duvida com vpn basica(resolvido)

Iniciado por Emmers, 18 de Agosto de 2011, 14:50

tópico anterior - próximo tópico

zekkerj

Lembra que eu falei que o OpenVPN normalmente trabalha com UDP, certo? Vc também tem que levar isso em conta quando for configurar o modem/roteador pra redirecionar a porta.
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

Emmers

Na maquina cliente com windows tenho o nx server e o open vpn instalados e tem um arquivo .bat que deve ser iniciado
o vpn.bat com as seguintes linhas:

"C:\Program Files\OpenVPN\openvpn-gui-1.0.3.exe" --config cliente.ovpn --tls-client
e dá o seguinte erro:

Option error: Unrecognized option or missing parameter(s): --config
Use openvpn-gui --help for more info

zekkerj

E o que aconteceu qdo vc usou o comando da forma recomendada, ou seja, "openvpn-gui --help"?
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

Emmers

resolvi o problema era apenas da codificação do arquivo. Salvei como e coloquei ANSI, pois estava como UTF-8.

agora pra eu redirecionar no modem. o que tenho que fazer? tenho que direcionar a porta 1194 com protocolo udp para o ip de interface com internet "192.168.254.1"??

sudo iptables -A INPUT -p udp --dport 1194 -j ACCEPT

zekkerj

A configuração do modem está além do meu conhecimento. O ideal é ver o manual do proprietário do mesmo, pra ver qual o procedimento.
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

Emmers

O que deve está acontecendo aqui????

Tue Dec 27 10:43:21 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov  8 2010
Tue Dec 27 10:43:21 2011 WARNING: using --pull/--client and --ifconfig together is probably not what you want
Tue Dec 27 10:43:21 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Dec 27 10:43:21 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Dec 27 10:43:28 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Dec 27 10:43:28 2011 LZO compression initialized
Tue Dec 27 10:43:28 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Dec 27 10:43:28 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Dec 27 10:43:29 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Dec 27 10:43:29 2011 Local Options hash (VER=V4): '41690919'
Tue Dec 27 10:43:29 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Dec 27 10:43:29 2011 UDPv4 link local: [undef]
Tue Dec 27 10:43:29 2011 UDPv4 link remote: 187.41.94.125:1194
Tue Dec 27 10:43:30 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:32 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:32 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:34 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:36 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:37 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:38 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:40 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:42 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:44 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:47 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:48 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:53 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:53 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:55 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:43:57 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:00 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:01 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:02 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:03 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:06 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:08 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:10 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:13 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:15 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:17 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:19 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:21 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:23 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:25 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:27 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:29 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:29 2011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Dec 27 10:44:29 2011 TLS Error: TLS handshake failed
Tue Dec 27 10:44:29 2011 TCP/UDP: Closing socket
Tue Dec 27 10:44:29 2011 SIGUSR1[soft,tls-error] received, process restarting
Tue Dec 27 10:44:29 2011 Restart pause, 2 second(s)
Tue Dec 27 10:44:31 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Dec 27 10:44:31 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Dec 27 10:44:31 2011 Re-using SSL/TLS context
Tue Dec 27 10:44:31 2011 LZO compression initialized
Tue Dec 27 10:44:31 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Dec 27 10:44:31 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Dec 27 10:44:32 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Dec 27 10:44:32 2011 Local Options hash (VER=V4): '41690919'
Tue Dec 27 10:44:32 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Dec 27 10:44:32 2011 UDPv4 link local: [undef]
Tue Dec 27 10:44:32 2011 UDPv4 link remote: 187.41.94.125:1194
Tue Dec 27 10:44:33 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:35 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:37 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:39 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:39 2011 TCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Tue Dec 27 10:44:40 2011 TCP/UDP: Closing socket
Tue Dec 27 10:44:40 2011 SIGTERM[hard,] received, process exiting

zekkerj

CitarTCP/UDP: Incoming packet rejected from 187.41.94.125:1025[2], expected peer address: 187.41.94.125:1194 (allow this incoming source address/port by removing --remote or adding --float)
Programa bem feito é assim, mostra o erro e sugere a solução.

"Permita este endereço de origem removendo a opção --remote ou adicionando a opção --float".
Pesquise antes de perguntar, sua dúvida pode já ter sido respondida.
Não respondo dúvidas por MP, coloque sua dúvida no fórum onde ela pode ser pesquisada pelos seus colegas!
Não venha ao fórum apenas para perguntar. Se você sabe a resposta de um problema, porque não ajudar seu colega? ;D

Emmers

Resolvido !!!!!!!!!!!! :D :D :D :D :D :D :D :D

Adicionei apenas o comando float la nas configurações do cliente(cliente.ovpn) e deu certo
Rodei o serviço openvpn, conectei e fiz o acesso remoto usando o nx server.
Mais uma vez obrigado pela ajuda e estarei sempre a disposição aqui no forum!!!!!!