takos120
Junior Member
Posts: 3
Joined: Nov 2014
|
Openvpn configuration
Hello, the server configuration is this
port 1194
proto udp
dev tap
dev-node TAP
ca ca.crt
cert server.crt
key server.key # Este archivo debe ser SECRETO!
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.1.205 255.255.255.0 192.168.1.226 192.168.1.230
server-bridge
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
And the client configuration is this
Quote:client
nobind
remote xxx.xxx.xxx.xxx
port 1194
proto udp
dev tap
comp-lzo
verb 3
ca /yealink/config/openvpn/keys/ca.crt
cert /yealink/config/openvpn/keys/cliente.crt
key /yealink/config/openvpn/keys/cliente.key
The server configuration work with pc's but don't work in phone. This is the log when the phone is connect
Quote:Mon Nov 17 22:23:44 2014 xxx.xxx.xxx.xxx:1026 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1026, sid=9934d9f6 54934050
Mon Nov 17 22:23:47 2014 xxx.xxx.xxx.xxx:1026 VERIFY OK: depth=1, C=ES, ST=MA, L=Madrid, O=OpenVPN, OU=changeme, CN=xxxxxx, name=xxxxx, emailAddress=xxxxx
Mon Nov 17 22:23:47 2014 xxx.xxx.xxx.xxx:1026 VERIFY OK: depth=0, C=ES, ST=MA, L=Madrid, O=OpenVPN, OU=changeme, CN=cliente, name=xxxxx, emailAddress=xxxxx
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 [cliente] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1026
Mon Nov 17 22:23:48 2014 cliente/xxx.xxx.xxx.xxx:1026 MULTI_sva: pool returned IPv4=192.168.1.227, IPv6=(Not enabled)
Mon Nov 17 22:23:49 2014 cliente/xxx.xxx.xxx.xxx:1026 PUSH: Received control message: 'PUSH_REQUEST'
Mon Nov 17 22:23:49 2014 cliente/xxx.xxx.xxx.xxx:1026 send_push_reply(): safe_cap=940
Mon Nov 17 22:23:49 2014 cliente/xxx.xxx.xxx.xxx:1026 SENT CONTROL [cliente]: 'PUSH_REPLY,route-gateway 192.168.1.205,ping 10,ping-restart 120,ifconfig 192.168.1.227 255.255.255.0' (status=1)
Mon Nov 17 22:23:49 2014 cliente/xxx.xxx.xxx.xxx:1026 MULTI: Learn: 00:ff:f1:76:f2:c4 -> cliente/xxx.xxx.xxx.xxx:1026
Mon Nov 17 22:24:59 2014 xxx.xxx.xxx.xxx:1024 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1024, sid=6d1346bd 7c77b3de
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 VERIFY OK: depth=1, C=ES, ST=MA, L=Madrid, O=OpenVPN, OU=changeme, CN=xxxxx, name=xxxxx, emailAddress=xxxxx
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 VERIFY OK: depth=0, C=ES, ST=MA, L=Madrid, O=OpenVPN, OU=changeme, CN=cliente, name=xxxxx, emailAddress=xxxxx
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 [cliente] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1024
Mon Nov 17 22:25:08 2014 MULTI: new connection by client 'cliente' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Mon Nov 17 22:25:08 2014 MULTI_sva: pool returned IPv4=192.168.1.227, IPv6=(Not enabled)
Mon Nov 17 22:25:11 2014 cliente/xxx.xxx.xxx.xxx:1024 PUSH: Received control message: 'PUSH_REQUEST'
Mon Nov 17 22:25:11 2014 cliente/xxx.xxx.xxx.xxx:1024 send_push_reply(): safe_cap=940
Mon Nov 17 22:25:11 2014 cliente/xxx.xxx.xxx.xxx:1024 SENT CONTROL [cliente]: 'PUSH_REPLY,route-gateway 192.168.1.205,ping 10,ping-restart 120,ifconfig 192.168.1.227 255.255.255.0' (status=1)
Mon Nov 17 22:25:11 2014 cliente/xxx.xxx.xxx.xxx:1024 MULTI: Learn: 00:ff:75:ce:30:cc -> cliente/xxx.xxx.xxx.xxx:1024
What can i change in the configuration? Thanks
(This post was last modified: 11-18-2014 05:35 AM by takos120.)
|
|