OpenVPN Server Ubunut VM

[grueni] · 15. Oktober 2012

Hallo zusammen,

ich habe mich gestern Abend mal geschwind dran gesetzt einen OpenVPN Server aufzusetzen.
Zertifikate etc. sind alle okay, Verbindung und IP Zuweisung beim Client ebenfalls, allerdings habe ich ping zu irgendeinem Gerät in meinem Netzwerk bzw. die Internetverbindung wird weiterhin über den UMTS Kanal geschaltet.

Situation:
Laptop per UTMS im Internet (zum Testen).
Ubuntu 12.04 auf VM (VirtualBox).

Ich kann über meine externe IP mich auf den Server einwählen, leider bekomme ich aber keine Standardgateway zugewiesen

Server_Conf:

Code:

port 1194
proto udp
dev tap

ca ca.crt
cert server.crt
key server.key  # This file should be kept secret

dh dh2048.pem

;server 192.168.2.0/24

ifconfig-pool-persist ipp.txt

server-bridge 192.168.2.1 255.255.255.0 192.168.2.150 192.168.2.160

server-bridge

;push "route 192.168.2.0 255.255.255.0"

;push "redirect-gateway def1 bypass-dhcp"
;push "redirect-gateway 192.168.2.1"
;push "redirect-gateway def1"

;push "dhcp-option DNS 192.168.2.1"

client-to-client

keepalive 10 120

tls-auth ta.key 0 # This file is secret
tls-server

cipher AES-256-CBC

comp-lzo

max-clients 10

user openvpn
group openvpn

persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log

log         /var/log/openvpn/openvpn.log
;log-append  openvpn.log

verb 6

mute 20

Auszug aus Interfaces:

Code:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
auto br0

# The primary network interface
iface eth0 inet static
	address 192.168.2.109
	netmask	255.255.255.0
	gateway	192.168.2.1
#Bridged Network
iface br0 inet static 
  	address 192.168.2.109 
  	netmask 255.255.255.0
  	gateway 192.168.2.1
  	bridge_ports eth0
	bridge_fd 9      ## from the libvirt docs (forward delay time)
	bridge_hello 2   ## from the libvirt docs (hello time)
	bridge_maxage 12 ## from the libvirt docs (maximum message age)
	bridge_stp off   ## from the libvirt docs (spanning tree protocol)

Auszug aus den Logfiles:

Code:

Mon Oct 15 21:11:42 2012 us=121967 Current Parameter Settings:
Mon Oct 15 21:11:42 2012 us=122016   config = '/etc/openvpn/server.conf'
Mon Oct 15 21:11:42 2012 us=122028   mode = 1
Mon Oct 15 21:11:42 2012 us=122039   persist_config = DISABLED
Mon Oct 15 21:11:42 2012 us=122049   persist_mode = 1
Mon Oct 15 21:11:42 2012 us=122059   show_ciphers = DISABLED
Mon Oct 15 21:11:42 2012 us=122069   show_digests = DISABLED
Mon Oct 15 21:11:42 2012 us=122079   show_engines = DISABLED
Mon Oct 15 21:11:42 2012 us=122089   genkey = DISABLED
Mon Oct 15 21:11:42 2012 us=122112   key_pass_file = '[UNDEF]'
Mon Oct 15 21:11:42 2012 us=122122   show_tls_ciphers = DISABLED
Mon Oct 15 21:11:42 2012 us=122134 Connection profiles [default]:
Mon Oct 15 21:11:42 2012 us=122144   proto = udp
Mon Oct 15 21:11:42 2012 us=122154   local = '[UNDEF]'
Mon Oct 15 21:11:42 2012 us=122164   local_port = 1194
Mon Oct 15 21:11:42 2012 us=122174   remote = '[UNDEF]'
Mon Oct 15 21:11:42 2012 us=122184   remote_port = 1194
Mon Oct 15 21:11:42 2012 us=122194   remote_float = DISABLED
Mon Oct 15 21:11:42 2012 us=122204   bind_defined = DISABLED
Mon Oct 15 21:11:42 2012 us=122213   bind_local = ENABLED
Mon Oct 15 21:11:42 2012 us=122223 NOTE: --mute triggered...
Mon Oct 15 21:11:42 2012 us=122238 256 variation(s) on previous 20 message(s) suppressed by --mute
Mon Oct 15 21:11:42 2012 us=122249 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
Mon Oct 15 21:11:42 2012 us=122308 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Oct 15 21:11:42 2012 us=122362 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Oct 15 21:11:42 2012 us=128052 Diffie-Hellman initialized with 2048 bit key
Mon Oct 15 21:11:42 2012 us=128253 WARNING: file 'server.key' is group or others accessible
Mon Oct 15 21:11:42 2012 us=128584 WARNING: file 'ta.key' is group or others accessible
Mon Oct 15 21:11:42 2012 us=128597 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Oct 15 21:11:42 2012 us=128612 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 15 21:11:42 2012 us=128624 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 15 21:11:42 2012 us=128641 TLS-Auth MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Oct 15 21:11:42 2012 us=128666 Socket Buffers: R=[229376->131072] S=[229376->131072]
Mon Oct 15 21:11:42 2012 us=128965 TUN/TAP device tap0 opened
Mon Oct 15 21:11:42 2012 us=128983 TUN/TAP TX queue length set to 100
Mon Oct 15 21:11:42 2012 us=129008 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Oct 15 21:11:42 2012 us=129520 GID set to openvpn
Mon Oct 15 21:11:42 2012 us=129573 UID set to openvpn
Mon Oct 15 21:11:42 2012 us=129595 UDPv4 link local (bound): [undef]
Mon Oct 15 21:11:42 2012 us=129607 UDPv4 link remote: [undef]
Mon Oct 15 21:11:42 2012 us=129621 MULTI: multi_init called, r=256 v=256
Mon Oct 15 21:11:42 2012 us=129670 IFCONFIG POOL: base=192.168.2.150 size=11, ipv6=0
Mon Oct 15 21:11:42 2012 us=129697 ifconfig_pool_read(), in='client1,192.168.2.150', TODO: IPv6
Mon Oct 15 21:11:42 2012 us=129718 succeeded -> ifconfig_pool_set()
Mon Oct 15 21:11:42 2012 us=129732 IFCONFIG POOL LIST
Mon Oct 15 21:11:42 2012 us=129746 client1,192.168.2.150
Mon Oct 15 21:11:42 2012 us=129772 Initialization Sequence Completed

Der Server verfügt über einen LAN-Adapter.

Ich habe schon alles mögliche mit push und route ausprobiert, allerdings führte nichts zum Erfolg

Hat wer auf die Schnelle einen Rat ?

Thermi · 15. Oktober 2012

Was möchtest du überhaupt tun?
Deine Internetverbindung über den OPENVPN-Server tunneln?
Dafür empfehle ich folgende Konfiguration (Bei mir funktioniert sie. Einfach mal anschauen.)
(Port etc pp variabel.) Du musst außerdem in iptables jeglichen Input/Output und Forwards erlauben, sowie eine nat-Firewall aufziehen.
port 1149
local 192.168.178.46
proto udp
mode server
tls-server
dev tap
ifconfig 172.16.17.1 255.255.255.0
ifconfig-pool 172.16.17.10 172.16.17.100
tun-mtu 1500
mssfix
ca /etc/openvpn/vpn-ca.pem
cert /etc/openvpn/servercert.pem
key /etc/openvpn/serverkey.pem
dh /etc/openvpn/dh1024.pem
#client-to-client
ifconfig-pool-persist ipp.txt
keepalive 10 60
auth SHA1
cipher aes-256-cbc
tls-auth /etc/openvpn/ta.key 1
#persist-key
persist-tun
verb 2
push "route 192.168.178.0 255.255.255.0"
push "dhcp-option DNS 172.16.17.1"
push "route-gateway 172.16.17.1"
push "dhcp-option WINS 192.168.178.46"
#push "redirect-gateway def1"
status openvpn-status.log
log /var/log/openvpn.log

[grueni] · 15. Oktober 2012

Internet tunneln, bzw Zugriff auf weiteren Server im Netzwerk erhalten

Okay ich teste mal mit deiner Conf ein wenig rum

Suche

OpenVPN Server Ubunut VM

[grueni]

Lt. Commander

Thermi

Lt. Commander

[grueni]

Lt. Commander

Ähnliche Themen

Passend zum Thema

Linux-News der Woche EndeavourOS wird zum Titan und mehr VRAM per Software

CB-Funk-Podcast #160 Xbox „Project Helix“ mit FSR Diamond & Linux vs. Windows

Test Linux (Mesa 26) vs. Windows 11 Aktuelle Gaming-Benchmarks mit Radeon RX & GeForce RTX