최신 패치가 적용된 OpenBSD 5.7-amd64를 사용하고 있습니다.
다음 명령을 사용하여 OpenBSD 5.7(패키지 버전: openvpn-2.3.6.tgz)용 OpenVPN을 다운로드하고 설치했습니다.
sudo pkg_add -vi openvpn
.ovpn 파일이 있는 디렉터리로 변경했습니다.
cd openvpn-configs
ovpn 파일(예: uk.ovpn)을 선택하고 다음 명령을 입력합니다.
sudo openvpn uk.ovpn
다음 메시지로 끝나는 텍스트 줄이 터미널에 번쩍였습니다.
Initialization Sequence Completed
영국 서버에 연결되어 있음을 나타냅니다.
Firefox를 실행하고 URL을 입력합니다.
브라우저에 아무것도 나타나지 않습니다.
다른 터미널을 열고 다음을 입력합니다.
ping microsoft.com
핑은 기록되지 않습니다.
뭐가 문제 야?
mjturner의 추가 정보 요청에 대한 응답으로 여기에 자세한 내용이 나와 있습니다.
OpenBSD에서 제공하는 기본 pf 방화벽은 운영 체제 설치 중에 기본적으로 활성화됩니다. 그리고 운영 체제를 설치하는 동안 IPv6를 구성/활성화할지 묻는 질문에 "아니요"라고 대답했습니다.
VPN 연결 로그 세부정보:
Tue Jul 14 00:00:17 2015 OpenVPN 2.3.6 x86_64-unknown-openbsd5.7 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Mar 7 2015
Tue Jul 14 00:00:17 2015 library versions: LibreSSL 2.1, LZO 2.08
Tue Jul 14 00:00:17 2015 WARNING: file 'auth.txt' is group or others accessible
Tue Jul 14 00:00:17 2015 Socket Buffers: R=[41600->65536] S=[9216->65536]
Tue Jul 14 00:00:17 2015 UDPv4 link local: [undef]
Tue Jul 14 00:00:17 2015 UDPv4 link remote: [AF_INET]111.222.333.444:443
Tue Jul 14 00:00:19 2015 TLS: Initial packet from [AF_INET]111.222.333.444:443, sid=16-alphanumeric-string
Tue Jul 14 00:00:19 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 14 00:00:20 2015 VERIFY OK: depth=1, [particulars of commercial VPN service provider]
Tue Jul 14 00:00:20 2015 Validating certificate key usage
Tue Jul 14 00:00:20 2015 ++ Certificate has key usage 00a0, expects 00a0
Tue Jul 14 00:00:20 2015 VERIFY KU OK
Tue Jul 14 00:00:20 2015 Validating certificate extended key usage
Tue Jul 14 00:00:20 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 14 00:00:20 2015 VERIFY EKU OK
Tue Jul 14 00:00:20 2015 VERIFY OK: depth=0, [particulars of commercial VPN service provider]
Tue Jul 14 00:00:21 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 14 00:00:21 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 14 00:00:21 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 14 00:00:21 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 14 00:00:21 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jul 14 00:00:21 2015 [VPN-UK] Peer Connection Initiated with [AF_INET]111.222.333.444:443
Tue Jul 14 00:00:23 2015 SENT CONTROL [VPN-UK]: 'PUSH_REQUEST' (status=1)
Tue Jul 14 00:00:24 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.9.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.9.0.6 10.9.0.5'
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: route options modified
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 14 00:00:24 2015 ROUTE_GATEWAY 192.168.220.1
Tue Jul 14 00:00:24 2015 TUN/TAP device /dev/tun0 opened
Tue Jul 14 00:00:24 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jul 14 00:00:24 2015 /sbin/ifconfig tun0 10.9.0.6 10.9.0.5 mtu 1500 netmask 255.255.255.255 up -link0
Tue Jul 14 00:00:26 2015 /sbin/route add -net 111.222.333.444 192.168.220.1 -netmask 255.255.255.255
add net 111.222.333.444: gateway 192.168.220.1
Tue Jul 14 00:00:26 2015 /sbin/route add -net 0.0.0.0 10.9.0.5 -netmask 128.0.0.0
add net 0.0.0.0: gateway 10.9.0.5
Tue Jul 14 00:00:26 2015 /sbin/route add -net 128.0.0.0 10.9.0.5 -netmask 128.0.0.0
add net 128.0.0.0: gateway 10.9.0.5
Tue Jul 14 00:00:26 2015 /sbin/route add -net 10.9.0.1 10.9.0.5 -netmask 255.255.255.255
add net 10.9.0.1: gateway 10.9.0.5
Tue Jul 14 00:00:26 2015 Initialization Sequence Completed
ifconfig -aVPN 연결이 열려 있는 경우의 세부정보:
$ ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
priority: 0
groups: lo
inet6 xx11::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr [MAC address of network card]
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 192.168.220.176 netmask 0xffffff00 broadcast 192.168.220.255
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33144
priority: 0
groups: pflog
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
priority: 0
groups: tun
status: active
inet 10.9.0.6 --> 10.9.0.5 netmask 0xffffffff
netstat -nr -f inetVPN 연결이 열려 있는 경우의 세부정보:
$ netstat -nr -f inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
0/1 10.9.0.5 UGS 0 0 - 8 tun0
default 192.168.220.1 UGS 1 137 - 8 re0
10.9.0.1/32 10.9.0.5 UGS 0 0 - 8 tun0
10.9.0.5 10.9.0.6 UH 3 0 - 4 tun0
10.9.0.6 10.9.0.6 UHl 0 0 - 1 lo0
111.222.333.444/32 192.168.220.1 UGS 0 0 - 8 re0
127/8 127.0.0.1 UGRS 0 0 32768 8 lo0
127.0.0.1 127.0.0.1 UHl 1 4 32768 1 lo0
128/1 10.9.0.5 UGS 0 0 - 8 tun0
192.168.220/24 link#1 UC 1 0 - 4 re0
192.168.220.1 [MAC-router] UHLc 2 0 - 4 re0
192.168.220.176 [MAC-network card] UHLl 0 0 - 1 lo0
192.168.220.255 link#1 UHLb 0 0 - 1 re0
224/4 link#1 UCS 0 0 - 8 re0
digVPN 연결이 열려 있는 경우의 세부정보:
$ dig +short microsoft.com
;; connection timed out; no servers could be reached
$