OpenVPN 4 Dummies | Bitcointalksearch.org

lassdas

legendary

Activity: 3676

Merit: 1495

Bei
netsh winsock reset
netsh int ip reset
kam kein Fehler, nur ne Aufforderung zum Neustart.

Danach war dann erstmal meine Lan-Verbindung weg, aber halb so wild.

route-delay 5
route-method exe
ip-win32 netsh
in die Config geschrieben, Verbindungsversuch.....

Code:

Fri Mar 25 20:45:16 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Fri Mar 25 20:45:16 2016 Windows version 6.1 (Windows 7)
Fri Mar 25 20:45:16 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Enter Management Password:
Fri Mar 25 20:45:16 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Mar 25 20:45:16 2016 Need hold release from management interface, waiting...
Fri Mar 25 20:45:16 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Mar 25 20:45:16 2016 MANAGEMENT: CMD 'state on'
Fri Mar 25 20:45:16 2016 MANAGEMENT: CMD 'log all on'
Fri Mar 25 20:45:16 2016 MANAGEMENT: CMD 'hold off'
Fri Mar 25 20:45:16 2016 MANAGEMENT: CMD 'hold release'
Fri Mar 25 20:45:17 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Mar 25 20:45:17 2016 UDPv4 link local: [undef]
Fri Mar 25 20:45:17 2016 UDPv4 link remote: [AF_INET]:1194
Fri Mar 25 20:45:17 2016 MANAGEMENT: >STATE:1458935117,WAIT,,,
Fri Mar 25 20:45:17 2016 MANAGEMENT: >STATE:1458935117,AUTH,,,
Fri Mar 25 20:45:17 2016 TLS: Initial packet from [AF_INET]:1194, sid=b53c01d3 7a133626
Fri Mar 25 20:45:18 2016 VERIFY OK: depth=1, C=US, ST=TX, L=Dallas, O=host.net, OU=notyou, CN=itsme, name=host, [email protected]
Fri Mar 25 20:45:18 2016 VERIFY OK: nsCertType=SERVER
Fri Mar 25 20:45:18 2016 VERIFY OK: depth=0, C=US, ST=TX, L=Dallas, O=host.net, OU=notyou, CN=server, name=host, [email protected]
Fri Mar 25 20:45:18 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Mar 25 20:45:18 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 25 20:45:18 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Mar 25 20:45:18 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 25 20:45:18 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Mar 25 20:45:18 2016 [server] Peer Connection Initiated with [AF_INET]:1194
Fri Mar 25 20:45:19 2016 MANAGEMENT: >STATE:1458935119,GET_CONFIG,,,
Fri Mar 25 20:45:20 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Mar 25 20:45:20 2016 PUSH: Received control message: 'PUSH_REPLY,route 12.34.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 12.34.0.6 12.34.0.5'
Fri Mar 25 20:45:20 2016 OPTIONS IMPORT: timers and/or timeouts modified
Fri Mar 25 20:45:20 2016 OPTIONS IMPORT: --ifconfig/up options modified
Fri Mar 25 20:45:20 2016 OPTIONS IMPORT: route options modified
Fri Mar 25 20:45:20 2016 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=18 HWADDR=6c:62:6d:82:ec:e0
Fri Mar 25 20:45:20 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Mar 25 20:45:20 2016 MANAGEMENT: >STATE:1458935120,ASSIGN_IP,,12.34.0.6,
Fri Mar 25 20:45:21 2016 NETSH: C:\Windows\system32\netsh.exe interface ip set address MyTAP static 12.34.0.6 255.255.255.252
Fri Mar 25 20:45:22 2016 ERROR: netsh command failed: returned error code 1
Fri Mar 25 20:45:27 2016 NETSH: C:\Windows\system32\netsh.exe interface ip set address MyTAP static 12.34.0.6 255.255.255.252
Fri Mar 25 20:45:27 2016 ERROR: netsh command failed: returned error code 1
Fri Mar 25 20:45:32 2016 NETSH: C:\Windows\system32\netsh.exe interface ip set address MyTAP static 12.34.0.6 255.255.255.252
Fri Mar 25 20:45:32 2016 ERROR: netsh command failed: returned error code 1
Fri Mar 25 20:45:37 2016 NETSH: C:\Windows\system32\netsh.exe interface ip set address MyTAP static 12.34.0.6 255.255.255.252
Fri Mar 25 20:45:37 2016 ERROR: netsh command failed: returned error code 1
Fri Mar 25 20:45:41 2016 MANAGEMENT: Client disconnected
Fri Mar 25 20:45:41 2016 NETSH: command failed
Fri Mar 25 20:45:41 2016 Exiting due to fatal error

scriptfarm

member

Activity: 116

Merit: 11

Probiere mal folgendes:
Öffne über die Taskbar den OpenVPN und Suche Dir den Server mit dem Du Dich verbinden möchtest.
Dann die Config Edit und trage am Schluss folgende Zeilen ein und speicher es ab.

route-delay 5
route-method exe
ip-win32 netsh

Dann führst Du als Admin über die Eingabeaufforderung folgende Befehle aus :

netsh winsock reset
netsh int ip reset

Wenn kein Fehler kommt, versuche Dich zu verbinden.

lassdas

legendary

Activity: 3676

Merit: 1495

So, gerade mal meinen alten eeePC angeworfen, Windows XP,
mit praktisch identischer Konfiguration,
da sieht die Sache viel geschmeidiger aus.

Client.log is schön kurz

Code:

Fri Mar 25 17:11:03 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Feb 1 2016
Fri Mar 25 17:11:03 2016 Windows version 5.1 (Windows XP)
Fri Mar 25 17:11:03 2016 library versions: OpenSSL 1.0.1r 28 Jan 2016, LZO 2.09
Enter Management Password:
Fri Mar 25 17:11:03 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Mar 25 17:11:03 2016 Need hold release from management interface, waiting...
Fri Mar 25 17:11:03 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Mar 25 17:11:04 2016 MANAGEMENT: CMD 'state on'
Fri Mar 25 17:11:04 2016 MANAGEMENT: CMD 'log all on'
Fri Mar 25 17:11:04 2016 MANAGEMENT: CMD 'hold off'
Fri Mar 25 17:11:04 2016 MANAGEMENT: CMD 'hold release'
Fri Mar 25 17:11:05 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Mar 25 17:11:05 2016 UDPv4 link local: [undef]
Fri Mar 25 17:11:05 2016 UDPv4 link remote: [AF_INET]:1194
Fri Mar 25 17:11:05 2016 MANAGEMENT: >STATE:1458922265,WAIT,,,
Fri Mar 25 17:11:05 2016 MANAGEMENT: >STATE:1458922265,AUTH,,,
Fri Mar 25 17:11:05 2016 TLS: Initial packet from [AF_INET]:1194, sid=8548db3d b4769bb7
Fri Mar 25 17:11:06 2016 VERIFY OK: depth=1, C=US, ST=TX, L=Dallas, O=host.net, OU=notyou, CN=itsme, name=host, [email protected]
Fri Mar 25 17:11:06 2016 VERIFY OK: nsCertType=SERVER
Fri Mar 25 17:11:06 2016 VERIFY OK: depth=0, C=US, ST=TX, L=Dallas, O=host.net, OU=notyou, CN=server, name=host, [email protected]
Fri Mar 25 17:11:08 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Mar 25 17:11:08 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 25 17:11:08 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Mar 25 17:11:08 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 25 17:11:08 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Mar 25 17:11:08 2016 [server] Peer Connection Initiated with [AF_INET]:1194
Fri Mar 25 17:11:09 2016 MANAGEMENT: >STATE:1458922269,GET_CONFIG,,,
Fri Mar 25 17:11:10 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Mar 25 17:11:10 2016 PUSH: Received control message: 'PUSH_REPLY,route 12.34.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 12.34.0.10 12.34.0.9'
Fri Mar 25 17:11:10 2016 OPTIONS IMPORT: timers and/or timeouts modified
Fri Mar 25 17:11:10 2016 OPTIONS IMPORT: --ifconfig/up options modified
Fri Mar 25 17:11:10 2016 OPTIONS IMPORT: route options modified
Fri Mar 25 17:11:10 2016 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=65540 HWADDR=00:22:43:43:f3:5e
Fri Mar 25 17:11:10 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Mar 25 17:11:10 2016 MANAGEMENT: >STATE:1458922270,ASSIGN_IP,,12.34.0.10,
Fri Mar 25 17:11:10 2016 open_tun, tt->ipv6=0
Fri Mar 25 17:11:10 2016 TAP-WIN32 device [LAN-Verbindung 3] opened: \\.\Global\{F4780A6F-AFC9-45C2-8F52-61B432E4326F}.tap
Fri Mar 25 17:11:10 2016 TAP-Windows Driver Version 9.9
Fri Mar 25 17:11:10 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 12.34.0.10/255.255.255.252 on interface {F4780A6F-AFC9-45C2-8F52-61B432E4326F} [DHCP-serv: 12.34.0.9, lease-time: 31536000]
Fri Mar 25 17:11:10 2016 Successful ARP Flush on interface [65541] {F4780A6F-AFC9-45C2-8F52-61B432E4326F}
Fri Mar 25 17:11:16 2016 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Fri Mar 25 17:11:16 2016 MANAGEMENT: >STATE:1458922276,ADD_ROUTES,,,
Fri Mar 25 17:11:16 2016 C:\WINDOWS\system32\route.exe ADD 12.34.0.0 MASK 255.255.255.0 12.34.0.9
Fri Mar 25 17:11:16 2016 Route addition via IPAPI succeeded [adaptive]
Fri Mar 25 17:11:16 2016 Initialization Sequence Completed
Fri Mar 25 17:11:16 2016 MANAGEMENT: >STATE:1458922276,CONNECTED,SUCCESS,12.34.0.10,

Und der Ping kommt auch problemlos bis zum Server durch

Code:

c:\Dokumente und Einstellungen\lassdas\Desktop>ping 12.34.0.1

Ping wird ausgeführt für 12.34.0.1 mit 32 Bytes Daten:

Antwort von 12.34.0.1: Bytes=32 Zeit=123ms TTL=64
Antwort von 12.34.0.1: Bytes=32 Zeit=141ms TTL=64
Antwort von 12.34.0.1: Bytes=32 Zeit=106ms TTL=64
Antwort von 12.34.0.1: Bytes=32 Zeit=146ms TTL=64

Ping-Statistik für 12.34.0.1:
Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0 (0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 106ms, Maximum = 146ms, Mittelwert = 129ms

Der Fehler liegt definitiv weder am Server, noch an der Client.config.

Shice Windows 7, das hab ich nochnie gemocht.

lassdas

legendary

Activity: 3676

Merit: 1495

Administrator ja, Firewall war schon komplett aus, kanns also auchnich sein,
VPN-Client-Config nehm ich auch eher nich an, die hab ich schon drölf mal ersetzt, umgeschrieben, von static auf client, etc.pp, alles schon durch.

Hab das Problem langsam ein wenig eingekreist,
muss wohl irgendwie mit dem besch...eidenen TAP-Windows Adapter zusammenhängen (wobei ich auch OpenVPN schon komplett neu installiert hab, sogar von 32 auf 64bit, immer das gleiche Ergebniss).

Status-Log des Clients:

Code:

...
-snip-
...
### Bis hier läuft alles gut

Fri Mar 25 15:41:58 2016 TAP-Windows Driver Version 9.21
Fri Mar 25 15:41:58 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 12.34.0.6/255.255.255.252 on interface {40F32810-A618-4958-96EE-E9B00E6AF27E} [DHCP-serv: 12.34.0.5, lease-time: 31536000]
Fri Mar 25 15:41:58 2016 Successful ARP Flush on interface [20] {40F32810-A618-4958-96EE-E9B00E6AF27E}
Fri Mar 25 15:42:03 2016 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri Mar 25 15:42:03 2016 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 25 15:42:09 2016 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri Mar 25 15:42:09 2016 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 25 15:42:10 2016 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri Mar 25 15:42:10 2016 Route: Waiting for TUN/TAP interface to come up...
...
-snip-
...
Fri Mar 25 15:42:31 2016 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri Mar 25 15:42:31 2016 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 25 15:42:32 2016 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri Mar 25 15:42:32 2016 Route: Waiting for TUN/TAP interface to come up...
Fri Mar 25 15:42:33 2016 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri Mar 25 15:42:33 2016 MANAGEMENT: >STATE:1458916953,ADD_ROUTES,,,
Fri Mar 25 15:42:33 2016 C:\Windows\system32\route.exe ADD 12.34.0.0 MASK 255.255.255.0 12.34.0.5
Fri Mar 25 15:42:33 2016 Warning: route gateway is not reachable on any active network adapters: 12.34.0.5
Fri Mar 25 15:42:33 2016 Route addition via IPAPI failed [adaptive]
Fri Mar 25 15:42:33 2016 Route addition fallback to route.exe
Fri Mar 25 15:42:33 2016 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Fri Mar 25 15:42:33 2016 SYSTEM ROUTING TABLE
Fri Mar 25 15:42:33 2016 0.0.0.0 0.0.0.0 192.168.0.1 p=0 i=18 t=4 pr=3 a=102 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 0.0.0.0 0.0.0.0 12.34.0.2 p=0 i=20 t=4 pr=3 a=102 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 12.34.0.0 255.255.255.0 12.34.0.5 p=0 i=20 t=4 pr=3 a=0 h=0 m=21/0/0/0/0
Fri Mar 25 15:42:33 2016 127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=113 h=0 m=306/0/0/0/0
Fri Mar 25 15:42:33 2016 127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=113 h=0 m=306/0/0/0/0
Fri Mar 25 15:42:33 2016 127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=113 h=0 m=306/0/0/0/0
Fri Mar 25 15:42:33 2016 169.254.0.0 255.255.0.0 169.254.229.223 p=0 i=20 t=3 pr=3 a=92 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 169.254.0.0 255.255.0.0 169.254.218.140 p=0 i=19 t=3 pr=3 a=92 h=0 m=266/0/0/0/0
Fri Mar 25 15:42:33 2016 169.254.218.140 255.255.255.255 169.254.218.140 p=0 i=19 t=3 pr=3 a=92 h=0 m=266/0/0/0/0
Fri Mar 25 15:42:33 2016 169.254.229.223 255.255.255.255 169.254.229.223 p=0 i=20 t=3 pr=3 a=92 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 169.254.255.255 255.255.255.255 169.254.229.223 p=0 i=20 t=3 pr=3 a=92 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 169.254.255.255 255.255.255.255 169.254.218.140 p=0 i=19 t=3 pr=3 a=92 h=0 m=266/0/0/0/0
Fri Mar 25 15:42:33 2016 192.168.0.0 255.255.255.0 192.168.0.7 p=0 i=18 t=3 pr=3 a=97 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 192.168.0.7 255.255.255.255 192.168.0.7 p=0 i=18 t=3 pr=3 a=97 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 192.168.0.255 255.255.255.255 192.168.0.7 p=0 i=18 t=3 pr=3 a=97 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=113 h=0 m=306/0/0/0/0
Fri Mar 25 15:42:33 2016 224.0.0.0 240.0.0.0 192.168.0.7 p=0 i=18 t=3 pr=3 a=102 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 224.0.0.0 240.0.0.0 169.254.218.140 p=0 i=19 t=3 pr=3 a=102 h=0 m=266/0/0/0/0
Fri Mar 25 15:42:33 2016 224.0.0.0 240.0.0.0 169.254.229.223 p=0 i=20 t=3 pr=3 a=102 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=113 h=0 m=306/0/0/0/0
Fri Mar 25 15:42:33 2016 255.255.255.255 255.255.255.255 192.168.0.7 p=0 i=18 t=3 pr=3 a=102 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 255.255.255.255 255.255.255.255 169.254.218.140 p=0 i=19 t=3 pr=3 a=102 h=0 m=266/0/0/0/0
Fri Mar 25 15:42:33 2016 255.255.255.255 255.255.255.255 169.254.229.223 p=0 i=20 t=3 pr=3 a=102 h=0 m=276/0/0/0/0
Fri Mar 25 15:42:33 2016 SYSTEM ADAPTER LIST
Fri Mar 25 15:42:33 2016 TAP-Windows Adapter V9
Fri Mar 25 15:42:33 2016 Index = 20
Fri Mar 25 15:42:33 2016 GUID = {40F32810-A618-4958-96EE-E9B00E6AF27E}
Fri Mar 25 15:42:33 2016 IP = 169.254.229.223/255.255.0.0
Fri Mar 25 15:42:33 2016 MAC = 00:ff:40:f3:28:10
Fri Mar 25 15:42:33 2016 GATEWAY = 12.34.0.2/255.255.255.255
Fri Mar 25 15:42:33 2016 DHCP SERV =
Fri Mar 25 15:42:33 2016 DHCP LEASE OBTAINED = Fri Mar 25 15:42:33 2016
Fri Mar 25 15:42:33 2016 DHCP LEASE EXPIRES = Fri Mar 25 15:42:33 2016
Fri Mar 25 15:42:33 2016 DNS SERV =
...
-snip
...

Aktuelle Client.conf

Code:

remote
port 1194
proto udp
dev tun

client

ca ca.crt
cert client1.crt
key client1.key

ns-cert-type server

resolv-retry infinite
nobind
comp-lzo
persist-key
persist-tun

verb 3

Edit:
Der Vollständigkeit halber hier noch die Server.conf

Code:

port 1194
proto udp
dev tun

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem

mode server
server 12.34.0.0 255.255.255.0

client-to-client
keepalive 10 120
comp-lzo
persist-tun
persist-key

verb 3

scriptfarm

member

Activity: 116

Merit: 11

Eine Ferndiagnose ist leider nicht so einfach bei diesem komplexen Thema, da kann viel falsch laufen.

Sind die Logs aktive, auch die Config vom Client wären mal wichtig.
Haste die wichtigen Ports freigegeben, Stichwort Firewall.

Die OpenVpn GUI einfach mal manuell als Administrator starten.
Das ist leider auch ein häufiger Fehler der versäumt wird.

lassdas

legendary

Activity: 3676

Merit: 1495

Moin,

ich häng hier irgendwie fest und brauch mal nen Schubs in die richtige Richtung.

Hab mir zum testen, rumspielen und lernen mal OpenVPN installiert,
Server auf nem Debian-VPS,
Client zuhause auf Windows7
und das hat soweit ja auch alles geklappt.
Wenn ich die Verbindung im OpenVPN-GUI herstelle, wird das Trayicon schön grün und mir wird ne IP zugewiesen.

Soweit so gut,
aber ab da gehts halt nicht weiter.
Selbst der Versuch, die mir zugewiesene (also praktisch lokale) IP anzupingen scheitert,
was ist da los?

Was muss ich am Client wo einstellen, damit der die Verbindung auch sieht und nutzt?

Topic: OpenVPN 4 Dummies (Read 916 times)