I searched all the errors in the net, and followed different tutorials.
If anyone can help me, i'll be grateful.
I put "openvpn --config client.ovpn" in the shell. And it freezes in a sort of welcoming message. "Initialization Sequence Completed". It's a virtual machine.
Code: Select all
[root@localhost ~]# openvpn --config /etc/openvpn/client.ovpn
Sun Oct 15 14:48:03 2017 OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Sun Oct 15 14:48:03 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Sun Oct 15 14:48:03 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Oct 15 14:48:03 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.2.15:1194
Sun Oct 15 14:48:03 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Oct 15 14:48:03 2017 UDP link local: (not bound)
Sun Oct 15 14:48:03 2017 UDP link remote: [AF_INET]10.0.2.15:1194
Sun Oct 15 14:48:03 2017 TLS: Initial packet from [AF_INET]10.0.2.15:1194, sid=1c50de7c 85e3445f
Sun Oct 15 14:48:03 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sun Oct 15 14:48:03 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Sun Oct 15 14:48:03 2017 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
Sun Oct 15 14:48:03 2017 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Sun Oct 15 14:48:03 2017 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Sun Oct 15 14:48:03 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Oct 15 14:48:03 2017 [server] Peer Connection Initiated with [AF_INET]10.0.2.15:1194
Sun Oct 15 14:48:04 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Oct 15 14:48:04 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.1.1,route 10.0.2.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.2.6 10.0.2.5,peer-id 0,cipher AES-256-GCM'
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: route options modified
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: peer-id set
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: adjusting link_mtu to 1625
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: data channel crypto options modified
Sun Oct 15 14:48:04 2017 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Oct 15 14:48:04 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 15 14:48:04 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 15 14:48:04 2017 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:a1:9e:77
Sun Oct 15 14:48:04 2017 TUN/TAP device tun1 opened
Sun Oct 15 14:48:04 2017 TUN/TAP TX queue length set to 100
Sun Oct 15 14:48:04 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Oct 15 14:48:04 2017 /sbin/ip link set dev tun1 up mtu 1500
Sun Oct 15 14:48:04 2017 /sbin/ip addr add dev tun1 local 10.0.2.6 peer 10.0.2.5
Sun Oct 15 14:48:04 2017 /sbin/ip route add 10.0.2.15/32 dev enp0s3
Sun Oct 15 14:48:04 2017 /sbin/ip route add 0.0.0.0/1 via 10.0.2.5
Sun Oct 15 14:48:04 2017 /sbin/ip route add 128.0.0.0/1 via 10.0.2.5
Sun Oct 15 14:48:04 2017 /sbin/ip route add 10.0.2.1/32 via 10.0.2.5
Sun Oct 15 14:48:04 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 15 14:48:04 2017 Initialization Sequence Completed
my server log
Code: Select all
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 TLS: Initial packet from [AF_INET]10.0.2.15:57945, sid=490e9260 576a1eff
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client, name=server, emailAddress=me@myhost.mydomain
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_VER=2.4.3
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_PLAT=linux
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_PROTO=2
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_NCP=2
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_LZ4=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_LZ4v2=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_LZO=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_COMP_STUB=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_COMP_STUBv2=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_TCPNL=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1542'
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher BF-CBC'
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 [client] Peer Connection Initiated with [AF_INET]10.0.2.15:57945
Sat Oct 14 20:41:06 2017 MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Sat Oct 14 20:41:06 2017 MULTI_sva: pool returned IPv4=10.0.2.6, IPv6=(Not enabled)
Sat Oct 14 20:41:06 2017 MULTI: Learn: 10.0.2.6 -> client/10.0.2.15:57945
Sat Oct 14 20:41:06 2017 MULTI: primary virtual IP for client/10.0.2.15:57945: 10.0.2.6
Sat Oct 14 20:41:07 2017 client/10.0.2.15:57945 PUSH: Received control message: 'PUSH_REQUEST'
Sat Oct 14 20:41:07 2017 client/10.0.2.15:57945 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.1.1,route 10.0.2.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.2.6 10.0.2.5,peer-id 0,cipher AES-256-GCM' (status=1)
Sat Oct 14 20:41:07 2017 client/10.0.2.15:57945 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Oct 14 20:41:07 2017 client/10.0.2.15:57945 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Code: Select all
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.0.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.1.1"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log /etc/openvpn/openvpn.log
log-append /etc/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
Code: Select all
client
dev tun
proto udp
remote 10.0.2.15 1194
redirect-gateway def1
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/client.crt
key /etc/openvpn/easy-rsa/keys/client.key
Code: Select all
[root@localhost ~]# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::cf1:2448:a677:fcda prefixlen 64 scopeid 0x20<link>
ether 08:00:27:a1:9e:77 txqueuelen 1000 (Ethernet)
RX packets 51637 bytes 35672964 (34.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27509 bytes 2138531 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Code: Select all
[demo@localhost ~]$ route
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 enp0s3
10.0.2.0 gateway 255.255.255.0 UG 0 0 0 tun0
10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3
gateway 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0