30-06-2007, 20:46
|
|
|
חבר מתאריך: 16.04.05
הודעות: 212
|
|
בעית קישוריות ב-OPENVPN
שלום לכולם,
אני מנסה ליצור חיבור בין המחשב הנייד שלי לרשת הביתית באמצעות OPENVPN.
הגדרתי את הכל, השרת עולה תקין ואילו בלקוח מתקבלת ההודעה:
TLS Error: TLS key negotiation failed to occur within 60 seconds check your
nettwork connectivity)
TLS Error: TLS handshake failed
המערכת שלי בנויה כך:
מחשב שרת בבית: WIN XP SP2
ללא FIREWALL.
הוגדר ראוטינג ברג'יסטרי של המחשב שרת.
המחשב נמצא מאחורי נתב LINKSYS WRT 300N ופורט 1194 UDP מופנה למחשב שרת.
להלן קובץ הקונפיגורציה של השרת:
local 192.168.1.2 # This is the IP address of the real network interface on the server connected to the router
port 1194 # This is the port OpenVPN is running on - make sure the router is port forwarding this port to the above IP
proto udp # UDP tends to perform better than TCP for VPN
mssfix 1400 # This setting fixed problems I was having with apps like Remote Desktop
push "dhcp-option DNS 192.115.106.35" # Replace the Xs with the IP address of the DNS for your home network (usually your ISP's DNS)
push "dhcp-option DNS X.X.X.X" # A second DNS server if you have one
dev tap
#dev-node MyTAP #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
server 192.168.10.0 255.255.255.128 # This assigns the virtual IP address and subent to the server's OpenVPN connection. Make sure the Routing Table entry matches this.
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1" # This will force the clients to use the home network's internet connection
keepalive 10 120
cipher BF-CBC # Blowfish (default) encryption
comp-lzo
max-clients 100 # Assign the maximum number of clients here
persist-key
persist-tun
status openvpn-status.log
verb 1 # This sets how detailed the log file will be. 0 causes problems and higher numbers can give you more detail for troubleshooting
# lines starting with # or ; will not be read by OpenVPN
המחשב הנייד (הלקוח) נמצא מאחורי נתב LINKSYS WRT54G
ולהלן קובץ הקונפיגורציה שלו (כתובת ה-IP צונזרה על ידי):
client
dev tap
#dev-node MyTAP #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name
proto udp
remote XXX 1194 #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config
route 192.168.1.0 255.255.255.0 vpn_gateway 3 #This it the IP address scheme and subnet of your normal network your server is on. Your router would usually be 192.168.1.1
resolv-retry infinite
#nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt" # Change the next two lines to match the files in the keys directory. This should be be different for each client.
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key" # This file should be kept secret
ns-cert-type server
cipher BF-CBC # Blowfish (default) encrytion
comp-lzo
verb 1
אשמח לרעיונות.
תודה מראש לכל העוזרים!
SonyEricsson
_____________________________________
FIRST THEY IGONRE YOU...
THEN THEY LAUGH AT YOU...
THEN THEY FIGHT YOU...
THEN YOU WIN...
MOHANDAS GANDHI
|