VPN 클라이언트를 구성하려고 합니다(이 서버에 대해서만 처음이자 마지막으로). 서버는 클라이언트 구성 파일도 생성하는 PiVPN으로 구성된 Raspberry 3 Pi에서 실행됩니다.
출력은 다음과 같습니다 openvpn --config conf.ovpn.
Tue Jun 27 21:35:42 2017 OpenVPN 2.4.0 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 22 2017
Tue Jun 27 21:35:42 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Enter Private Key Password: *************
Tue Jun 27 21:35:45 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]2.x.x.x:1194
Tue Jun 27 21:35:45 2017 UDP link local: (not bound)
Tue Jun 27 21:35:45 2017 UDP link remote: [AF_INET]2.x.x.x:1194
Tue Jun 27 21:35:46 2017 [server] Peer Connection Initiated with [AF_INET]2.x.x.x:1194
Tue Jun 27 21:35:47 2017 TUN/TAP device tun0 opened
Tue Jun 27 21:35:47 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jun 27 21:35:47 2017 /sbin/ip link set dev tun0 up mtu 1500
Tue Jun 27 21:35:47 2017 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
RTNETLINK answers: File exists
Tue Jun 27 21:35:47 2017 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Jun 27 21:35:47 2017 Initialization Sequence Completed
클라이언트 측에서:
root@kali:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 1c:75:08:fa:3b:7e brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether ec:55:f9:79:b5:dc brd ff:ff:ff:ff:ff:ff
inet 192.168.1.64/24 brd 192.168.1.255 scope global dynamic wlan0
valid_lft 2511sec preferred_lft 2511sec
inet6 2001:b07:2e0:81c6:7341:e6d7:dab4:9e57/64 scope global noprefixroute dynamic
valid_lft 25114sec preferred_lft 10714sec
inet6 fe80::de7a:3e8b:1eb4:4163/64 scope link
valid_lft forever preferred_lft forever
서버 측에서:
pi@raspberrypi:~ $ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:70:cf:f3 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.67/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2001:b07:2e0:81c6:4efb:fa6b:69b7:a22b/64 scope global noprefixroute dynamic
valid_lft 24935sec preferred_lft 10535sec
inet6 fe80::4137:8750:ed76:79cf/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether b8:27:eb:25:9a:a6 brd ff:ff:ff:ff:ff:ff
inet6 fe80::8d7:6c11:f28e:eea0/64 scope link tentative
valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::1c6c:2047:3987:5469/64 scope link flags 800
valid_lft forever preferred_lft forever
편집하다:
conf.ovpn의 내용:
client
dev tun
proto udp
remote 2.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
auth-nocache
server.conf의 내용:
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 84.200.69.80"
push "dhcp-option DNS 84.200.70.40"
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
답변1
로그 보기:
Tue Jun 27 21:35:47 2017 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
RTNETLINK answers: File exists
Tue Jun 27 21:35:47 2017 ERROR: Linux route add command failed:
external program exited with error status: 2
이 특정 로그 조각은 이미 존재하는 경로( )를 생성하려고 함을 나타냅니다 RTNETLINK answers: File exists. 서버와 클라이언트(또는 클라이언트가 사용할 풀)에서 IP 주소를 정의하면 해당 "LAN" 넷마스크를 기반으로 요청 시 이러한 IP 간의 통신 경로가 생성됩니다. 서버 구성의 다음 줄은 다음과 같습니다.
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
이를 염두에 두고 /32마스크나 /24. 서버 구성 파일에서 다음 줄을 삭제하거나 주석 처리하면 됩니다.
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
이제 더 이상 중복된 경로는 없습니다 :)