Post by: b4unty on October 15, 2018, 02:59:13 pm
Gesendet von iPhone mit Tapatalk
Post by: b4unty on October 15, 2018, 08:18:16 pm
Code: [Select]
client
proto udp
remote 89.XXX.XXX.XXX 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_dESx9325gbq5ivvU name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwDCCAWegAwIBAgIJAO3ydZUGsXlUMAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
E2NuX253blJuRDFkQ05yWTlINUkwHhcNMTgxMDE0MTgyNzQ0WhcNMjgxMDExMTgy
NzQ0WjAeMRwwGgYDVQQDDBNjbl9ud25SbkQxZENOclk5SDVJMFkwEwYHKoZIzj0C
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIB0DCCAXWgAwIBAgIQcbty39sH5GLrZO6jUu6pwjAKBggqhkjOPQQDAjAeMRww
GgYDVQQDDBNjbl9ud25SbkQxZENOclk5SDVJMB4XDTE4MTAxNTA1NTE0M1oXDTIx
MDkyOTA1NTE0M1owEzERMA8GA1UEAwwIT1BOc2Vuc2UwWTATBgcqhkjOPQIBBggq
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
7416e9ee080e4215aa6191a008f8f218
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</tls-crypt>
da ist die frage wie ich was wo hinpacken muss.Post by: BeNe on October 15, 2018, 09:21:21 pm
Weil Du schreibst einmal "die auf meinem iPhone richtig läuft" und dann wieder "bekomme aber immer die Anzeige Server down"
Was sagen denn die Logfiles dazu ?
Du hast einen fest IPv4 Adresse, weil da kein DNS drin steht in der Config ?
Post by: b4unty on October 16, 2018, 06:02:11 am
Die log Dateien zeigen nur Verbindung kann nicht hergestellt werden. Darum glaube ich das ich die Zuordnungen aus der Datei in die Zertifikate falsch mache. In der Anleitung steht auch Mann soll den privat key bei einem Zertifikat leer lassen, doch da bekomme ich dann eine rote Meldung das der key rein muss.
Gesendet von iPhone mit Tapatalk
Post by: b4unty on October 21, 2018, 07:20:03 pm
Log:
Code: [Select]
Oct 21 19:18:06 openvpn[34046]: UDP link remote: [AF_INET]**.++.++.++:1194
Oct 21 19:18:06 openvpn[34046]: UDP link local (bound): [AF_INET]192.168.10.24:0
Oct 21 19:18:06 openvpn[34046]: TCP/UDP: Preserving recently used remote address: [AF_INET]**.++.++.++:1194
Oct 21 19:18:06 openvpn[34046]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 21 19:18:01 openvpn[34046]: SIGUSR1[soft,ping-restart] received, process restarting
Oct 21 19:18:01 openvpn[34046]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Oct 21 19:17:01 openvpn[34046]: UDP link remote: [AF_INET]**.++.++.++:1194
Oct 21 19:17:01 openvpn[34046]: UDP link local (bound): [AF_INET]192.168.10.24:0
Oct 21 19:17:01 openvpn[34046]: TCP/UDP: Preserving recently used remote address: [AF_INET]**.++.++.++:1194
Oct 21 19:17:01 openvpn[34046]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 21 19:17:01 openvpn[33704]: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10
Oct 21 19:17:01 openvpn[33704]: OpenVPN 2.4.6 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 15 2018
Oct 21 19:17:01 openvpn[33704]: WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible
Oct 21 19:17:01 openvpn[72976]: SIGTERM[hard,init_instance] received, process exiting
Post by: b4unty on October 22, 2018, 09:06:22 am
Code: [Select]
verify-x509-name server_dESx9325gbq5ivvU nameOder braucht ihr zur Hilfe noch was?
Gesendet von iPhone mit Tapatalk
Post by: b4unty on October 25, 2018, 08:04:38 pm
Verbindung zu Server
Und Lokal iP Bond
Nur wie kann ich das prüfen? Wenn ich eine Schnittstelle VPN anlege die per dhcp von der VPN eine iP bekommen soll bleibt die ohne iP
Code: [Select]
Oct 25 20:19:21 openvpn[95009]: UDP link remote: [AF_INET]XXX.FFF.HHH.TTT:1194
Oct 25 20:19:21 openvpn[95009]: UDP link local (bound): [AF_INET]192.168.10.24:0
Oct 25 20:19:21 openvpn[95009]: Socket Buffers: R=[42080->42080] S=[57344->57344]
Oct 25 20:19:21 openvpn[95009]: TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.FFF.HHH.TTT:1194
Oct 25 20:19:21 openvpn[95009]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 25 20:19:21 openvpn[95009]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client3.sock
Oct 25 20:19:21 openvpn[94914]: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10
Oct 25 20:19:21 openvpn[94914]: OpenVPN 2.4.6 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 15 2018Gesendet von iPhone mit Tapatalk
Post by: JeGr on October 26, 2018, 01:18:30 pm
Post by: b4unty on October 26, 2018, 01:25:17 pm
(https://uploads.tapatalk-cdn.com/20181026/50f3fdbf1fa315ce079787198a6731ec.jpg)
Gesendet von iPhone mit Tapatalk
Post by: ky41083 on December 20, 2018, 08:30:26 pm
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage