1 Temat przez roblad

  • roblad
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2013-03-14
  • Posty: 1,036

Temat: Problem OpenVpn z GG 1.5.11.1 i mwan3_1.3-0

Witam,

Wlasnie po calym dniu inwestygacji znalazlem jakis problem z mwan3 i Openvpn w GG. OpenVpn nie wpuszcza klienta.
Po podmianie na poprzednia wersje mwan3 1.2-20 pliku /etc/hotplug.d/iface/15-mwan3 wszystko dziala bez problemu
Log bledow

Nov  4 21:19:11 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: 213.158.217.85:24865 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov  4 21:19:11 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: 213.158.217.85:24865 TLS Error: TLS handshake failed
Nov  4 21:19:11 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: 213.158.217.85:24865 SIGUSR1[soft,tls-error] received, client-instance restarting
Nov  4 21:19:12 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Nov  4 21:19:15 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: MULTI: multi_create_instance called
Nov  4 21:19:15 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:61335 Re-using SSL/TLS context
Nov  4 21:19:15 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:61335 LZO compression initialized
Nov  4 21:19:15 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:61335 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Nov  4 21:19:15 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:61335 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov  4 21:19:15 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:61335 TLS: Initial packet from xx.xx.xx.xx:61335, sid=d9fcc23f 31f30e8c
Nov  4 21:19:24 router_glowny_64m_16flash authpriv.info dropbear[4156]: Child connection from 192.168.200.201:2364
Nov  4 21:19:32 router_glowny_64m_16flash authpriv.notice dropbear[4156]: Password auth succeeded for 'root' from 192.168.200.201:2364
Nov  4 21:19:42 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: xx.xx.xx.xx:52608 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov  4 21:19:42 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: xx.xx.xx.xx:52608 TLS Error: TLS handshake failed
Nov  4 21:19:42 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:52608 SIGUSR1[soft,tls-error] received, client-instance restarting
Nov  4 21:19:57 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: xx.xx.xx.xx:58853 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov  4 21:19:57 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: xx.xx.xx.xx:58853 TLS Error: TLS handshake failed
Nov  4 21:19:57 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:58853 SIGUSR1[soft,tls-error] received, client-instance restarting
Nov  4 21:20:09 router_glowny_64m_16flash daemon.warn dnsmasq-dhcp[2574]: no address range available for DHCP request via eth0.3
Nov  4 21:20:15 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: xx.xx.xx.xx:61335 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov  4 21:20:15 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: xx.xx.xx.xx:61335 TLS Error: TLS handshake failed
Nov  4 21:20:15 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:61335 SIGUSR1[soft,tls-error] received, client-instance restarting
Nov  4 21:20:17 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: MULTI: multi_create_instance called
Nov  4 21:20:17 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:52869 Re-using SSL/TLS context
Nov  4 21:20:17 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:52869 LZO compression initialized
Nov  4 21:20:17 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:52869 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Nov  4 21:20:17 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:52869 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov  4 21:20:17 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:52869 TLS: Initial packet from xx.xx.xx.xx:52869, sid=c2ac3ecd 0082a654
Nov  4 21:21:06 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: MULTI: multi_create_instance called
Nov  4 21:21:06 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:56926 Re-using SSL/TLS context
Nov  4 21:21:06 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:56926 LZO compression initialized
Nov  4 21:21:06 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:56926 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Nov  4 21:21:06 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:56926 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov  4 21:21:06 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:56926 TLS: Initial packet from xx.xx.xx.xx:56926, sid=9b1f9ae6 f2534bd0
Nov  4 21:21:17 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: xx.xx.xx.xx:52869 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov  4 21:21:17 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: xx.xx.xx.xx:52869 TLS Error: TLS handshake failed
Nov  4 21:21:17 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:52869 SIGUSR1[soft,tls-error] received, client-instance restarting
Nov  4 21:22:06 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: xx.xx.xx.xx:56926 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov  4 21:22:06 router_glowny_64m_16flash daemon.err openvpn(custom_config)[10008]: xx.xx.xx.xx:56926 TLS Error: TLS handshake failed
Nov  4 21:22:06 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:56926 SIGUSR1[soft,tls-error] received, client-instance restarting
Nov  4 21:22:07 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: MULTI: multi_create_instance called
Nov  4 21:22:07 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:54518 Re-using SSL/TLS context
Nov  4 21:22:07 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:54518 LZO compression initialized
Nov  4 21:22:07 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:54518 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Nov  4 21:22:07 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:54518 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov  4 21:22:07 router_glowny_64m_16flash daemon.notice openvpn(custom_config)[10008]: xx.xx.xx.xx:54518 TLS: Initial packet from xx.xx.xx.xx:54518, sid=3e7c47a4 ae32142c
root@router_glowny_64m_16flash:~#

Moje konfigi

cat /etc/config/openvpn

config openvpn 'custom_config'
        option config '/etc/openvpn/server.conf'
        option script_security '3'
        option up '/etc/openvpn.up'
        option down '/etc/openvpn.down'
        option enable '1'

        
         cat /etc/config/openvpn_gargoyle

config server 'server'
        option internal_ip '10.8.0.1'
        option internal_mask '255.255.255.0'
        option cipher 'BF-CBC'
        option keysize '128'
        option duplicate_cn 'true'
        option redirect_gateway 'false'
        option subnet_access 'true'
        option subnet_ip '192.168.100.0'
        option subnet_mask '255.255.255.0'
        option pool '10.8.0.2 10.8.0.254 255.255.255.0'
        option port '8086'
        option client_to_client 'true'
        option enabled 'true'
        option proto 'udp'

config client 'client'
        option enabled 'false'

config allowed_client 'klient1'
        option id 'klient1'
        option name 'Klient1_xx.xx.xx.xx'
        option remote 'xx.xx.xx.xx'
        option enabled 'true'

2 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,052

Odp: Problem OpenVpn z GG 1.5.11.1 i mwan3_1.3-0

Zgłaszaj do autora.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

3 Odpowiedź przez roblad (edytowany przez roblad 2013-11-06 14:31:05)

  • roblad
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2013-03-14
  • Posty: 1,036

Odp: Problem OpenVpn z GG 1.5.11.1 i mwan3_1.3-0

Niestaty autor nie odpowiada, przy czym dalej kombinuje z tym:

http://wiki.openwrt.org/doc/howto/mwan3

dot multiwanu i openwpn - tu sie doszukuje problemu z loadbalancerem
tylko troche potrzebuje pomocy jak skonfigurowac serwer - przerobic styandardowy openvpn.config w stosunku co do uruchomieniu openwpn na lokalnym adresie na routerze i zrobic forwarding z wan do lan tak jak jest opisane w/w linku.

4 Odpowiedź przez roblad (edytowany przez roblad 2013-11-06 20:17:59)

  • roblad
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2013-03-14
  • Posty: 1,036

Odp: Problem OpenVpn z GG 1.5.11.1 i mwan3_1.3-0

Witam,

Udalo sie poprawic mozliwosci polaczenia w sposob troche na okretke przy loadbalancerze fileowerze i mozliwoscia polaczenia do openvpnserwera przez wan i wan2 w tym samym czasie

I resolved the problem with multivan and wan1 and wan2 for openvpn to get connection from wan and wan2

wan - 10.0.0.155

wan2 - 192.168.200.100

lan - 192.168.100.0


openvpn server 10.0.0.155 forward w firewallu portu 8086 do lan standardowo jak w openvpn gargoule 192.168.100.100

dodalem dodatkowa regule w firewalu:

z wan2 do wan na adres routera wan 10.0.0.155 port 8086

config redirect
        option target 'DNAT'
        option src_dport '8086'
        option dest_port '8086'
        option name 'Forward8086'
        option proto 'udp'
        option src 'wan2'
        option dest 'wan'
        option dest_ip '10.0.0.155'



teraz jest nie wazne, ktory wan jest dostepny i na ktory aktualnie dziala loadbalancer (jeden problem to jak polozymy interfejs ze nie bedzie mial ip, ale jak zanika nam internet u na ktoryms z wanow to on dalej jest podniesiony z danym ip, gozej jak wypniemy kabel wtedy moja metoda nie dziala, ale mozna zastosowac przekierowanie sztuczke z lokalnym ip w konfiguracji serwera openvpn
sekcja openvpn w tym tutorialu http://wiki.openwrt.org/doc/howto/mwan3   i powinno wszystko dzialac nawet jak wypniemy kabelek z portu z 1 lub z 2 wanu)


konfiguracja klienta dodany serwer backupowy

resolv-retry 60
remote [ipserver] 8086
remote [ipserver 2] 8086

dev             tun
proto           udp


problem z wersja 1.3 byl alias z ustawienia sieci

config alias
    option interface 'loopback'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.255'

po usunieciu wszystko dziala