Indice del forum www.zeroshell.net
Distribuzione Linux ZeroShell
 
 FAQFAQ   CercaCerca  GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo  Log inLog in   Messaggi privatiMessaggi privati 

[Problema] VPN Host to LAN

 
Nuovo argomento   Rispondi    Indice del forum -> VPN
Precedente :: Successivo  
Autore Messaggio
efams



Registrato: 18/07/12 11:09
Messaggi: 1

MessaggioInviato: Mer Lug 18, 2012 11:46 am    Oggetto: [Problema] VPN Host to LAN Rispondi citando

Buongiorno, sto usando da poco ZS e devo dire che č un'ottima utility che raggruppa e semplifica molte operazioni! Avrei bisogno di aiuto per quanto riguarda l'impostazione della VPN.
Grazie in anticipo


== Problematica ==
- Dopo aver fatto partire OpenVpn Gui la connessione viene stabilita correttamente con il server
- Al client come configurato sul server ZS vengono assegnati correttamente l'IP

- Non č possibile pingare nessuna macchina sulla rete dove risiede ZS e viceversa
- Non si riesce a navigare in internet
- Dopo pochi istanti l'icona di OpenVpn Gui diventa gialla e perdo completamente la connessione remota stabilita con TeamViewer


== Configurazione Rete ==
La rete su cui risiede ZS č 192.168.10.X
La macchina con ZS ha ip 192.168.10.75

ZS VPN č configurato di default:
IP Range: 192.168.250.1 -> 192.168.250.253
Gateway: 192.168.250.254
Netmask: 255.255.255.0
DNS: 192.168.250.254

Il client č collegato direttamente ad internet con modem dlink dsl-320b
Indirizzo IP: 95.252.50.132
Subnet mask: 255.255.255.255
Gateway predefinito: 192.168.1.1

Sono stati controllati Firewall


== Operazioni Eseguite ==
- Appena dopo aver fatto partire per la prima volta ZS č stato creato il profilo ed attivata la VPN.
- E' stato creato un Utente "enrper"
- Configurato il forwarding del router dove risiede il server ZS in modo che sia raggiungibile dall'esterno

- Installato il client VPN su Win XP SP3, quindi copiato il file CA.pem e il file zeroshell.ovpn
- Lanciata connessione



====== Log lato Client ======
Wed Jul 18 11:55:55 2012 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Wed Jul 18 11:56:01 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jul 18 11:56:01 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 18 11:56:01 2012 LZO compression initialized
Wed Jul 18 11:56:01 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Jul 18 11:56:01 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Jul 18 11:56:01 2012 Local Options hash (VER=V4): '31fdf004'
Wed Jul 18 11:56:01 2012 Expected Remote Options hash (VER=V4): '3e6d1056'
Wed Jul 18 11:56:01 2012 Attempting to establish TCP connection with 151.51.100.211:1194
Wed Jul 18 11:56:01 2012 TCP connection established with 151.51.100.211:1194
Wed Jul 18 11:56:01 2012 TCPv4_CLIENT link local: [undef]
Wed Jul 18 11:56:01 2012 TCPv4_CLIENT link remote: 151.51.100.211:1194
Wed Jul 18 11:56:01 2012 TLS: Initial packet from 151.51.100.211:1194, sid=c5d3303a 056f4db9
Wed Jul 18 11:56:02 2012 VERIFY OK: depth=1, /C=IT/O=Zeroshell.net/OU=Example/CN=ZeroShell_Example_CA/emailAddress=Fulvio.Ricciardi@zeroshell.net
Wed Jul 18 11:56:02 2012 VERIFY OK: depth=0, /OU=Hosts/CN=netservices.nuoviorizzonti.org
Wed Jul 18 11:56:03 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 18 11:56:03 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 18 11:56:03 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 18 11:56:03 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 18 11:56:03 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jul 18 11:56:03 2012 [netservices.nuoviorizzonti.org] Peer Connection Initiated with 151.51.100.211:1194
Wed Jul 18 11:56:04 2012 SENT CONTROL [netservices.nuoviorizzonti.org]: 'PUSH_REQUEST' (status=1)
Wed Jul 18 11:56:04 2012 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.250.254,redirect-gateway,dhcp-option DNS 192.168.250.254,,ping 5,ping-restart 60,ifconfig 192.168.250.1 255.255.255.0'
Wed Jul 18 11:56:04 2012 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul 18 11:56:04 2012 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jul 18 11:56:04 2012 OPTIONS IMPORT: route options modified
Wed Jul 18 11:56:04 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Jul 18 11:56:04 2012 TAP-WIN32 device [Connessione alla rete locale (LAN-VPN)] opened: \\.\Global\{B2DECA92-ACC7-40EA-9CB6-55460A49D0B7}.tap
Wed Jul 18 11:56:04 2012 TAP-Win32 Driver Version 8.4
Wed Jul 18 11:56:04 2012 TAP-Win32 MTU=1500
Wed Jul 18 11:56:04 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.250.1/255.255.255.0 on interface {B2DECA92-ACC7-40EA-9CB6-55460A49D0B7} [DHCP-serv: 192.168.250.0, lease-time: 31536000]
Wed Jul 18 11:56:04 2012 Successful ARP Flush on interface [3] {B2DECA92-ACC7-40EA-9CB6-55460A49D0B7}
Wed Jul 18 11:56:04 2012 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Wed Jul 18 11:56:04 2012 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 18 11:56:06 2012 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Wed Jul 18 11:56:06 2012 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 18 11:56:07 2012 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Wed Jul 18 11:56:07 2012 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 18 11:56:08 2012 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Wed Jul 18 11:56:08 2012 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 18 11:56:09 2012 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Wed Jul 18 11:56:09 2012 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 18 11:56:10 2012 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Wed Jul 18 11:56:10 2012 route ADD 151.51.100.211 MASK 255.255.255.255 192.168.1.1
Wed Jul 18 11:56:10 2012 Warning: route gateway is not reachable on any active network adapters: 192.168.1.1
Wed Jul 18 11:56:10 2012 Route addition via IPAPI failed
Wed Jul 18 11:56:10 2012 route DELETE 0.0.0.0 MASK 0.0.0.0 192.168.1.1
Wed Jul 18 11:56:10 2012 Warning: route gateway is not reachable on any active network adapters: 192.168.1.1
Wed Jul 18 11:56:10 2012 Route deletion via IPAPI failed
Wed Jul 18 11:56:10 2012 route ADD 0.0.0.0 MASK 0.0.0.0 192.168.250.254
Wed Jul 18 11:56:10 2012 Route addition via IPAPI succeeded
Wed Jul 18 11:56:10 2012 Initialization Sequence Completed
Wed Jul 18 11:56:45 2012 Connection reset, restarting [-1]
Wed Jul 18 11:56:45 2012 TCP/UDP: Closing socket
Wed Jul 18 11:56:45 2012 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jul 18 11:56:45 2012 Restart pause, 5 second(s)
Wed Jul 18 11:56:50 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jul 18 11:56:50 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 18 11:56:50 2012 Re-using SSL/TLS context
Wed Jul 18 11:56:50 2012 LZO compression initialized
Wed Jul 18 11:56:50 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Jul 18 11:57:05 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 11:57:05 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Jul 18 11:57:05 2012 Local Options hash (VER=V4): '31fdf004'
Wed Jul 18 11:57:05 2012 Expected Remote Options hash (VER=V4): '3e6d1056'
Wed Jul 18 11:57:20 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 11:57:40 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 11:58:00 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 11:58:20 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 11:58:40 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 11:59:00 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 11:59:20 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 11:59:40 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:00:00 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:00:20 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:00:40 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:01:00 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:01:20 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:01:40 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:02:00 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:02:20 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:02:40 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:03:00 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:03:20 2012 RESOLVE: Cannot resolve host address: nuovpn.zapto.org: [NO_DATA] The requested name is valid but does not have an IP address.
Wed Jul 18 12:03:40 2012 RESOLVE: signal received during DNS resolution attempt
Wed Jul 18 12:03:40 2012 TCP/UDP: Closing socket
Wed Jul 18 12:03:40 2012 route DELETE 151.51.100.211 MASK 255.255.255.255 192.168.1.1
Wed Jul 18 12:03:40 2012 Warning: route gateway is not reachable on any active network adapters: 192.168.1.1
Wed Jul 18 12:03:40 2012 Route deletion via IPAPI failed
Wed Jul 18 12:03:40 2012 route DELETE 0.0.0.0 MASK 0.0.0.0 192.168.250.254
Wed Jul 18 12:03:40 2012 Route deletion via IPAPI succeeded
Wed Jul 18 12:03:40 2012 route ADD 0.0.0.0 MASK 0.0.0.0 192.168.1.1
Wed Jul 18 12:03:40 2012 Warning: route gateway is not reachable on any active network adapters: 192.168.1.1
Wed Jul 18 12:03:40 2012 Route addition via IPAPI failed
Wed Jul 18 12:03:40 2012 Closing TUN/TAP interface
Wed Jul 18 12:03:40 2012 SIGTERM[hard,init_instance] received, process exiting


====== Log lato Server ======
11:39:26 OpenVPN 2.1.4 i586-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 30 2010
11:39:26 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
11:39:26 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
11:39:26 TUN/TAP device VPN99 opened
11:39:26 Listening for incoming TCP connection on [undef]:1194
11:39:26 TCPv4_SERVER link local (bound): [undef]:1194
11:39:26 TCPv4_SERVER link remote: [undef]
11:39:26 Initialization Sequence Completed
11:42:17 SIGHUP[hard,] received, process restarting
11:42:17 OpenVPN 2.1.4 i586-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 30 2010
11:42:18 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
11:42:19 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
11:42:19 TUN/TAP device VPN99 opened
11:42:19 Listening for incoming TCP connection on [undef]:1194
11:42:19 TCPv4_SERVER link local (bound): [undef]:1194
11:42:19 TCPv4_SERVER link remote: [undef]
11:42:19 Initialization Sequence Completed
11:49:53 SIGTERM[hard,] received, process exiting
11:49:55 OpenVPN 2.1.4 i586-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Dec 30 2010
11:49:55 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
11:49:55 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
11:49:55 TUN/TAP device VPN99 opened
11:49:55 Listening for incoming TCP connection on [undef]:1194
11:49:55 TCPv4_SERVER link local (bound): [undef]:1194
11:49:55 TCPv4_SERVER link remote: [undef]
11:49:55 Initialization Sequence Completed
11:55:53 Re-using SSL/TLS context
11:55:53 LZO compression initialized
11:55:53 TCP connection established with 95.249.59.206:1929
11:55:53 TCPv4_SERVER link local: [undef]
11:55:53 TCPv4_SERVER link remote: 95.249.59.206:1929
11:55:55 95.249.59.206:1929 [enrper@nuoviorizzonti.ORG] Trying Kerberos 5 (Local KDC) authentication
11:55:55 95.249.59.206:1929 [enrper@nuoviorizzonti.ORG] Successfully authenticated
11:55:55 95.249.59.206:1929 [enrper] Peer Connection Initiated with 95.249.59.206:1929
11:55:55 95.249.59.206:1929 [enrper] Virtual IP automatically assigned: 192.168.250.1
11:58:02 enrper/95.249.59.206:1929 [enrper] Inactivity timeout (--ping-restart), restarting
11:58:02 95.249.59.206:1929 [enrper] Client disconnected
Top
Profilo Invia messaggio privato Invia e-mail
NdK



Registrato: 27/01/10 12:36
Messaggi: 506

MessaggioInviato: Lun Lug 23, 2012 10:21 am    Oggetto: Re: [Problema] VPN Host to LAN Rispondi citando

efams ha scritto:

Il client č collegato direttamente ad internet con modem dlink dsl-320b
Indirizzo IP: 95.252.50.132
Subnet mask: 255.255.255.255
Gateway predefinito: 192.168.1.1

Uh? E come fa con questa configurazione ad uscire?

efams ha scritto:

11:55:55 95.249.59.206:1929 [enrper@nuoviorizzonti.ORG] Trying Kerberos 5 (Local KDC) authentication
11:55:55 95.249.59.206:1929 [enrper@nuoviorizzonti.ORG] Successfully authenticated
11:55:55 95.249.59.206:1929 [enrper] Peer Connection Initiated with 95.249.59.206:1929
11:55:55 95.249.59.206:1929 [enrper] Virtual IP automatically assigned: 192.168.250.1
11:58:02 enrper/95.249.59.206:1929 [enrper] Inactivity timeout (--ping-restart), restarting
11:58:02 95.249.59.206:1929 [enrper] Client disconnected

E non torna coi dati successivi: prima 95.252.. poi 95.249.. ?

Mi pare che ci sia parecchio malippo nella configurazione...
Comunque, prova anche usando il nuovo client openvpn (da openvpn.net invece che da openvpn.se)...
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> VPN Tutti i fusi orari sono GMT + 1 ora
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi


Powered by phpBB © 2001, 2005 phpBB Group
phpbb.it