FAQ o OpenWrt | Sprzedam różne routery | Oddam

vorobiej · 2017-03-05 22:52:41

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Temat: OpenVPN TOMATO i GARGORYLE

Chciałbym na Tomato postawić serwer OpenVPN do którego łaczyłbym się z GARGOYLE na NEXX 3020

Jak wygenerować klucze serwera i klientów?
Mógłbym skorzystać z tego poradnika:
http://www.networkservices.pl/baza-wied … -w-windows
Ale jak wygenerować plik
klient2.conf

Cezary · 2017-03-05 22:58:51

Cezary
...
Nieaktywny

Skąd: Warszawa
Zarejestrowany: 2006-02-25
Posty: 115,915

Odp: OpenVPN TOMATO i GARGORYLE

Jeżeli tomato nie posiada możliwości pobrania konfiga klienta to robisz to ręcznie - wiesz jakie parametry ma ustawione tomato, więc to samo umieszczaj w konfigu klienta.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

vorobiej · 2017-03-07 23:28:25

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

Cezary może jesteś w stanie pomóc.
Certyfikaty wygenerowałem, serwer stoi na tomato (serwer)z zew IP do którego łącze się przez GARGOYLE (klient)z modemem GSM.
Tunel działa, ale nie umiem wejść z sieci LAN tomato czy z zew (internet) na GARGOYLE. Chciałbym łączyć się z rejestratorem CCTV podpiętym do GARGOYLE

https://dl.dropboxusercontent.com/u/231 … oard01.jpg
https://dl.dropboxusercontent.com/u/231 … oard02.jpg
https://dl.dropboxusercontent.com/u/231 … oard03.jpg
https://dl.dropboxusercontent.com/u/231 … oard05.jpg
https://dl.dropboxusercontent.com/u/231 … oard04.jpg

LOG klienta

Tue Mar  7 23:43:36 2017 daemon.notice netifd: wan_4 (2144): /sbin/uci: Invalid argument
Tue Mar  7 23:43:36 2017 daemon.notice netifd: wan_4 (2144): /sbin/uci: Invalid argument
Tue Mar  7 23:43:36 2017 daemon.notice netifd: wan_4 (2144): /sbin/uci: Invalid argument
Tue Mar  7 23:43:36 2017 daemon.notice netifd: wan_4 (2144): /sbin/uci: Invalid argument
Tue Mar  7 23:43:36 2017 daemon.notice netifd: wan_4 (2144): /sbin/uci: Invalid argument
Tue Mar  7 23:43:36 2017 daemon.notice netifd: wan_4 (2144): /sbin/uci: Invalid argument
Tue Mar  7 23:43:36 2017 daemon.notice netifd: wan_4 (2144): /sbin/uci: Invalid argument
Tue Mar  7 23:43:41 2017 daemon.notice openvpn(custom_config)[2180]: TLS: Initial packet from [AF_INET]91.244.191.30:1194, sid=35ecb8d8 d9996797
Tue Mar  7 23:43:44 2017 daemon.notice openvpn(custom_config)[2180]: VERIFY OK: depth=1, C=PL, ST=Podlaskie, L=BielskPodlaski, O=OpenVPN, OU=nexx, CN=nexx, name=nexx, emailAddress=vorobiej@gmail.com
Tue Mar  7 23:43:44 2017 daemon.notice openvpn(custom_config)[2180]: VERIFY OK: nsCertType=SERVER
Tue Mar  7 23:43:44 2017 daemon.notice openvpn(custom_config)[2180]: VERIFY OK: depth=0, C=PL, ST=Podlaskie, L=BielskPodlaski, O=OpenVPN, OU=nexx, CN=pugacewicz.pl, name=nexx, emailAddress=vorobiej@gmail.com
Tue Mar  7 23:43:46 2017 daemon.notice openvpn(custom_config)[2180]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Mar  7 23:43:46 2017 daemon.notice openvpn(custom_config)[2180]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar  7 23:43:46 2017 daemon.notice openvpn(custom_config)[2180]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Mar  7 23:43:46 2017 daemon.notice openvpn(custom_config)[2180]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar  7 23:43:46 2017 daemon.notice openvpn(custom_config)[2180]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Mar  7 23:43:46 2017 daemon.notice openvpn(custom_config)[2180]: [pugacewicz.pl] Peer Connection Initiated with [AF_INET]91.244.191.30:1194
Tue Mar  7 23:43:47 2017 daemon.info hostapd: wlan0: STA 00:1d:0f:b6:a1:02 IEEE 802.11: authenticated
Tue Mar  7 23:43:47 2017 daemon.info hostapd: wlan0: STA 00:1d:0f:b6:a1:02 IEEE 802.11: associated (aid 1)
Tue Mar  7 23:43:47 2017 daemon.info hostapd: wlan0: STA 00:1d:0f:b6:a1:02 WPA: pairwise key handshake completed (WPA)
Tue Mar  7 23:43:48 2017 daemon.info hostapd: wlan0: STA 00:1d:0f:b6:a1:02 WPA: group key handshake completed (WPA)
Tue Mar  7 23:43:48 2017 daemon.info dnsmasq-dhcp[2199]: DHCPREQUEST(br-lan) 192.168.2.186 00:1d:0f:b6:a1:02 
Tue Mar  7 23:43:48 2017 daemon.info dnsmasq-dhcp[2199]: DHCPACK(br-lan) 192.168.2.186 00:1d:0f:b6:a1:02 vvv-Komputer
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: SENT CONTROL [pugacewicz.pl]: 'PUSH_REQUEST' (status=1)
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: OPTIONS IMPORT: route options modified
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: TUN/TAP device tun0 opened
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: TUN/TAP TX queue length set to 100
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: /sbin/route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.8.0.5
Tue Mar  7 23:43:49 2017 daemon.notice netifd: Interface 'vpn' is enabled
Tue Mar  7 23:43:49 2017 daemon.notice netifd: Network device 'tun0' link is up
Tue Mar  7 23:43:49 2017 daemon.notice netifd: Interface 'vpn' has link connectivity 
Tue Mar  7 23:43:49 2017 daemon.notice netifd: Interface 'vpn' is setting up now
Tue Mar  7 23:43:49 2017 daemon.notice netifd: Interface 'vpn' is now up
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Tue Mar  7 23:43:49 2017 daemon.notice openvpn(custom_config)[2180]: Initialization Sequence Completed
Tue Mar  7 23:43:49 2017 kern.notice kernel: [   62.000000] random: nonblocking pool is initialized
Tue Mar  7 23:43:54 2017 daemon.info dnsmasq-dhcp[2199]: DHCPINFORM(br-lan) 192.168.2.186 00:1d:0f:b6:a1:02 
Tue Mar  7 23:43:54 2017 daemon.info dnsmasq-dhcp[2199]: DHCPACK(br-lan) 192.168.2.186 00:1d:0f:b6:a1:02 vvv-Komputer
Tue Mar  7 23:43:59 2017 user.notice root: vsftpd init: mounted = 0
Tue Mar  7 23:43:59 2017 user.emerg syslog: ERROR: No drives attached, no directories to share!
Tue Mar  7 23:43:59 2017 user.emerg syslog: setting up led power
Tue Mar  7 23:43:59 2017 daemon.info procd: - init complete -
Tue Mar  7 23:44:39 2017 user.notice firewall: Reloading firewall due to ifup of wan6 (eth0.2)
Tue Mar  7 23:44:41 2017 user.notice firewall: Reloading firewall due to ifup of wan (wwan0)
Tue Mar  7 23:44:42 2017 kern.warn kernel: [   83.020000] ipt_bandwidth: timezone shift of 60 minutes detected, adjusting
Tue Mar  7 23:44:42 2017 kern.warn kernel: [   83.030000]                old minutes west=0, new minutes west=-60
Success

LOG TOMATO

Mar  8 08:28:54 unknown daemon.notice openvpn[32651]: 94.254.230.28:22083 TLS: Initial packet from [AF_INET]94.254.230.28:22083, sid=94bd4012 c4e277a8
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: 94.254.230.28:22083 VERIFY OK: depth=1, C=PL, ST=Podlaskie, L=BielskPodlaski, O=OpenVPN, OU=nexx, CN=nexx, name=nexx, emailAddress=vorobiej@gmail.com
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: 94.254.230.28:22083 VERIFY OK: depth=0, C=PL, ST=Podlaskie, L=BielskPodlaski, O=OpenVPN, OU=nexx, CN=client1, name=nexx, emailAddress=vorobiej@gmail.com
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: 94.254.230.28:22083 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: 94.254.230.28:22083 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: 94.254.230.28:22083 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: 94.254.230.28:22083 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: 94.254.230.28:22083 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: 94.254.230.28:22083 [client1] Peer Connection Initiated with [AF_INET]94.254.230.28:22083
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: MULTI: Learn: 10.8.0.6 -> client1/94.254.230.28:22083
Mar  8 08:28:57 unknown daemon.notice openvpn[32651]: MULTI: primary virtual IP for client1/94.254.230.28:22083: 10.8.0.6
Mar  8 08:29:00 unknown daemon.notice openvpn[32651]: client1/94.254.230.28:22083 PUSH: Received control message: 'PUSH_REQUEST'
Mar  8 08:29:00 unknown daemon.notice openvpn[32651]: client1/94.254.230.28:22083 send_push_reply(): safe_cap=940
Mar  8 08:29:00 unknown daemon.notice openvpn[32651]: client1/94.254.230.28:22083 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Mar  8 08:29:16 unknown daemon.warn openvpn[32651]: client1/94.254.230.28:22083 IP packet with unknown IP version=15 seen
Mar  8 08:29:22 unknown daemon.err openvpn[32651]: event_wait : Interrupted system call (code=4)
Mar  8 08:29:22 unknown daemon.notice openvpn[32651]: TITLE,OpenVPN 2.3.11 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug  1 2016
Mar  8 08:29:22 unknown daemon.notice openvpn[32651]: TIME,Wed Mar  8 08:29:22 2017,1488958162
Mar  8 08:29:22 unknown daemon.notice openvpn[32651]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
Mar  8 08:29:22 unknown daemon.notice openvpn[32651]: CLIENT_LIST,client1,94.254.230.28:22083,10.8.0.6,4427,5108,Wed Mar  8 08:28:54 2017,1488958134,UNDEF
Mar  8 08:29:22 unknown daemon.notice openvpn[32651]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Mar  8 08:29:22 unknown daemon.notice openvpn[32651]: ROUTING_TABLE,10.8.0.6,client1,94.254.230.28:22083,Wed Mar  8 08:28:57 2017,1488958137
Mar  8 08:29:22 unknown daemon.notice openvpn[32651]: GLOBAL_STATS,Max bcast/mcast queue length,0
Mar  8 08:29:22 unknown daemon.notice openvpn[32651]: END
Mar  8 08:29:26 unknown daemon.err openvpn[32651]: event_wait : Interrupted system call (code=4)
Mar  8 08:29:26 unknown daemon.notice openvpn[32651]: /sbin/route del -net 10.8.0.0 netmask 255.255.255.0
Mar  8 08:29:26 unknown daemon.notice openvpn[32651]: Closing TUN/TAP interface
Mar  8 08:29:26 unknown daemon.notice openvpn[32651]: /sbin/ifconfig tun21 0.0.0.0
Mar  8 08:29:26 unknown daemon.notice openvpn[32651]: SIGTERM[hard,] received, process exiting
Mar  8 08:30:17 unknown daemon.info dnsmasq-dhcp[2821]: DHCPREQUEST(br0) 10.0.0.13 64:cc:2e:d7:56:8c 
Mar  8 08:30:17 unknown daemon.info dnsmasq-dhcp[2821]: DHCPACK(br0) 10.0.0.13 64:cc:2e:d7:56:8c Redmi3-Redmi
Mar  8 08:30:27 unknown user.info kernel: tun: Universal TUN/TAP device driver, 1.6
Mar  8 08:30:27 unknown user.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Mar  8 08:30:27 unknown user.info kernel: device tun21 entered promiscuous mode
Mar  8 08:30:27 unknown daemon.notice openvpn[2747]: OpenVPN 2.3.11 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug  1 2016
Mar  8 08:30:27 unknown daemon.notice openvpn[2747]: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: Diffie-Hellman initialized with 2048 bit key
Mar  8 08:30:27 unknown daemon.warn openvpn[2753]: WARNING: file '/tmp/mnt/KINGSTON/openvpn/server.key' is group or others accessible
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: Socket Buffers: R=[112640->112640] S=[112640->112640]
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: TUN/TAP device tun21 opened
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: TUN/TAP TX queue length set to 100
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: /sbin/ifconfig tun21 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: UDPv4 link local (bound): [undef]
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: UDPv4 link remote: [undef]
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: MULTI: multi_init called, r=256 v=256
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Mar  8 08:30:27 unknown daemon.notice openvpn[2753]: Initialization Sequence Completed
Mar  8 08:30:32 unknown daemon.err openvpn[2753]: event_wait : Interrupted system call (code=4)
Mar  8 08:30:32 unknown daemon.notice openvpn[2753]: TITLE,OpenVPN 2.3.11 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug  1 2016
Mar  8 08:30:32 unknown daemon.notice openvpn[2753]: TIME,Wed Mar  8 08:30:32 2017,1488958232
Mar  8 08:30:32 unknown daemon.notice openvpn[2753]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
Mar  8 08:30:32 unknown daemon.notice openvpn[2753]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Mar  8 08:30:32 unknown daemon.notice openvpn[2753]: GLOBAL_STATS,Max bcast/mcast queue length,0
Mar  8 08:30:32 unknown daemon.notice openvpn[2753]: END
Mar  8 08:30:33 unknown daemon.notice openvpn[2753]: 94.254.230.28:22140 TLS: Initial packet from [AF_INET]94.254.230.28:22140, sid=78a64444 819b007a
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: 94.254.230.28:22140 VERIFY OK: depth=1, C=PL, ST=Podlaskie, L=BielskPodlaski, O=OpenVPN, OU=nexx, CN=nexx, name=nexx, emailAddress=vorobiej@gmail.com
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: 94.254.230.28:22140 VERIFY OK: depth=0, C=PL, ST=Podlaskie, L=BielskPodlaski, O=OpenVPN, OU=nexx, CN=client1, name=nexx, emailAddress=vorobiej@gmail.com
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: 94.254.230.28:22140 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: 94.254.230.28:22140 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: 94.254.230.28:22140 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: 94.254.230.28:22140 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: 94.254.230.28:22140 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: 94.254.230.28:22140 [client1] Peer Connection Initiated with [AF_INET]94.254.230.28:22140
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: client1/94.254.230.28:22140 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: client1/94.254.230.28:22140 MULTI: Learn: 10.8.0.6 -> client1/94.254.230.28:22140
Mar  8 08:30:36 unknown daemon.notice openvpn[2753]: client1/94.254.230.28:22140 MULTI: primary virtual IP for client1/94.254.230.28:22140: 10.8.0.6
Mar  8 08:30:39 unknown daemon.notice openvpn[2753]: client1/94.254.230.28:22140 PUSH: Received control message: 'PUSH_REQUEST'
Mar  8 08:30:39 unknown daemon.notice openvpn[2753]: client1/94.254.230.28:22140 send_push_reply(): safe_cap=940
Mar  8 08:30:39 unknown daemon.notice openvpn[2753]: client1/94.254.230.28:22140 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Mar  8 08:30:50 unknown daemon.err openvpn[2753]: event_wait : Interrupted system call (code=4)
Mar  8 08:30:50 unknown daemon.notice openvpn[2753]: TITLE,OpenVPN 2.3.11 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug  1 2016
Mar  8 08:30:50 unknown daemon.notice openvpn[2753]: TIME,Wed Mar  8 08:30:50 2017,1488958250
Mar  8 08:30:50 unknown daemon.notice openvpn[2753]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
Mar  8 08:30:50 unknown daemon.notice openvpn[2753]: CLIENT_LIST,client1,94.254.230.28:22140,10.8.0.6,4336,5039,Wed Mar  8 08:30:33 2017,1488958233,UNDEF
Mar  8 08:30:50 unknown daemon.notice openvpn[2753]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Mar  8 08:30:50 unknown daemon.notice openvpn[2753]: ROUTING_TABLE,10.8.0.6,client1,94.254.230.28:22140,Wed Mar  8 08:30:36 2017,1488958236
Mar  8 08:30:50 unknown daemon.notice openvpn[2753]: GLOBAL_STATS,Max bcast/mcast queue length,0
Mar  8 08:30:50 unknown daemon.notice openvpn[2753]: END
Mar  8 08:30:54 unknown daemon.warn openvpn[2753]: client1/94.254.230.28:22140 IP packet with unknown IP version=15 seen
Mar  8 08:31:10 unknown daemon.warn openvpn[2753]: client1/94.254.230.28:22140 IP packet with unknown IP version=15 seen
Mar  8 08:31:25 unknown daemon.warn openvpn[2753]: client1/94.254.230.28:22140 IP packet with unknown IP version=15 seen
Mar  8 08:31:41 unknown daemon.notice openvpn[2753]: 94.254.230.28:22110 TLS: Initial packet from [AF_INET]94.254.230.28:22110, sid=536b5a2e 6cd826b7
Mar  8 08:31:42 unknown daemon.err openvpn[2753]: event_wait : Interrupted system call (code=4)
Mar  8 08:31:42 unknown daemon.notice openvpn[2753]: TITLE,OpenVPN 2.3.11 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug  1 2016
Mar  8 08:31:42 unknown daemon.notice openvpn[2753]: TIME,Wed Mar  8 08:31:42 2017,1488958302
Mar  8 08:31:42 unknown daemon.notice openvpn[2753]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
Mar  8 08:31:42 unknown daemon.notice openvpn[2753]: CLIENT_LIST,UNDEF,94.254.230.28:22110,,36,26,Wed Mar  8 08:31:41 2017,1488958301,UNDEF
Mar  8 08:31:42 unknown daemon.notice openvpn[2753]: CLIENT_LIST,client1,94.254.230.28:22140,10.8.0.6,4543,5315,Wed Mar  8 08:30:33 2017,1488958233,UNDEF
Mar  8 08:31:42 unknown daemon.notice openvpn[2753]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Mar  8 08:31:42 unknown daemon.notice openvpn[2753]: ROUTING_TABLE,10.8.0.6,client1,94.254.230.28:22140,Wed Mar  8 08:30:36 2017,1488958236
Mar  8 08:31:42 unknown daemon.notice openvpn[2753]: GLOBAL_STATS,Max bcast/mcast queue length,0
Mar  8 08:31:42 unknown daemon.notice openvpn[2753]: END
Mar  8 08:31:44 unknown daemon.notice openvpn[2753]: 94.254.230.28:22110 VERIFY OK: depth=1, C=PL, ST=Podlaskie, L=BielskPodlaski, O=OpenVPN, OU=nexx, CN=nexx, name=nexx, emailAddress=vorobiej@gmail.com
Mar  8 08:31:44 unknown daemon.notice openvpn[2753]: 94.254.230.28:22110 VERIFY OK: depth=0, C=PL, ST=Podlaskie, L=BielskPodlaski, O=OpenVPN, OU=nexx, CN=client1, name=nexx, emailAddress=vorobiej@gmail.com
Mar  8 08:31:45 unknown daemon.notice openvpn[2753]: 94.254.230.28:22110 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar  8 08:31:45 unknown daemon.notice openvpn[2753]: 94.254.230.28:22110 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar  8 08:31:45 unknown daemon.notice openvpn[2753]: 94.254.230.28:22110 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar  8 08:31:45 unknown daemon.notice openvpn[2753]: 94.254.230.28:22110 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar  8 08:31:45 unknown daemon.notice openvpn[2753]: 94.254.230.28:22110 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar  8 08:31:45 unknown daemon.notice openvpn[2753]: 94.254.230.28:22110 [client1] Peer Connection Initiated with [AF_INET]94.254.230.28:22110
Mar  8 08:31:45 unknown daemon.notice openvpn[2753]: MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Mar  8 08:31:45 unknown daemon.notice openvpn[2753]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Mar  8 08:31:45 unknown daemon.notice openvpn[2753]: MULTI: Learn: 10.8.0.6 -> client1/94.254.230.28:22110
Mar  8 08:31:45 unknown daemon.notice openvpn[2753]: MULTI: primary virtual IP for client1/94.254.230.28:22110: 10.8.0.6
Mar  8 08:31:47 unknown daemon.notice openvpn[2753]: client1/94.254.230.28:22110 PUSH: Received control message: 'PUSH_REQUEST'
Mar  8 08:31:47 unknown daemon.notice openvpn[2753]: client1/94.254.230.28:22110 send_push_reply(): safe_cap=940
Mar  8 08:31:47 unknown daemon.notice openvpn[2753]: client1/94.254.230.28:22110 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 10.8.0.1,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5' (status=1)

khain · 2017-03-08 08:24:00

khain
Użytkownik
Nieaktywny

Zarejestrowany: 2013-09-15
Posty: 328

Odp: OpenVPN TOMATO i GARGORYLE

Wstaw zwykłe linki (a nie jako obrazek) oraz wrzuć logi serwera openvpn z tomato.

TP-Link TL-WDR3600 v1.5 - OpenWrt Chaos Calmer 15.05.1 with Luci +Microsoft LifeCam VX-3000
RaspberryPi 2 - OMV Stone Burner 2.0.15 +Creative SB Play +Medion OR24V +DVB-T Media-Tech MT4163 +MP00202AC +3xDS18B20 +HIH-4000-002 +MPXHZ6115A +Samsung SPF-85H +D-Link DUB-H7

vorobiej · 2017-03-08 08:33:03

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

khain napisał/a:

Wstaw zwykłe linki (a nie jako obrazek) oraz wrzuć logi serwera openvpn z tomato.

Poprawiłem

khain · 2017-03-08 09:12:31

khain
Użytkownik
Nieaktywny

Zarejestrowany: 2013-09-15
Posty: 328

Odp: OpenVPN TOMATO i GARGORYLE

1) Nie masz podanego klucza tls-auth w serwerze i kliencie, więc jeśli nie używasz dodatkowego uwierzytelniania klientów openvpn (zalecam używać) to wyłącz opcję "Extra HMAC authorization" w tomato
2) Musisz wysłać info o podsieci za serwerem do tablicy routingu klienta. Tu masz opis jak to zrobić https://openlinksys.info/forum/viewthre … ost_134316
3) Nie musisz ręcznie otwierać portu, openvpn robi to sam gdy serwer wstaje.

TP-Link TL-WDR3600 v1.5 - OpenWrt Chaos Calmer 15.05.1 with Luci +Microsoft LifeCam VX-3000
RaspberryPi 2 - OMV Stone Burner 2.0.15 +Creative SB Play +Medion OR24V +DVB-T Media-Tech MT4163 +MP00202AC +3xDS18B20 +HIH-4000-002 +MPXHZ6115A +Samsung SPF-85H +D-Link DUB-H7

vorobiej · 2017-03-08 20:44:46

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

Dodałem klucz tls-auth
te same pliki ta.key na serwerze i kliencie
teraz nie może się jedno z drugim połączyć
w logach serwera:

Mar  8 20:42:32 unknown daemon.err openvpn[10301]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar  8 20:42:32 unknown daemon.err openvpn[10301]: TLS Error: incoming packet authentication failed from [AF_INET]94.254.228.28:46390
Mar  8 20:42:34 unknown daemon.err openvpn[10301]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar  8 20:42:34 unknown daemon.err openvpn[10301]: TLS Error: incoming packet authentication failed from [AF_INET]94.254.228.28:46390
Mar  8 20:42:38 unknown daemon.err openvpn[10301]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar  8 20:42:38 unknown daemon.err openvpn[10301]: TLS Error: incoming packet authentication failed from [AF_INET]94.254.228.28:46390

logi klienta:

Wed Mar  8 20:43:17 2017 daemon.info dnsmasq-dhcp[2183]: DHCPDISCOVER(br-lan) b8:27:eb:79:af:18 
Wed Mar  8 20:43:17 2017 daemon.info dnsmasq-dhcp[2183]: DHCPOFFER(br-lan) 192.168.2.128 b8:27:eb:79:af:18 
Wed Mar  8 20:43:17 2017 daemon.info dnsmasq-dhcp[2183]: DHCPREQUEST(br-lan) 192.168.2.128 b8:27:eb:79:af:18 
Wed Mar  8 20:43:17 2017 daemon.info dnsmasq-dhcp[2183]: DHCPACK(br-lan) 192.168.2.128 b8:27:eb:79:af:18 osmc
Wed Mar  8 20:43:30 2017 daemon.err openvpn(custom_config)[2248]: event_wait : Interrupted system call (code=4)
Wed Mar  8 20:43:30 2017 daemon.notice openvpn(custom_config)[2248]: SIGTERM[hard,] received, process exiting
Wed Mar  8 20:43:30 2017 daemon.notice openvpn(custom_config)[3663]: OpenVPN 2.3.6 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Feb 16 2017
Wed Mar  8 20:43:30 2017 daemon.notice openvpn(custom_config)[3663]: library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.08
Wed Mar  8 20:43:30 2017 daemon.warn openvpn(custom_config)[3663]: Note: cannot open /var/openvpn/current_status for WRITE
Wed Mar  8 20:43:30 2017 daemon.warn openvpn(custom_config)[3663]: WARNING: file '/etc/openvpn/grouter_client_nskmzottfofp.key' is group or others accessible
Wed Mar  8 20:43:30 2017 daemon.warn openvpn(custom_config)[3663]: WARNING: file '/etc/openvpn/grouter_client_nskmzottfofp_ta.key' is group or others accessible
Wed Mar  8 20:43:30 2017 daemon.notice openvpn(custom_config)[3663]: Control Channel Authentication: using '/etc/openvpn/grouter_client_nskmzottfofp_ta.key' as a OpenVPN static key file
Wed Mar  8 20:43:30 2017 daemon.notice openvpn(custom_config)[3663]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar  8 20:43:30 2017 daemon.notice openvpn(custom_config)[3663]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar  8 20:43:30 2017 daemon.notice openvpn(custom_config)[3663]: Socket Buffers: R=[163840->131072] S=[163840->131072]
Wed Mar  8 20:43:30 2017 daemon.notice openvpn(custom_config)[3663]: UDPv4 link local: [undef]
Wed Mar  8 20:43:30 2017 daemon.notice openvpn(custom_config)[3663]: UDPv4 link remote: [AF_INET]91.244.191.30:1194
Success

tutaj konfiguracja klienta
https://dl.dropboxusercontent.com/u/231 … ard011.jpg

konfiguracja serwera
https://dl.dropboxusercontent.com/u/231 … ard021.jpg
https://dl.dropboxusercontent.com/u/231 … ard031.jpg

vorobiej · 2017-03-09 07:28:14

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

wygenerowałem od nowa
ta.key
i działa

Kolejny problem.
W otoczeniu sieciowym nie widać urządzeń podpiętych do klienta.

khain · 2017-03-09 08:04:55

khain
Użytkownik
Nieaktywny

Zarejestrowany: 2013-09-15
Posty: 328

Odp: OpenVPN TOMATO i GARGORYLE

Przy tun nie będzie widać otoczenia sieciowego. Zastosuj tap, aczkolwiek nie przy łączeniu dwóch podsieci (gdy klientem jest router).

TP-Link TL-WDR3600 v1.5 - OpenWrt Chaos Calmer 15.05.1 with Luci +Microsoft LifeCam VX-3000
RaspberryPi 2 - OMV Stone Burner 2.0.15 +Creative SB Play +Medion OR24V +DVB-T Media-Tech MT4163 +MP00202AC +3xDS18B20 +HIH-4000-002 +MPXHZ6115A +Samsung SPF-85H +D-Link DUB-H7

vorobiej · 2017-03-09 08:23:13

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

Jeszcze jedno pytanie.

Chciałbym mieć możliwość logować się na gargoyle (klient) i podłączonych urządzeń do gargoyle (rejestrator, NAS)
z komputerów podpiętych do tomato (serwer) i z zewnątrz sieci.

Zrobiłem to co napisałeś wcześniej, ale nie działa.

khain · 2017-03-09 08:29:22

khain
Użytkownik
Nieaktywny

Zarejestrowany: 2013-09-15
Posty: 328

Odp: OpenVPN TOMATO i GARGORYLE

Musisz jeszcze dodać na kliencie forwarding pomiędzy lan a vpn.

TP-Link TL-WDR3600 v1.5 - OpenWrt Chaos Calmer 15.05.1 with Luci +Microsoft LifeCam VX-3000
RaspberryPi 2 - OMV Stone Burner 2.0.15 +Creative SB Play +Medion OR24V +DVB-T Media-Tech MT4163 +MP00202AC +3xDS18B20 +HIH-4000-002 +MPXHZ6115A +Samsung SPF-85H +D-Link DUB-H7

vorobiej · 2017-03-09 08:33:28

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

Mógłbyś napisać w jaki sposób na gargoyle ustawić forwarding?

khain · 2017-03-09 09:06:27

khain
Użytkownik
Nieaktywny

Zarejestrowany: 2013-09-15
Posty: 328

Odp: OpenVPN TOMATO i GARGORYLE

uci add firewall forwarding
uci set firewall.@forwarding[-1].src='vpn'
uci set firewall.@forwarding[-1].dest='lan'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpn'
uci commit firewall

/etc/init.d/firewall restart

Zakładając, że w /etc/config/network masz utworzony interfejs vpn.

TP-Link TL-WDR3600 v1.5 - OpenWrt Chaos Calmer 15.05.1 with Luci +Microsoft LifeCam VX-3000
RaspberryPi 2 - OMV Stone Burner 2.0.15 +Creative SB Play +Medion OR24V +DVB-T Media-Tech MT4163 +MP00202AC +3xDS18B20 +HIH-4000-002 +MPXHZ6115A +Samsung SPF-85H +D-Link DUB-H7

vorobiej · 2017-03-17 22:09:41

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

Rozbudowałem trochę sieć VPN o kolejnych klientów i nadal ma ten sam problem
Serwer mam na tomato, jeden klient na GARGOYLE, drugi na tomato.
Problem jest z klientem Gargoyle. Nie mogę z klienta ani do klienta połączyć się przez VPN do urządzeń podłączonych do serwera czy do klienta z tomato.
Przy kompach i urządzeniach podpiętych do serwera i klienta z tomato problem nie występuje.

konfiguracja klienta gargoyle
https://www.dropbox.com/s/n6sib6w7dsrcd … e.jpg?dl=0

konfiguracja klienta tomato
https://www.dropbox.com/s/jhbom786k8yq9 … 1.jpg?dl=0
https://www.dropbox.com/s/uy7p3wg6w9ild … 2.jpg?dl=0
https://www.dropbox.com/s/6whbkfcen3ior … 3.jpg?dl=0

konfiguracja serwera
https://www.dropbox.com/s/41hly6to773n3 … 1.jpg?dl=0
https://www.dropbox.com/s/t5oyunp1m7l3e … 2.jpg?dl=0

vorobiej · 2017-03-18 19:49:21

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

Nakierujcie mnie jakoś, bo walcze z tym i nic mi nie wychodzi, ciągle ten sam skutek.
serwer tomato z klientem tomato współpracują tak jak powinny, klient gargoyle niestety nie, połączony, ale tak jakby tunel nie istniał. pingi nie działają, firewall na gargoyle wyłączyłem i nadal to samo.

khain · 2017-03-18 20:12:57

khain
Użytkownik
Nieaktywny

Zarejestrowany: 2013-09-15
Posty: 328

Odp: OpenVPN TOMATO i GARGORYLE

Wrzuć tablicę routingu oraz uci show firewall z Gargoyle.

TP-Link TL-WDR3600 v1.5 - OpenWrt Chaos Calmer 15.05.1 with Luci +Microsoft LifeCam VX-3000
RaspberryPi 2 - OMV Stone Burner 2.0.15 +Creative SB Play +Medion OR24V +DVB-T Media-Tech MT4163 +MP00202AC +3xDS18B20 +HIH-4000-002 +MPXHZ6115A +Samsung SPF-85H +D-Link DUB-H7

vorobiej · 2017-03-18 20:18:35

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

uci show firewall

root@Gargoyle:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable                                                                                                                                                             ' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-so                                                                                                                                                             licitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertise                                                                                                                                                             ment'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable                                                                                                                                                             ' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@include[0].reload='1'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[1]=include
firewall.@include[1].type='script'
firewall.@include[1].path='/usr/lib/gargoyle_firewall_util/gargoyle_additions.fi                                                                                                                                                             rewall'
firewall.@include[1].family='IPv4'
firewall.@include[1].reload='1'
firewall.openvpn_include_file=include
firewall.openvpn_include_file.path='/etc/openvpn.firewall'
firewall.openvpn_include_file.reload='1'
firewall.vpn_zone=zone
firewall.vpn_zone.name='vpn'
firewall.vpn_zone.network='vpn'
firewall.vpn_zone.input='ACCEPT'
firewall.vpn_zone.output='ACCEPT'
firewall.vpn_zone.forward='ACCEPT'
firewall.vpn_zone.mtu_fix='1'
firewall.vpn_zone.masq='1'
firewall.vpn_lan_forwarding=forwarding
firewall.vpn_lan_forwarding.src='lan'
firewall.vpn_lan_forwarding.dest='vpn'
firewall.lan_vpn_forwarding=forwarding
firewall.lan_vpn_forwarding.src='vpn'
firewall.lan_vpn_forwarding.dest='lan'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].src='vpn'
firewall.@forwarding[1].dest='lan'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].src='lan'
firewall.@forwarding[2].dest='vpn'
firewall.ra_443_443=remote_accept
firewall.ra_443_443.local_port='443'
firewall.ra_443_443.remote_port='443'
firewall.ra_443_443.proto='tcp'
firewall.ra_443_443.zone='wan'
firewall.ra_80_80=remote_accept
firewall.ra_80_80.local_port='80'
firewall.ra_80_80.remote_port='80'
firewall.ra_80_80.proto='tcp'
firewall.ra_80_80.zone='wan'

root@Gargoyle:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.64.64.64     0.0.0.0         UG    0      0        0 3g-wan
10.0.0.0        10.8.0.9        255.255.255.0   UG    0      0        0 tun0
10.8.0.0        10.8.0.9        255.255.255.0   UG    0      0        0 tun0
10.8.0.9        *               255.255.255.255 UH    0      0        0 tun0
10.64.64.64     *               255.255.255.255 UH    0      0        0 3g-wan
192.168.1.0     10.8.0.9        255.255.255.0   UG    0      0        0 tun0
192.168.2.0     *               255.255.255.0   U     0      0        0 br-lan
root@Gargoyle:~#

vorobiej · 2017-03-20 21:02:14

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

Jest ktoś w stanie pomóc?

khain · 2017-03-21 08:20:02

khain
Użytkownik
Nieaktywny

Zarejestrowany: 2013-09-15
Posty: 328

Odp: OpenVPN TOMATO i GARGORYLE

Tak na szybko, bo nie mam jak przetestować:
1) Usuń wpis ten wpis z tablicy routingu:

10.0.0.0        10.8.0.9        255.255.255.0   UG    0      0        0 tun0

2) Masz podwójny wpis w firewall odnośnie forwardingu vpn->lan oraz lan->vpn
3) opcja topology subnet w kliencie jest zbędna

TP-Link TL-WDR3600 v1.5 - OpenWrt Chaos Calmer 15.05.1 with Luci +Microsoft LifeCam VX-3000
RaspberryPi 2 - OMV Stone Burner 2.0.15 +Creative SB Play +Medion OR24V +DVB-T Media-Tech MT4163 +MP00202AC +3xDS18B20 +HIH-4000-002 +MPXHZ6115A +Samsung SPF-85H +D-Link DUB-H7

vorobiej · 2017-03-21 18:59:44

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

Wybacz moje pytanie, ale raczkuję w tym.
jak usunąć wpis?

Wpisałem:

root@Gargoyle:~# route del -net 10.0.0.0 netmask 255.255.255.0 dev tun0

Niestety nadal mam ten sam problem.

khain · 2017-03-22 11:30:16

khain
Użytkownik
Nieaktywny

Zarejestrowany: 2013-09-15
Posty: 328

Odp: OpenVPN TOMATO i GARGORYLE

A jak wyłączysz openvpn na Gargoyle to ta trasa znika z tablicy routingu?

TP-Link TL-WDR3600 v1.5 - OpenWrt Chaos Calmer 15.05.1 with Luci +Microsoft LifeCam VX-3000
RaspberryPi 2 - OMV Stone Burner 2.0.15 +Creative SB Play +Medion OR24V +DVB-T Media-Tech MT4163 +MP00202AC +3xDS18B20 +HIH-4000-002 +MPXHZ6115A +Samsung SPF-85H +D-Link DUB-H7

vorobiej · 2017-03-22 13:18:30

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

Trochę niejasno napisałem
po

route del -net 10.0.0.0 netmask 255.255.255.0 dev tun0

wpis zniknął

ale nadal nie jestem w stanie połączyć się z gargoyle po gsm przez tunel.

vorobiej · 2017-03-22 22:49:31

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

w logach serwera mam:

Mar 22 22:47:24 unknown daemon.notice openvpn[2631]: OPTIONS IMPORT: reading client specific options from: ccd/client1
Mar 22 22:47:24 unknown daemon.notice openvpn[2631]: MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)
Mar 22 22:47:24 unknown daemon.notice openvpn[2631]: MULTI: Learn: 10.8.0.10 -> client1/94.254.238.23:11517
Mar 22 22:47:24 unknown daemon.notice openvpn[2631]: MULTI: primary virtual IP for client1/94.254.238.23:11517: 10.8.0.10
Mar 22 22:47:24 unknown daemon.notice openvpn[2631]: MULTI: internal route 192.168.2.0/24 -> client1/94.254.238.23:11517
Mar 22 22:47:24 unknown daemon.notice openvpn[2631]: MULTI: Learn: 192.168.2.0/24 -> client1/94.254.238.23:11517
Mar 22 22:47:24 unknown daemon.notice openvpn[2631]: REMOVE PUSH ROUTE: 'route 192.168.2.0 255.255.255.0'
Mar 22 22:47:26 unknown daemon.notice openvpn[2631]: client1/94.254.238.23:11517 PUSH: Received control message: 'PUSH_REQUEST'
Mar 22 22:47:26 unknown daemon.notice openvpn[2631]: client1/94.254.238.23:11517 send_push_reply(): safe_cap=940
Mar 22 22:47:26 unknown daemon.notice openvpn[2631]: client1/94.254.238.23:11517 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 192.168.1.0 255.255.255.0,dhcp-option DNS 10.0.0.101,route 10.8.0.0 255.255.255.0,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9' (status=1)
Mar 22 22:47:41 unknown daemon.warn openvpn[2631]: client1/94.254.238.23:11517 IP packet with unknown IP version=15 seen
Mar 22 22:47:56 unknown daemon.warn openvpn[2631]: client1/94.254.238.23:11517 IP packet with unknown IP version=15 seen

wpis:
REMOVE PUSH ROUTE: 'route 192.168.2.0 255.255.255.0'

tak powinno byc?

vorobiej · 2017-03-22 23:14:04

vorobiej
Użytkownik
Nieaktywny

Zarejestrowany: 2017-02-10
Posty: 25

Odp: OpenVPN TOMATO i GARGORYLE

Uporałem się
Problem był w sposobie kompresji
Wystarczyło w TOMATO w opcji

COMPRESSION wybrać NONE

standardowo jest DISABLED

Dziękuję bardzo za poświęcony czas

nareszcie działa

FAQ o OpenWrt | Sprzedam różne routery | Oddam

OpenVPN TOMATO i GARGORYLE

Posty: 24

1 Temat przez vorobiej 2017-03-05 22:52:41

Temat: OpenVPN TOMATO i GARGORYLE

2 Odpowiedź przez Cezary 2017-03-05 22:58:51

Odp: OpenVPN TOMATO i GARGORYLE

3 Odpowiedź przez vorobiej 2017-03-07 23:28:25 (edytowany przez vorobiej 2017-03-08 08:32:43)

Odp: OpenVPN TOMATO i GARGORYLE

4 Odpowiedź przez khain 2017-03-08 08:24:00

Odp: OpenVPN TOMATO i GARGORYLE

5 Odpowiedź przez vorobiej 2017-03-08 08:33:03

Odp: OpenVPN TOMATO i GARGORYLE

6 Odpowiedź przez khain 2017-03-08 09:12:31 (edytowany przez khain 2017-03-08 10:32:57)

Odp: OpenVPN TOMATO i GARGORYLE

7 Odpowiedź przez vorobiej 2017-03-08 20:44:46

Odp: OpenVPN TOMATO i GARGORYLE

8 Odpowiedź przez vorobiej 2017-03-09 07:28:14 (edytowany przez vorobiej 2017-03-09 07:30:00)

Odp: OpenVPN TOMATO i GARGORYLE

9 Odpowiedź przez khain 2017-03-09 08:04:55

Odp: OpenVPN TOMATO i GARGORYLE

10 Odpowiedź przez vorobiej 2017-03-09 08:23:13

Odp: OpenVPN TOMATO i GARGORYLE

11 Odpowiedź przez khain 2017-03-09 08:29:22

Odp: OpenVPN TOMATO i GARGORYLE

12 Odpowiedź przez vorobiej 2017-03-09 08:33:28

Odp: OpenVPN TOMATO i GARGORYLE

13 Odpowiedź przez khain 2017-03-09 09:06:27 (edytowany przez khain 2017-03-09 09:07:10)

Odp: OpenVPN TOMATO i GARGORYLE

14 Odpowiedź przez vorobiej 2017-03-17 22:09:41

Odp: OpenVPN TOMATO i GARGORYLE

15 Odpowiedź przez vorobiej 2017-03-18 19:49:21

Odp: OpenVPN TOMATO i GARGORYLE

16 Odpowiedź przez khain 2017-03-18 20:12:57

Odp: OpenVPN TOMATO i GARGORYLE

17 Odpowiedź przez vorobiej 2017-03-18 20:18:35

Odp: OpenVPN TOMATO i GARGORYLE

18 Odpowiedź przez vorobiej 2017-03-20 21:02:14

Odp: OpenVPN TOMATO i GARGORYLE

19 Odpowiedź przez khain 2017-03-21 08:20:02 (edytowany przez khain 2017-03-21 08:20:14)

Odp: OpenVPN TOMATO i GARGORYLE

20 Odpowiedź przez vorobiej 2017-03-21 18:59:44 (edytowany przez vorobiej 2017-03-21 22:05:46)

Odp: OpenVPN TOMATO i GARGORYLE

21 Odpowiedź przez khain 2017-03-22 11:30:16

Odp: OpenVPN TOMATO i GARGORYLE

22 Odpowiedź przez vorobiej 2017-03-22 13:18:30 (edytowany przez vorobiej 2017-03-22 13:23:52)

Odp: OpenVPN TOMATO i GARGORYLE

23 Odpowiedź przez vorobiej 2017-03-22 22:49:31

Odp: OpenVPN TOMATO i GARGORYLE

24 Odpowiedź przez vorobiej 2017-03-22 23:14:04

Odp: OpenVPN TOMATO i GARGORYLE

Posty: 24