Bonjour, j’ai installé openvpn sur un serveur pour la configuration suivante :
PCx > routeur > net > serveur > net
Un genre de proxy quoi.
Voici la config du serveur :
[code];local a.b.c.d
port 443
proto tcp
dev tap
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.1.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push “dhcp-option DNS 208.67.220.220”
max-clients 2
client-to-client
duplicate-cn
keepalive 10 120
;cipher BF-CBC # Blowfish (default)
cipher AES-256-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo # Compression
user root
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
log /var/log/openvpn.log
[/code]
La conf du client :
[code]
Specify that we are a client and that we
will be pulling certain config file directives
from the server.
client
Use the same setting as you are using on
the server.
On most systems, the VPN will not function
unless you partially or fully disable
the firewall for the TUN/TAP interface.
dev tap
;dev tun
Windows needs the TAP-Win32 adapter name
from the Network Connections panel
if you have more than one. On XP SP2,
you may need to disable the firewall
for the TAP adapter.
;dev-node MyTap
Are we connecting to a TCP or
UDP server? Use the same setting as
on the server.
proto tcp
;proto udp
The hostname/IP and port of the server.
You can have multiple remote entries
to load balance between the servers.
remote ip.du.serv.vpn 443
;remote my-server-2 1194
Choose a random host from the remote
list for load-balancing. Otherwise
try hosts in the order specified.
;remote-random
Keep trying indefinitely to resolve the
host name of the OpenVPN server. Very useful
on machines which are not permanently connected
to the internet such as laptops.
resolv-retry infinite
Most clients don’t need to bind to
a specific local port number.
nobind
Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup
Try to preserve some state across restarts.
persist-key
persist-tun
If you are connecting through an
HTTP proxy to reach the actual OpenVPN
server, put the proxy server/IP and
port number here. See the man page
if your proxy server requires
authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
Wireless networks often produce a lot
of duplicate packets. Set this flag
to silence duplicate packet warnings.
;mute-replay-warnings
SSL/TLS parms.
See the server config file for more
description. It’s best to use
a separate .crt/.key file pair
for each client. A single ca
file can be used for all clients.
ca keys/ca.crt
cert keys/client.crt
key keys/client.key
Verify server certificate by checking
that the certicate has the nsCertType
field set to “server”. This is an
important precaution to protect against
a potential attack discussed here:
http://openvpn.net/howto.html#mitm
To use this feature, you will need to generate
your server certificates with the nsCertType
field set to “server”. The build-key-server
script in the easy-rsa folder will do this.
ns-cert-type server
If a tls-auth key is used on the server
then every client must also have the key.
;tls-auth ta.key 1
Select a cryptographic cipher.
If the cipher option is used on the server
then you must also specify it here.
cipher AES-256-CBC
Enable compression on the VPN link.
Don’t enable this unless it is also
enabled in the server config file.
comp-lzo
Set log file verbosity.
verb 3
Silence repeating messages
;mute 20[/code]
Et donc une fois connecté au vpn, je peux ping le serv depuis le pc, et inversement.
Je peux me connecter en ssh au serveur, et aller voir le serveur en http/ftp sans problèmes.
Par contre, pour tout le reste, voir d’autres sites, d’autres serveurs etc, pas moyen.
Une idée?
Merci d’avance