80.21:1194
Sat Jan 12 00:56:18 2019 TCP_CLIENT link local: (not bound)
Sat Jan 12 00:56:18 2019 TCP_CLIENT link remote: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:56:18 2019 [blic-vpn] Peer Connection Initiated with [AF_INET]192.168.80.21:1194
Sat Jan 12 00:56:20 2019 open_tun
Sat Jan 12 00:56:20 2019 TAP-WIN32 device [Подключение по локальной сети 2] opened: .Global{61223E3E-B757-452A-B418-E67442450004}.tap
Sat Jan 12 00:56:20 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.88.6/255.255.255.252 on interface {61223E3E-B757-452A-B418-E67442450004} [DHCP-serv: 192.168.88.5, lease-time: 31536000]
Sat Jan 12 00:56:20 2019 Successful ARP Flush on interface [24] {61223E3E-B757-452A-B418-E67442450004}
Sat Jan 12 00:56:20 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jan 12 00:56:22 2019 env_block: add PATH=C:WindowsSystem32;C:Windows;C:WindowsSystem32Wbem
Sat Jan 12 00:56:22 2019 env_block: add PATH=C:WindowsSystem32;C:Windows;C:WindowsSystem32Wbem
Sat Jan 12 00:56:22 2019 Initialization Sequence Completed
Sat Jan 12 00:56:32 2019 env_block: add PATH=C:WindowsSystem32;C:Windows;C:WindowsSystem32Wbem
Sat Jan 12 00:56:32 2019 env_block: add PATH=C:WindowsSystem32;C:Windows;C:WindowsSystem32Wbem
Sat Jan 12 00:56:32 2019 SIGTERM[hard,] received, process exiting
Sat Jan 12 00:56:17 2019 Windows version 6.1 (Windows 7) 64bit
Sat Jan 12 00:56:17 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Sat Jan 12 00:56:17 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 12 00:56:17 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:56:17 2019 Attempting to establish TCP connection with [AF_INET]192.168.80.21:1194 [nonblock]
Sat Jan 12 00:56:18 2019 TCP connection established with [AF_INET]192.168.80.21:1194
Sat Jan 12 00:56:18 2019 TCP_CLIENT link local: (not bound)
Sat Jan 12 00:56:18 2019 TCP_CLIENT link remote: [AF_INET]192.168.80.21:1194
Sat Jan 12 00:56:18 2019 [blic-vpn] Peer Connection Initiated with [AF_INET]192.168.80.21:1194
Sat Jan 12 00:56:20 2019 open_tun
Sat Jan 12 00:56:20 2019 TAP-WIN32 device [Подключение по локальной сети 2] opened: .Global{61223E3E-B757-452A-B418-E67442450004}.tap
Sat Jan 12 00:56:20 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.88.6/255.255.255.252 on interface {61223E3E-B757-452A-B418-E67442450004} [DHCP-serv: 192.168.88.5, lease-time: 31536000]
Sat Jan 12 00:56:20 2019 Successful ARP Flush on interface [24] {61223E3E-B757-452A-B418-E67442450004}
Sat Jan 12 00:56:20 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jan 12 00:56:22 2019 env_block: add PATH=C:WindowsSystem32;C:Windows;C:WindowsSystem32Wbem
Sat Jan 12 00:56:22 2019 env_block: add PATH=C:WindowsSystem32;C:Windows;C:WindowsSystem32Wbem
Sat Jan 12 00:56:22 2019 Initialization Sequence Completed
Sat Jan 12 00:56:32 2019 env_block: add PATH=C:WindowsSystem32;C:Windows;C:WindowsSystem32Wbem
Sat Jan 12 00:56:32 2019 env_block: add PATH=C:WindowsSystem32;C:Windows;C:WindowsSystem32Wbem
Sat Jan 12 00:56:32 2019 SIGTERM[hard,] received, process exiting
Дата и время сервер/клиент не расходятся, полность удалял тестовую среду генерил заново.Ошибка повторяется.
Лог сервера когда строка crl-verify crl.pem не закоментированна (Ошибка.txt)
Лог сервера когда строка crl-verify crl.pem с коментом (Работает.txt)