Hallo,
ich versuche gerade ein VPN aufzusetzen (bzw. einfacher: Einen Server in Deutschland mit OpenVPN zu verwenden um hier aus China unzensiert surfen zu können). Habe mich daran gehalten: http://idienstler.de/2255/tutorial-so-richtet-man-einen-eigenen-vpn-auf-einem-gnulinux-debian-7-1-wheezy-vserver-ein/ und zwei Zertifikate erstellt. Auf dem Smartphone OpenVPN installiert und es lief auf Anhieb.
An meinem Ubuntu (mit KDE) doktore ich schon seit Tagen rum ohne Erfolg (aber auf einem Win 8 PC hatte ich auch keinen Erfolg damit).
Ich kann mich verbinden, wenn ich whatsmyip.net eingebe sehe ich meine IP auch als die des Server. Aber Facebook etc. kann ich nicht aufrufen - ich habe auch schon den DNS Server manuell geändert im Netzwerkmanager aber ohne Erfolg. ☹
client.conf:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | client dev tun proto udp remote 94.250.253.170 15164 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client2.crt key client2.key pull ns-cert-type server comp-lzo verb 5 |
server.conf:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | ;local a.b.c.d port 15194 proto udp ;dev tap dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 ;server-bridge ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" client-config-dir ccd route 192.168.1.0 255.255.255.0 push "dhcp-option DNS 194.25.2.130" push "dhcp-option DNS 217.237.150.33" keepalive 10 120 comp-lzo ;user nobody ;group nogroup persist-key persist-tun status openvpn-status.log verb 5 |
1 2 3 4 5 6 7 | tun0 Link encap:UNSPEC Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet Adresse:10.8.0.10 P-z-P:10.8.0.9 Maske:255.255.255.255 UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1500 Metrik:1 RX-Pakete:254 Fehler:0 Verloren:0 Überläufe:0 Fenster:0 TX-Pakete:553 Fehler:0 Verloren:0 Überläufe:0 Träger:0 Kollisionen:0 Sendewarteschlangenlänge:100 RX-Bytes:57505 (57.5 KB) TX-Bytes:86617 (86.6 KB) |
Und das Konsole log nach openvpn --config client2.conf:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | ... Tue Mar 25 14:30:54 2014 us=213105 pkcs11_pin_cache_period = -1 Tue Mar 25 14:30:54 2014 us=213116 pkcs11_id = '[UNDEF]' Tue Mar 25 14:30:54 2014 us=213127 pkcs11_id_management = DISABLED Tue Mar 25 14:30:54 2014 us=213154 server_network = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213166 server_netmask = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213180 server_network_ipv6 = :: Tue Mar 25 14:30:54 2014 us=213192 server_netbits_ipv6 = 0 Tue Mar 25 14:30:54 2014 us=213204 server_bridge_ip = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213218 server_bridge_netmask = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213230 server_bridge_pool_start = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213245 server_bridge_pool_end = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213257 ifconfig_pool_defined = DISABLED Tue Mar 25 14:30:54 2014 us=213269 ifconfig_pool_start = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213282 ifconfig_pool_end = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213294 ifconfig_pool_netmask = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213305 ifconfig_pool_persist_filename = '[UNDEF]' Tue Mar 25 14:30:54 2014 us=213319 ifconfig_pool_persist_refresh_freq = 600 Tue Mar 25 14:30:54 2014 us=213330 ifconfig_ipv6_pool_defined = DISABLED Tue Mar 25 14:30:54 2014 us=213342 ifconfig_ipv6_pool_base = :: Tue Mar 25 14:30:54 2014 us=213352 ifconfig_ipv6_pool_netbits = 0 Tue Mar 25 14:30:54 2014 us=213364 n_bcast_buf = 256 Tue Mar 25 14:30:54 2014 us=213375 tcp_queue_limit = 64 Tue Mar 25 14:30:54 2014 us=213385 real_hash_size = 256 Tue Mar 25 14:30:54 2014 us=213397 virtual_hash_size = 256 Tue Mar 25 14:30:54 2014 us=213408 client_connect_script = '[UNDEF]' Tue Mar 25 14:30:54 2014 us=213419 learn_address_script = '[UNDEF]' Tue Mar 25 14:30:54 2014 us=213431 client_disconnect_script = '[UNDEF]' Tue Mar 25 14:30:54 2014 us=213442 client_config_dir = '[UNDEF]' Tue Mar 25 14:30:54 2014 us=213456 ccd_exclusive = DISABLED Tue Mar 25 14:30:54 2014 us=213467 tmp_dir = '/tmp' Tue Mar 25 14:30:54 2014 us=213479 push_ifconfig_defined = DISABLED Tue Mar 25 14:30:54 2014 us=213490 push_ifconfig_local = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213502 push_ifconfig_remote_netmask = 0.0.0.0 Tue Mar 25 14:30:54 2014 us=213513 push_ifconfig_ipv6_defined = DISABLED Tue Mar 25 14:30:54 2014 us=213525 push_ifconfig_ipv6_local = ::/0 Tue Mar 25 14:30:54 2014 us=213537 push_ifconfig_ipv6_remote = :: Tue Mar 25 14:30:54 2014 us=213548 enable_c2c = DISABLED Tue Mar 25 14:30:54 2014 us=213559 duplicate_cn = DISABLED Tue Mar 25 14:30:54 2014 us=213571 cf_max = 0 Tue Mar 25 14:30:54 2014 us=213581 cf_per = 0 Tue Mar 25 14:30:54 2014 us=213592 max_clients = 1024 Tue Mar 25 14:30:54 2014 us=213603 max_routes_per_client = 256 Tue Mar 25 14:30:54 2014 us=213614 auth_user_pass_verify_script = '[UNDEF]' Tue Mar 25 14:30:54 2014 us=213626 auth_user_pass_verify_script_via_file = DISABLED Tue Mar 25 14:30:54 2014 us=213638 ssl_flags = 0 Tue Mar 25 14:30:54 2014 us=213649 port_share_host = '[UNDEF]' Tue Mar 25 14:30:54 2014 us=213662 port_share_port = 0 Tue Mar 25 14:30:54 2014 us=213673 client = ENABLED Tue Mar 25 14:30:54 2014 us=213684 pull = ENABLED Tue Mar 25 14:30:54 2014 us=213695 auth_user_pass_file = '[UNDEF]' Tue Mar 25 14:30:54 2014 us=213708 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 27 2013 Tue Mar 25 14:30:54 2014 us=213811 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Mar 25 14:30:54 2014 us=214274 WARNING: file 'client2.key' is group or others accessible Tue Mar 25 14:30:54 2014 us=214641 LZO compression initialized Tue Mar 25 14:30:54 2014 us=214718 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Mar 25 14:30:54 2014 us=214758 Socket Buffers: R=[229376->131072] S=[229376->131072] Tue Mar 25 14:30:54 2014 us=214779 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue Mar 25 14:30:54 2014 us=214799 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Tue Mar 25 14:30:54 2014 us=214813 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Tue Mar 25 14:30:54 2014 us=214834 Local Options hash (VER=V4): '41690919' Tue Mar 25 14:30:54 2014 us=214857 Expected Remote Options hash (VER=V4): '530fdded' Tue Mar 25 14:30:54 2014 us=214875 UDPv4 link local: [undef] Tue Mar 25 14:30:54 2014 us=214889 UDPv4 link remote: [AF_INET]94.250.253.170:13174 WRTue Mar 25 14:30:54 2014 us=524626 TLS: Initial packet from [AF_INET]94.250.253.170:13174, sid=6ac683d5 77d2c481 WWWWRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRTue Mar 25 14:30:56 2014 us=93715 VERIFY OK: depth=1, /C=DE/ST=HE/L=Frankfurt/O=Fort/OU=VPN/CN=VPN/name=VPN/emailAddress=mail@freenet.de Tue Mar 25 14:30:56 2014 us=93861 VERIFY OK: nsCertType=SERVER Tue Mar 25 14:30:56 2014 us=93870 VERIFY OK: depth=0, /C=DE/ST=HE/L=Frankfurt/O=Fort/OU=VPN/CN=VPN/name=VPN/emailAddress=mail@freenet.de WRWRWRWRWRWRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWWWWRRRRWRWRTue Mar 25 14:30:59 2014 us=844278 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Mar 25 14:30:59 2014 us=844314 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Mar 25 14:30:59 2014 us=844355 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Mar 25 14:30:59 2014 us=844364 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication WTue Mar 25 14:30:59 2014 us=844397 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Mar 25 14:30:59 2014 us=844422 [VPN] Peer Connection Initiated with [AF_INET]94.250.253.170:13174 Tue Mar 25 14:31:02 2014 us=86623 SENT CONTROL [VPN]: 'PUSH_REQUEST' (status=1) WRRWRWRTue Mar 25 14:31:02 2014 us=398771 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,dhcp-option DNS 194.25.2.130,dhcp-option DNS 217.237.150.33,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' Tue Mar 25 14:31:02 2014 us=398849 OPTIONS IMPORT: timers and/or timeouts modified Tue Mar 25 14:31:02 2014 us=398858 OPTIONS IMPORT: --ifconfig/up options modified Tue Mar 25 14:31:02 2014 us=398865 OPTIONS IMPORT: route options modified Tue Mar 25 14:31:02 2014 us=398871 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Mar 25 14:31:02 2014 us=399019 ROUTE default_gateway=192.168.1.1 Tue Mar 25 14:31:02 2014 us=399420 TUN/TAP device tun0 opened Tue Mar 25 14:31:02 2014 us=399437 TUN/TAP TX queue length set to 100 Tue Mar 25 14:31:02 2014 us=399450 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Tue Mar 25 14:31:02 2014 us=399469 /sbin/ifconfig tun0 10.8.0.10 pointopoint 10.8.0.9 mtu 1500 Tue Mar 25 14:31:02 2014 us=413374 /sbin/route add -net 94.250.253.170 netmask 255.255.255.255 gw 192.168.1.1 Tue Mar 25 14:31:02 2014 us=426152 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0 Tue Mar 25 14:31:02 2014 us=427106 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.8.0.9 Tue Mar 25 14:31:02 2014 us=428059 WARNING: potential route subnet conflict between local LAN [10.8.0.0/255.255.255.0] and remote VPN [10.8.0.1/255.255.255.255] Tue Mar 25 14:31:02 2014 us=428101 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.9 Tue Mar 25 14:31:02 2014 us=428921 Initialization Sequence Completed |
Hat da jemand eine Idee wie ich das hin bekomme? Ich kann leider auch nicht auf openvpn.net und andere Quellen die hier zensiert sind - sonst würde sich die Fehlersuche wohl auch leichter gestalten :-S