openvpn-apelpismenos

Chrisovalantis Sfirakis hammer at math.uoa.gr
Thu Feb 1 19:36:14 EET 2007 

ARXIKA 8ELW NA EYXARISTHSW GIA TIS ODHGIES
ALLA MALON EGW KATI DEN KATALABENW H DEN KANW KALA
PARAKATW LEW TI KANW MIPWS KAI MPORWSEI KANEIS NA ME FWTISEI

EYXARISTW KAI PALI

   1. Εγκατάσταση Modules

Ερώτημα : χρειάζεται να κάνω κάτι τέτοιο!!!

Βάζω το module tun

hammer:~# vi  modules

# /etc/modules: kernel modules to load at boot time.

#

# This file contains the names of kernel modules that should be loaded

# at boot time, one per line. Lines beginning with "#" are ignored.

ne

loop

iptable_nat

tun

hammer:~# netstat -r

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface

192.168.1.0     *               255.255.255.0   U         0 0          0 
eth1

195.134.81.0    *               255.255.255.0   U         0 0          0 
eth0

default         195.134.81.1    0.0.0.0         UG        0 0          0 
eth0

Ερώτημα : χρειάζεται να κάνω κάτι  άλλο

 

   2. Εγκατάσταση προγραμμάτων

 Εχω βάλει στο server(debian):

apt-get install openvpn ipcheck openssl openssh

 

Έχω user: nobody και group: nobody

Εχω βάλει στον client  (windows)

http://openvpn.net/download.html

 

   3. Δημιουργία conf και opvn αρχείων

http://openvpn.net/howto.html#server

αντιγραφή όπως είναι χωρίς καμιά αλλαγή  το σώζω ως server.conf (στο debian)
http://openvpn.net/howto.html#client

αντιγραφή όπως είναι χωρίς καμιά αλλαγή το σώζω ως client1.ovpn (στα 
windows) το μόνο που αλλάζω είναι «remote 195.134.81.115  1194»
Δημιουργία ca.crt dh1024.pem ipp.txt server.crt server.key

*. ./vars*

*./clean-all*

*./build-ca*

Country Name (2 letter code) [KG]:GR

State or Province Name (full name) [NA]:hammer

Locality Name (eg, city) [BISHKEK]:Athens

Organization Name (eg, company) [OpenVPN-TEST]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:hammer

Email Address [me at myhost.mydomain]:

 

*./build-key-server server*

Country Name (2 letter code) [KG]:GR

State or Province Name (full name) [NA]:hammer

Locality Name (eg, city) [BISHKEK]:Athens

Organization Name (eg, company) [OpenVPN-TEST]:

Organizational Unit Name (eg, section) []:hammer

Common Name (eg, your name or your server's hostname) []:hammer

Email Address [me at myhost.mydomain]:

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:hammer

An optional company name []:hammer

Using configuration from /etc/openvpn/easy-rsa/openssl.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName           :PRINTABLE:'GR'

stateOrProvinceName   :PRINTABLE:'hammer'

localityName          :PRINTABLE:'Athens'

organizationName      :PRINTABLE:'OpenVPN-TEST'

organizationalUnitName:PRINTABLE:'hammer'

commonName            :PRINTABLE:'hammer'

emailAddress          :IA5STRING:'me at myhost.mydomain'

Certificate is to be certified until Jan 22 03:29:49 2017 GMT (3650 days)

Sign the certificate? [y/n]:y

 

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

 

Όμοια

*./build-key client1*

και

*./build-dh*

 

   4. Δοκιμή

 

Αντιγράφω τα παραπάνω αρχεία στο

/etc/openvpn

Και στο

C:\Program Files\OpenVPN\config\

 

Τρέχω το

hammer:/etc/openvpn# openvpn /etc/openvpn/server.conf

 

Wed Jan 24 23:12:26 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] 
[EPOLL] built on Dec 22 2006

Wed Jan 24 23:12:26 2007 Diffie-Hellman initialized with 1024 bit key

Wed Jan 24 23:12:26 2007 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 
ET:0 EL:0 ]

Wed Jan 24 23:12:26 2007 TUN/TAP device tun0 opened

Wed Jan 24 23:12:26 2007 /sbin/ifconfig tun0 10.8.0.1 pointopoint 
10.8.0.2 mtu 1500

Wed Jan 24 23:12:26 2007 /sbin/route add -net 10.8.0.0 netmask 
255.255.255.0 gw 10.8.0.2

Wed Jan 24 23:12:26 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 
EB:135 ET:0 EL:0 AF:3/1 ]

Wed Jan 24 23:12:26 2007 UDPv4 link local (bound): [undef]:1194

Wed Jan 24 23:12:26 2007 UDPv4 link remote: [undef]

Wed Jan 24 23:12:26 2007 MULTI: multi_init called, r=256 v=256

Wed Jan 24 23:12:26 2007 IFCONFIG POOL: base=10.8.0.4 size=62

Wed Jan 24 23:12:26 2007 IFCONFIG POOL LIST

Wed Jan 24 23:12:26 2007 Initialization Sequence Completed

 

hammer:~# netstat -r

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface

10.8.0.2        *               255.255.255.255 UH        0 0          0 
tun0

10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 
tun0

192.168.1.0     *               255.255.255.0   U         0 0          0 
eth1

195.134.81.0    *               255.255.255.0   U         0 0          0 
eth0

default         195.134.81.1    0.0.0.0         UG        0 0          0 
eth0

 

Και τώρα το αποτέλεσμα-αποτυχια από την πλευρα του client (windows)

 

Thu Feb 01 19:28:02 2007 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on 
Nov  2 2005

Thu Feb 01 19:28:02 2007 IMPORTANT: OpenVPN's default port number is now 
1194, based on an official port number assignment by IANA.  OpenVPN 
2.0-beta16 and earlier used 5000 as the default port.

Thu Feb 01 19:28:02 2007 WARNING: No server certificate verification 
method has been enabled.  See http://openvpn.net/howto.html#mitm for 
more info.

Thu Feb 01 19:28:02 2007 Cannot load certificate file client.crt: 
error:02001002:system library:fopen:No such file or directory: 
error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL 
routines:SSL_CTX_use_certificate_file:system lib

Thu Feb 01 19:28:02 2007 Exiting

More information about the Linux-greek-users mailing list