Проблемы при загрузке по OpenVPN
Добавлено: Пн окт 07, 2019 5:36 pm
Доброго времени суток, коллеги!
Продолжаю изучение ОС WTware, хотел бы уточнить, возможно у кого-то возникла проблема с подключением по OVPN с использованием собственного config файла.
Что имеется:
- сервер OVPN на Pfsense 2.4.4
- клиент WTware версия 5.8.66
-------------------------------------------------------------------------
На текущий момент наблюдаю следующую картину: сервер OVPN инициализирует подключение, выдает порт, Virtual IP тонкому клиенту.
Тем не менее в логах WTware имеется ошибка:
-------------------------------------------------------------------------
По протоколу TCP и сжатием LZO
17-42-12-471| [ initrd] [ 16.150519] +--- Executing "/usr/sbin/openvpn --config /etc/client.conf --daemon"
17-42-12-471| [ KERNEL] [ 16.150380] tun: Universal TUN/TAP device driver, 1.6
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:05 openvpn[1237]: OpenVPN 2.4.7 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:05 openvpn[1237]: library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.10
17-42-12-471| [ initrd] [ 16.154763] +- Errorlevel: 0, output:
17-42-12-471| File is empty.
17-42-12-471| [ initrd] [ 16.154819] +------------------------
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:05 openvpn[1238]: TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.10.254:1194
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:05 openvpn[1238]: Attempting to establish TCP connection with [AF_INET]10.10.10.254:1194 [nonblock]
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:06 openvpn[1238]: TCP connection established with [AF_INET]10.10.10.254:1194
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:06 openvpn[1238]: TCP_CLIENT link local (bound): [AF_INET][undef]:0
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:06 openvpn[1238]: TCP_CLIENT link remote: [AF_INET]10.10.10.254:1194
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:06 openvpn[1238]: [LAB] Peer Connection Initiated with [AF_INET]10.10.10.254:1194
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:07 openvpn[1238]: TUN/TAP device tun0 opened
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:07 openvpn[1238]: /sbin/ip link set dev tun0 up mtu 1500
17-42-12-471| [SYSLOG] <27>Oct 7 14:42:07 openvpn[1238]: Linux ip link set failed: could not execute external program
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:07 openvpn[1238]: Exiting due to fatal error
17-42-12-471| [ pfac] [ 18.552913] Process pid 1238 terminated, status 00000100.
17-42-12-471| [ initrd] [ 18.595094] [OpenVPN] Daemon stopped.
17-42-12-471| [ initrd] [ 18.595112] ERROR: OpenVPN failed.
17-42-12-477| Connection from wtc.exe at 192.168.1.30.
daemon
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote 10.10.10.254 1194 tcp-client
lport 0
verify-x509-name "LAB" name
remote-cert-tls server
comp-lzo yes
<ca>
-----BEGIN CERTIFICATE-----
-------------------------------------------------------------------------
По протоколу UDP
17-27-07-172| [ initrd] [ 14.501884] +------------------------
17-27-07-172| [SYSLOG] <28>Oct 7 14:26:59 openvpn[1238]: ******* WARNING *******: '--auth none' was specified. This means no authentication will be performed on received packets, meaning you CANNOT trust that the data received by the remote side have NOT been manipulated. PLEASE DO RECONSIDER THIS SETTING!
17-27-07-172| [SYSLOG] <29>Oct 7 14:26:59 openvpn[1238]: TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.10.254:1194
17-27-07-172| [SYSLOG] <29>Oct 7 14:26:59 openvpn[1238]: UDP link local (bound): [AF_INET][undef]:0
17-27-07-172| [SYSLOG] <29>Oct 7 14:26:59 openvpn[1238]: UDP link remote: [AF_INET]10.10.10.254:1194
17-27-07-172| [SYSLOG] <29>Oct 7 14:26:59 openvpn[1238]: [LAB] Peer Connection Initiated with [AF_INET]10.10.10.254:1194
17-27-07-172| [SYSLOG] <28>Oct 7 14:27:00 openvpn[1238]: ******* WARNING *******: '--auth none' was specified. This means no authentication will be performed on received packets, meaning you CANNOT trust that the data received by the remote side have NOT been manipulated. PLEASE DO RECONSIDER THIS SETTING!
17-27-07-172| [SYSLOG] <29>Oct 7 14:27:00 openvpn[1238]: TUN/TAP device tun0 opened
17-27-07-172| [SYSLOG] <29>Oct 7 14:27:00 openvpn[1238]: /sbin/ip link set dev tun0 up mtu 1500
17-27-07-172| [SYSLOG] <27>Oct 7 14:27:00 openvpn[1238]: Linux ip link set failed: could not execute external program
17-27-07-172| [SYSLOG] <29>Oct 7 14:27:00 openvpn[1238]: Exiting due to fatal error
17-27-07-172| [ initrd] [ 15.692045] [OpenVPN] Daemon stopped.
17-27-07-172| [ initrd] [ 15.692058] ERROR: OpenVPN failed.
17-27-07-172| [ pfac] [ 15.696967] Process pid 1238 terminated, status 00000100.
17-27-07-177| Connection from wtc.exe at 192.168.1.30.
daemon
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth none
tls-client
client
resolv-retry infinite
daemon
remote 10.10.10.254 1194 udp
lport 0
verify-x509-name "LAB" name
remote-cert-tls server
compress lzo
<ca>
-----BEGIN CERTIFICATE-----
-------------------------------------------------------------------------
Предполагаю, что конфиг, который был автоматически создан Pfsense (работает под ОС Android, Windows server 2k12) несовместим с OVPN клиентом WTware, так ли это?
Продолжаю изучение ОС WTware, хотел бы уточнить, возможно у кого-то возникла проблема с подключением по OVPN с использованием собственного config файла.
Что имеется:
- сервер OVPN на Pfsense 2.4.4
- клиент WTware версия 5.8.66
-------------------------------------------------------------------------
На текущий момент наблюдаю следующую картину: сервер OVPN инициализирует подключение, выдает порт, Virtual IP тонкому клиенту.
Тем не менее в логах WTware имеется ошибка:
-------------------------------------------------------------------------
По протоколу TCP и сжатием LZO
17-42-12-471| [ initrd] [ 16.150519] +--- Executing "/usr/sbin/openvpn --config /etc/client.conf --daemon"
17-42-12-471| [ KERNEL] [ 16.150380] tun: Universal TUN/TAP device driver, 1.6
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:05 openvpn[1237]: OpenVPN 2.4.7 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:05 openvpn[1237]: library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.10
17-42-12-471| [ initrd] [ 16.154763] +- Errorlevel: 0, output:
17-42-12-471| File is empty.
17-42-12-471| [ initrd] [ 16.154819] +------------------------
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:05 openvpn[1238]: TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.10.254:1194
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:05 openvpn[1238]: Attempting to establish TCP connection with [AF_INET]10.10.10.254:1194 [nonblock]
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:06 openvpn[1238]: TCP connection established with [AF_INET]10.10.10.254:1194
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:06 openvpn[1238]: TCP_CLIENT link local (bound): [AF_INET][undef]:0
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:06 openvpn[1238]: TCP_CLIENT link remote: [AF_INET]10.10.10.254:1194
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:06 openvpn[1238]: [LAB] Peer Connection Initiated with [AF_INET]10.10.10.254:1194
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:07 openvpn[1238]: TUN/TAP device tun0 opened
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:07 openvpn[1238]: /sbin/ip link set dev tun0 up mtu 1500
17-42-12-471| [SYSLOG] <27>Oct 7 14:42:07 openvpn[1238]: Linux ip link set failed: could not execute external program
17-42-12-471| [SYSLOG] <29>Oct 7 14:42:07 openvpn[1238]: Exiting due to fatal error
17-42-12-471| [ pfac] [ 18.552913] Process pid 1238 terminated, status 00000100.
17-42-12-471| [ initrd] [ 18.595094] [OpenVPN] Daemon stopped.
17-42-12-471| [ initrd] [ 18.595112] ERROR: OpenVPN failed.
17-42-12-477| Connection from wtc.exe at 192.168.1.30.
daemon
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote 10.10.10.254 1194 tcp-client
lport 0
verify-x509-name "LAB" name
remote-cert-tls server
comp-lzo yes
<ca>
-----BEGIN CERTIFICATE-----
-------------------------------------------------------------------------
По протоколу UDP
17-27-07-172| [ initrd] [ 14.501884] +------------------------
17-27-07-172| [SYSLOG] <28>Oct 7 14:26:59 openvpn[1238]: ******* WARNING *******: '--auth none' was specified. This means no authentication will be performed on received packets, meaning you CANNOT trust that the data received by the remote side have NOT been manipulated. PLEASE DO RECONSIDER THIS SETTING!
17-27-07-172| [SYSLOG] <29>Oct 7 14:26:59 openvpn[1238]: TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.10.254:1194
17-27-07-172| [SYSLOG] <29>Oct 7 14:26:59 openvpn[1238]: UDP link local (bound): [AF_INET][undef]:0
17-27-07-172| [SYSLOG] <29>Oct 7 14:26:59 openvpn[1238]: UDP link remote: [AF_INET]10.10.10.254:1194
17-27-07-172| [SYSLOG] <29>Oct 7 14:26:59 openvpn[1238]: [LAB] Peer Connection Initiated with [AF_INET]10.10.10.254:1194
17-27-07-172| [SYSLOG] <28>Oct 7 14:27:00 openvpn[1238]: ******* WARNING *******: '--auth none' was specified. This means no authentication will be performed on received packets, meaning you CANNOT trust that the data received by the remote side have NOT been manipulated. PLEASE DO RECONSIDER THIS SETTING!
17-27-07-172| [SYSLOG] <29>Oct 7 14:27:00 openvpn[1238]: TUN/TAP device tun0 opened
17-27-07-172| [SYSLOG] <29>Oct 7 14:27:00 openvpn[1238]: /sbin/ip link set dev tun0 up mtu 1500
17-27-07-172| [SYSLOG] <27>Oct 7 14:27:00 openvpn[1238]: Linux ip link set failed: could not execute external program
17-27-07-172| [SYSLOG] <29>Oct 7 14:27:00 openvpn[1238]: Exiting due to fatal error
17-27-07-172| [ initrd] [ 15.692045] [OpenVPN] Daemon stopped.
17-27-07-172| [ initrd] [ 15.692058] ERROR: OpenVPN failed.
17-27-07-172| [ pfac] [ 15.696967] Process pid 1238 terminated, status 00000100.
17-27-07-177| Connection from wtc.exe at 192.168.1.30.
daemon
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth none
tls-client
client
resolv-retry infinite
daemon
remote 10.10.10.254 1194 udp
lport 0
verify-x509-name "LAB" name
remote-cert-tls server
compress lzo
<ca>
-----BEGIN CERTIFICATE-----
-------------------------------------------------------------------------
Предполагаю, что конфиг, который был автоматически создан Pfsense (работает под ОС Android, Windows server 2k12) несовместим с OVPN клиентом WTware, так ли это?