Bonjour
J’ai chez moi un windows home server qui fait office de vpn.
Je souhaite monter un serveur debian openvpn qui prendrait le relais au cas ou le home server est éteint ( souvent ).
J’ai actuellement une configuration qui permet a un client connecté par vpn d’avoir accès a toutes les machines de mon réseau ( 192.168.1.0 ).
J’ai installé un vps avec une appliance openvpn ( 192.168.1.103 )
Sur un poste de chez moi ( 192.168.1.14 ) j’ai installé le client OpenVPN GUI.
J’ai compris qu’il y avait 2 mode de fonctionnement avec openvpn le tun ( routage ) et le tap ( bridge ).
J’en déduis qu’avec la configuration demandée il faut monter le serveur en bridge donc tap.
Je copie l’intégralité des fichiers conf etc dans mon client windows. test en tun sans rien modifier ca se connecte avec une ip : 10.8.0.xx
En suivant le tuto de mattotop
j’installe bridge-utils
je change donc le fichier de conf d’openvpn :
;dev tun
dev tap0
client-to-client
server-bridge 192.168.1.103 255.255.255.0 192.168.1.150 192.168.1.200[/code]
je modifie mon fichier /etc/network/interfaces qui etait :
[code]auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.103
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
en
auto lo br0
iface lo inet loopback
iface br0 inet static
address 192.168.1.103
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.254
bridge-ports eth0
post-up /etc/openvpn/scripts/ovup && /etc/init.d/openvpn start
pre-down /etc/init.d/openvpn stop
post-down /etc/openvpn/scripts/ovdown
j’adapte la config du client en remplaçant juste :
;dev tun
dev tap0
résultat : impossible de me connecter en passant en mode bridge
Log :
ue Jan 12 21:36:04 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Jan 12 21:36:04 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Jan 12 21:36:04 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jan 12 21:36:04 2010 LZO compression initialized
Tue Jan 12 21:36:04 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jan 12 21:36:04 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 12 21:36:04 2010 Local Options hash (VER=V4): '41690919'
Tue Jan 12 21:36:04 2010 Expected Remote Options hash (VER=V4): '530fdded'
Tue Jan 12 21:36:04 2010 UDPv4 link local: [undef]
Tue Jan 12 21:36:04 2010 UDPv4 link remote: 192.168.1.103:1194
Tue Jan 12 21:36:04 2010 TLS: Initial packet from 192.168.1.103:1194, sid=c99b8782 7e353bb2
Tue Jan 12 21:36:05 2010 VERIFY OK: depth=1, /C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/OU=no-unit/CN=OpenVPN-CA/emailAddress=me@myhost.mydomain
Tue Jan 12 21:36:05 2010 VERIFY OK: depth=0, /C=KG/ST=NA/O=OpenVPN-TEST/OU=no-unit/CN=OpenVPN-CA/emailAddress=me@myhost.mydomain
Tue Jan 12 21:36:05 2010 WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
Tue Jan 12 21:36:05 2010 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
Tue Jan 12 21:36:05 2010 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Tue Jan 12 21:36:05 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 12 21:36:05 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 12 21:36:05 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 12 21:36:05 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 12 21:36:05 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 12 21:36:05 2010 [OpenVPN-CA] Peer Connection Initiated with 192.168.1.103:1194
Tue Jan 12 21:36:06 2010 SENT CONTROL [OpenVPN-CA]: 'PUSH_REQUEST' (status=1)
Tue Jan 12 21:36:06 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route-gateway 192.168.1.103,ifconfig 192.168.1.150 255.255.255.0'
Tue Jan 12 21:36:06 2010 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jan 12 21:36:06 2010 OPTIONS IMPORT: route options modified
Tue Jan 12 21:36:06 2010 WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Tue Jan 12 21:36:06 2010 WARNING: potential conflict between --remote address [192.168.1.103] and --ifconfig address pair [192.168.1.150, 255.255.255.0] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn)
Tue Jan 12 21:36:06 2010 There is a problem in your selection of --ifconfig endpoints [local=192.168.1.150, remote=255.255.255.0]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info.
Tue Jan 12 21:36:06 2010 Exiting
Si quelqun a des conseils / solutions je suis preneur je connais pas du-tout openvpn