Saya membuat VPN dengan OpenVPN di Rapsberry Pi 3 saya (Ubuntu Mate) dengan tutorial ini: http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing . Tetapi ketika saya mencoba menghubungkan komputer saya di VPN saya dengan Tunnelblick, saya memiliki kesalahan ini:
Ini file lognya:
2016-12-18 21:48:55 us=588356 Current Parameter Settings:
2016-12-18 21:48:55 us=588588 config = '/.../config.ovpn'
2016-12-18 21:48:55 us=588603 mode = 0
2016-12-18 21:48:55 us=588613 show_ciphers = DISABLED
2016-12-18 21:48:55 us=588623 show_digests = DISABLED
2016-12-18 21:48:55 us=588632 show_engines = DISABLED
2016-12-18 21:48:55 us=588641 genkey = DISABLED
2016-12-18 21:48:55 us=588651 key_pass_file = '[UNDEF]'
2016-12-18 21:48:55 us=588661 show_tls_ciphers = DISABLED
2016-12-18 21:48:55 us=588670 Connection profiles [default]:
2016-12-18 21:48:55 us=588683 proto = udp
2016-12-18 21:48:55 us=588693 local = '[UNDEF]'
2016-12-18 21:48:55 us=588703 local_port = 0
2016-12-18 21:48:55 us=588712 remote = 'MYIP'
2016-12-18 21:48:55 us=588722 remote_port = 1194
2016-12-18 21:48:55 us=588731 remote_float = DISABLED
2016-12-18 21:48:55 us=588741 bind_defined = DISABLED
2016-12-18 21:48:55 us=588750 bind_local = DISABLED
2016-12-18 21:48:55 us=588760 connect_retry_seconds = 5
2016-12-18 21:48:55 us=588769 connect_timeout = 10
2016-12-18 21:48:55 us=588778 NOTE: --mute triggered...
2016-12-18 21:48:55 us=588799 255 variation(s) on previous 20 message(s) suppressed by --mute
2016-12-18 21:48:55 us=588812 OpenVPN 2.3.12 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Nov 17 2016
2016-12-18 21:48:55 us=588830 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
2016-12-18 21:48:55 us=589832 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1339
2016-12-18 21:48:55 us=589940 Need hold release from management interface, waiting...
2016-12-18 21:48:55 us=998065 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1339
2016-12-18 21:48:55 *Tunnelblick: openvpnstart starting OpenVPN
2016-12-18 21:48:56 *Tunnelblick: Established communication with OpenVPN
2016-12-18 21:48:56 *Tunnelblick: Obtained passphrase from the Keychain
2016-12-18 21:48:56 us=15623 MANAGEMENT: CMD 'pid'
2016-12-18 21:48:56 us=15778 MANAGEMENT: CMD 'state on'
2016-12-18 21:48:56 us=15946 MANAGEMENT: CMD 'state'
2016-12-18 21:48:56 us=16068 MANAGEMENT: CMD 'bytecount 1'
2016-12-18 21:48:56 us=16155 MANAGEMENT: CMD 'hold release'
2016-12-18 21:48:56 us=16395 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-12-18 21:48:56 us=37387 MANAGEMENT: CMD 'password [...]'
2016-12-18 21:48:56 us=37565 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2016-12-18 21:48:56 us=38716 Control Channel Authentication: tls-auth using INLINE static key file
2016-12-18 21:48:56 us=38788 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-12-18 21:48:56 us=38840 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-12-18 21:48:56 us=38914 LZO compression initialized
2016-12-18 21:48:56 us=39034 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2016-12-18 21:48:56 us=39119 Socket Buffers: R=[196724->196724] S=[9216->9216]
2016-12-18 21:48:56 us=39180 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
2016-12-18 21:48:56 us=39241 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2016-12-18 21:48:56 us=39289 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2016-12-18 21:48:56 us=39340 Local Options hash (VER=V4): '272f1b58'
2016-12-18 21:48:56 us=39392 Expected Remote Options hash (VER=V4): 'a2e63101'
2016-12-18 21:48:56 us=39444 UDPv4 link local: [undef]
2016-12-18 21:48:56 us=39496 UDPv4 link remote: [AF_INET]myip:1194
2016-12-18 21:48:56 us=39561 MANAGEMENT: >STATE:1482094136,WAIT,,,
2016-12-18 21:48:56 us=39689 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
2016-12-18 21:48:58 us=416600 UDPv4 WRITE [42] to [AF_INET]MYIP:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
2016-12-18 21:49:03 us=192515 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
2016-12-18 21:49:11 us=502022 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
2016-12-18 21:49:27 us=831284 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Ini adalah file konfigurasi:
local 192.168.1.21
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/NissaVPN.crt
key /etc/openvpn/easy-rsa/keys/NissaVPN.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.21 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
Berikut adalah kunci RSA default:
client
dev tun
proto udp
remote MYIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
Ini adalah file firewall openvpn:
#!/bin/sh
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.21
Apa yang bisa saya lakukan untuk memperbaikinya? Saya menonaktifkan firewall saya dan router saya dikonfigurasi.
verb 3
log klien lengkap .verb 3
, tapi terserahlah. Saya berasumsiMYIP
adalah alamat IP eksternal Anda (saat ini), bukan? Dari mana Anda mencoba terhubung ke sana? Dari belakang router Anda? Ketika Anda mengatakan "router dikonfigurasi", apakah itu berarti Anda mengatur penerusan port untuk port 1194 UDP?verb
osity. Anda sekarang punyaverb 1
. Untuk mendiagnosis kesalahan, Anda harus meningkatkannya.Jawaban:
Saya akhirnya menyelesaikan masalah saya: Itu karena router saya, saya belum memperbarui untuk waktu yang lama. Dan di akhir pembaruan, semuanya bekerja :)
Terima kasih
sumber