1 Temat przez dlut (edytowany przez dlut 2015-01-25 02:53:51)

  • dlut
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2015-01-25
  • Posty: 8

Temat: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Witam wszystkich, chciałbym prosić o pomoc w dokończeniu VPN na potrzeby multiroom NC+

Jak w temacie, mam dwa routery na openWRT, postawiłem na nich server i client VPN zgodnie z instrukcją:

http://rpc.one.pl/index.php/lista-artyk … -w-openwrt

adresy sieci są dokładnie takie jak w opisie server 192.168.1.1, client 192.168.2.1
sam VPN działą, client łączy się z serverem i jest ok, koputery należące do sieci pingują sie nawzajem np 192.168.1.100 <-> 192.168.2.100, niestety do pełni szczęścia dekoder matka i pozostałe dekodery muszą należeć do tej samej puli adresów.

W związku z tym moje pytanie czy da się połączyć dwie podsieci o takich samych adresach, np:
Router Server miał by adresy 192.168.1.1 - 100
Router Client miał by 192.168.1.101-200
jeśli tak to w jaki sposób?

Przychodzi mi jeszcze jeden pomysł (nie wiem czy wykonalny) czy nie można zrobić jakiegoś przekierowania czyli pinguję adres 192.168.1.100 a paczka leci do adresu 192.168.2.100 i odwrotie.

Proszę o pomoc męczę to już od kilku dni. Podrawiam

2 Odpowiedź przez gnome77

  • Zarejestrowany: 2013-11-11
  • Posty: 24

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Wg mnie można byłoby ustawić w następujący sposób:
sieć 1: 192.168.1.0/25 - 192.168.1.0 - 192.168.1.127
sieć 2: 192.168.1.128/25 - 192.168.1.128 - 192.168.1.255

A następnie ustawić routing 192.168.1.X/25 na drugi koniec VPNa - w zależności od routera.

Nie wiem czy gargoyle obsługuje inne maski sieci niż 24.
Ale chyba warto spróbować.

Daj znać czy się udało smile

3 Odpowiedź przez NKrouter (edytowany przez NKrouter 2015-01-25 10:37:20)

  • Zarejestrowany: 2014-12-03
  • Posty: 66

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Ale zaraz czy nie chodzi o to ze adresy povinny byc z tej samej sieci a nie "puli"?

Wtedy to chyba nie zadziala...
A to jakas rozlegla siec? Nie da sie polaczyc bez openvpn? Moze lepiej z jednego routera zrobic bridge-sprawa sie sama rozwiaze...

4 Odpowiedź przez dlut

  • dlut
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2015-01-25
  • Posty: 8

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Nie jestem biegły w tych tematach, wiec wole sie upewnić:

Serwer VPN (192.168.1.1) + Klient1 192.168.1.2,  Klient2 192.168.1.3 itd, do 126
Klient   VPN (192.168.1.129) + Klient1 192.168.1.130,  Klient2 192.168.1.131 itd, do 254

Z tym nie będe miał problemu, ale prosiłbym o rozwnięcie

A następnie ustawić routing 192.168.1.X/25 na drugi koniec VPNa - w zależności od routera.

czyli co gdzie wpisać?

Znalazłęm jeszcze to:

https://openlinksys.info/forum/viewthre … d_id=16352 niestety tyczy sie tomato i nie wiem jak to zrobić na openwrt.

5 Odpowiedź przez gnome77

  • Zarejestrowany: 2013-11-11
  • Posty: 24

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

gnome77 napisał/a:

A następnie ustawić routing 192.168.1.X/25 na drugi koniec VPNa - w zależności od routera.

Gargoyle PL -> Konfiguracja -> Trasy
Dodać nową trasę statyczną, nigdy nie konfigurowałem VPNa, więc może będzie wymagało to poprawek:
1.
Cel/maska => 192.168.1.128/255.255.255.128
Sieć => interfejs VPN do Klient (192.168.1.129?)
Brama => IP serwera VPN 192.168.1.1
2.
Cel/maska => 192.168.1.0/255.255.255.128
Sieć => interfejs VPN do Serwer (192.168.1.1?)
Brama => IP klienta VPN 192.168.1.129

6 Odpowiedź przez dlut (edytowany przez dlut 2015-01-25 11:36:59)

  • dlut
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2015-01-25
  • Posty: 8

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Ale zaraz czy nie chodzi o to ze adresy povinny byc z tej samej sieci a nie "puli"?
Wtedy to chyba nie zadziala...
A to jakas rozlegla siec? Nie da sie polaczyc bez openvpn? Moze lepiej z jednego routera zrobic bridge-sprawa sie sama rozwiaze...

Adresy urządzeń mogą sie różnić tylko koncówką czyli 192.168.1.X, ja mam 192.168.1.X i 192.168.2.X i nie dziłą. Odległość między pouterami wynośi 50km, wiec tylko Vpn.



Gargoyle PL -> Konfiguracja -> Trasy

Mam luCI wiec musze to chyba zrobić z palca.

7 Odpowiedź przez bhb

  • bhb
  • Użytkownik
  • Nieaktywny
  • Skąd: Włocławek
  • Zarejestrowany: 2012-04-09
  • Posty: 335

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Adresy z "tun" nie powinny być z tej samej klasy. Jak ma być ta sama adresacja to "tap"

serwer VPN 192.168.1.1
klient   VPN 192.168.2.1

8 Odpowiedź przez dlut

  • dlut
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2015-01-25
  • Posty: 8

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

VPN mi działa, zrobiłem jak ww skazanym wyżej tutku. Do pełni szczęcia potzreba tych samych adresów po jednej i drugiej stronie. Czy nie da się tak zrobić zeby kazdy host podłączony do "router klient" otrzymywał adres z "router server" to by rozwiązało sprawę.

Chyba tak to jest zrowiązane w przypadku tomato, tylko tam koleeś wydzielił jeden port rj45 specjalnie do tego, u mnie mogą wszystkie porty do tego służyć.

9 Odpowiedź przez bhb

  • bhb
  • Użytkownik
  • Nieaktywny
  • Skąd: Włocławek
  • Zarejestrowany: 2012-04-09
  • Posty: 335

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Tu masz konfigurację z tą samą adresacją.
http://eko.one.pl/?p=openwrt-openvpn
Przy konfiguracji z tun są problemy z rotingiem

10 Odpowiedź przez dlut (edytowany przez dlut 2015-01-25 16:09:16)

  • dlut
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2015-01-25
  • Posty: 8

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Tu masz konfigurację z tą samą adresacją.
http://eko.one.pl/?p=openwrt-openvpn
Przy konfiguracji z tun są problemy z rotingiem

Postanowiłem zrobić wszystko od nowa. Wykonałem wg opisu. Serwer VPN działa, narazie łączę sie z nim przez klienta windows.
Po połączeniu nie mam komunikatu ze dostalem jakies ip....

Sun Jan 25 15:59:53 2015 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Nov  7 2014
Sun Jan 25 15:59:53 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
Enter Management Password:
Sun Jan 25 15:59:53 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jan 25 15:59:53 2015 Need hold release from management interface, waiting...
Sun Jan 25 15:59:54 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jan 25 15:59:54 2015 MANAGEMENT: CMD 'state on'
Sun Jan 25 15:59:54 2015 MANAGEMENT: CMD 'log all on'
Sun Jan 25 15:59:54 2015 MANAGEMENT: CMD 'hold off'
Sun Jan 25 15:59:54 2015 MANAGEMENT: CMD 'hold release'
Sun Jan 25 15:59:54 2015 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 25 15:59:54 2015 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 25 15:59:54 2015 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jan 25 15:59:54 2015 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 25 15:59:54 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 25 15:59:54 2015 MANAGEMENT: >STATE:1422197994,RESOLVE,,,
Sun Jan 25 15:59:54 2015 open_tun, tt->ipv6=0
Sun Jan 25 15:59:54 2015 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{DBCD928C-A419-4391-AFF0-09A044584A6A}.tap
Sun Jan 25 15:59:54 2015 TAP-Windows Driver Version 9.21 
Sun Jan 25 15:59:54 2015 Successful ARP Flush on interface [38] {DBCD928C-A419-4391-AFF0-09A044584A6A}
Sun Jan 25 15:59:54 2015 UDPv4 link local: [undef]
Sun Jan 25 15:59:54 2015 UDPv4 link remote: [AF_INET]109.XXX.XXX.XX:1194
Sun Jan 25 16:00:07 2015 Peer Connection Initiated with [AF_INET]109.XXX.XXX.XX:1194
Sun Jan 25 16:00:13 2015 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Sun Jan 25 16:00:13 2015 Initialization Sequence Completed
Sun Jan 25 16:00:13 2015 MANAGEMENT: >STATE:1422198013,CONNECTED,SUCCESS,,109.XXX.XXX.XX]

Pingi nie przechodzą


Przy okazji, jaki router na potrzeby VPN pod tomato? Taki zeby exroota nie trzeba było robić.

11 Odpowiedź przez dlut

  • dlut
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2015-01-25
  • Posty: 8

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Wiec próbowałem różne możliwości, na poczatek zmieniłem maski podsieci na 255.255.255.224, przy czym server (192.168.1.1) i klient (192.168.2.33)  i interfejs TUN - Elegancko sie wszystko pinguje. No ale trzeba tak zeby zrobić zeby te zgadzały się IP, wiec zmieniłem na  server (192.168.1.1) i klient (192.168.1.33), no przestało działąć.

Wiec posłuchałem kolegę bhb i zmieniłem na TAP, no ale niestety tez nie działą.

Logi systemowe serwer:

Jan  1 01:00:38 Gargoyle user.notice usb-modeswitch: 1-0:1.0: Manufacturer=Linux_3.3.8_ehci_hcd Product=Generic_Platform_EHCI_Controller Serial=ehci-platform
Jan  1 01:00:39 Gargoyle user.notice usb-modeswitch: 1-1:1.0: Manufacturer=Kingston Product=DataTraveler_2.0 Serial=0014780F995F5B8C190D02AB
Jan  1 01:00:42 Gargoyle daemon.notice netifd: Interface 'lan' is now up
Jan  1 01:00:42 Gargoyle kern.info kernel: [   42.540000] device eth1 entered promiscuous mode
Jan  1 01:00:42 Gargoyle daemon.notice netifd: Interface 'loopback' is now up
Jan  1 01:00:42 Gargoyle user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Jan  1 01:00:42 Gargoyle daemon.notice netifd: wan (1038): udhcpc (v1.19.4) started
Jan  1 01:00:43 Gargoyle daemon.notice netifd: wan (1038): Sending discover...
Jan  1 01:00:43 Gargoyle kern.info kernel: [   43.610000] eth0: link up (100Mbps/Full duplex)
Jan  1 01:00:46 Gargoyle daemon.notice netifd: wan (1038): Sending discover...
Jan  1 01:00:46 Gargoyle daemon.notice netifd: wan (1038): Sending select for 10.30.23.114...
Jan  1 01:00:46 Gargoyle daemon.notice netifd: wan (1038): Lease of 10.30.23.114 obtained, lease time 286400
Jan  1 01:00:46 Gargoyle daemon.notice netifd: Interface 'wan' is now up
Jan  1 01:00:47 Gargoyle kern.info kernel: [   48.000000] device wlan0 entered promiscuous mode
Jan  1 01:00:48 Gargoyle kern.info kernel: [   48.220000] br-lan: port 2(wlan0) entered forwarding state
Jan  1 01:00:48 Gargoyle kern.info kernel: [   48.220000] br-lan: port 2(wlan0) entered forwarding state
Jan  1 01:00:50 Gargoyle kern.info kernel: [   50.220000] br-lan: port 2(wlan0) entered forwarding state
Jan 26 00:00:02 Gargoyle authpriv.info dropbear[1584]: Running in background
Jan 26 00:00:02 Gargoyle daemon.warn httpd_gargoyle[1613]: started as root without requesting chroot(), warning only
Jan 26 00:00:02 Gargoyle daemon.notice httpd_gargoyle[1613]: httpd_gargoyle/1.0 14mar2008 starting on Gargoyle, port 80
Jan 26 00:00:03 Gargoyle user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Jan 26 00:00:03 Gargoyle user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Jan 26 00:00:03 Gargoyle user.notice dnsmasq: Allowing RFC1918 responses for domain free.aero2.net.pl
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1648]: started, version 2.66 cachesize 150
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1648]: compile time options: no-IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCP, IP range 192.168.1.2 -- 192.168.1.31, lease time 12h
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1648]: using local addresses only for domain lan
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1648]: reading /tmp/resolv.conf.auto
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1648]: using nameserver 8.8.4.4#53
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1648]: using nameserver 8.8.8.8#53
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1648]: using nameserver 8.8.4.4#53
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1648]: using nameserver 8.8.8.8#53
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1648]: using local addresses only for domain lan
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1648]: read /etc/hosts - 2 addresses
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq-dhcp[1648]: read /etc/ethers - 0 addresses
Jan 26 00:33:03 Gargoyle user.info sysinit: ERROR: No valid dynamic DNS service configurations defined
Jan 26 00:33:03 Gargoyle user.info sysinit: (Did you specify correct configuration file path?)
Jan 26 00:33:03 Gargoyle user.info sysinit: setting up led WAN
Jan 26 00:33:03 Gargoyle user.info sysinit: setting up led LAN1
Jan 26 00:33:03 Gargoyle user.info sysinit: setting up led LAN2
Jan 26 00:33:03 Gargoyle user.info sysinit: setting up led LAN3
Jan 26 00:33:03 Gargoyle user.info sysinit: setting up led LAN4
Jan 26 00:33:03 Gargoyle user.info sysinit: setting up led WLAN
Jan 26 00:33:03 Gargoyle user.info sysinit: setting up led USB
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: OpenVPN 2.2.2 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Mar 14 2013
Jan 26 00:33:03 Gargoyle daemon.warn openvpn(Server_OpenVPN)[1667]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Diffie-Hellman initialized with 1024 bit key
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TLS-Auth MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Jan 26 00:33:03 Gargoyle daemon.warn openvpn(Server_OpenVPN)[1667]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Jan 26 00:33:03 Gargoyle daemon.warn openvpn(Server_OpenVPN)[1667]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.32
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TUN/TAP device tap0 opened
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TUN/TAP TX queue length set to 100
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: /sbin/ifconfig tap0 10.0.1.1 netmask 255.255.255.0 mtu 1500 broadcast 10.0.1.255
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Listening for incoming TCP connection on [undef]:1194
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TCPv4_SERVER link local (bound): [undef]:1194
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TCPv4_SERVER link remote: [undef]
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: MULTI: multi_init called, r=256 v=256
Jan 26 00:33:03 Gargoyle daemon.notice netifd: Interface 'openvpn_tap0' is now up
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: IFCONFIG POOL: base=10.0.1.2 size=253
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: IFCONFIG POOL LIST
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: MULTI: TCP INIT maxclients=1024 maxevents=1028
Jan 26 00:33:03 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Initialization Sequence Completed
Jan 26 00:33:08 Gargoyle daemon.info hostapd: wlan0: STA 48:5a:b6:02:d7:58 IEEE 802.11: authenticated
Jan 26 00:33:08 Gargoyle daemon.info hostapd: wlan0: STA 48:5a:b6:02:d7:58 IEEE 802.11: associated (aid 1)
Jan 26 00:33:08 Gargoyle daemon.info hostapd: wlan0: STA 48:5a:b6:02:d7:58 WPA: pairwise key handshake completed (WPA)
Jan 26 00:33:08 Gargoyle daemon.info hostapd: wlan0: STA 48:5a:b6:02:d7:58 WPA: group key handshake completed (WPA)
Jan 26 00:33:08 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCPREQUEST(br-lan) 192.168.1.8 48:5a:b6:02:d7:58 
Jan 26 00:33:08 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCPACK(br-lan) 192.168.1.8 48:5a:b6:02:d7:58 dell2
Jan 26 00:33:12 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: MULTI: multi_create_instance called
Jan 26 00:33:12 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Re-using SSL/TLS context
Jan 26 00:33:12 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: LZO compression initialized
Jan 26 00:33:12 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Jan 26 00:33:12 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Jan 26 00:33:12 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TCP connection established with 94.254.145.69:51484
Jan 26 00:33:12 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TCPv4_SERVER link local: [undef]
Jan 26 00:33:12 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TCPv4_SERVER link remote: 94.254.145.69:51484
Jan 26 00:33:13 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51484 TLS: Initial packet from 94.254.145.69:51484, sid=3aee7ee1 d257eda2
Jan 26 00:33:15 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51484 VERIFY OK: depth=1, /C=PL/ST=SL/L=TYCHY/O=NC_plus/OU=changeme/CN=vpn.XXXXX.XXX/name=server/emailAddress=dlut85@gmail.com
Jan 26 00:33:15 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51484 VERIFY OK: depth=0, /C=PL/ST=SL/L=TYCHY/O=NC_plus/OU=changeme/CN=klient1/name=klient1/emailAddress=dlut85@gmail.com
Jan 26 00:33:16 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51484 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 26 00:33:16 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51484 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 26 00:33:16 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51484 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 26 00:33:16 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51484 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 26 00:33:16 Gargoyle daemon.err openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51484 Connection reset, restarting [0]
Jan 26 00:33:16 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51484 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jan 26 00:33:16 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TCP/UDP: Closing socket
Jan 26 00:33:21 Gargoyle user.notice firewall: Reloading firewall due to ifup of openvpn_tap0 (tap0)
Jan 26 00:33:22 Gargoyle user.notice root: starting ntpclient
Jan 26 00:33:22 Gargoyle user.notice firewall: Reloading firewall due to ifup of wan (eth0)
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: MULTI: multi_create_instance called
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Re-using SSL/TLS context
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: LZO compression initialized
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TCP connection established with 94.254.145.69:51483
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TCPv4_SERVER link local: [undef]
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TCPv4_SERVER link remote: 94.254.145.69:51483
Jan 26 00:33:27 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51483 TLS: Initial packet from 94.254.145.69:51483, sid=e60c97c0 ec5ea6c9
Jan 26 00:33:32 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51483 VERIFY OK: depth=1, /C=PL/ST=SL/L=TYCHY/O=NC_plus/OU=changeme/CN=vpn.XXXXX.XXX/name=server/emailAddress=dlut85@gmail.com
Jan 26 00:33:32 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51483 VERIFY OK: depth=0, /C=PL/ST=SL/L=TYCHY/O=NC_plus/OU=changeme/CN=klient1/name=klient1/emailAddress=dlut85@gmail.com
Jan 26 00:33:32 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51483 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 26 00:33:32 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51483 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 26 00:33:32 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51483 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 26 00:33:32 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51483 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 26 00:33:33 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51483 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 26 00:33:33 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: 94.254.145.69:51483 [klient1] Peer Connection Initiated with 94.254.145.69:51483
Jan 26 00:33:33 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: klient1/94.254.145.69:51483 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/klient1
Jan 26 00:33:33 Gargoyle daemon.err openvpn(Server_OpenVPN)[1667]: klient1/94.254.145.69:51483 MULTI: --iroute options rejected for klient1/94.254.145.69:51483 -- iroute only works with tun-style tunnels
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: klient1/94.254.145.69:51483 PUSH: Received control message: 'PUSH_REQUEST'
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: klient1/94.254.145.69:51483 SENT CONTROL [klient1]: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route 192.168.1.0 255.255.255.224,route 192.168.1.32 255.255.255.224,dhcp-option DNS 192.168.1.1,dhcp-option WI
Jan 26 00:33:35 Gargoyle daemon.err openvpn(Server_OpenVPN)[1667]: klient1/94.254.145.69:51483 Connection reset, restarting [0]
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: klient1/94.254.145.69:51483 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Server_OpenVPN)[1667]: TCP/UDP: Closing socket
Jan 26 00:33:38 Gargoyle daemon.info hostapd: wlan0: STA 48:5a:b6:02:d7:58 IEEE 802.11: disassociated
Jan 26 00:33:39 Gargoyle daemon.info hostapd: wlan0: STA 48:5a:b6:02:d7:58 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Jan 26 00:34:07 Gargoyle daemon.info hostapd: wlan0: STA 48:5a:b6:02:d7:58 IEEE 802.11: authenticated
Jan 26 00:34:07 Gargoyle daemon.info hostapd: wlan0: STA 48:5a:b6:02:d7:58 IEEE 802.11: associated (aid 1)
Jan 26 00:34:07 Gargoyle daemon.info hostapd: wlan0: STA 48:5a:b6:02:d7:58 WPA: pairwise key handshake completed (WPA)
Jan 26 00:34:07 Gargoyle daemon.info hostapd: wlan0: STA 48:5a:b6:02:d7:58 WPA: group key handshake completed (WPA)
Jan 26 00:34:07 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCPREQUEST(br-lan) 192.168.1.8 48:5a:b6:02:d7:58 
Jan 26 00:34:07 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCPACK(br-lan) 192.168.1.8 48:5a:b6:02:d7:58 dell2
Jan 26 00:34:14 Gargoyle kern.warn kernel: [  128.150000] ipt_bandwidth: timezone shift of 60 minutes detected, adjusting
Jan 26 00:34:14 Gargoyle kern.warn kernel: [  128.150000]                old minutes west=0, new minutes west=-60
Jan 26 00:37:07 Gargoyle daemon.info hostapd: wlan0: STA 30:a8:db:8c:9a:d2 IEEE 802.11: authenticated
Jan 26 00:37:07 Gargoyle daemon.info hostapd: wlan0: STA 30:a8:db:8c:9a:d2 IEEE 802.11: associated (aid 2)
Jan 26 00:37:07 Gargoyle daemon.info hostapd: wlan0: STA 30:a8:db:8c:9a:d2 WPA: pairwise key handshake completed (WPA)
Jan 26 00:37:07 Gargoyle daemon.info hostapd: wlan0: STA 30:a8:db:8c:9a:d2 WPA: group key handshake completed (WPA)
Jan 26 00:37:07 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCPREQUEST(br-lan) 192.168.1.47 30:a8:db:8c:9a:d2 
Jan 26 00:37:07 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCPNAK(br-lan) 192.168.1.47 30:a8:db:8c:9a:d2 address not available
Jan 26 00:37:11 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCPDISCOVER(br-lan) 30:a8:db:8c:9a:d2 
Jan 26 00:37:11 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCPOFFER(br-lan) 192.168.1.16 30:a8:db:8c:9a:d2 
Jan 26 00:37:11 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCPREQUEST(br-lan) 192.168.1.16 30:a8:db:8c:9a:d2 
Jan 26 00:37:11 Gargoyle daemon.info dnsmasq-dhcp[1648]: DHCPACK(br-lan) 192.168.1.16 30:a8:db:8c:9a:d2 android-b34fd1a80ef935e

Logi sytemowe klient

Jan  1 01:00:46 Gargoyle kern.info kernel: [   46.310000] br-lan: port 1(eth1) entered forwarding state
Jan  1 01:00:46 Gargoyle daemon.notice netifd: wan (1031): Sending discover...
Jan  1 01:00:46 Gargoyle daemon.notice netifd: wan (1031): Sending select for 192.168.8.100...
Jan  1 01:00:46 Gargoyle daemon.notice netifd: wan (1031): Lease of 192.168.8.100 obtained, lease time 86400
Jan  1 01:00:47 Gargoyle daemon.notice netifd: Interface 'wan' is now up
Jan  1 01:00:48 Gargoyle kern.info kernel: [   48.470000] device wlan0 entered promiscuous mode
Jan  1 01:00:48 Gargoyle kern.info kernel: [   48.690000] br-lan: port 2(wlan0) entered forwarding state
Jan  1 01:00:48 Gargoyle kern.info kernel: [   48.690000] br-lan: port 2(wlan0) entered forwarding state
Jan  1 01:00:50 Gargoyle kern.info kernel: [   50.690000] br-lan: port 2(wlan0) entered forwarding state
Jan 26 00:00:02 Gargoyle authpriv.info dropbear[1568]: Running in background
Jan 26 00:00:02 Gargoyle daemon.warn httpd_gargoyle[1593]: started as root without requesting chroot(), warning only
Jan 26 00:00:02 Gargoyle daemon.notice httpd_gargoyle[1593]: httpd_gargoyle/1.0 14mar2008 starting on Gargoyle, port 80
Jan 26 00:00:03 Gargoyle user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Jan 26 00:00:03 Gargoyle user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Jan 26 00:00:03 Gargoyle user.notice dnsmasq: Allowing RFC1918 responses for domain free.aero2.net.pl
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1628]: started, version 2.66 cachesize 150
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1628]: compile time options: no-IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCP, IP range 192.168.1.34 -- 192.168.1.62, lease time 12h
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1628]: using local addresses only for domain lan
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1628]: reading /tmp/resolv.conf.auto
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1628]: using nameserver 8.8.4.4#53
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1628]: using nameserver 8.8.8.8#53
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1628]: using nameserver 8.8.4.4#53
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1628]: using nameserver 8.8.8.8#53
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1628]: using local addresses only for domain lan
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq[1628]: read /etc/hosts - 2 addresses
Jan 26 00:00:06 Gargoyle daemon.info dnsmasq-dhcp[1628]: read /etc/ethers - 0 addresses
Jan 26 00:00:07 Gargoyle user.info sysinit: ERROR: No valid dynamic DNS service configurations defined
Jan 26 00:00:07 Gargoyle user.info sysinit: (Did you specify correct configuration file path?)
Jan 26 00:00:07 Gargoyle user.info sysinit: setting up led WAN
Jan 26 00:00:07 Gargoyle user.info sysinit: setting up led LAN1
Jan 26 00:00:07 Gargoyle user.info sysinit: setting up led LAN2
Jan 26 00:00:07 Gargoyle user.info sysinit: setting up led LAN3
Jan 26 00:00:07 Gargoyle user.info sysinit: setting up led LAN4
Jan 26 00:00:07 Gargoyle user.info sysinit: setting up led WLAN
Jan 26 00:00:07 Gargoyle user.info sysinit: setting up led USB
Jan 26 00:00:07 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: OpenVPN 2.2.2 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Mar 14 2013
Jan 26 00:00:07 Gargoyle daemon.warn openvpn(Client_OpenVPN)[1647]: WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Jan 26 00:00:07 Gargoyle daemon.warn openvpn(Client_OpenVPN)[1647]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 26 00:00:07 Gargoyle daemon.warn openvpn(Client_OpenVPN)[1647]: WARNING: file '/etc/openvpn/klient1.key' is group or others accessible
Jan 26 00:00:07 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: LZO compression initialized
Jan 26 00:00:07 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Jan 26 00:00:07 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Jan 26 00:00:07 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Jan 26 00:00:07 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Attempting to establish TCP connection with XXX.YYY.XXX.YYY:1194 [nonblock]
Jan 26 00:00:09 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TCP connection established with XXX.YYY.XXX.YYY:1194
Jan 26 00:00:09 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TCPv4_CLIENT link local: [undef]
Jan 26 00:00:09 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TCPv4_CLIENT link remote: XXX.YYY.XXX.YYY:1194
Jan 26 00:00:09 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TLS: Initial packet from XXX.YYY.XXX.YYY:1194, sid=93a6dcef bce92a42
Jan 26 00:00:10 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: VERIFY OK: depth=1, /C=PL/ST=SL/L=TYCHY/O=NC_plus/OU=changeme/CN=vpn.XXXXX.XXX/name=server/emailAddress=dlut85@gmail.com
Jan 26 00:00:10 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: VERIFY OK: nsCertType=SERVER
Jan 26 00:00:10 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: VERIFY X509NAME OK: /C=PL/ST=SL/L=TYCHY/O=NC_plus/OU=changeme/CN=vpn.XXXXX.XXX/name=server/emailAddress=dlut85@gmail.com
Jan 26 00:00:10 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: VERIFY OK: depth=0, /C=PL/ST=SL/L=TYCHY/O=NC_plus/OU=changeme/CN=vpn.XXXXX.XXX/name=server/emailAddress=dlut85@gmail.com
Jan 26 00:33:16 Gargoyle daemon.err openvpn(Client_OpenVPN)[1647]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 26 00:33:16 Gargoyle daemon.err openvpn(Client_OpenVPN)[1647]: TLS Error: TLS handshake failed
Jan 26 00:33:16 Gargoyle daemon.err openvpn(Client_OpenVPN)[1647]: Fatal TLS error (check_tls_errors_co), restarting
Jan 26 00:33:16 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TCP/UDP: Closing socket
Jan 26 00:33:16 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: SIGUSR1[soft,tls-error] received, process restarting
Jan 26 00:33:16 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Restart pause, 10 second(s)
Jan 26 00:33:24 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPREQUEST(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b 
Jan 26 00:33:24 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPACK(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b dell
Jan 26 00:33:26 Gargoyle daemon.warn openvpn(Client_OpenVPN)[1647]: WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Jan 26 00:33:26 Gargoyle daemon.warn openvpn(Client_OpenVPN)[1647]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Re-using SSL/TLS context
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: LZO compression initialized
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Jan 26 00:33:26 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Attempting to establish TCP connection with XXX.YYY.XXX.YYY:1194 [nonblock]
Jan 26 00:33:27 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TCP connection established with XXX.YYY.XXX.YYY:1194
Jan 26 00:33:27 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TCPv4_CLIENT link local: [undef]
Jan 26 00:33:27 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TCPv4_CLIENT link remote: XXX.YYY.XXX.YYY:1194
Jan 26 00:33:27 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TLS: Initial packet from XXX.YYY.XXX.YYY:1194, sid=cedfb184 9a56e35c
Jan 26 00:33:28 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPINFORM(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b 
Jan 26 00:33:28 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPACK(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b dell
Jan 26 00:33:28 Gargoyle user.notice firewall: Reloading firewall due to ifup of wan (eth0)
Jan 26 00:33:30 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: VERIFY OK: depth=1, /C=PL/ST=SL/L=TYCHY/O=NC_plus/OU=changeme/CN=vpn.XXXXX.XXX/name=server/emailAddress=dlut85@gmail.com
Jan 26 00:33:30 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: VERIFY OK: nsCertType=SERVER
Jan 26 00:33:30 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: VERIFY X509NAME OK: /C=PL/ST=SL/L=TYCHY/O=NC_plus/OU=changeme/CN=vpn.XXXXX.XXX/name=server/emailAddress=dlut85@gmail.com
Jan 26 00:33:30 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: VERIFY OK: depth=0, /C=PL/ST=SL/L=TYCHY/O=NC_plus/OU=changeme/CN=vpn.XXXXX.XXX/name=server/emailAddress=dlut85@gmail.com
Jan 26 00:33:33 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 26 00:33:33 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 26 00:33:33 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 26 00:33:33 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 26 00:33:33 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 26 00:33:33 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: [vpn.XXXXX.XXX] Peer Connection Initiated with XXX.YYY.XXX.YYY:1194
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: SENT CONTROL [vpn.XXXXX.XXX]: 'PUSH_REQUEST' (status=1)
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,route 192.168.1.0 255.255.255.224,route 192.168.1.32 255.255.255.224,dhcp-option DNS 192.168.1.1,dhcp-option WINS 192.168.1.1,dhcp-
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: OPTIONS IMPORT: route options modified
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: OPTIONS IMPORT: route-related options modified
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jan 26 00:33:35 Gargoyle daemon.warn openvpn(Client_OpenVPN)[1647]: WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TUN/TAP device tap0 opened
Jan 26 00:33:35 Gargoyle daemon.notice netifd: Interface 'openvpn_tap0' is now up
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: TUN/TAP TX queue length set to 100
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: /sbin/ifconfig tap0 10.0.1.5 netmask 10.0.1.6 mtu 1500 broadcast 255.255.255.253
Jan 26 00:33:35 Gargoyle daemon.err openvpn(Client_OpenVPN)[1647]: Linux ifconfig failed: external program exited with error status: 1
Jan 26 00:33:35 Gargoyle daemon.notice openvpn(Client_OpenVPN)[1647]: Exiting
Jan 26 00:33:35 Gargoyle daemon.notice netifd: Interface 'openvpn_tap0' is now down
Jan 26 00:33:37 Gargoyle kern.info kernel: [   83.870000] eth1: link down
Jan 26 00:33:37 Gargoyle kern.info kernel: [   83.870000] br-lan: port 1(eth1) entered disabled state
Jan 26 00:33:41 Gargoyle kern.info kernel: [   88.370000] eth1: link up (1000Mbps/Full duplex)
Jan 26 00:33:41 Gargoyle kern.info kernel: [   88.370000] br-lan: port 1(eth1) entered forwarding state
Jan 26 00:33:41 Gargoyle kern.info kernel: [   88.380000] br-lan: port 1(eth1) entered forwarding state
Jan 26 00:33:43 Gargoyle kern.info kernel: [   90.380000] br-lan: port 1(eth1) entered forwarding state
Jan 26 00:33:58 Gargoyle kern.info kernel: [  105.370000] eth1: link down
Jan 26 00:33:58 Gargoyle kern.info kernel: [  105.370000] br-lan: port 1(eth1) entered disabled state
Jan 26 00:34:00 Gargoyle kern.info kernel: [  107.370000] eth1: link up (1000Mbps/Full duplex)
Jan 26 00:34:00 Gargoyle kern.info kernel: [  107.370000] br-lan: port 1(eth1) entered forwarding state
Jan 26 00:34:00 Gargoyle kern.info kernel: [  107.380000] br-lan: port 1(eth1) entered forwarding state
Jan 26 00:34:02 Gargoyle kern.info kernel: [  109.380000] br-lan: port 1(eth1) entered forwarding state
Jan 26 00:34:04 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPREQUEST(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b 
Jan 26 00:34:04 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPACK(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b dell
Jan 26 00:34:20 Gargoyle kern.warn kernel: [  127.190000] ipt_bandwidth: timezone shift of 60 minutes detected, adjusting
Jan 26 00:34:20 Gargoyle kern.warn kernel: [  127.190000]                old minutes west=0, new minutes west=-60
Jan 26 00:35:07 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPINFORM(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b 
Jan 26 00:35:07 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPACK(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b dell
Jan 26 00:37:44 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPINFORM(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b 
Jan 26 00:37:44 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPACK(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b dell
Jan 26 00:38:46 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPINFORM(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b 
Jan 26 00:38:46 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPACK(br-lan) 192.168.1.36 5c:26:0a:1b:73:6b dell
Jan 26 00:39:16 Gargoyle kern.info kernel: [  422.870000] eth1: link down
Jan 26 00:39:16 Gargoyle kern.info kernel: [  422.870000] br-lan: port 1(eth1) entered disabled state
Jan 26 00:39:20 Gargoyle kern.info kernel: [  426.870000] eth1: link up (1000Mbps/Full duplex)
Jan 26 00:39:20 Gargoyle kern.info kernel: [  426.870000] br-lan: port 1(eth1) entered forwarding state
Jan 26 00:39:20 Gargoyle kern.info kernel: [  426.880000] br-lan: port 1(eth1) entered forwarding state
Jan 26 00:39:20 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPREQUEST(br-lan) 192.168.1.61 f0:1f:af:63:d3:12 
Jan 26 00:39:20 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPACK(br-lan) 192.168.1.61 f0:1f:af:63:d3:12 dell2
Jan 26 00:39:22 Gargoyle kern.info kernel: [  428.880000] br-lan: port 1(eth1) entered forwarding state
Jan 26 00:43:04 Gargoyle daemon.info hostapd: wlan0: STA 30:a8:db:8c:9a:d2 IEEE 802.11: authenticated
Jan 26 00:43:04 Gargoyle daemon.info hostapd: wlan0: STA 30:a8:db:8c:9a:d2 IEEE 802.11: associated (aid 1)
Jan 26 00:43:04 Gargoyle daemon.info hostapd: wlan0: STA 30:a8:db:8c:9a:d2 WPA: pairwise key handshake completed (WPA)
Jan 26 00:43:04 Gargoyle daemon.info hostapd: wlan0: STA 30:a8:db:8c:9a:d2 WPA: group key handshake completed (WPA)
Jan 26 00:43:04 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPREQUEST(br-lan) 192.168.1.16 30:a8:db:8c:9a:d2 
Jan 26 00:43:04 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPNAK(br-lan) 192.168.1.16 30:a8:db:8c:9a:d2 wrong network
Jan 26 00:43:08 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPDISCOVER(br-lan) 30:a8:db:8c:9a:d2 
Jan 26 00:43:08 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPOFFER(br-lan) 192.168.1.47 30:a8:db:8c:9a:d2 
Jan 26 00:43:08 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPREQUEST(br-lan) 192.168.1.47 30:a8:db:8c:9a:d2 
Jan 26 00:43:08 Gargoyle daemon.info dnsmasq-dhcp[1628]: DHCPACK(br-lan) 192.168.1.47 30:a8:db:8c:9a:d2 android-b34fd1a80ef935e
Success

/etc/config/openvpn - server

package openvpn

config openvpn Server_OpenVPN

 option enable 1
 option port 1194
 option proto tcp-server
 option dev tap0 #wpis oznacza że nas interesuje ten konkretny interface - tun$
 option ca /etc/openvpn/ca.crt
 option cert /etc/openvpn/vpn.XXXXX.XXX.crt
 option key /etc/openvpn/vpn.XXXXX.XXX.key
 option dh /etc/openvpn/dh1024.pem
 option server "10.0.1.0 255.255.255.0"
 list route "192.168.1.32 255.255.255.224"
 list push "route 10.0.1.0 255.255.255.0"
 list push "route 192.168.1.0 255.255.255.224"
 list push "route 192.168.1.32 255.255.255.224"
 list push "dhcp-option DNS 192.168.1.1"
 list push "dhcp-option WINS 192.168.1.1"
 list push "dhcp-option DOMAIN domena_firmy.dyndns.biz"
 option client_to_client 1
 option client_config_dir /etc/openvpn/ccd
 option ccd_exclusive
 option persist_key 1
 option persist_tap 1
 option comp_lzo 1
 option verb 3
 option tls_server 1
 option keepalive "10 120"
 option tap_mtu 1500
 option ifconfig_pool_persist /tmp/ipp.txt
 option inactive 3600

/etc/config/dhcp  - server


config dhcp 'openvpn_tap0'
        option interface        'openvpn_tap0'
        option ignore   1


config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        list rebind_domain 'free.aero2.net.pl'

config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option start '2'
        option limit '30'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config rule
        option target 'ACCEPT'
        option dest_port '1194'
        option src 'wan'
        option proto 'tcpudp'
        option family 'ipv4'

config zone
        option name 'openvpn_tap0'
        option network 'openvpn_tap0'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option family 'ipv4'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'openvpn_tap0'
        option family 'ipv4'

config forwarding
        option src 'openvpn_tap0'
        option dest 'lan'
        option family 'ipv4'

config forwarding
        option src 'openvpn_tap0'
        option dest 'openvpn_tap0'
        option family 'ipv4'

config rule
        option src 'openvpn_tap0'
        option proto 'tcp'
        option dest_port '22'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option src 'openvpn_tap0'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option src 'openvpn_tap0'
        option proto 'udp'
        option dest_port '53'
        option family 'ipv4'
        option target 'ACCEPT'

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
       option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
      option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'
        option reload '1'

config include
        option type 'script'
        option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewal$
        option family 'IPv4'
        option reload '1'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'IPv4'
        option reload '1'

config rule
        option _name 'FTP'
        option src 'wan'
        option target 'ACCEPT'
        option proto 'tcp'
        option dest_port '21'

/etc/config/openvpn - klient

package openvpn

config openvpn Client_OpenVPN

 option enable 1
 option port 1194
 option proto tcp-client
 option dev tap0 #wpis oznacza że nas interesuje ten konkretny interface - tun$
 list remote vpn.XXXXX.XXX
 option tls_remote vpn.XXXXX.XXX
 option ca /etc/openvpn/ca.crt
 option cert /etc/openvpn/klient1.crt
 option key /etc/openvpn/klient1.key
 option dh /etc/openvpn/dh1024.pem
 #option pkcs12 /etc/openvpn/Rafal_Cichosz.p12  #ten wiersz to zamiast czterech$
 option ns_cert_type server
 option persist_key 1
 option persist_tun 1
 option comp_lzo 1
 option verb 3
 option tls_client 1
 option keepalive "10 120"
 option tap_mtu 1500
 option inactive 3600
 option pull 1
 option nobind 1
 option connect_retry 10
 option resolv_retry infinite
 option mute_replay_warnings 1
 option auth_nocache 1

/etc/config/network -klient

config interface 'openvpn_tap0'
        option ifname 'tap0'
        option proto 'none'

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth1'
        option type 'bridge'
        option proto 'static'
        option dns '8.8.8.8 8.8.4.4'
        option netmask '255.255.255.224'
        option ipaddr '192.168.1.33'

config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'
        option dns '8.8.8.8 8.8.4.4'
        option peerdns '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 4'

/etc/config/dhcp - klient

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        list rebind_domain 'free.aero2.net.pl'

config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option start '34'
        option limit '29'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

/etc/config/firewall -klient

config zone
        option name             'openvpn_tap0'
        option network          'openvpn_tap0'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option family       'ipv4'
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             'openvpn_tap0'
        option family       'ipv4'

config forwarding
        option src              'openvpn_tap0'
        option dest             'lan'
        option family       'ipv4'

#Allow ssh
config rule
        option src              'openvpn_tap0'
        option proto            tcp
        option dest_port        22
        option family       ipv4
        option target           ACCEPT

# Allow IPv4 ping
config rule
        option src              'openvpn_tap0'
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT



config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
    option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'
        option reload '1'

config include
        option type 'script'
        option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewal$
        option family 'IPv4'
        option reload '1'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'IPv4'
        option reload '1'

Przy okazji wgrałem firmware  Gargoyle.


Czy są jakieś pomysły na to?

12 Odpowiedź przez bhb

  • bhb
  • Użytkownik
  • Nieaktywny
  • Skąd: Włocławek
  • Zarejestrowany: 2012-04-09
  • Posty: 335

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

nie słuchaj co Ci bhb wypisuje zmiana nazwy to nie zmiana konfiguracji musisz zrobić mostek i poczytać to:
http://eko.one.pl/?p=openwrt-openvpn
i to
http://eko.one.pl/forum/viewtopic.php?pid=61812#p61812

13 Odpowiedź przez dlut

  • dlut
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2015-01-25
  • Posty: 8

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Wszystko na dobrej drodze! Postąpiłem wg:

http://eko.one.pl/forum/viewtopic.php?pid=61812#p61812

i lecą pingi.. smile

Musze jeszcze kilka rzeczy dopracować, ale mam problem z routerm 192.168.2.1 nie mogę się na niego dostać. Nawet po recznym nadaniu IP komputera z którego próbóje wejść... (DHCP daje 192.168.1.X, a ruter ma 192.168.2.1)

14 Odpowiedź przez mnbcv (edytowany przez mnbcv 2015-01-29 10:49:22)

  • mnbcv
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2012-11-20
  • Posty: 53

Odp: NC+ Multiroom na 2 x OpenWRT (Tp-link Mr3420 v2)

Może zburzę twoją koncepcję ... Ale nie dało by się tego zrobić za pomocą n2n? Wydaję mi się że w teorii to było by dużo łatwiejsze podejście do wymagań nc+ multiroom standard (czyli obecności urządzeń w jednej sieci).

Z tego co wiem to jeden edge może mieć adres 192.168.1.1 a drugi 192.168.1.2... i przy okazji n2n omija wszystkie nat itd.

Dodam tylko że mówię w teorii, ponieważ sam jeszcze nie próbowałem tego zrobić.