OPENVPN 연결이 안됩니다!
글쓴이: ensia / 작성시간: 화, 2007/08/28 - 1:37오전
사내 네트워크 안인데요..
몇몇 사이트가 필터링 되어 있어서 매우 불편합니다 ㅠㅠ
보면 DNS에서 한번 막는 것 같고 (주소에 "game"이 들어가면 안됩니다.. 구글로 game 검색하면 막힘 -_- 아피로 쳐도 역방향 조회도 하는듯..)
포트도 막고 있는 듯 합니다.
야근에 심심하여 스타로 한번 해볼까 하는데요. 역시 베넷서버도 막혀있군요.
그래서 집에 있는 서버에 OpenVPN 설치후 연결해보려 합니다만..
외부에서 nmap 해보면 81번 같은 공용 포트도 open|filtered 뜨더군요. (이게 무슨 뜻인지는 확실히 모르겠네요)
아마도 다 막아놓고 포지티브 방식으로 열어놓는듯?
TCP 81번 포트로 시도해 봤는데 안되는군요.
지금은 기본 세팅인 UDP / 1039로 해보고 있습니다만.. 로그 올리겠습니다.
먼저 서버쪽 셋팅 올립니다.
port 1039 proto udp dev tun ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 20 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3
다음은 클라쪽 셋팅 입니다.
ifconfig 10.105.11.3 255.255.0.0 client dev tun proto udp remote 147.46.243.160 1039 resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ca keys/ca.crt cert keys/client.crt key keys/client.key comp-lzo verb 3
서버쪽 로그입니다.
Tue Aug 28 01:29:41 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Aug 28 01:29:41 2007 Diffie-Hellman initialized with 1024 bit key
Tue Aug 28 01:29:41 2007 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Aug 28 01:29:41 2007 TAP-WIN32 device [로컬 영역 연결 3] opened: \\.\Global\{EBB7BDF9-B42D-44AD-A357-DC210DBEF87B}.tap
Tue Aug 28 01:29:41 2007 TAP-Win32 Driver Version 8.4
Tue Aug 28 01:29:41 2007 TAP-Win32 MTU=1500
Tue Aug 28 01:29:41 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {EBB7BDF9-B42D-44AD-A357-DC210DBEF87B} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Tue Aug 28 01:29:41 2007 Sleeping for 10 seconds...
Tue Aug 28 01:29:51 2007 Successful ARP Flush on interface [131074] {EBB7BDF9-B42D-44AD-A357-DC210DBEF87B}
Tue Aug 28 01:29:51 2007 route ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Tue Aug 28 01:29:51 2007 Route addition via IPAPI succeeded
Tue Aug 28 01:29:51 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Aug 28 01:29:51 2007 UDPv4 link local (bound): [undef]:1039
Tue Aug 28 01:29:51 2007 UDPv4 link remote: [undef]
Tue Aug 28 01:29:51 2007 MULTI: multi_init called, r=256 v=256
Tue Aug 28 01:29:51 2007 IFCONFIG POOL: base=10.8.0.4 size=62
Tue Aug 28 01:29:51 2007 IFCONFIG POOL LIST
Tue Aug 28 01:29:51 2007 Initialization Sequence Completed
클라가 계속 접속시도 중인데요 여기서 아무것도 늘어나지 않는군요...클라쪽 로그입니다
Tue Aug 28 01:31:02 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Tue Aug 28 01:31:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Aug 28 01:31:02 2007 WARNING: using --pull/--client and --ifconfig together is probably not what you want Tue Aug 28 01:31:02 2007 WARNING: No server certificate verification method has been enabled. See <a href="http://openvpn.net/howto.html#mitm" rel="nofollow">http://openvpn.net/howto.html#mitm</a> for more info. Tue Aug 28 01:31:02 2007 LZO compression initialized Tue Aug 28 01:31:02 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Aug 28 01:31:02 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue Aug 28 01:31:02 2007 Local Options hash (VER=V4): '41690919' Tue Aug 28 01:31:02 2007 Expected Remote Options hash (VER=V4): '530fdded' Tue Aug 28 01:31:02 2007 UDPv4 link local: [undef] Tue Aug 28 01:31:02 2007 UDPv4 link remote: 147.46.243.160:1039 Tue Aug 28 01:32:02 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue Aug 28 01:32:02 2007 TLS Error: TLS handshake failed Tue Aug 28 01:32:02 2007 TCP/UDP: Closing socket Tue Aug 28 01:32:02 2007 SIGUSR1[soft,tls-error] received, process restarting Tue Aug 28 01:32:02 2007 Restart pause, 2 second(s) Tue Aug 28 01:32:04 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Aug 28 01:32:04 2007 WARNING: No server certificate verification method has been enabled. See <a href="http://openvpn.net/howto.html#mitm" rel="nofollow">http://openvpn.net/howto.html#mitm</a> for more info. Tue Aug 28 01:32:04 2007 Re-using SSL/TLS context Tue Aug 28 01:32:04 2007 LZO compression initialized Tue Aug 28 01:32:04 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Aug 28 01:32:04 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue Aug 28 01:32:04 2007 Local Options hash (VER=V4): '41690919' Tue Aug 28 01:32:04 2007 Expected Remote Options hash (VER=V4): '530fdded' Tue Aug 28 01:32:04 2007 UDPv4 link local: [undef] Tue Aug 28 01:32:04 2007 UDPv4 link remote: ***.**.***.****1039 Tue Aug 28 01:32:02 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue Aug 28 01:32:02 2007 TLS Error: TLS handshake failed Tue Aug 28 01:32:02 2007 TCP/UDP: Closing socket Tue Aug 28 01:32:02 2007 SIGUSR1[soft,tls-error] received, process restarting Tue Aug 28 01:32:02 2007 Restart pause, 2 second(s) 이하 무한 반복...
***는 자체검열 ^^;
고수분들의 도움 부탁드립니다.
openvpn 관련해서는 위키도 조금 복잡하고.. 제대로 깔끔하게 정리된 가이드가 없더군요
잘 되는대로 쭉 정리해서 다큐먼트로 만들어 보려 합니다 ^^
Forums:
댓글 달기