Επιστροφή στο Forum : Mikrotik client - Linux Server [openVPN]
Καλημέρα παιδιά.
Έχω ένα Mikrotik groove και θα ήθελα να συνδέεται σε openVPN.
Υπάρχει πλήρες βοήθημα για το πως θα στήσω τόσο το linux openPVN server όσο και το Mikrotik σαν client;
Διάβασα ότι θέλει TCP , χρήστη κά., από δω και από κει, και δεν έχω καταλάβει τι ακριβώς πρέπει να κάνω.
Ευχαριστώ!
Καλημέρα! δες εδω σχετικα με τον server σε linux, εγω το ειχα κανει σε openwrt αλλα παρομοια ειναι οτι διανομη και αν εχεις : http://www.openwrt.gr/viewtopic.php?f=17&t=297
για το mikrotik client εγω δουλευα τοτε γιατι εδινα internet στο εξοχικο, τωρα εχω mikrotik openvpn server αλλα και client.
Δεν εχω καποιο δικο μου οδηγο τα βρηκα ψαχνοντας γιαυτο θα σου πω που να δεις, δεν εχω και χρονο να γραψω κατι αλλο τωρα.
http://wiki.mikrotik.com/wiki/OpenVPN (κονσολα)
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step (winbox GUI)
http://unblockvpn.com/support/how-to-set-up-openvpn-on-router-mikrotik.html
https://www.youtube.com/watch?v=L45nsdE9220
To Μikrotik δυστυχως δεν υποστηριζει ακομα!!!! UDP και LZO compression.
Πες μας σε τι διανομή linux θα είναι ο server να βρούμε ακριβώς οδηγό για την διανομή σου. Πχ για ubuntu https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
Καλησπέρα,
Δυστυχώς δεν μπόρεσα να κάνω VPN μεταξύ openwrt και mikrotik
OPENVPN CONFIG [Openwrt]
config openvpn sample_server
option enabled 1
option port 1194
option proto tcp
option dev tun
option ca /etc/easy-rsa/keys/ca.crt
option cert /etc/easy-rsa/keys/server.crt
option key /etc/easy-rsa/keys/server.key
option dh /etc/easy-rsa/dh2048.pem
option server "10.10.10.0 255.255.255.0"
option keepalive "10 120"
option cipher none
option auth none
option persist_key 1
option persist_tun 1
option status /tmp/openvpn-status.log
option verb 5
option auth-user-pass /etc/openvpn/userpass.txt
option user nobody
option group nogroup
OPENVPN USER/PASSWORD CONFIG [Openwrt]
user
pass
MIKROTIK CONFIG
Connect To: myopenvpnserver.no-ip.org
Port: 1194
Mode: ip
User: user
Password: pass
Profile: default
Certificate: cert_1
Auth: null
Cipher: null
Μου βγάζει σφάλμα
Status: terminatisng ... unknown auth alg
Τέλος να πω ότι ο windows client συνδέεται κανονικά.
Μήπως γνωρίζετε το πρόβλημα;
Ευχαριστώ
update: Συγγνώμη, δεν είχα κατανοήσει τους χρήστες στον server., έχω λάθος το config. Διαβάζω και επανέρχομαι...
update2:
Δεν κατάφερα κάτι:
ο server μου βγάζει:
VERIFY OK: depth=1, C=GR, ST=ATTICA, L=ATHENS, O=Cumulus, OU=MyVPN, CN=Cumulus CA, name=EasyRSA, emailAddress=cumulus@gmail.com
VERIFY OK: depth=0, C=GR, ST=ATTICA, L=ATHENS, O=Cumulus, OU=MyVPN, CN=server, name=EasyRSA, emailAddress=cumulus@gmail.com
TLS: Username/Password authentication succeeded for username 'aaaa'
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Peer Connection Initiated with [AF_INET]
MULTI_sva: pool returned IPv4=10.10.10.10, IPv6=(Not enabled)
MULTI: Learn: 10.10.10.10 -> server/xx.xx.xx.xx:41021
MULTI: primary virtual IP for server/xx.xx.xx.xx:41021: 10.10.10.10
Connection reset, restarting [0]
SIGUSR1[soft,connection-reset] received, client-instance restarting
TCP/UDP: Closing socket
και το mikrotik
Status: terminatisng ... unknown auth alg
δες τα option cipher none
option auth none
θα πρεπει να βαλεις καποια και να ορισεις τα ιδια στο μτικ.
στο openwrt έχω:
config openvpn 'sample_server'
option enabled '1'
option port '1194'
option proto 'tcp'
option dev 'tun'
option ca '/etc/easy-rsa/keys/ca.crt'
option cert '/etc/easy-rsa/keys/server.crt'
option key '/etc/easy-rsa/keys/server.key'
option dh '/etc/easy-rsa/dh2048.pem'
option ifconfig_pool_persist '/tmp/ipp.txt'
option keepalive '10 120'
option persist_key '1'
option persist_tun '1'
option status '/tmp/openvpn-status.log'
option auth 'none'
option cipher 'none'
option verb '8'
option server '10.10.10.0 255.255.255.0'
option client_to_client '1'
option comp_lzo 'no'
option user nobody
option group nogroup
και στο mikrotik
Connect To: myopenvpnserver.no-ip.org
Port: 1194
Mode: ip
User: user
Password: pass
Profile: default
Certificate: cert_1
Auth: null
Cipher: null
αλλά και πάλι δεν δουλεύει...συνεχίζει να μου βγάζει "unknown auth alg"
Η ώρα και στα δύο είναι η ίδια.
Κάτι άλλο που πρέπει να προσέξω;
Ορίστε
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER WRITE [114] to [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ ] pid=34 DATA len=100
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [22] from [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 31 ]
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER WRITE [114] to [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ ] pid=35 DATA len=100
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [22] from [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 32 ]
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER WRITE [114] to [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ ] pid=36 DATA len=100
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [22] from [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 33 ]
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER WRITE [100] to [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ ] pid=37 DATA len=86
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [22] from [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 34 ]
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [22] from [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 35 ]
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [22] from [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 36 ]
Sun Jun 14 21:37:13 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [22] from [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 37 ]
Sun Jun 14 21:37:14 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [1414] from [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=1400
Sun Jun 14 21:37:14 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER WRITE [22] to [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 3 ]
Sun Jun 14 21:37:14 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [1414] from [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=1400
Sun Jun 14 21:37:14 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 VERIFY OK: depth=1, C=GR, ST=ATTICA, L=ATHENS, O=Cumulus, OU=MyVPN, CN=Cumulus CA, name=EasyRSA, emailAddress=cumulus@gmail.com
Sun Jun 14 21:37:14 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 VERIFY OK: depth=0, C=GR, ST=ATTICA, L=ATHENS, O=Cumulus, OU=MyVPN, CN=client, name=EasyRSA, emailAddress=cumulus@gmail.com
Sun Jun 14 21:37:14 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER WRITE [22] to [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 4 ]
Sun Jun 14 21:37:14 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [424] from [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=410
Sun Jun 14 21:37:15 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER WRITE [85] to [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ 5 ] pid=38 DATA len=59
Sun Jun 14 21:37:15 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [22] from [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 38 ]
Sun Jun 14 21:37:15 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [360] from [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=346
Sun Jun 14 21:37:15 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER WRITE [126] to [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ 6 ] pid=39 DATA len=100
Sun Jun 14 21:37:15 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER WRITE [68] to [AF_INET]46.103.xx.xx:41581: P_CONTROL_V1 kid=0 [ ] pid=40 DATA len=54
Sun Jun 14 21:37:15 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [22] from [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 39 ]
Sun Jun 14 21:37:16 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 TCPv4_SERVER READ [22] from [AF_INET]46.103.xx.xx:41581: P_ACK_V1 kid=0 [ 40 ]
Sun Jun 14 21:37:16 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jun 14 21:37:16 2015 daemon.notice openvpn(sample_server)[1782]: 46.103.xx.xx:41581 [client] Peer Connection Initiated with [AF_INET]46.103.xx.xx:41581
Sun Jun 14 21:37:16 2015 daemon.notice openvpn(sample_server)[1782]: client/46.103.xx.xx:41581 MULTI_sva: pool returned IPv4=10.10.10.6, IPv6=(Not enabled)
Sun Jun 14 21:37:16 2015 daemon.notice openvpn(sample_server)[1782]: client/46.103.xx.xx:41581 MULTI: Learn: 10.10.10.6 -> client/46.103.xx.xx:41581
Sun Jun 14 21:37:16 2015 daemon.notice openvpn(sample_server)[1782]: client/46.103.xx.xx:41581 MULTI: primary virtual IP for client/46.103.xx.xx:41581: 10.10.10.6
Sun Jun 14 21:37:16 2015 daemon.err openvpn(sample_server)[1782]: client/46.103.xx.xx:41581 Connection reset, restarting [0]
Sun Jun 14 21:37:16 2015 daemon.notice openvpn(sample_server)[1782]: client/46.103.xx.xx:41581 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sun Jun 14 21:37:16 2015 daemon.notice openvpn(sample_server)[1782]: TCP/UDP: Closing socket
http://tomatousb.org/forum/t-261224/solved-openvpn-sigusr1-soft-connection-reset-with-tomato-usb
Καλημέρα και ευχαριστώ για τις απαντήσεις.
Το έλυσα με openvpn σε debian με τις ίδιες ρυθμίσεις.
Ίσως έφταιγε η έκδοση του openvpn από trunk του openwrt.
@ ADSLgr.com All rights reserved.