lionumtp
27-06-2017, 23:03
Salve a tutti, spero possiate aiutarmi.
Ho installato su una vps il famoso openvpn attraverso un progetto su github (Chocobozzz) che da anche interfaccia web molto comoda. Openvpn ha funzionato egregiamente per circa 15 giorni. All'improvviso i clienti si collegavano ma non navigavano. Come se non facesse routing.
Questi sono i vari conf:
Server.conf
## GENERAL ##
# TCP, port 53, tunneling
mode server
proto tcp
port 53
dev tun
## KEY, CERTS AND NETWORK CONFIGURATION ##
# Identity
ca ca.crt
# Public key
cert server.crt
# Private key
key server.key
# Symmetric encryption
dh dh.pem
# Improve security (DDOS, port flooding...)
# 0 for the server, 1 for the client
tls-auth ta.key 0
# Encryption protocol
cipher AES-256-CBC
# Network
# Subnetwork, the server will be the 10.8.0.1 and clients will take the other ips
server 10.8.0.0 255.255.255.0
# Redirect all IP network traffic originating on client machines to pass through the OpenVPN server
push "redirect-gateway def1"
# Alternatives DNS (FDN)
#push "dhcp-option DNS 80.67.169.12"
#push "dhcp-option DNS 80.67.169.40"
# (OpenDNS)
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
# (Google)
# push "dhcp-option DNS 8.8.8.8"
# push "dhcp-option DNS 8.8.4.4"
# Ping every 10 seconds and if after 120 seconds the client doesn't respond we disconnect
keepalive 10 120
# Regenerate key each 5 hours (disconnect the client)
reneg-sec 18000
## SECURITY ##
# Downgrade privileges of the daemon
user nobody
group nogroup
# Persist keys (because we are nobody, so we couldn't read them again)
persist-key
# Don't close and re open TUN/TAP device
persist-tun
# Enable compression
comp-lzo
## LOG ##
# Verbosity
# 3/4 for a normal utilisation
verb 3
# Max 20 messages of the same category
mute 20
# Log gile where we put the clients status
status openvpn-status.log
# Log file
log-append /var/log/openvpn.log
# Configuration directory of the clients
client-config-dir ccd
## PASS ##
# Allow running external scripts with password in ENV variables
script-security 3
# Use the authenticated username as the common name, rather than the common name from the client cert
username-as-common-name
# Client certificate non requried
client-cert-not-required
# Use the connection script when a user wants to login
auth-user-pass-verify scripts/login.sh via-env
# Maximum of clients
max-clients 50
# Run this scripts when the client connects/disconnects
client-connect scripts/connect.sh
client-disconnect scripts/disconnect.sh
Client.ovpn
client
dev tun
proto tcp-client
remote 94.xxx. Xxx. Xxx 53
resolv-retry infinite
cipher AES-256-CBC
redirect-gateway
# Keys
# Identity
ca ca.crt
tls-auth ta.key 1
key-direction 1
remote-cert-tls server
auth-user-pass
auth-nocache
# Security
nobind
persist-key
persist-tun
comp-lzo
verb 3
# Proxy ?
# http-proxy cache.univ.fr 3128
Le regole in iptables le crea in automatico il file di installazione. Secondo voi quale puņ essere il problema.? Grazie mille
Ho installato su una vps il famoso openvpn attraverso un progetto su github (Chocobozzz) che da anche interfaccia web molto comoda. Openvpn ha funzionato egregiamente per circa 15 giorni. All'improvviso i clienti si collegavano ma non navigavano. Come se non facesse routing.
Questi sono i vari conf:
Server.conf
## GENERAL ##
# TCP, port 53, tunneling
mode server
proto tcp
port 53
dev tun
## KEY, CERTS AND NETWORK CONFIGURATION ##
# Identity
ca ca.crt
# Public key
cert server.crt
# Private key
key server.key
# Symmetric encryption
dh dh.pem
# Improve security (DDOS, port flooding...)
# 0 for the server, 1 for the client
tls-auth ta.key 0
# Encryption protocol
cipher AES-256-CBC
# Network
# Subnetwork, the server will be the 10.8.0.1 and clients will take the other ips
server 10.8.0.0 255.255.255.0
# Redirect all IP network traffic originating on client machines to pass through the OpenVPN server
push "redirect-gateway def1"
# Alternatives DNS (FDN)
#push "dhcp-option DNS 80.67.169.12"
#push "dhcp-option DNS 80.67.169.40"
# (OpenDNS)
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
# (Google)
# push "dhcp-option DNS 8.8.8.8"
# push "dhcp-option DNS 8.8.4.4"
# Ping every 10 seconds and if after 120 seconds the client doesn't respond we disconnect
keepalive 10 120
# Regenerate key each 5 hours (disconnect the client)
reneg-sec 18000
## SECURITY ##
# Downgrade privileges of the daemon
user nobody
group nogroup
# Persist keys (because we are nobody, so we couldn't read them again)
persist-key
# Don't close and re open TUN/TAP device
persist-tun
# Enable compression
comp-lzo
## LOG ##
# Verbosity
# 3/4 for a normal utilisation
verb 3
# Max 20 messages of the same category
mute 20
# Log gile where we put the clients status
status openvpn-status.log
# Log file
log-append /var/log/openvpn.log
# Configuration directory of the clients
client-config-dir ccd
## PASS ##
# Allow running external scripts with password in ENV variables
script-security 3
# Use the authenticated username as the common name, rather than the common name from the client cert
username-as-common-name
# Client certificate non requried
client-cert-not-required
# Use the connection script when a user wants to login
auth-user-pass-verify scripts/login.sh via-env
# Maximum of clients
max-clients 50
# Run this scripts when the client connects/disconnects
client-connect scripts/connect.sh
client-disconnect scripts/disconnect.sh
Client.ovpn
client
dev tun
proto tcp-client
remote 94.xxx. Xxx. Xxx 53
resolv-retry infinite
cipher AES-256-CBC
redirect-gateway
# Keys
# Identity
ca ca.crt
tls-auth ta.key 1
key-direction 1
remote-cert-tls server
auth-user-pass
auth-nocache
# Security
nobind
persist-key
persist-tun
comp-lzo
verb 3
# Proxy ?
# http-proxy cache.univ.fr 3128
Le regole in iptables le crea in automatico il file di installazione. Secondo voi quale puņ essere il problema.? Grazie mille