[openvpn] Błąd przy uruchamianiu usługi.

[ramelof]

Próbuje dzisiaj postawić openvpn, jednak gdy dochodzi do uruchomienia usługi otrzymuje taki błąd:

/etc/init.d/openvpn start
* Starting virtual private network daemon(s)...
* Autostarting VPN 'client'
/usr/sbin/openvpn-vulnkey:22: DeprecationWarning: the md5 module is deprecated; use hashlib instead
import md5 [fail]

server.conf

#Określamy rodzaj tunelu:
dev tun
#Określamy końce tunelu (to nie są publiczne IP komputerów między którymi tworzymy tunel!)
ifconfig 10.8.0.1 10.0.8.2
#Ścieżka do pliku klucza współdzielonego:
secret /etc/openvpn/shared.key
#Określamy protokół:
proto tcp-server
#Poniżej są opcje dotyczące logów, czasu nawiązywania połączeń itp. Nie kombinujmy z tym.
daemon
verb 4
log-append /var/log/openvpn.og
keepalive 10 900
inactive 3600
comp-lzo

client.conf

#Jak wyżej
dev tun
#IP komputera z którym się łączymy i port
remote XXX.XXX.XXX.XXX 1194
#Określamy protokół
proto tcp-client
#Końce tunelu- odwrotnie niż w pliku serwera
ifconfig 10.8.0.2 10.8.0.1
#Wiadomo
secret /etc/openvpn/shared.key
#To również wiadmo
keepalive 10 60
#route 192.168.10.0 255.255.255.0
#route 192.168.11.0 255.255.255.0
comp-lzo

log z /var/log/dameon.log

Jul 4 16:07:15 11511 ovpn-client[28601]: OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 9 2009
Jul 4 16:07:15 11511 ovpn-client[28601]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 4 16:07:15 11511 ovpn-client[28601]: /usr/sbin/openvpn-vulnkey -q /etc/openvpn/shared.key
Jul 4 16:07:15 11511 ovpn-client[28601]: LZO compression initialized
Jul 4 16:07:15 11511 ovpn-client[28601]: Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Jul 4 16:07:15 11511 ovpn-client[28601]: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Jul 4 16:07:15 11511 ovpn-client[28601]: Cannot allocate TUN/TAP dev dynamically
Jul 4 16:07:15 11511 ovpn-client[28601]: Exiting

Jakieś wskazówki?

[jacekalex]

Tak na szybko -czy jesteś pewien - że nikt nigdy nie miał podobnego błędu?

A co może znaczyć komunikat:

Kod: Zaznacz cały

Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied 

czy jest zaszyfrowany?

[ramelof]

Po tym jak rozwiązałem ten problem powstał kolejny, którego nie mogę rozwiązać, a też w internecie trudno znaleźć coś co mi pomoże.

Próbuje robić import ustawień z serwera docelowego i mam błąd. Firewall na serwerze jest ustawiony na accept.

openVPN serwer

Kod: Zaznacz cały

Tue Aug  3 19:52:39 2010 us=433460 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009
Tue Aug  3 19:52:39 2010 us=434308 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Aug  3 19:52:39 2010 us=434349 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Aug  3 19:52:39 2010 us=434437 /usr/sbin/openvpn-vulnkey -q /etc/openvpn/shared.key
Tue Aug  3 19:52:39 2010 us=565925 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug  3 19:52:39 2010 us=566415 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug  3 19:52:39 2010 us=566466 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug  3 19:52:39 2010 us=566477 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug  3 19:52:39 2010 us=566497 LZO compression initialized
Tue Aug  3 19:52:39 2010 us=568688 TUN/TAP device tun0 opened
Tue Aug  3 19:52:39 2010 us=568733 TUN/TAP TX queue length set to 100
Tue Aug  3 19:52:39 2010 us=568767 Data Channel MTU parms [ L:1547 D:1450 EF:47 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Aug  3 19:52:39 2010 us=568787 Local Options String: 'V4,dev-type tun,link-mtu 1547,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'
Tue Aug  3 19:52:39 2010 us=569110 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1547,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'
Tue Aug  3 19:52:39 2010 us=569141 Local Options hash (VER=V4): '2315733b'
Tue Aug  3 19:52:39 2010 us=569154 Expected Remote Options hash (VER=V4): 'd38dc4ac'
Tue Aug  3 19:52:39 2010 us=569580 Listening for incoming TCP connection on [undef]:1194
Tue Aug  3 19:52:44 2010 us=569884 TCP connection established with 91.203.222.123:56803
Tue Aug  3 19:52:44 2010 us=569937 Socket Buffers: R=[87424->131072] S=[50628->131072]
Tue Aug  3 19:52:44 2010 us=569951 TCPv4_SERVER link local (bound): [undef]:1194
Tue Aug  3 19:52:44 2010 us=569961 TCPv4_SERVER link remote: 91.XXX.XXX.XXX:56803
Tue Aug  3 19:52:44 2010 us=570262 Peer Connection Initiated with 91.XXX.XXX.XXX:56803
Tue Aug  3 19:52:45 2010 us=574261 Initialization Sequence Completed

openVPN client

Kod: Zaznacz cały

2010-08-04 11:02:02+0200 [-] Log opened.
2010-08-04 11:02:02+0200 [-] C:\OpenVPN Client\core\library.zip\pyovpn\util\plat.py:1: exceptions.DeprecationWarning: The popen2 module is deprecated.  Use the subprocess module.
2010-08-04 11:02:02+0200 [-] Starting AS Client API 1.5.4/MSI
2010-08-04 11:02:02+0200 [-] twisted.web.server.Site starting on 944
2010-08-04 11:02:02+0200 [-] Starting factory <twisted.web.server.Site instance at 0x0227C5F8>
2010-08-04 11:02:28+0200 [HTTPChannel,0,127.0.0.1] 127.0.0.1 - - [04/Aug/2010:09:02:27 +0000] "POST /RPC2 HTTP/1.0" 200 138 "-" "Twisted/XMLRPClib"
2010-08-04 11:04:02+0200 [-] <class 'twisted.names.dns.DNSDatagramProtocol'> starting on 21058
2010-08-04 11:04:02+0200 [-] Starting protocol <twisted.names.dns.DNSDatagramProtocol object at 0x0227EB70>
2010-08-04 11:04:02+0200 [twisted.names.dns.DNSDatagramProtocol (UDP)] Starting factory <MyHTTPClientFactory: http://swupdate.openvpn.net/updates/1.5.4/MSI.txt>
2010-08-04 11:04:02+0200 [-] (Port 21058 Closed)
2010-08-04 11:04:02+0200 [-] Stopping protocol <twisted.names.dns.DNSDatagramProtocol object at 0x0227EB70>
2010-08-04 11:04:03+0200 [MyHTTPPageGetter,client] SoftwareUpdate: Update query error on http://swupdate.openvpn.net/updates/1.5.4/MSI.txt: HTTP GET returned status 404 (HTTP404)
2010-08-04 11:04:03+0200 [MyHTTPPageGetter,client] Stopping factory <MyHTTPClientFactory: http://swupdate.openvpn.net/updates/1.5.4/MSI.txt>
2010-08-04 14:45:08+0200 [HTTPChannel,1,127.0.0.1] 127.0.0.1 - - [04/Aug/2010:12:45:08 +0000] "POST / HTTP/1.1" 200 294 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0"
2010-08-04 14:45:08+0200 [HTTPChannel,2,127.0.0.1] 127.0.0.1 - - [04/Aug/2010:12:45:08 +0000] "POST / HTTP/1.1" 200 1350 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0"
2010-08-04 14:45:08+0200 [HTTPChannel,3,127.0.0.1] 127.0.0.1 - - [04/Aug/2010:12:45:08 +0000] "POST / HTTP/1.1" 200 127 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0"
2010-08-04 14:45:08+0200 [HTTPChannel,4,127.0.0.1] 127.0.0.1 - - [04/Aug/2010:12:45:08 +0000] "POST / HTTP/1.1" 200 138 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0"
2010-08-04 14:45:08+0200 [HTTPChannel,1,127.0.0.1] 127.0.0.1 - - [04/Aug/2010:12:45:08 +0000] "POST / HTTP/1.1" 200 127 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0"
2010-08-04 14:45:19+0200 [HTTPChannel,2,127.0.0.1] 127.0.0.1 - - [04/Aug/2010:12:45:19 +0000] "POST / HTTP/1.1" 200 170 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0"
2010-08-04 14:45:19+0200 [HTTPChannel,3,127.0.0.1] 127.0.0.1 - - [04/Aug/2010:12:45:19 +0000] "POST / HTTP/1.1" 200 651 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0"
2010-08-04 14:45:29+0200 [HTTPChannel,4,127.0.0.1] 127.0.0.1 - - [04/Aug/2010:12:45:28 +0000] "POST / HTTP/1.1" 200 114 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0"
2010-08-04 14:45:29+0200 [-] Starting factory <pyovpn.xml.xmlclibase.XMLProxyQueryFactory instance at 0x023F2EB8>
2010-08-04 14:45:30+0200 [Uninitialized] ASQueryClient: Unable to obtain Session ID from 91.XXX.XXX.XXX:443: XML-RPC: ConnectionRefusedError: 10061: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia..: client/asxmlcli:113 (twisted.internet.error.ConnectionRefusedError)
2010-08-04 14:45:30+0200 [Uninitialized] 127.0.0.1 - - [04/Aug/2010:12:45:30 +0000] "POST / HTTP/1.1" 200 767 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0"
2010-08-04 14:45:30+0200 [Uninitialized] Stopping factory <pyovpn.xml.xmlclibase.XMLProxyQueryFactory instance at 0x023F2EB8>
2010-08-04 14:45:40+0200 [-] 127.0.0.1 - - [04/Aug/2010:12:45:40 +0000] "POST / HTTP/1.1" 200 138 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2pre) Gecko/20100322 Prism/1.0b4 OpenVPN/1.5.0"

[ramelof]

Postanowiłem jeszcze raz spróbować postawić VPN

Tym razem użyłem tego http://lists.pld-linux.org/mailman/pipe ... 38703.html no i działa, choć nie do końca ponieważ nie mam połączenia nie wychodzi poza serwer.

Tak wygląda log z połączenia

Kod: Zaznacz cały

Mon Aug 23 14:05:37 2010 us=703000 OpenVPN 2.1_rc22 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 20 2009
Mon Aug 23 14:05:37 2010 us=703000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Aug 23 14:05:37 2010 us=703000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Aug 23 14:05:38 2010 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Aug 23 14:05:38 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 23 14:05:38 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 23 14:05:38 2010 LZO compression initialized
Mon Aug 23 14:05:38 2010 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Aug 23 14:05:38 2010 us=31000 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Aug 23 14:05:38 2010 us=31000 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Mon Aug 23 14:05:38 2010 us=31000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Aug 23 14:05:38 2010 us=31000 Local Options hash (VER=V4): '504e774e'
Mon Aug 23 14:05:38 2010 us=31000 Expected Remote Options hash (VER=V4): '14168603'
Mon Aug 23 14:05:38 2010 us=31000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Aug 23 14:05:38 2010 us=31000 UDPv4 link local: [undef]
Mon Aug 23 14:05:38 2010 us=31000 UDPv4 link remote: XXX.XXX.XXX.XXX:1194
Mon Aug 23 14:05:38 2010 us=109000 TLS: Initial packet from XXX.XXX.XXX.XXX:1194, sid=b0e0dd4e 0d1b4253
Mon Aug 23 14:05:38 2010 us=359000 VERIFY OK: depth=1, /C=PL/ST=WLKP/L=WLKP/O=WLKP/CN=WLKP_CA/emailAddress=XXXX@gmail.com
Mon Aug 23 14:05:38 2010 us=359000 VERIFY OK: depth=0, /C=PL/ST=WLKP/L=WLKP/O=WLKP/CN=server/emailAddress=XXXX@gmail.com
Mon Aug 23 14:05:38 2010 us=906000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 23 14:05:38 2010 us=906000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 23 14:05:38 2010 us=906000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 23 14:05:38 2010 us=906000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 23 14:05:38 2010 us=906000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Aug 23 14:05:38 2010 us=906000 [server] Peer Connection Initiated with XXX.XXX.XXX.XXX:1194
Mon Aug 23 14:05:41 2010 us=78000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Aug 23 14:05:41 2010 us=125000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,dhcp-option DNS 10.8.0.1,dhcp-option WINS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Aug 23 14:05:41 2010 us=125000 OPTIONS IMPORT: timers and/or timeouts modified
Mon Aug 23 14:05:41 2010 us=125000 OPTIONS IMPORT: --ifconfig/up options modified
Mon Aug 23 14:05:41 2010 us=125000 OPTIONS IMPORT: route options modified
Mon Aug 23 14:05:41 2010 us=125000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Aug 23 14:05:41 2010 us=140000 ROUTE default_gateway=192.168.1.1
Mon Aug 23 14:05:41 2010 us=156000 TAP-WIN32 device [Połączenie lokalne 3] opened: \\.\Global\{131EAEBA-F19E-4E45-A178-80AE49AB4D51}.tap
Mon Aug 23 14:05:41 2010 us=156000 TAP-Win32 Driver Version 9.6 
Mon Aug 23 14:05:41 2010 us=156000 TAP-Win32 MTU=1500
Mon Aug 23 14:05:41 2010 us=156000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {131EAEBA-F19E-4E45-A178-80AE49AB4D51} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Mon Aug 23 14:05:41 2010 us=156000 DHCP option string: 06040a08 00012c04 0a080001
Mon Aug 23 14:05:41 2010 us=156000 Successful ARP Flush on interface [16] {131EAEBA-F19E-4E45-A178-80AE49AB4D51}
Mon Aug 23 14:05:46 2010 us=265000 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Mon Aug 23 14:05:46 2010 us=265000 C:\WINDOWS\system32\route.exe ADD XXX.XXX.XXX.XXX MASK 255.255.255.255 192.168.1.1
Mon Aug 23 14:05:46 2010 us=265000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Mon Aug 23 14:05:46 2010 us=265000 Route addition via IPAPI succeeded [adaptive]
Mon Aug 23 14:05:46 2010 us=265000 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 192.168.1.1
Mon Aug 23 14:05:46 2010 us=265000 Route deletion via IPAPI succeeded [adaptive]
Mon Aug 23 14:05:46 2010 us=265000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.8.0.5
Mon Aug 23 14:05:46 2010 us=281000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Aug 23 14:05:46 2010 us=281000 Route addition via IPAPI succeeded [adaptive]
Mon Aug 23 14:05:46 2010 us=281000 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Mon Aug 23 14:05:46 2010 us=281000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Aug 23 14:05:46 2010 us=281000 Route addition via IPAPI succeeded [adaptive]
Mon Aug 23 14:05:46 2010 us=281000 Initialization Sequence Completed