Serverski .ovpn file izgleda ovako:
local 192.168.143.11
port 1194
proto udp4
dev tun
dev-node "server"
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
ifconfig 10.10.10.1 10.10.10.2
server 10.10.10.0 255.255.255.0
topology subnet
push "topology subnet"
dhcp-option DNS 10.10.10.1
route 10.10.10.1 255.255.255.0
push "route 10.10.10.0 255.255.255.0"
push "route 10.10.10.1 255.255.255.0"
push "route 10.10.10.2 255.255.255.0"
push "route 192.168.143.11 255.255.255.0"
push "route 192.168.143.0 255.255.255.0"
# push "dhcp-option DNS 10.10.10.1"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 208.67.222.222"
# push "redirect-gateway def1"
push "route-gateway 10.10.10.1"
keepalive 10 120
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-256-GCM
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
tls-auth ta.key 0
status openvpn-status.log 20
log openvpn.log
explicit-exit-notify 1
Klijentski .ovpn ovako:
client
dev tun
proto udp4
# dev-node "leakbusters"
redirect-gateway def1
remote 5.57.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\leakbuster-naissus.crt"
key "C:\\Program Files\\OpenVPN\\config\\leakbuster-naissus.key"
remote-cert-tls server
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key"
comp-lzo
key-direction 1
cipher AES-256-GCM
verb 4
key-direction 1
explicit-exit-notify 1
Log sa klijenta:
Mon Aug 13 09:09:06 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Mon Aug 13 09:09:06 2018 Windows version 6.1 (Windows 7) 64bit
Mon Aug 13 09:09:06 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Mon Aug 13 09:09:06 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Aug 13 09:09:06 2018 Need hold release from management interface, waiting...
Mon Aug 13 09:09:06 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Aug 13 09:09:06 2018 MANAGEMENT: CMD 'state on'
Mon Aug 13 09:09:06 2018 MANAGEMENT: CMD 'log all on'
Mon Aug 13 09:09:06 2018 MANAGEMENT: CMD 'echo all on'
Mon Aug 13 09:09:06 2018 MANAGEMENT: CMD 'hold off'
Mon Aug 13 09:09:06 2018 MANAGEMENT: CMD 'hold release'
Mon Aug 13 09:09:07 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 13 09:09:07 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 13 09:09:07 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]5.57.x.x:1194
Mon Aug 13 09:09:07 2018 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Aug 13 09:09:07 2018 UDPv4 link local: (not bound)
Mon Aug 13 09:09:07 2018 UDPv4 link remote: [AF_INET]5.57.x.x:1194
Mon Aug 13 09:09:07 2018 MANAGEMENT: >STATE:1534144147,WAIT,,,,,,
Mon Aug 13 09:09:08 2018 MANAGEMENT: >STATE:1534144148,AUTH,,,,,,
Mon Aug 13 09:09:08 2018 TLS: Initial packet from [AF_INET]5.57.x.x:1194, sid=eed0c317 e65f73af
Mon Aug 13 09:09:08 2018 VERIFY OK: depth=1, C=RS, ST=RS, L=Nis, O=Leakbusters, OU=Leakbusters, CN=5.57.x.x, name=Leakbuster, [email protected]
Mon Aug 13 09:09:08 2018 VERIFY KU OK
Mon Aug 13 09:09:08 2018 Validating certificate extended key usage
Mon Aug 13 09:09:08 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Aug 13 09:09:08 2018 VERIFY EKU OK
Mon Aug 13 09:09:08 2018 VERIFY OK: depth=0, C=RS, ST=RS, L=Nis, O=Leakbusters, OU=Leakbusters, CN=Leakbusters, name=Leakbuster, [email protected]
Mon Aug 13 09:09:09 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Aug 13 09:09:09 2018 [Leakbusters] Peer Connection Initiated with [AF_INET]5.57.x.x:1194
Mon Aug 13 09:09:10 2018 MANAGEMENT: >STATE:1534144150,GET_CONFIG,,,,,,
Mon Aug 13 09:09:10 2018 SENT CONTROL [Leakbusters]: 'PUSH_REQUEST' (status=1)
Mon Aug 13 09:09:10 2018 PUSH: Received control message: 'PUSH_REPLY,topology subnet,route 10.10.10.0 255.255.255.0,route 10.10.10.1 255.255.255.0,route 10.10.10.2 255.255.255.0,route 192.168.143.11 255.255.255.0,route 192.168.143.0 255.255.255.0,dhcp-option DNS 10.10.10.1,route-gateway 10.10.10.1,route-gateway 10.10.10.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.10.10.4 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Mon Aug 13 09:09:10 2018 OPTIONS IMPORT: timers and/or timeouts modified
Mon Aug 13 09:09:10 2018 OPTIONS IMPORT: --ifconfig/up options modified
Mon Aug 13 09:09:10 2018 OPTIONS IMPORT: route options modified
Mon Aug 13 09:09:10 2018 OPTIONS IMPORT: route-related options modified
Mon Aug 13 09:09:10 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Aug 13 09:09:10 2018 OPTIONS IMPORT: peer-id set
Mon Aug 13 09:09:10 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Aug 13 09:09:10 2018 OPTIONS IMPORT: data channel crypto options modified
Mon Aug 13 09:09:10 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Aug 13 09:09:10 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Aug 13 09:09:10 2018 interactive service msg_channel=464
Mon Aug 13 09:09:10 2018 ROUTE_GATEWAY 192.168.110.254/255.255.255.0 I=29 HWADDR=e8:39:35:546:98
Mon Aug 13 09:09:10 2018 open_tun
Mon Aug 13 09:09:10 2018 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{5FAFCCB4-03D0-4A10-9169-C4F7932C5471}.tap
Mon Aug 13 09:09:10 2018 TAP-Windows Driver Version 9.21
Mon Aug 13 09:09:10 2018 Set TAP-Windows TUN subnet mode network/local/netmask = 10.10.10.0/10.10.10.4/255.255.255.0 [SUCCEEDED]
Mon Aug 13 09:09:10 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.4/255.255.255.0 on interface {5FAFCCB4-03D0-4A10-9169-C4F7932C5471} [DHCP-serv: 10.10.10.254, lease-time: 31536000]
Mon Aug 13 09:09:10 2018 Successful ARP Flush on interface [25] {5FAFCCB4-03D0-4A10-9169-C4F7932C5471}
Mon Aug 13 09:09:10 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Aug 13 09:09:10 2018 MANAGEMENT: >STATE:1534144150,ASSIGN_IP,,10.10.10.4,,,,
Mon Aug 13 09:09:15 2018 TEST ROUTES: 6/6 succeeded len=5 ret=1 a=0 u/d=up
Mon Aug 13 09:09:15 2018 C:\Windows\system32\route.exe ADD 5.57.x.x MASK 255.255.255.255 192.168.110.254
Mon Aug 13 09:09:15 2018 Route addition via service succeeded
Mon Aug 13 09:09:15 2018 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.10.10.1
Mon Aug 13 09:09:15 2018 Route addition via service succeeded
Mon Aug 13 09:09:15 2018 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.10.10.1
Mon Aug 13 09:09:15 2018 Route addition via service succeeded
Mon Aug 13 09:09:15 2018 MANAGEMENT: >STATE:1534144155,ADD_ROUTES,,,,,,
Mon Aug 13 09:09:15 2018 C:\Windows\system32\route.exe ADD 10.10.10.0 MASK 255.255.255.0 10.10.10.1
Mon Aug 13 09:09:15 2018 Route addition via service succeeded
Mon Aug 13 09:09:15 2018 C:\Windows\system32\route.exe ADD 10.10.10.1 MASK 255.255.255.0 10.10.10.1
Mon Aug 13 09:09:15 2018 ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=25]
Mon Aug 13 09:09:15 2018 Route addition via service failed
Mon Aug 13 09:09:15 2018 C:\Windows\system32\route.exe ADD 10.10.10.2 MASK 255.255.255.0 10.10.10.1
Mon Aug 13 09:09:15 2018 ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=25]
Mon Aug 13 09:09:15 2018 Route addition via service failed
Mon Aug 13 09:09:15 2018 C:\Windows\system32\route.exe ADD 192.168.143.11 MASK 255.255.255.0 10.10.10.1
Mon Aug 13 09:09:15 2018 ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=25]
Mon Aug 13 09:09:15 2018 Route addition via service failed
Mon Aug 13 09:09:15 2018 C:\Windows\system32\route.exe ADD 192.168.143.0 MASK 255.255.255.0 10.10.10.1
Mon Aug 13 09:09:15 2018 Route addition via service succeeded
Mon Aug 13 09:09:15 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Aug 13 09:09:15 2018 Initialization Sequence Completed
Mon Aug 13 09:09:15 2018 MANAGEMENT: >STATE:1534144155,CONNECTED,SUCCESS,10.10.10.4,5.5 7.x.x,1194,,
Konekcija se uspostavi, ali niti se IP adresa klijenta promeni, niti mogu da vidim mrežu i šerove na serveru.
Gde grešim?
[Ovu poruku je menjao tanasko dana 13.08.2018. u 13:42 GMT+1]
[Ovu poruku je menjao tanasko dana 13.08.2018. u 13:43 GMT+1]
[Ovu poruku je menjao tanasko dana 13.08.2018. u 13:44 GMT+1]