sonnenblume
18.05.06, 16:51
Hallo,
ich erstelle gerade einen VPN Server und habe mit dem Routingprobleme.
Ich versuche gerade mit einem Client über meinen VPN Server auf einen anderen Rechner zuzugreifen(über Crossover). Ich komme bis zur zweiten Netzwerkkarte, aber leider nicht weiter. Und nun einige Infos
IP Adressen:
Server
Netzwerkkarte 1: 172.20.10.112 - dies ist die Schnittstelle über den der Client sich auf dem Server verbindet
Netzwerkkarte 2: 169.254.58.225 (kann nicht geändert werden, da der entfernte Rechner die 169.254.58.226 hat --> ich habe keine Userrechte diese zu ändern) Also wie schon geschrieben ist dies die Schnittstelle zum entfernten Rechner
TAP0: 10.0.0.1 Interface für den VPN Server
Routingtabelle
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
172.20.8.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 172.20.8.1 0.0.0.0 UG 0 0 0 eth0
Ich denke das diese nicht ganz stimmt.
172.20.8.1 ist das Gateway zum Firmennetzwerk.
So nun die Routingtabelle vom Client:
C:\Documents and Settings\Administrator>route print
================================================== =========================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 02 8a 26 b5 58 ...... Intel(R) PRO/100 VE Network Connection - Net Fi
ewall Miniport Interface
0x3 ...00 ff 60 ae 52 b6 ...... TAP-Win32 Adapter V8 #2 - Net Firewall Miniport
Interface
0x4 ...00 ff 88 6e f7 fb ...... TAP-Win32 Adapter V8 - Net Firewall Miniport In
erface
0x1e0007 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x1f0005 ...00 00 00 00 00 01 ...... AGN Virtual Network Adapter - Net Firewall
Miniport Interface
================================================== =========================
================================================== =========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.20.8.1 172.20.11.47 20
0.0.0.0 0.0.0.0 213.139.128.59 172.20.11.47 20
9.149.21.190 255.255.255.255 172.20.8.50 172.20.11.47 1
9.149.167.11 255.255.255.255 172.20.8.50 172.20.11.47 1
10.0.0.0 255.255.255.0 10.0.0.2 10.0.0.2 30
10.0.0.2 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.0.0.2 10.0.0.2 30
62.214.9.136 255.255.255.255 172.20.8.50 172.20.11.47 1
64.12.2.72 255.255.255.255 172.20.8.50 172.20.11.47 1
64.12.25.178 255.255.255.255 172.20.8.50 172.20.11.47 1
64.12.96.0 255.255.224.0 172.176.170.139 172.176.170.138 1
64.12.162.165 255.255.255.255 172.20.8.50 172.20.11.47 1
66.249.85.104 255.255.255.255 172.20.8.50 172.20.11.47 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
152.158.16.57 255.255.255.255 172.20.8.50 172.20.11.47 1
152.163.192.0 255.255.224.0 172.176.170.139 172.176.170.138 1
152.163.208.121 255.255.255.255 172.20.8.50 172.20.11.47 1
152.163.240.0 255.255.240.0 172.176.170.139 172.176.170.138 1
172.20.8.0 255.255.248.0 172.20.11.47 172.20.11.47 20
172.20.10.112 255.255.255.255 172.20.8.1 172.20.11.47 1
172.20.11.47 255.255.255.255 127.0.0.1 127.0.0.1 20
172.20.255.255 255.255.255.255 172.20.11.47 172.20.11.47 20
172.176.0.0 255.255.0.0 172.176.170.138 172.176.170.138 1
172.176.170.1 255.255.255.255 172.176.170.138 172.176.170.138 1
172.176.170.138 255.255.255.255 127.0.0.1 127.0.0.1 50
172.176.255.255 255.255.255.255 172.176.170.138 172.176.170.138 50
195.93.56.7 255.255.255.255 172.20.8.50 172.20.11.47 1
205.188.13.0 255.255.255.0 172.176.170.139 172.176.170.138 1
205.188.32.0 255.255.224.0 172.176.170.139 172.176.170.138 1
205.188.146.144 255.255.255.240 172.176.170.139 172.176.170.138 1
205.188.146.146 255.255.255.255 172.20.8.50 172.20.11.47 1
205.188.192.0 255.255.240.0 172.176.170.139 172.176.170.138 1
213.165.64.21 255.255.255.255 172.20.8.50 172.20.11.47 1
213.165.64.22 255.255.255.255 172.20.8.50 172.20.11.47 1
224.0.0.0 240.0.0.0 10.0.0.2 10.0.0.2 30
224.0.0.0 240.0.0.0 172.20.11.47 172.20.11.47 20
224.0.0.0 240.0.0.0 172.176.170.138 172.176.170.138 50
255.255.255.255 255.255.255.255 10.0.0.2 10.0.0.2 1
255.255.255.255 255.255.255.255 172.20.11.47 172.20.11.47 1
255.255.255.255 255.255.255.255 172.176.170.138 3 1
255.255.255.255 255.255.255.255 172.176.170.138 1f0005 1
255.255.255.255 255.255.255.255 172.176.170.138 172.176.170.138 1
Default Gateway: 172.20.8.1
================================================== =========================
Persistent Routes:
None
Die Loginformation vom Client auf dem Server:
Thu May 18 16:45:47 2006 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Thu May 18 16:45:47 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu May 18 16:45:47 2006 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu May 18 16:45:47 2006 LZO compression initialized
Thu May 18 16:45:47 2006 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu May 18 16:45:47 2006 Data Channel MTU parms [ L:1578 D:1450 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Thu May 18 16:45:47 2006 Fragmentation MTU parms [ L:1578 D:1300 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Thu May 18 16:45:47 2006 Local Options hash (VER=V4): '9a22532e'
Thu May 18 16:45:47 2006 Expected Remote Options hash (VER=V4): 'e2a912d8'
Thu May 18 16:45:47 2006 UDPv4 link local:
Thu May 18 16:45:47 2006 UDPv4 link remote: 172.20.10.112:1194
Thu May 18 16:45:48 2006 TLS: Initial packet from 172.20.10.112:1194, sid=f47d958e 43f9176a
Thu May 18 16:45:48 2006 VERIFY OK: depth=1, /C=DE/ST=Germany/L=Mainz/O=Sensitec_Naomi/OU=IT/CN=vpn
Thu May 18 16:45:48 2006 VERIFY OK: depth=0, /C=DE/ST=Germany/L=Mainz/O=Sensitec_Naomi/OU=IT/CN=server
Thu May 18 16:45:48 2006 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu May 18 16:45:48 2006 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu May 18 16:45:48 2006 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu May 18 16:45:48 2006 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu May 18 16:45:48 2006 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu May 18 16:45:48 2006 [server] Peer Connection Initiated with 172.20.10.112:1194
Thu May 18 16:45:49 2006 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu May 18 16:45:49 2006 PUSH: Received control message: 'PUSH_REPLY,route 169.254.58.225 255.255.0.0,route 172.20.8.0,redirect-gateway def1,route-gateway 10.0.0.1,dhcp-option DNS 172.20.8.0,ip-win32 dynamic,ping 10,ping-restart 120,ifconfig 10.0.0.2 255.255.255.0'
Thu May 18 16:45:49 2006 OPTIONS IMPORT: timers and/or timeouts modified
Thu May 18 16:45:49 2006 OPTIONS IMPORT: --ifconfig/up options modified
Thu May 18 16:45:49 2006 OPTIONS IMPORT: route options modified
Thu May 18 16:45:49 2006 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu May 18 16:45:49 2006 TAP-WIN32 device [test] opened: \\.\Global\{886EF7FB-4DD1-403A-93EE-85B859D7CEDE}.tap
Thu May 18 16:45:49 2006 TAP-Win32 Driver Version 8.1
Thu May 18 16:45:49 2006 TAP-Win32 MTU=1500
Thu May 18 16:45:49 2006 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.0.2/255.255.255.0 on interface {886EF7FB-4DD1-403A-93EE-85B859D7CEDE} [DHCP-serv: 10.0.0.0, lease-time: 31536000]
Thu May 18 16:45:49 2006 Successful ARP Flush on interface [4] {886EF7FB-4DD1-403A-93EE-85B859D7CEDE}
Thu May 18 16:45:49 2006 TEST ROUTES: 4/4 succeeded len=3 ret=1 a=0 u/d=up
Thu May 18 16:45:49 2006 route ADD 172.20.10.112 MASK 255.255.255.255 172.20.8.1
Thu May 18 16:45:49 2006 Route addition via IPAPI succeeded
Thu May 18 16:45:49 2006 route ADD 0.0.0.0 MASK 128.0.0.0 10.0.0.1
Thu May 18 16:45:49 2006 Route addition via IPAPI succeeded
Thu May 18 16:45:49 2006 route ADD 128.0.0.0 MASK 128.0.0.0 10.0.0.1
Thu May 18 16:45:49 2006 Route addition via IPAPI succeeded
Thu May 18 16:45:49 2006 route ADD 172.20.8.1 MASK 255.255.255.0 10.0.0.1
Thu May 18 16:45:50 2006 Warning: address 172.20.8.1 is not a network address in relation to netmask 255.255.255.0
Thu May 18 16:45:50 2006 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [if_index=4]
Thu May 18 16:45:50 2006 Route addition via IPAPI failed
Thu May 18 16:45:50 2006 route ADD 169.254.58.225 MASK 255.255.0.0 10.0.0.1
Thu May 18 16:45:50 2006 Warning: address 169.254.58.225 is not a network address in relation to netmask 255.255.0.0
Thu May 18 16:45:50 2006 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [if_index=4]
Thu May 18 16:45:50 2006 Route addition via IPAPI failed
Thu May 18 16:45:50 2006 route ADD 172.20.8.0 MASK 255.255.255.255 10.0.0.1
Thu May 18 16:45:50 2006 Route addition via IPAPI succeeded
Thu May 18 16:45:50 2006 Initialization Sequence Completed
So nun zu guter letzt noch die Conigdateien:
Server:
#Port Standard 5000=>angeblich ist Port 5000 belegt
port 1194
# TCP oder UDP?
#proto tcp-server
#;proto tcp
proto udp
mode server
tls-server
# Auf welcher IP-Adresse soll OpenVPN lauschen? (optional)
;local 172.20.10.112
# tun oder tap?
# Das tun Device erstellt einen IP Tunnel,
# während das tap Device einen Ethernet Tunnel erstellt.
#tun or tap device
#tun is an IP tunnel,
#tap an ethernet tunnel
#;dev tun
dev tap
#server 10.0.0.1 255.255.255.0
#Our Server IP
ifconfig 10.0.0.1 255.255.255.0
#dynamic clients from 10.0.0.2-10.0.0.254
ifconfig-pool 10.0.0.2 10.0.0.254
#Die pakete werden auf dieser größe gekapselt
#1492 wurde auf 1500 gesetzt
tun-mtu 1500
fragment 1300
#mssfix 1300
#secret /usr/local/ssl
#Paths to the certs
ca certs/vpn-ca.pem
cert certs/servercert.pem
key certs/serverkey.pem
#Diffie-Hellmann Parameters
dh certs/dh1024.pem
#server 10.0.0.0 255.0.0.0
#Same Ip in the next session
ifconfig-pool-persist ipp.txt
#das sich clients untereinander sehen können
#client-to-client
#Routes the packages to the intern network, you should use iptables instead of this
#Tests the connection with a ping like paket. (wait=120sec)
keepalive 10 120
#Authenication
auth SHA1
#push route informations to client
#push "route-gateway 172.20.8.1"
#push "redirect-gateway local"
push "ip-win32 dynamic"
push "route 169.254.58.225 255.255.0.0"
push "route 172.20.8.0"
push "redirect-gateway def1"
push "route-gateway 10.0.0.1"
push "dhcp-option DNS 172.20.8.0"
#Our encryption algorithm
#cipher aes-256-ecb
#openvpn --show-ciphers for testing
#comp
comp-lzo
#Sets new rights after the connection
user nobody
group nogroup
#We need this because of user nobody/group nobody.
persist-key
persist-tun
status openvpn-status.log
log openvpn-log.log
#Logging 0, (testing:5)
verb 3
Bei den push Befehlen stimmt bestimmt auch etwas nicht
[U]Client:
client
float
dev tap
;dev-node test
#MTU
tun-mtu 1500
fragment 1300
#mssfix
#device name, unter windows auskommentieren (# löschen)
#dev-node vsn-device
#route-gateway 192.168.0.6
route 172.20.8.1 255.255.255.0
#tcp oder udp
proto udp
#Server IP
remote 172.20.10.112 1194
#force authentication
#tls-remote server
ca vpn-ca.pem
cert simon_lan_cert.pem
key simon_lan_key.pem
#auth SHA1
#cipher aes-256-cbc
nobind
comp-lzo
pull
persist-key
persist-tun
verb 3
Welche Infos braucht ihr noch???
Dakne für eure Hilfe!!!
ich erstelle gerade einen VPN Server und habe mit dem Routingprobleme.
Ich versuche gerade mit einem Client über meinen VPN Server auf einen anderen Rechner zuzugreifen(über Crossover). Ich komme bis zur zweiten Netzwerkkarte, aber leider nicht weiter. Und nun einige Infos
IP Adressen:
Server
Netzwerkkarte 1: 172.20.10.112 - dies ist die Schnittstelle über den der Client sich auf dem Server verbindet
Netzwerkkarte 2: 169.254.58.225 (kann nicht geändert werden, da der entfernte Rechner die 169.254.58.226 hat --> ich habe keine Userrechte diese zu ändern) Also wie schon geschrieben ist dies die Schnittstelle zum entfernten Rechner
TAP0: 10.0.0.1 Interface für den VPN Server
Routingtabelle
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
172.20.8.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 172.20.8.1 0.0.0.0 UG 0 0 0 eth0
Ich denke das diese nicht ganz stimmt.
172.20.8.1 ist das Gateway zum Firmennetzwerk.
So nun die Routingtabelle vom Client:
C:\Documents and Settings\Administrator>route print
================================================== =========================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 02 8a 26 b5 58 ...... Intel(R) PRO/100 VE Network Connection - Net Fi
ewall Miniport Interface
0x3 ...00 ff 60 ae 52 b6 ...... TAP-Win32 Adapter V8 #2 - Net Firewall Miniport
Interface
0x4 ...00 ff 88 6e f7 fb ...... TAP-Win32 Adapter V8 - Net Firewall Miniport In
erface
0x1e0007 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x1f0005 ...00 00 00 00 00 01 ...... AGN Virtual Network Adapter - Net Firewall
Miniport Interface
================================================== =========================
================================================== =========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.20.8.1 172.20.11.47 20
0.0.0.0 0.0.0.0 213.139.128.59 172.20.11.47 20
9.149.21.190 255.255.255.255 172.20.8.50 172.20.11.47 1
9.149.167.11 255.255.255.255 172.20.8.50 172.20.11.47 1
10.0.0.0 255.255.255.0 10.0.0.2 10.0.0.2 30
10.0.0.2 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.0.0.2 10.0.0.2 30
62.214.9.136 255.255.255.255 172.20.8.50 172.20.11.47 1
64.12.2.72 255.255.255.255 172.20.8.50 172.20.11.47 1
64.12.25.178 255.255.255.255 172.20.8.50 172.20.11.47 1
64.12.96.0 255.255.224.0 172.176.170.139 172.176.170.138 1
64.12.162.165 255.255.255.255 172.20.8.50 172.20.11.47 1
66.249.85.104 255.255.255.255 172.20.8.50 172.20.11.47 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
152.158.16.57 255.255.255.255 172.20.8.50 172.20.11.47 1
152.163.192.0 255.255.224.0 172.176.170.139 172.176.170.138 1
152.163.208.121 255.255.255.255 172.20.8.50 172.20.11.47 1
152.163.240.0 255.255.240.0 172.176.170.139 172.176.170.138 1
172.20.8.0 255.255.248.0 172.20.11.47 172.20.11.47 20
172.20.10.112 255.255.255.255 172.20.8.1 172.20.11.47 1
172.20.11.47 255.255.255.255 127.0.0.1 127.0.0.1 20
172.20.255.255 255.255.255.255 172.20.11.47 172.20.11.47 20
172.176.0.0 255.255.0.0 172.176.170.138 172.176.170.138 1
172.176.170.1 255.255.255.255 172.176.170.138 172.176.170.138 1
172.176.170.138 255.255.255.255 127.0.0.1 127.0.0.1 50
172.176.255.255 255.255.255.255 172.176.170.138 172.176.170.138 50
195.93.56.7 255.255.255.255 172.20.8.50 172.20.11.47 1
205.188.13.0 255.255.255.0 172.176.170.139 172.176.170.138 1
205.188.32.0 255.255.224.0 172.176.170.139 172.176.170.138 1
205.188.146.144 255.255.255.240 172.176.170.139 172.176.170.138 1
205.188.146.146 255.255.255.255 172.20.8.50 172.20.11.47 1
205.188.192.0 255.255.240.0 172.176.170.139 172.176.170.138 1
213.165.64.21 255.255.255.255 172.20.8.50 172.20.11.47 1
213.165.64.22 255.255.255.255 172.20.8.50 172.20.11.47 1
224.0.0.0 240.0.0.0 10.0.0.2 10.0.0.2 30
224.0.0.0 240.0.0.0 172.20.11.47 172.20.11.47 20
224.0.0.0 240.0.0.0 172.176.170.138 172.176.170.138 50
255.255.255.255 255.255.255.255 10.0.0.2 10.0.0.2 1
255.255.255.255 255.255.255.255 172.20.11.47 172.20.11.47 1
255.255.255.255 255.255.255.255 172.176.170.138 3 1
255.255.255.255 255.255.255.255 172.176.170.138 1f0005 1
255.255.255.255 255.255.255.255 172.176.170.138 172.176.170.138 1
Default Gateway: 172.20.8.1
================================================== =========================
Persistent Routes:
None
Die Loginformation vom Client auf dem Server:
Thu May 18 16:45:47 2006 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Thu May 18 16:45:47 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu May 18 16:45:47 2006 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu May 18 16:45:47 2006 LZO compression initialized
Thu May 18 16:45:47 2006 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu May 18 16:45:47 2006 Data Channel MTU parms [ L:1578 D:1450 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Thu May 18 16:45:47 2006 Fragmentation MTU parms [ L:1578 D:1300 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Thu May 18 16:45:47 2006 Local Options hash (VER=V4): '9a22532e'
Thu May 18 16:45:47 2006 Expected Remote Options hash (VER=V4): 'e2a912d8'
Thu May 18 16:45:47 2006 UDPv4 link local:
Thu May 18 16:45:47 2006 UDPv4 link remote: 172.20.10.112:1194
Thu May 18 16:45:48 2006 TLS: Initial packet from 172.20.10.112:1194, sid=f47d958e 43f9176a
Thu May 18 16:45:48 2006 VERIFY OK: depth=1, /C=DE/ST=Germany/L=Mainz/O=Sensitec_Naomi/OU=IT/CN=vpn
Thu May 18 16:45:48 2006 VERIFY OK: depth=0, /C=DE/ST=Germany/L=Mainz/O=Sensitec_Naomi/OU=IT/CN=server
Thu May 18 16:45:48 2006 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu May 18 16:45:48 2006 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu May 18 16:45:48 2006 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu May 18 16:45:48 2006 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu May 18 16:45:48 2006 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu May 18 16:45:48 2006 [server] Peer Connection Initiated with 172.20.10.112:1194
Thu May 18 16:45:49 2006 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu May 18 16:45:49 2006 PUSH: Received control message: 'PUSH_REPLY,route 169.254.58.225 255.255.0.0,route 172.20.8.0,redirect-gateway def1,route-gateway 10.0.0.1,dhcp-option DNS 172.20.8.0,ip-win32 dynamic,ping 10,ping-restart 120,ifconfig 10.0.0.2 255.255.255.0'
Thu May 18 16:45:49 2006 OPTIONS IMPORT: timers and/or timeouts modified
Thu May 18 16:45:49 2006 OPTIONS IMPORT: --ifconfig/up options modified
Thu May 18 16:45:49 2006 OPTIONS IMPORT: route options modified
Thu May 18 16:45:49 2006 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu May 18 16:45:49 2006 TAP-WIN32 device [test] opened: \\.\Global\{886EF7FB-4DD1-403A-93EE-85B859D7CEDE}.tap
Thu May 18 16:45:49 2006 TAP-Win32 Driver Version 8.1
Thu May 18 16:45:49 2006 TAP-Win32 MTU=1500
Thu May 18 16:45:49 2006 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.0.2/255.255.255.0 on interface {886EF7FB-4DD1-403A-93EE-85B859D7CEDE} [DHCP-serv: 10.0.0.0, lease-time: 31536000]
Thu May 18 16:45:49 2006 Successful ARP Flush on interface [4] {886EF7FB-4DD1-403A-93EE-85B859D7CEDE}
Thu May 18 16:45:49 2006 TEST ROUTES: 4/4 succeeded len=3 ret=1 a=0 u/d=up
Thu May 18 16:45:49 2006 route ADD 172.20.10.112 MASK 255.255.255.255 172.20.8.1
Thu May 18 16:45:49 2006 Route addition via IPAPI succeeded
Thu May 18 16:45:49 2006 route ADD 0.0.0.0 MASK 128.0.0.0 10.0.0.1
Thu May 18 16:45:49 2006 Route addition via IPAPI succeeded
Thu May 18 16:45:49 2006 route ADD 128.0.0.0 MASK 128.0.0.0 10.0.0.1
Thu May 18 16:45:49 2006 Route addition via IPAPI succeeded
Thu May 18 16:45:49 2006 route ADD 172.20.8.1 MASK 255.255.255.0 10.0.0.1
Thu May 18 16:45:50 2006 Warning: address 172.20.8.1 is not a network address in relation to netmask 255.255.255.0
Thu May 18 16:45:50 2006 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [if_index=4]
Thu May 18 16:45:50 2006 Route addition via IPAPI failed
Thu May 18 16:45:50 2006 route ADD 169.254.58.225 MASK 255.255.0.0 10.0.0.1
Thu May 18 16:45:50 2006 Warning: address 169.254.58.225 is not a network address in relation to netmask 255.255.0.0
Thu May 18 16:45:50 2006 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [if_index=4]
Thu May 18 16:45:50 2006 Route addition via IPAPI failed
Thu May 18 16:45:50 2006 route ADD 172.20.8.0 MASK 255.255.255.255 10.0.0.1
Thu May 18 16:45:50 2006 Route addition via IPAPI succeeded
Thu May 18 16:45:50 2006 Initialization Sequence Completed
So nun zu guter letzt noch die Conigdateien:
Server:
#Port Standard 5000=>angeblich ist Port 5000 belegt
port 1194
# TCP oder UDP?
#proto tcp-server
#;proto tcp
proto udp
mode server
tls-server
# Auf welcher IP-Adresse soll OpenVPN lauschen? (optional)
;local 172.20.10.112
# tun oder tap?
# Das tun Device erstellt einen IP Tunnel,
# während das tap Device einen Ethernet Tunnel erstellt.
#tun or tap device
#tun is an IP tunnel,
#tap an ethernet tunnel
#;dev tun
dev tap
#server 10.0.0.1 255.255.255.0
#Our Server IP
ifconfig 10.0.0.1 255.255.255.0
#dynamic clients from 10.0.0.2-10.0.0.254
ifconfig-pool 10.0.0.2 10.0.0.254
#Die pakete werden auf dieser größe gekapselt
#1492 wurde auf 1500 gesetzt
tun-mtu 1500
fragment 1300
#mssfix 1300
#secret /usr/local/ssl
#Paths to the certs
ca certs/vpn-ca.pem
cert certs/servercert.pem
key certs/serverkey.pem
#Diffie-Hellmann Parameters
dh certs/dh1024.pem
#server 10.0.0.0 255.0.0.0
#Same Ip in the next session
ifconfig-pool-persist ipp.txt
#das sich clients untereinander sehen können
#client-to-client
#Routes the packages to the intern network, you should use iptables instead of this
#Tests the connection with a ping like paket. (wait=120sec)
keepalive 10 120
#Authenication
auth SHA1
#push route informations to client
#push "route-gateway 172.20.8.1"
#push "redirect-gateway local"
push "ip-win32 dynamic"
push "route 169.254.58.225 255.255.0.0"
push "route 172.20.8.0"
push "redirect-gateway def1"
push "route-gateway 10.0.0.1"
push "dhcp-option DNS 172.20.8.0"
#Our encryption algorithm
#cipher aes-256-ecb
#openvpn --show-ciphers for testing
#comp
comp-lzo
#Sets new rights after the connection
user nobody
group nogroup
#We need this because of user nobody/group nobody.
persist-key
persist-tun
status openvpn-status.log
log openvpn-log.log
#Logging 0, (testing:5)
verb 3
Bei den push Befehlen stimmt bestimmt auch etwas nicht
[U]Client:
client
float
dev tap
;dev-node test
#MTU
tun-mtu 1500
fragment 1300
#mssfix
#device name, unter windows auskommentieren (# löschen)
#dev-node vsn-device
#route-gateway 192.168.0.6
route 172.20.8.1 255.255.255.0
#tcp oder udp
proto udp
#Server IP
remote 172.20.10.112 1194
#force authentication
#tls-remote server
ca vpn-ca.pem
cert simon_lan_cert.pem
key simon_lan_key.pem
#auth SHA1
#cipher aes-256-cbc
nobind
comp-lzo
pull
persist-key
persist-tun
verb 3
Welche Infos braucht ihr noch???
Dakne für eure Hilfe!!!