# Ubuntu Server mit OpenVPN und Verbindung ich verzweifel :(



## Sniky76 (12. Januar 2008)

Hallo,

folgendes habe ich vor und ich hoffe wirklich, hier kann mir jemand helfen?

Also mein Netzwerkplan:

Ich habe einen Ubuntu Server mit Ubuntu 7.10 Minimal.

Dieser Server soll mein OpenVPN Server sein.

Jetzt möchte ich mich über meinen Notebook (Windows Vista oder WinXP oder auch Ubuntu) per VPN mit dem Server verbinden und über diese Sichere Verbindung durch das indernet (mit der IP vom Server) Surfen.

Was ich schon gemacht habe:

Auf dem Server:
Hab ich OpenVPN und OpenSSL installiert.

Meine server.conf:

```
#Port
port 1194

# TCP oder UDP?
proto tcp

# tun oder tap?
# Das tun Device erstellt einen IP Tunnel,
# während das tap Device einen Ethernet Tunnel erstellt.
dev tun

# Die ermittelte mtu für das tun Interface.
# Wir fügen die Optionen fragment und
# mssfix hinzu, um ein Aushandeln der
# Paketgroessen zu ermoeglichen

tun-mtu 1492
#fragment 1300
mssfix

# Die Pfade zu den Keys und Zertifikaten.
# Ich kopiere die Pärchen später in das
# openvpn Verzeichnis, um Wirrwarr vorzubeugen.
ca ./easy-rsa2/keys/ca.crt
cert ./easy-rsa2/keys/server.crt
key ./easy-rsa2/keys/server.key    # Diese Datei geheim halten.
dh ./easy-rsa2/keys/dh1024.pem     # Diffie-Hellman-Parameter Generate your own with:

# der Pfad zu den Diffie-Hellmann Parametern.
# Auch diese werde ich später ins openvpn
# Verzeichnis kopieren.
#dh /usr/local/etc/openvpn/dh1024.pem

# Durch die Angabe von server veranlassen
# wir openvpn im Servermodus zu lauern.
# Hier übergeben wir auch den Adressbereich
# und die Netzwerkmaske für das virtuelle
# Netzwerk. Der Server wird automatisch
#auf der ersten IP lauschen - also 10.8.0.1
server 10.8.0.0 255.255.255.0

# Wir können einen Pool für die Virtuellen
# Adressen angeben. Falls ein Client die
# Verbindung beendet, bekommt er bei der
# nächsten Verbindung automatisch die selbe
# IP zugewiesen.
ifconfig-pool-persist ipp.txt

# Mit dem push Befehl können wir die
# Clients veranlassen ihre Routing Tabellen
# automatisch beim Verbindungsaufbau neu
# zu schreiben. Wir veranlassen also die Clients
# die Route in den Adressbereich
# 192.168.2.0 automatisch über vpn zu routen
push "route 0.0.0.0 0.0.0.0"

# Mit keepalive können wir uns
# informieren, ob die Gegenstelle noch
# erreichbar ist. Wir setzen alle 10 Sekunden
# ein ping ähnliches Paket ab und gehen
# davon aus, dass die Gegenstelle weg ist,
# wenn nach 120 Sekunden keine Antwort kommt.
keepalive 10 120

# Unsere Authentifizierungsmethode
auth SHA1

# Unsere Verschlüsselungsmethode
cipher AES-256-CBC

# Wir wollen komprimierten Datenverkehr
comp-lzo

# Wir reduzieren die Rechte, mit dem der
# Server läuft nach dem Verbindungsaufbau.
# Dies wird allerdings zur Folge haben, dass er keine Berechtigung mehr hat die
# Routing Tabelle in den ursprünglichen
# Zustand zu versetzen, was hier aber kein
# Problem darstellt.
user nobody
group nogroup

# Die persist Optionen werden die Keys
# und Zertifikate im Speicher behalten,
# so dass sie auch noch gelesen werden
# können nachdem Gruppe und User
# gewechselt wurden.
persist-key
persist-tun

# Für unsere Versuche setzen wir die Geschwätzigkeit
# auf Level 3
verb 3
```

und wenn ich jetzt den OpenVPN Server starte kommt:

```
Sat Jan 12 11:52:26 2008 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on May 21 2007
Sat Jan 12 11:52:26 2008 Diffie-Hellman initialized with 1024 bit key
Sat Jan 12 11:52:26 2008 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
Sat Jan 12 11:52:26 2008 TLS-Auth MTU parms [ L:1552 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Jan 12 11:52:26 2008 TUN/TAP device tun0 opened
Sat Jan 12 11:52:26 2008 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Sat Jan 12 11:52:26 2008 ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1492
Sat Jan 12 11:52:26 2008 route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sat Jan 12 11:52:26 2008 Data Channel MTU parms [ L:1552 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jan 12 11:52:26 2008 GID set to nogroup
Sat Jan 12 11:52:26 2008 UID set to nobody
Sat Jan 12 11:52:26 2008 Listening for incoming TCP connection on [undef]:1194
Sat Jan 12 11:52:26 2008 TCPv4_SERVER link local (bound): [undef]:1194
Sat Jan 12 11:52:26 2008 TCPv4_SERVER link remote: [undef]
Sat Jan 12 11:52:26 2008 MULTI: multi_init called, r=256 v=256
Sat Jan 12 11:52:26 2008 IFCONFIG POOL: base=10.8.0.4 size=62
Sat Jan 12 11:52:26 2008 IFCONFIG POOL LIST
Sat Jan 12 11:52:26 2008 ersterclient,10.8.0.4
Sat Jan 12 11:52:26 2008 MULTI: TCP INIT maxclients=1024 maxevents=1028
Sat Jan 12 11:52:26 2008 Initialization Sequence Completed
```

Jetzt meine Client.conf:

```
# Die Server-IP-Adresse
remote (meine Server IP)

# Port
port 1194

# Festlegen als was fungiert wird
tls-client
pull

# Das tun Device erstellt einen IP-Tunnel, während das tap Device einen Ethernet-Tunnel aufbautt.
dev tun

# Protokoll auswählen udp oder tcp
proto tcp-client

#ifconfig 10.8.0.2 10.8.0.1
#route-gateway 10.8.0.1
#route 0.0.0.0 0.0.0.0

# Auflösen des Hostnames des Servers (wegen nicht permanent mit dem Internet verbundenen Rechnern)
resolv-retry infinite

# Lokalen Port festlegen oder freigeben
nobind

# Verbindung immer gleich halten
persist-key
persist-tun

#zu verwendende Zertifikate und Schlüssel
ca C:\\Users\\Sniky\\Documents\\certifikate\\ca.crt
cert C:\\Users\\Sniky\\Documents\\certifikate\\ersterclient.crt
key C:\\Users\\Sniky\\Documents\\certifikate\\ersterclient.key

# Verschlüsselung
cipher AES-256-CBC

# Komprimiernug
comp-lzo

# Authentifizierungsmethode
auth SHA1

# "Gesprächigkeit" des Tunnels
verb 3 

# Silence repeating messages
mute 20
```

starte ich jetzt diese verbindung kommt:

```
Sat Jan 12 12:54:42 2008 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
Sat Jan 12 12:54:42 2008 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 12 12:54:42 2008 LZO compression initialized
Sat Jan 12 12:54:42 2008 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Jan 12 12:54:42 2008 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jan 12 12:54:42 2008 Local Options hash (VER=V4): '958c5492'
Sat Jan 12 12:54:42 2008 Expected Remote Options hash (VER=V4): '79ef4284'
Sat Jan 12 12:54:42 2008 Attempting to establish TCP connection with (meine Server IP):1194
Sat Jan 12 12:54:42 2008 TCP connection established with (meine Server IP):1194
Sat Jan 12 12:54:42 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Jan 12 12:54:42 2008 TCPv4_CLIENT link local: [undef]
Sat Jan 12 12:54:42 2008 TCPv4_CLIENT link remote: (meine Server IP):1194
Sat Jan 12 12:54:43 2008 TLS: Initial packet from (meine Server IP):1194, sid=755b7102 a66d3c14
Sat Jan 12 12:54:45 2008 VERIFY OK: depth=1, /C=US/ST=CA/L=Canada/O=VNC-Server/CN=VNC-Server/emailAddress=mail@vnc-server.ca
Sat Jan 12 12:54:45 2008 VERIFY OK: depth=0, /C=US/ST=CA/L=Canada/O=VNC-Server/OU=VNC/CN=server/emailAddress=mail@vnc-server.ca
Sat Jan 12 12:54:48 2008 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1552'
Sat Jan 12 12:54:48 2008 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1492'
Sat Jan 12 12:54:48 2008 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 12 12:54:48 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 12:54:48 2008 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 12 12:54:48 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 12:54:48 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jan 12 12:54:48 2008 [server] Peer Connection Initiated with (meine Server IP):1194
Sat Jan 12 12:54:50 2008 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jan 12 12:54:50 2008 PUSH: Received control message: 'PUSH_REPLY,route 0.0.0.0 0.0.0.0,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat Jan 12 12:54:50 2008 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan 12 12:54:50 2008 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jan 12 12:54:50 2008 OPTIONS IMPORT: route options modified
Sat Jan 12 12:54:50 2008 TAP-WIN32 device [LAN-Verbindung 5] opened: \\.\Global\{CE810BF3-7CB8-489A-9053-226AC39B6BC1}.tap
Sat Jan 12 12:54:50 2008 TAP-Win32 Driver Version 9.3 
Sat Jan 12 12:54:50 2008 TAP-Win32 MTU=1500
Sat Jan 12 12:54:50 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {CE810BF3-7CB8-489A-9053-226AC39B6BC1} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sat Jan 12 12:54:50 2008 Successful ARP Flush on interface [26] {CE810BF3-7CB8-489A-9053-226AC39B6BC1}
Sat Jan 12 12:54:55 2008 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Sat Jan 12 12:54:55 2008 route ADD 0.0.0.0 MASK 0.0.0.0 10.8.0.5
Sat Jan 12 12:54:55 2008 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sat Jan 12 12:54:55 2008 Route addition via IPAPI succeeded [adaptive]
Sat Jan 12 12:54:55 2008 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sat Jan 12 12:54:55 2008 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sat Jan 12 12:54:55 2008 Route addition via IPAPI succeeded [adaptive]
Sat Jan 12 12:54:55 2008 Initialization Sequence Completed
```

und in der Taskleiste schalten auch die OpenVPN Monitore auf grün um, also scheint ja auch eine VPN Verbindung zum Server zu stehen.

Nur wie mache ich das jetzt genau, dass ich über diese Sichere Verbindung surfe?

Ich bin normal über WLan mit einer FritzBox mit einer Festen einstellung verbunden:

192.168.178.21
255.255.255.0
192.168.0.1
bevorzugter dns:
192.168.0.1

Ich hoffe wirklich mir kann jetzt irgend jemand weiter helfen... ich sitze da jetzt schon ewig dran und die Verbindung steht ja auch schon ewig... es scheitert hier wirklich nur noch an dieser einen Sache 

Vielen dank!

Viele Grüße,
Sniky


----------



## Sniky76 (12. Januar 2008)

Hallo,

ok, jetzt bin ich wieder einen Schritt weiter... wenn ich jetzt auf verbinden klicke, steht bei mir unter Netzwerk und Freigabecenter das ich mit einem Mehrfachnetzwerk verbunden bin... das ist ja schon mal ganz gut, hat er vorhin nicht gemacht 

Nur komme ich dann nur noch bis zu dem Server und nicht mehr ins Internet und auch unter Netzwerk und Freigabecenter steht bei Zugriff: Nur Lokal 

Da scheint noch irgend was an dem Server zu hängen...


Was ich jetzt genau gemacht und geändert habe, weiß ich jetzt gar nicht mehr so genau, deshalb hier mal die ganzen Logs und Daten:

wenn ich den OpenVPN Server jetzt starte kommt:


```
root@cache-frr-ae07-aol:/etc/openvpn# openvpn --config /etc/openvpn/server.conf
Sat Jan 12 19:10:22 2008 us=502926 Current Parameter Settings:
Sat Jan 12 19:10:22 2008 us=502992   config = '/etc/openvpn/server.conf'
Sat Jan 12 19:10:22 2008 us=503004   mode = 1
Sat Jan 12 19:10:22 2008 us=503011   persist_config = DISABLED
Sat Jan 12 19:10:22 2008 us=503019   persist_mode = 1
Sat Jan 12 19:10:22 2008 us=503025   show_ciphers = DISABLED
Sat Jan 12 19:10:22 2008 us=503030   show_digests = DISABLED
Sat Jan 12 19:10:22 2008 us=503036   show_engines = DISABLED
Sat Jan 12 19:10:22 2008 us=503043   genkey = DISABLED
Sat Jan 12 19:10:22 2008 us=503049   key_pass_file = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503055   show_tls_ciphers = DISABLED
Sat Jan 12 19:10:22 2008 us=503061   proto = 1
Sat Jan 12 19:10:22 2008 us=503069   local = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503075   remote_list = NULL
Sat Jan 12 19:10:22 2008 us=503081   remote_random = DISABLED
Sat Jan 12 19:10:22 2008 us=503087   local_port = 443
Sat Jan 12 19:10:22 2008 us=503093   remote_port = 443
Sat Jan 12 19:10:22 2008 us=503100   remote_float = DISABLED
Sat Jan 12 19:10:22 2008 us=503106   ipchange = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503114   bind_local = ENABLED
Sat Jan 12 19:10:22 2008 us=503120   dev = 'tap'
Sat Jan 12 19:10:22 2008 us=503128   dev_type = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503133   dev_node = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503141   tun_ipv6 = DISABLED
Sat Jan 12 19:10:22 2008 us=503147   ifconfig_local = '10.0.0.1'
Sat Jan 12 19:10:22 2008 us=503157   ifconfig_remote_netmask = '255.255.255.0'
Sat Jan 12 19:10:22 2008 us=503164   ifconfig_noexec = DISABLED
Sat Jan 12 19:10:22 2008 us=503171   ifconfig_nowarn = DISABLED
Sat Jan 12 19:10:22 2008 us=503177   shaper = 0
Sat Jan 12 19:10:22 2008 us=503184   tun_mtu = 1500
Sat Jan 12 19:10:22 2008 us=503190   tun_mtu_defined = ENABLED
Sat Jan 12 19:10:22 2008 us=503198   link_mtu = 1500
Sat Jan 12 19:10:22 2008 us=503204   link_mtu_defined = DISABLED
Sat Jan 12 19:10:22 2008 us=503211   tun_mtu_extra = 32
Sat Jan 12 19:10:22 2008 us=503217   tun_mtu_extra_defined = ENABLED
Sat Jan 12 19:10:22 2008 us=503225   fragment = 0
Sat Jan 12 19:10:22 2008 us=503231   mtu_discover_type = -1
Sat Jan 12 19:10:22 2008 us=503238   mtu_test = 0
Sat Jan 12 19:10:22 2008 us=503244   mlock = DISABLED
Sat Jan 12 19:10:22 2008 us=503252   keepalive_ping = 3
Sat Jan 12 19:10:22 2008 us=503258   keepalive_timeout = 120
Sat Jan 12 19:10:22 2008 us=503265   inactivity_timeout = 0
Sat Jan 12 19:10:22 2008 us=503271   ping_send_timeout = 3
Sat Jan 12 19:10:22 2008 us=503279   ping_rec_timeout = 240
Sat Jan 12 19:10:22 2008 us=503285   ping_rec_timeout_action = 2
Sat Jan 12 19:10:22 2008 us=503291   ping_timer_remote = DISABLED
Sat Jan 12 19:10:22 2008 us=503298   remap_sigusr1 = 0
Sat Jan 12 19:10:22 2008 us=503304   explicit_exit_notification = 0
Sat Jan 12 19:10:22 2008 us=503310   persist_tun = ENABLED
Sat Jan 12 19:10:22 2008 us=503316   persist_local_ip = DISABLED
Sat Jan 12 19:10:22 2008 us=503322   persist_remote_ip = DISABLED
Sat Jan 12 19:10:22 2008 us=503328   persist_key = ENABLED
Sat Jan 12 19:10:22 2008 us=503334   mssfix = 1450
Sat Jan 12 19:10:22 2008 us=503341   passtos = DISABLED
Sat Jan 12 19:10:22 2008 us=503347   resolve_retry_seconds = 1000000000
Sat Jan 12 19:10:22 2008 us=503353   connect_retry_seconds = 5
Sat Jan 12 19:10:22 2008 us=503359   username = 'nobody'
Sat Jan 12 19:10:22 2008 us=503366   groupname = 'nogroup'
Sat Jan 12 19:10:22 2008 us=503371   chroot_dir = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503378   cd_dir = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503384   writepid = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503390   up_script = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503396   down_script = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503402   down_pre = DISABLED
Sat Jan 12 19:10:22 2008 us=503410   up_restart = DISABLED
Sat Jan 12 19:10:22 2008 us=503415   up_delay = DISABLED
Sat Jan 12 19:10:22 2008 us=503423   daemon = DISABLED
Sat Jan 12 19:10:22 2008 us=503429   inetd = 0
Sat Jan 12 19:10:22 2008 us=503437   log = DISABLED
Sat Jan 12 19:10:22 2008 us=503442   suppress_timestamps = DISABLED
Sat Jan 12 19:10:22 2008 us=503450   nice = 0
Sat Jan 12 19:10:22 2008 us=503456   verbosity = 5
Sat Jan 12 19:10:22 2008 us=503463   mute = 0
Sat Jan 12 19:10:22 2008 us=503469   gremlin = 0
Sat Jan 12 19:10:22 2008 us=503477   status_file = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503483   status_file_version = 1
Sat Jan 12 19:10:22 2008 us=503490   status_file_update_freq = 60
Sat Jan 12 19:10:22 2008 us=503496   occ = ENABLED
Sat Jan 12 19:10:22 2008 us=503504   rcvbuf = 65536
Sat Jan 12 19:10:22 2008 us=503509   sndbuf = 65536
Sat Jan 12 19:10:22 2008 us=503516   socks_proxy_server = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503523   socks_proxy_port = 0
Sat Jan 12 19:10:22 2008 us=503529   socks_proxy_retry = DISABLED
Sat Jan 12 19:10:22 2008 us=503535   fast_io = DISABLED
Sat Jan 12 19:10:22 2008 us=503541   comp_lzo = ENABLED
Sat Jan 12 19:10:22 2008 us=503548   comp_lzo_adaptive = ENABLED
Sat Jan 12 19:10:22 2008 us=503554   route_script = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503562   route_default_gateway = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503568   route_noexec = DISABLED
Sat Jan 12 19:10:22 2008 us=503575   route_delay = 0
Sat Jan 12 19:10:22 2008 us=503581   route_delay_window = 30
Sat Jan 12 19:10:22 2008 us=503589   route_delay_defined = DISABLED
Sat Jan 12 19:10:22 2008 us=503595   management_addr = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503602   management_port = 0
Sat Jan 12 19:10:22 2008 us=503608   management_user_pass = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503618   management_log_history_cache = 250
Sat Jan 12 19:10:22 2008 us=503624   management_echo_buffer_size = 100
Sat Jan 12 19:10:22 2008 us=503633   management_query_passwords = DISABLED
Sat Jan 12 19:10:22 2008 us=503639   management_hold = DISABLED
Sat Jan 12 19:10:22 2008 us=503645   shared_secret_file = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503652   key_direction = 0
Sat Jan 12 19:10:22 2008 us=503661   ciphername_defined = ENABLED
Sat Jan 12 19:10:22 2008 us=503670   ciphername = 'BF-CBC'
Sat Jan 12 19:10:22 2008 us=503678   authname_defined = ENABLED
Sat Jan 12 19:10:22 2008 us=503684   authname = 'SHA1'
Sat Jan 12 19:10:22 2008 us=503691   keysize = 0
Sat Jan 12 19:10:22 2008 us=503696   engine = DISABLED
Sat Jan 12 19:10:22 2008 us=503704   replay = ENABLED
Sat Jan 12 19:10:22 2008 us=503710   mute_replay_warnings = DISABLED
Sat Jan 12 19:10:22 2008 us=503717   replay_window = 0
Sat Jan 12 19:10:22 2008 us=503723   replay_time = 0
Sat Jan 12 19:10:22 2008 us=503731   packet_id_file = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503737   use_iv = ENABLED
Sat Jan 12 19:10:22 2008 us=503744   test_crypto = DISABLED
Sat Jan 12 19:10:22 2008 us=503750   tls_server = ENABLED
Sat Jan 12 19:10:22 2008 us=503758   tls_client = DISABLED
Sat Jan 12 19:10:22 2008 us=503764   key_method = 2
Sat Jan 12 19:10:22 2008 us=503770   ca_file = './easy-rsa2/keys/ca.crt'
Sat Jan 12 19:10:22 2008 us=503778   dh_file = './easy-rsa2/keys/dh1024.pem'
Sat Jan 12 19:10:22 2008 us=503785   cert_file = './easy-rsa2/keys/server.crt'
Sat Jan 12 19:10:22 2008 us=503791   priv_key_file = './easy-rsa2/keys/server.key'
Sat Jan 12 19:10:22 2008 us=503798   pkcs12_file = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503804   cipher_list = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503810   tls_verify = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503816   tls_remote = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503822   crl_file = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503830   ns_cert_type = 0
Sat Jan 12 19:10:22 2008 us=503836   tls_timeout = 2
Sat Jan 12 19:10:22 2008 us=503844   renegotiate_bytes = 0
Sat Jan 12 19:10:22 2008 us=503850   renegotiate_packets = 0
Sat Jan 12 19:10:22 2008 us=503857   renegotiate_seconds = 3600
Sat Jan 12 19:10:22 2008 us=503863   handshake_window = 60
Sat Jan 12 19:10:22 2008 us=503871   transition_window = 3600
Sat Jan 12 19:10:22 2008 us=503877   single_session = DISABLED
Sat Jan 12 19:10:22 2008 us=503887   tls_exit = DISABLED
Sat Jan 12 19:10:22 2008 us=503893   tls_auth_file = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=503913   server_network = 0.0.0.0
Sat Jan 12 19:10:22 2008 us=503924   server_netmask = 0.0.0.0
Sat Jan 12 19:10:22 2008 us=503932   server_bridge_ip = 0.0.0.0
Sat Jan 12 19:10:22 2008 us=503940   server_bridge_netmask = 0.0.0.0
Sat Jan 12 19:10:22 2008 us=503947   server_bridge_pool_start = 0.0.0.0
Sat Jan 12 19:10:22 2008 us=503955   server_bridge_pool_end = 0.0.0.0
Sat Jan 12 19:10:22 2008 us=503962   push_list = 'route 0.0.0.0 0.0.0.0,dhcp-option DNS 10.0.0.1,ping 3,ping-restart 120'
Sat Jan 12 19:10:22 2008 us=503970   ifconfig_pool_defined = ENABLED
Sat Jan 12 19:10:22 2008 us=503977   ifconfig_pool_start = 10.0.0.2
Sat Jan 12 19:10:22 2008 us=503985   ifconfig_pool_end = 10.0.0.254
Sat Jan 12 19:10:22 2008 us=503992   ifconfig_pool_netmask = 0.0.0.0
Sat Jan 12 19:10:22 2008 us=504000   ifconfig_pool_persist_filename = 'ipp.txt'
Sat Jan 12 19:10:22 2008 us=504007   ifconfig_pool_persist_refresh_freq = 600
Sat Jan 12 19:10:22 2008 us=504015   ifconfig_pool_linear = DISABLED
Sat Jan 12 19:10:22 2008 us=504022   n_bcast_buf = 256
Sat Jan 12 19:10:22 2008 us=504028   tcp_queue_limit = 64
Sat Jan 12 19:10:22 2008 us=504034   real_hash_size = 256
Sat Jan 12 19:10:22 2008 us=504041   virtual_hash_size = 256
Sat Jan 12 19:10:22 2008 us=504047   client_connect_script = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=504053   learn_address_script = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=504060   client_disconnect_script = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=504066   client_config_dir = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=504072   ccd_exclusive = DISABLED
Sat Jan 12 19:10:22 2008 us=504078   tmp_dir = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=504085   push_ifconfig_defined = DISABLED
Sat Jan 12 19:10:22 2008 us=504092   push_ifconfig_local = 0.0.0.0
Sat Jan 12 19:10:22 2008 us=504099   push_ifconfig_remote_netmask = 0.0.0.0
Sat Jan 12 19:10:22 2008 us=504107   enable_c2c = DISABLED
Sat Jan 12 19:10:22 2008 us=504114   duplicate_cn = DISABLED
Sat Jan 12 19:10:22 2008 us=504119   cf_max = 0
Sat Jan 12 19:10:22 2008 us=504126   cf_per = 0
Sat Jan 12 19:10:22 2008 us=504132   max_clients = 1024
Sat Jan 12 19:10:22 2008 us=504138   max_routes_per_client = 256
Sat Jan 12 19:10:22 2008 us=504144   client_cert_not_required = DISABLED
Sat Jan 12 19:10:22 2008 us=504151   username_as_common_name = DISABLED
Sat Jan 12 19:10:22 2008 us=504157   auth_user_pass_verify_script = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=504163   auth_user_pass_verify_script_via_file = DISABLED
Sat Jan 12 19:10:22 2008 us=504169   client = DISABLED
Sat Jan 12 19:10:22 2008 us=504177   pull = DISABLED
Sat Jan 12 19:10:22 2008 us=504182   auth_user_pass_file = '[UNDEF]'
Sat Jan 12 19:10:22 2008 us=504193 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on May 21 2007
Sat Jan 12 19:10:22 2008 us=510215 Diffie-Hellman initialized with 1024 bit key
Sat Jan 12 19:10:22 2008 us=510777 TLS-Auth MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Jan 12 19:10:22 2008 us=510895 TUN/TAP device tap0 opened
Sat Jan 12 19:10:22 2008 us=510916 Note: Cannot set tx queue length on tap0: Operation not permitted (errno=1)
Sat Jan 12 19:10:22 2008 us=510942 ifconfig tap0 10.0.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.0.0.255
Sat Jan 12 19:10:22 2008 us=516455 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Jan 12 19:10:22 2008 us=516912 GID set to nogroup
Sat Jan 12 19:10:22 2008 us=516930 UID set to nobody
Sat Jan 12 19:10:22 2008 us=516944 Listening for incoming TCP connection on [undef]:443
Sat Jan 12 19:10:22 2008 us=516964 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sat Jan 12 19:10:22 2008 us=516977 TCPv4_SERVER link local (bound): [undef]:443
Sat Jan 12 19:10:22 2008 us=516984 TCPv4_SERVER link remote: [undef]
Sat Jan 12 19:10:22 2008 us=516998 MULTI: multi_init called, r=256 v=256
Sat Jan 12 19:10:22 2008 us=517028 IFCONFIG POOL: base=10.0.0.2 size=253
Sat Jan 12 19:10:22 2008 us=517048 IFCONFIG POOL LIST
Sat Jan 12 19:10:22 2008 us=517059 ersterclient,10.0.0.2
Sat Jan 12 19:10:22 2008 us=517089 MULTI: TCP INIT maxclients=1024 maxevents=1028
Sat Jan 12 19:10:22 2008 us=517114 Initialization Sequence Completed
```

So starte ich jetzt die Verbindung, kommt auf dem Server:


```
Sat Jan 12 19:12:01 2008 us=363462 MULTI: multi_create_instance called
Sat Jan 12 19:12:01 2008 us=363499 Re-using SSL/TLS context
Sat Jan 12 19:12:01 2008 us=363539 LZO compression initialized
Sat Jan 12 19:12:01 2008 us=363695 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Jan 12 19:12:01 2008 us=363721 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Jan 12 19:12:01 2008 us=363763 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Jan 12 19:12:01 2008 us=363777 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Jan 12 19:12:01 2008 us=363801 Local Options hash (VER=V4): '3e6d1056'
Sat Jan 12 19:12:01 2008 us=363817 Expected Remote Options hash (VER=V4): '31fdf004'
Sat Jan 12 19:12:01 2008 us=363847 TCP connection established with 89.247.14.187:64636
Sat Jan 12 19:12:01 2008 us=363862 Socket Buffers: R=[131072->131072] S=[131072->131072]
Sat Jan 12 19:12:01 2008 us=363873 TCPv4_SERVER link local: [undef]
Sat Jan 12 19:12:01 2008 us=363881 TCPv4_SERVER link remote: 89.247.14.187:64636
WRSat Jan 12 19:12:01 2008 us=364114 89.247.14.187:64636 TLS: Initial packet from 89.247.14.187:64636, sid=0955b52e baf70848
WRWRRWWWWRWRWRWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRSat Jan 12 19:12:05 2008 us=877480 89.247.14.187:64636 VERIFY OK: depth=1, /C=US/ST=CA/L=Canada/O=VNC-Server/CN=VNC-Server/emailAddress=mail@vnc-server.ca
Sat Jan 12 19:12:05 2008 us=877655 89.247.14.187:64636 VERIFY OK: depth=0, /C=US/ST=CA/L=Canada/O=VNC-Client1/OU=VNC-c1/CN=ersterclient/emailAddress=mail@vnc-server.ca
WRWRWRWRWRWRWRSat Jan 12 19:12:06 2008 us=733238 89.247.14.187:64636 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1576', remote='link-mtu 1568'
Sat Jan 12 19:12:06 2008 us=733262 89.247.14.187:64636 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1524'
Sat Jan 12 19:12:06 2008 us=733516 89.247.14.187:64636 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 12 19:12:06 2008 us=733529 89.247.14.187:64636 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 19:12:06 2008 us=733583 89.247.14.187:64636 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 12 19:12:06 2008 us=733594 89.247.14.187:64636 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WWWRRSat Jan 12 19:12:07 2008 us=357940 89.247.14.187:64636 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jan 12 19:12:07 2008 us=357973 89.247.14.187:64636 [ersterclient] Peer Connection Initiated with 89.247.14.187:64636
RSat Jan 12 19:12:08 2008 us=350438 ersterclient/89.247.14.187:64636 PUSH: Received control message: 'PUSH_REQUEST'
Sat Jan 12 19:12:08 2008 us=350479 ersterclient/89.247.14.187:64636 SENT CONTROL [ersterclient]: 'PUSH_REPLY,route 0.0.0.0 0.0.0.0,dhcp-option DNS 10.0.0.1,ping 3,ping-restart 120,ifconfig 10.0.0.2 255.255.255.0' (status=1)
WWWRRRSat Jan 12 19:12:09 2008 us=173312 ersterclient/89.247.14.187:64636 MULTI: Learn: 00:ff:ce:81:0b:f3 -> ersterclient/89.247.14.187:64636
wRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwWRwRwRwRwRwRwRwRwRwrWRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwWRwRwRw
```


und beim Client kommt dann:


```
Sat Jan 12 20:11:58 2008 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
Sat Jan 12 20:11:58 2008 LZO compression initialized
Sat Jan 12 20:11:58 2008 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
Sat Jan 12 20:11:58 2008 Control Channel MTU parms [ L:1568 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Jan 12 20:11:58 2008 Data Channel MTU parms [ L:1568 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Jan 12 20:11:58 2008 Local Options hash (VER=V4): 'e16d6f87'
Sat Jan 12 20:11:58 2008 Expected Remote Options hash (VER=V4): '29f4dc48'
Sat Jan 12 20:11:58 2008 Attempting to establish TCP connection with (meine server ip)::443
Sat Jan 12 20:11:58 2008 TCP connection established with (meine server ip):443
Sat Jan 12 20:11:58 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Jan 12 20:11:58 2008 TCPv4_CLIENT link local: [undef]
Sat Jan 12 20:11:58 2008 TCPv4_CLIENT link remote: (meine server ip)::443
Sat Jan 12 20:11:58 2008 TLS: Initial packet from (meine server ip)::443, sid=709022a3 db7db3b0
Sat Jan 12 20:12:00 2008 VERIFY OK: depth=1, /C=US/ST=CA/L=Canada/O=VNC-Server/CN=VNC-Server/emailAddress=mail@vnc-server.ca
Sat Jan 12 20:12:00 2008 VERIFY X509NAME OK: /C=US/ST=CA/L=Canada/O=VNC-Server/OU=VNC/CN=server/emailAddress=mail@vnc-server.ca
Sat Jan 12 20:12:00 2008 VERIFY OK: depth=0, /C=US/ST=CA/L=Canada/O=VNC-Server/OU=VNC/CN=server/emailAddress=mail@vnc-server.ca
Sat Jan 12 20:12:04 2008 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1568', remote='link-mtu 1576'
Sat Jan 12 20:12:04 2008 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1524', remote='tun-mtu 1532'
Sat Jan 12 20:12:04 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 12 20:12:04 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 20:12:04 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 12 20:12:04 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 20:12:04 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jan 12 20:12:04 2008 [server] Peer Connection Initiated with (meine server ip)::443
Sat Jan 12 20:12:05 2008 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jan 12 20:12:05 2008 PUSH: Received control message: 'PUSH_REPLY,route 0.0.0.0 0.0.0.0,dhcp-option DNS 10.0.0.1,ping 3,ping-restart 120,ifconfig 10.0.0.2 255.255.255.0'
Sat Jan 12 20:12:05 2008 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan 12 20:12:05 2008 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jan 12 20:12:05 2008 OPTIONS IMPORT: route options modified
Sat Jan 12 20:12:05 2008 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Jan 12 20:12:05 2008 TAP-WIN32 device [LAN-Verbindung 5] opened: \\.\Global\{CE810BF3-7CB8-489A-9053-226AC39B6BC1}.tap
Sat Jan 12 20:12:05 2008 TAP-Win32 Driver Version 9.3 
Sat Jan 12 20:12:05 2008 TAP-Win32 MTU=1500
Sat Jan 12 20:12:05 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.0.2/255.255.255.0 on interface {CE810BF3-7CB8-489A-9053-226AC39B6BC1} [DHCP-serv: 10.0.0.0, lease-time: 31536000]
Sat Jan 12 20:12:05 2008 Successful ARP Flush on interface [26] {CE810BF3-7CB8-489A-9053-226AC39B6BC1}
Sat Jan 12 20:12:10 2008 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sat Jan 12 20:12:10 2008 route ADD (meine server ip): MASK 255.255.255.255 192.168.178.1
Sat Jan 12 20:12:10 2008 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Sat Jan 12 20:12:10 2008 Route addition via IPAPI succeeded [adaptive]
Sat Jan 12 20:12:10 2008 route DELETE 0.0.0.0 MASK 0.0.0.0 192.168.178.1
Sat Jan 12 20:12:10 2008 Route deletion via IPAPI succeeded [adaptive]
Sat Jan 12 20:12:10 2008 route ADD 0.0.0.0 MASK 0.0.0.0 10.0.0.1
Sat Jan 12 20:12:10 2008 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sat Jan 12 20:12:10 2008 Route addition via IPAPI succeeded [adaptive]
Sat Jan 12 20:12:10 2008 route ADD 0.0.0.0 MASK 0.0.0.0 10.0.0.1
Sat Jan 12 20:12:10 2008 ROUTE: route addition failed using CreateIpForwardEntry: Das Objekt ist bereits vorhanden.   [status=5010 if_index=26]
Sat Jan 12 20:12:10 2008 Route addition via IPAPI failed [adaptive]
Sat Jan 12 20:12:10 2008 Route addition fallback to route.exe
Hinzufgen der Route fehlgeschlagen: Das Objekt ist bereits vorhanden.
Sat Jan 12 20:12:10 2008 Initialization Sequence Completed
```


und nun bin ich auch wie geschrieben mit einem Mehrfachnetzwerk verbunden, nur komme ich jetzt nicht mehr online und es steht entweder eingeschränkte konnektivität oder nur local unter netzwerk- und freigabecenter.

Ich komme einfach nicht weiter und hab auch keine idee mehr was ich noch machen kann...

unter route steht auch:


```
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface    MSS   Window irtt
192.0.2.1       0.0.0.0         255.255.255.255 UH    0      0        0 venet0   0     0      0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0     0     0      0
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 venet0   0     0      0
```

wenn ich auf dem server if config mache, kommt:


```
tap0      Link encap:Ethernet  HWaddr 76:13:65:F0:40:EC
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:64030 errors:0 dropped:0 overruns:0 frame:0
          TX packets:69308 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6819695 (6.5 MB)  TX bytes:9692505 (9.2 MB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:(meine server ip)  P-t-P:(meine server ip)  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
```


ich komme echt nicht mehr weiter, bitte bitte helft mir, wo könnte den noch mein fehler liegen?

Vielen Dank!

Viele Grüße,
Sniky


----------



## mrflodder (17. Oktober 2008)

Hallo es wäre schön wenn du mir Schreiben könntest wie du deine Verbindung hinbekommen hast. Ich habe folgendes Problem ich habe einen Ubuntu 8.04 HardyHeron und zwei XP-Prof Rechner einer davon ist ein Labtop nun wollte ich via openvpn auf den Server von meinem labtop zugreifen aber die verbindung bleibt gelb  keine Ahnung wieso ich hab so ziemlich alles Versucht und alle anleitungen im wiki befolgt leider ohne Erfolg wie hast du es gemacht? Danke im voraus!


----------

