Srs.
Boa Noite!
Estou testando um acesso a von com as seguintes configuracoes:
Server.conf
proto udp
port 5200
dev tun
server 20.0.0.0 255.255.255.0
push "route 172.18.20.0 255.255.255.0"
tls-server
crl-verify /etc/openvpn/keys/crl.pem
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/servidor.crt
key //etc/openvpn/keys/servidor.key
__________________________________________________________________
client.conf
remote teste.com.br
proto udp
port 5200
dev tun
persist-tun
persist-key
pull
mute 10
client
tls-client
dh keys/dh1024.pem
ca keys/ca.crt
cert keys/teste.crt
key keys/teste.key
Uso esse server para firewall tambe por e por via das duvidas desabilitei ele para nao ter problemas de portas e so deixei rodando a seguinte configuracao:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -F
iptables -t nat -F
## COMPARTILHAR CONEXAO DE INTERNET
## IP DINAMICO
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
## ATIVAR ROTEAMENTO
echo "1" > /proc/sys/net/ipv4/ip_forward
## LIBERAR A PROPRIA MAQUINA LOOPBACK PARA ACESSO A INTERNET
iptables -A INPUT -i lo -j ACCEPT
e ao conectar atraves de uma internet 3g da a seguinte msg:
Wed Dec 15 19:32:20 2010 us=552970 Current Parameter Settings:
Wed Dec 15 19:32:20 2010 us=552998 config = 'client.conf'
Wed Dec 15 19:32:20 2010 us=553004 mode = 0
Wed Dec 15 19:32:20 2010 us=553009 show_ciphers = DISABLED
Wed Dec 15 19:32:20 2010 us=553014 show_digests = DISABLED
Wed Dec 15 19:32:20 2010 us=553020 show_engines = DISABLED
Wed Dec 15 19:32:20 2010 us=553026 genkey = DISABLED
Wed Dec 15 19:32:20 2010 us=553031 key_pass_file = '[UNDEF]'
Wed Dec 15 19:32:20 2010 us=553036 show_tls_ciphers = DISABLED
Wed Dec 15 19:32:20 2010 us=553042 proto = 0
Wed Dec 15 19:32:20 2010 us=553047 NOTE: --mute triggered...
Wed Dec 15 19:32:20 2010 us=553059 178 variation(s) on previous 10 message(s) suppressed by --mute
Wed Dec 15 19:32:20 2010 us=553067 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Wed Dec 15 19:32:20 2010 us=553127 WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Wed Dec 15 19:32:32 2010 us=523414 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1300)
Wed Dec 15 19:32:32 2010 us=523480 Control Channel MTU parms [ L:1341 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Dec 15 19:32:32 2010 us=992736 Data Channel MTU parms [ L:1341 D:1250 EF:41 EB:4 ET:0 EL:0 ]
Wed Dec 15 19:32:32 2010 us=992770 Local Options String: 'V4,dev-type tun,link-mtu 1341,tun-mtu 1300,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Dec 15 19:32:32 2010 us=992777 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1341,tun-mtu 1300,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Dec 15 19:32:32 2010 us=992799 Local Options hash (VER=V4): '49d7022d'
Wed Dec 15 19:32:32 2010 us=992811 Expected Remote Options hash (VER=V4): '6d5eff94'
Wed Dec 15 19:32:32 2010 us=992834 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Dec 15 19:32:32 2010 us=992850 UDPv4 link local (bound): [undef]:5200
Wed Dec 15 19:32:32 2010 us=992858 UDPv4 link remote: 186.213.225.178:5200
Wed Dec 15 19:32:33 2010 us=242267 TLS: Initial packet from 186.213.225.175:5200, sid=429297da f69d5c71
Wed Dec 15 19:32:34 2010 us=692983 VERIFY OK: depth=1, /C=BR/ST=MS/L=CampoGrande/O=ABST/CN=ABST_CA/emailAddress=email@teste.com.br
Wed Dec 15 19:32:34 2010 us=693290 VERIFY OK: depth=0, /C=BR/ST=MS/L=Campogrande/O=ABST/CN=Firewall/emailAddress=email@teste.com.br
Wed Dec 15 19:33:33 2010 us=433299 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Dec 15 19:33:33 2010 us=433328 TLS Error: TLS handshake failed
Wed Dec 15 19:33:33 2010 us=433558 TCP/UDP: Closing socket
Wed Dec 15 19:33:33 2010 us=433660 SIGUSR1[soft,tls-error] received, process restarting
Wed Dec 15 19:33:33 2010 us=433668 Restart pause, 2 second(s)
Wed Dec 15 19:33:35 2010 us=433248 WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Wed Dec 15 19:33:35 2010 us=433287 Re-using SSL/TLS context
Wed Dec 15 19:33:35 2010 us=433302 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1300)
Wed Dec 15 19:33:35 2010 us=433362 Control Channel MTU parms [ L:1341 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Dec 15 19:33:35 2010 us=811445 Data Channel MTU parms [ L:1341 D:1250 EF:41 EB:4 ET:0 EL:0 ]
Wed Dec 15 19:33:35 2010 us=811476 Local Options String: 'V4,dev-type tun,link-mtu 1341,tun-mtu 1300,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Dec 15 19:33:35 2010 us=811484 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1341,tun-mtu 1300,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Dec 15 19:33:35 2010 us=811498 Local Options hash (VER=V4): '49d7022d'
Wed Dec 15 19:33:35 2010 us=811512 Expected Remote Options hash (VER=V4): '6d5eff94'
Wed Dec 15 19:33:35 2010 us=811530 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Dec 15 19:33:35 2010 us=811540 UDPv4 link local (bound): [undef]:5200
Wed Dec 15 19:33:35 2010 us=811546 UDPv4 link remote: 186.213.225.175:5200
Wed Dec 15 19:33:54 2010 us=328655 TCP/UDP: Closing socket
Wed Dec 15 19:33:54 2010 us=328729 SIGTERM[hard,] received, process exiting
Alguma sugestao???