Pages : 1
#1 Le 20/11/2013, à 18:59
- olitask
[resolu] openvpn ; redirection des données internet
Bonjour
J'ai installé chez moi un serveur openvpn. Je veux m'y connecter depuis le boulot pour consulter des sites perso ( mon patron n'a pas à connaître mes idées politiques ...par exemple). J'ai suivi ce tuto : tuto. Actuellement, je me connecte bien sur mon serveur openvpn,( je peux me connecter à mon serveur de fichier par exemple) , mais si je vais sur monip.org, l'adresse ip affichée est celle de mon boulot et pas celle de mon serveur.
PS : au boulot on est derrière un proxy
Ou est l'erreur ?
voila les fichiers ce conf et les log :
serveur.conf
# Serveur TCP/443
mode server
proto tcp
port 443
dev tun
# Cles et certificats
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
cipher AES-256-CBC
# Reseau
server 10.8.0.0 255.255.255.0
push " route 192.168.1.0 255.255.255.0" #afin de voir votre réseau local
push « redirect-gateway def1 bypass-dhcp »
push « dhcp-option DNS 212.27.40.240"
push « dhcp-option DNS 212.27.40.241"
keepalive 10 120
# Securite
user nobody
group nogroup
chroot /etc/openvpn/jail
persist-key
persist-tun
comp-lzo
# Log
verb 3
mute 20
status openvpn-status.log
log-append /var/log/openvpn.log
client :
# Client
client
dev tun
proto tcp-client
remote 82.XXX.XXX.XXX 443 #IP publique de votre Box ou mieux votre nom de domaine
resolv-retry infinite
cipher AES-256-CBC
# Cles
ca ca.crt
cert samsungS.crt
key samsungS.key
# Securite
nobind
persist-key
persist-tun
comp-lzo
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
openvpn.log
Wed Nov 20 16:31:12 2013 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 12 2013
Wed Nov 20 16:31:12 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as interne$
Wed Nov 20 16:31:12 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Nov 20 16:31:12 2013 Diffie-Hellman initialized with 2048 bit key
Wed Nov 20 16:31:12 2013 TLS-Auth MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Nov 20 16:31:12 2013 Socket Buffers: R=[87380->131072] S=[16384->131072]
Wed Nov 20 16:31:12 2013 ROUTE default_gateway=192.168.1.254
Wed Nov 20 16:31:12 2013 TUN/TAP device tun0 opened
Wed Nov 20 16:31:12 2013 TUN/TAP TX queue length set to 100
Wed Nov 20 16:31:12 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Nov 20 16:31:12 2013 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Nov 20 16:31:12 2013 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Nov 20 16:31:12 2013 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov 20 16:31:12 2013 chroot to '/etc/openvpn/jail' and cd to '/' succeeded
Wed Nov 20 16:31:12 2013 GID set to nogroup
Wed Nov 20 16:31:12 2013 UID set to nobody
Wed Nov 20 16:31:12 2013 Listening for incoming TCP connection on [undef]
Wed Nov 20 16:31:12 2013 TCPv4_SERVER link local (bound): [undef]
Wed Nov 20 16:31:12 2013 TCPv4_SERVER link remote: [undef]
Wed Nov 20 16:31:12 2013 MULTI: multi_init called, r=256 v=256
Wed Nov 20 16:31:12 2013 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Nov 20 16:31:12 2013 MULTI: TCP INIT maxclients=1024 maxevents=1028
Wed Nov 20 16:31:12 2013 Initialization Sequence Completed
Wed Nov 20 16:31:32 2013 MULTI: multi_create_instance called
Wed Nov 20 16:31:32 2013 Re-using SSL/TLS context
Wed Nov 20 16:31:32 2013 LZO compression initialized
Wed Nov 20 16:31:32 2013 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Nov 20 16:31:32 2013 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov 20 16:31:32 2013 Local Options hash (VER=V4): '79ef4284'
Wed Nov 20 16:31:32 2013 Expected Remote Options hash (VER=V4): '958c5492'
Wed Nov 20 16:31:32 2013 TCP connection established with [AF_INET]37.161.82.56:49004
Wed Nov 20 16:31:32 2013 TCPv4_SERVER link local: [undef]
Wed Nov 20 16:31:32 2013 TCPv4_SERVER link remote: [AF_INET]37.161.82.56:49004
Wed Nov 20 16:31:32 2013 37.161.82.56:49004 TLS: Initial packet from [AF_INET]37.161.82.56:49004, sid=bb9d8683 5d7e04c7
Wed Nov 20 16:31:34 2013 37.161.82.56:49004 VERIFY OK: depth=1, /C=FR/ST=__=___/O=___/OU=MyOrganizationalUnit/CN=__CA/name=EasyRSA/emailAddress=__free.fr
Wed Nov 20 16:31:34 2013 37.161.82.56:49004 VERIFY OK: depth=0, /C=FR/ST=___/L=___/O=___/OU=MyOrganizationalUnit/CN=samsungS/name=EasyRSA/emailAddress=____ee.fr
Wed Nov 20 16:31:35 2013 37.161.82.56:49004 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Nov 20 16:31:35 2013 37.161.82.56:49004 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 20 16:31:35 2013 37.161.82.56:49004 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Nov 20 16:31:35 2013 37.161.82.56:49004 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 20 16:31:35 2013 37.161.82.56:49004 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Nov 20 16:31:35 2013 37.161.82.56:49004 [samsungS] Peer Connection Initiated with [AF_INET]37.161.82.56:49004
Wed Nov 20 16:31:35 2013 samsungS/3X.16X.8X.5X:49004 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=bccd:800:8ced:200:14c2:700:7c9a:4401
Wed Nov 20 16:31:35 2013 samsungS/3X.16X.8X.5X:49004 MULTI: Learn: 10.8.0.6 -> samsungS/37.161.82.56:49004
Wed Nov 20 16:31:35 2013 samsungS/3X.16X.8X.5X:49004 MULTI: primary virtual IP for samsungS/37.161.82.56:49004: 10.8.0.6
Wed Nov 20 16:31:36 2013 samsungS/3X.16X.8X.5X:49004 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov 20 16:31:36 2013 samsungS/3X.16X.8X.5X:49004 send_push_reply(): safe_cap=960
Wed Nov 20 16:31:36 2013 samsungS/3X.16X.8X.5X:49004 SENT CONTROL [samsungS]: 'PUSH_REPLY, route 192.168.1.0 255.255.255.0,« redirect-gateway def1 bypass-dhcp »,« dhcp-option DNS 212.27.40.240",« dhcp-option DNS 212.27.40.241",route$
Wed Nov 20 16:31:57 2013 samsungS/3X.16X.8X.5X:49004 Connection reset, restarting [0]
Wed Nov 20 16:31:57 2013 samsungS/3X.16X.8X.5X:49004 SIGUSR1[soft,connection-reset] received, client-instance restarting
Wed Nov 20 16:31:57 2013 TCP/UDP: Closing socket
sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.8.0.0/24 anywhere
MASQUERADE all -- 10.8.0.0/24 anywhere
Voila. Si quelqu'un détecte ou j'ai m**dé. Merci d'avance
Olivier
Dernière modification par olitask (Le 27/11/2013, à 19:33)
Hors ligne
#2 Le 27/11/2013, à 19:33
- olitask
Re : [resolu] openvpn ; redirection des données internet
Bonjour Neaj
Je me connecte soit avec un ipad, soit avec un tel android.
Suite à ton message, j'ai refait des config cette apres midi, et c'est en rajoutant : redirect-gateway def1,( sans le push devant) dans la config client que j'ai enfin pu me connecter a internet avec la bonne ip ( celle du serveur vpn)
J'ai passé 3 bonnes heures à "m'amuser avec ce problème et les traceroute...
Merci
Hors ligne
Pages : 1