Zdravim vsechny
Mam Fedoru 15 a pokousim se zprovoznit openvpn ale nedari se.K pripojeni sice dojde ale neziskam verejnou ip kterou bych na tomto vpn mel mit. Nevite nekdo prosim v cem by mohl byt problem.Z navodu ktery mam k tomuto vpn jedine co jsem vicet je ze jadro musi obsahovat podporu tun/tap,ostatni doplnky co jsou uvedeny by mnely bit nainstalovany.
Predem dekuji za pomoc.
Z tohoto popisu by odpoved nevykouzlil asi ani Koprfild. Zprovozneni VPN v zadnem pripade neznamena automaticky prideleni jakekoli verejne IP. VPN ma vzdy dve strany - stranu klienta a serveru. Kdo a kde nastavuje server? Predpokladam ze klient si ty. Jakym zpusobem mas nastavenou openvpn? Nastavujes ji pres NetworkManager, nebo systemove?
pres NetworkManager mi to nejde haze mi to nejakou chybu.Tak jsem nakopiroval konfiguracni soubory a certifikat primo do slozky /etc/openvpn a spustil v terminalu pomoci prikazu /etc/init.d/openvpn start vyhodiloto ok.stejny postup jsem pouzil v debianu tam vse bez problemu.
O moc sdilnejsi jste nebyl. Pouzivate SElinux? Koukal jste se do logu?
prave ten selinux mi hlasil chybu.do ktereho log souboru se mam podivat kdyztak bych ho sem hodil,ja se vnich stejne neviznam.
jeste jsem zapomel dodat ze servr je nastaven tam bych problem nehledal.
SELinux si záznamy loguje do /var/log/audit/audit.log. Jestli za to právě SELinux může, se dá zkusit jeho dočasným vypnutím (v konzoli: setenforce 0 a pak restart openvpn služby). OpenVPN by se mělo logovat do /var/log/messages.
prikladam vipis ze souboru messages
permissions enforced, configuration type 1
Oct 31 14:35:44 zdenal-desktop NetworkManager[764]: <info> Starting VPN service 'openvpn'...
Oct 31 14:35:44 zdenal-desktop NetworkManager[764]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 1778
Oct 31 14:35:44 zdenal-desktop kernel: [ 230.385902] tun: Universal TUN/TAP device driver, 1.6
Oct 31 14:35:44 zdenal-desktop kernel: [ 230.385907] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Oct 31 14:35:44 zdenal-desktop NetworkManager[764]: <info> VPN service 'openvpn' appeared; activating connections
Oct 31 14:35:44 zdenal-desktop NetworkManager[764]: <info> VPN plugin state changed: 1
Oct 31 14:36:02 zdenal-desktop NetworkManager[764]: <info> VPN plugin state changed: 3
Oct 31 14:36:02 zdenal-desktop NetworkManager[764]: <info> VPN connection 'client' (Connect) reply received.
Oct 31 14:36:02 zdenal-desktop nm-openvpn[1783]: OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 17 2011
Oct 31 14:36:03 zdenal-desktop nm-openvpn[1783]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 31 14:36:03 zdenal-desktop nm-openvpn[1783]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 31 14:36:03 zdenal-desktop dbus: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Oct 31 14:36:03 zdenal-desktop nm-openvpn[1783]: Cannot load CA certificate file /home/zdenal/openvpn/ca.crt path (null) (SSL_CTX_load_verify_locations): error:0200100D:system library:fopen:Permission denied: error:2006D002:BIO routines:BIO_new_file:system lib: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
Oct 31 14:36:03 zdenal-desktop nm-openvpn[1783]: Exiting
Oct 31 14:36:03 zdenal-desktop NetworkManager[764]: <warn> VPN plugin failed: 1
Oct 31 14:36:03 zdenal-desktop NetworkManager[764]: <info> VPN plugin state changed: 6
Oct 31 14:36:03 zdenal-desktop NetworkManager[764]: <info> VPN plugin state change reason: 0
Oct 31 14:36:03 zdenal-desktop NetworkManager[764]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Oct 31 14:36:03 zdenal-desktop NetworkManager[764]: <info> Policy set 'Wired connection 1' (eth0) as default for IPv4 routing and DNS.
Oct 31 14:36:03 zdenal-desktop dbus: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Oct 31 14:36:06 zdenal-desktop setroubleshoot: SELinux is preventing /usr/sbin/openvpn from read access on the file ca.crt. For complete SELinux messages. run sealert -l c39cb5e8-3d57-41a0-8153-6c723c75c47b
Oct 31 14:36:08 zdenal-desktop NetworkManager[764]: <info> VPN service 'openvpn' disappeared
Oct 31 14:36:21 zdenal-desktop dbus: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Oct 31 14:36:22 zdenal-desktop dbus: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Oct 31 14:39:58 zdenal-desktop pulseaudio[1515]: ratelimit.c: 9 events suppressed
Oct 31 14:41:24 zdenal-desktop dbus: [system] Activating service name='net.reactivated.Fprint' (using servicehelper)
Oct 31 14:41:24 zdenal-desktop dbus: [system] Successfully activated service 'net.reactivated.Fprint'
Oct 31 14:44:40 zdenal-desktop dbus: [system] Activating service name='net.reactivated.Fprint' (using servicehelper)
Oct 31 14:44:40 zdenal-desktop dbus: [system] Successfully activated service 'net.reactivated.Fprint'
Oct 31 14:47:31 zdenal-desktop yum[2082]: Erased: kernel
Oct 31 14:47:37 zdenal-desktop yum[2082]: Erased: kernel
Oct 31 14:50:04 zdenal-desktop dbus: [system] Activating service name='net.reactivated.Fprint' (using servicehelper)
Oct 31 14:50:04 zdenal-desktop dbus: [system] Successfully activated service 'net.reactivated.Fprint'
Oct 31 14:51:11 zdenal-desktop dbus: avc: received setenforce notice (enforcing=0)
Oct 31 14:51:11 zdenal-desktop dbus: avc: received setenforce notice (enforcing=0)
Oct 31 14:51:11 zdenal-desktop dbus: avc: received setenforce notice (enforcing=0)
Oct 31 14:51:37 zdenal-desktop NetworkManager[764]: <info> Starting VPN service 'openvpn'...
Oct 31 14:51:37 zdenal-desktop NetworkManager[764]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 2160
Oct 31 14:51:37 zdenal-desktop NetworkManager[764]: <info> VPN service 'openvpn' appeared; activating connections
Oct 31 14:51:37 zdenal-desktop NetworkManager[764]: <info> VPN plugin state changed: 3
Oct 31 14:51:37 zdenal-desktop NetworkManager[764]: <info> VPN connection 'client' (Connect) reply received.
Oct 31 14:51:37 zdenal-desktop nm-openvpn[2163]: OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 17 2011
Oct 31 14:51:37 zdenal-desktop nm-openvpn[2163]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 31 14:51:37 zdenal-desktop nm-openvpn[2163]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 31 14:51:37 zdenal-desktop dbus: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Oct 31 14:51:37 zdenal-desktop nm-openvpn[2163]: LZO compression initialized
Oct 31 14:51:37 zdenal-desktop nm-openvpn[2163]: UDPv4 link local: [undef]
Oct 31 14:51:37 zdenal-desktop nm-openvpn[2163]: UDPv4 link remote: 88.86.108.8:8080
Oct 31 14:51:38 zdenal-desktop nm-openvpn[2163]: [vpnhosting.cz] Peer Connection Initiated with 88.86.108.8:8080
Oct 31 14:51:38 zdenal-desktop dbus: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Oct 31 14:51:40 zdenal-desktop nm-openvpn[2163]: TUN/TAP device tun0 opened
Oct 31 14:51:40 zdenal-desktop nm-openvpn[2163]: /usr/libexec/nm-openvpn-service-openvpn-helper tun0 1500 1542 10.8.1.14 10.8.1.13 init
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> VPN connection 'client' (IP Config Get) reply received.
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> VPN Gateway: 88.86.108.8
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> Internal Gateway: 10.8.1.13
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> Tunnel Device: tun0
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> Internal IP4 Address: 10.8.1.14
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> Internal IP4 Prefix: 32
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> Internal IP4 Point-to-Point Address: 10.8.1.13
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> Maximum Segment Size (MSS): 0
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> Static Route: 10.8.0.0/16 Next Hop: 10.8.0.0
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> Forbid Default Route: no
Oct 31 14:51:40 zdenal-desktop NetworkManager[764]: <info> DNS Domain: '(none)'
Oct 31 14:51:40 zdenal-desktop nm-openvpn[2163]: Initialization Sequence Completed
Oct 31 14:51:40 zdenal-desktop lldpad[932]: evb_ifdown:port tun0 remove failed
Oct 31 14:51:40 zdenal-desktop lldpad[932]: vdp_ifdown:tun0 vdp data remove failed
Oct 31 14:51:40 zdenal-desktop setroubleshoot: SELinux is preventing /usr/sbin/openvpn from read access on the file ca.crt. For complete SELinux messages. run sealert -l c39cb5e8-3d57-41a0-8153-6c723c75c47b
Oct 31 14:51:40 zdenal-desktop setroubleshoot: SELinux is preventing /usr/sbin/openvpn from read access on the file ca.crt. For complete SELinux messages. run sealert -l c39cb5e8-3d57-41a0-8153-6c723c75c47b
Oct 31 14:51:41 zdenal-desktop NetworkManager[764]: <info> VPN connection 'client' (IP Config Get) complete.
Oct 31 14:51:41 zdenal-desktop NetworkManager[764]: <info> Policy set 'client' (tun0) as default for IPv4 routing and DNS.
Oct 31 14:51:41 zdenal-desktop NetworkManager[764]: <info> VPN plugin state changed: 4
Oct 31 14:51:41 zdenal-desktop dbus: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Oct 31 14:51:41 zdenal-desktop dbus: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Oct 31 14:52:41 zdenal-desktop systemd[1]: PID 1700 read from file /var/run/sendmail.pid does not exist. Your service or init script might be broken.
Oct 31 15:00:19 zdenal-desktop dhclient[1035]: DHCPREQUEST on eth0 to 192.168.1.20 port 67
Oct 31 15:00:19 zdenal-desktop dhclient[1035]: DHCPACK from 192.168.1.20
Oct 31 15:00:19 zdenal-desktop dhclient[1035]: bound to 192.168.1.7 -- renewal in 1199 seconds.
Oct 31 15:00:19 zdenal-desktop NetworkManager[764]: <info> (eth0): DHCPv4 state changed bound -> renew
Oct 31 15:00:19 zdenal-desktop NetworkManager[764]: <info> address 192.168.1.7
Oct 31 15:00:19 zdenal-desktop NetworkManager[764]: <info> prefix 24 (255.255.255.0)
Oct 31 15:00:19 zdenal-desktop NetworkManager[764]: <info> gateway 192.168.1.20
Oct 31 15:00:19 zdenal-desktop NetworkManager[764]: <info> nameserver '192.168.1.20'
Oct 31 15:00:19 zdenal-desktop dbus: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Oct 31 15:00:19 zdenal-desktop dbus: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Oct 31 15:20:18 zdenal-desktop dhclient[1035]: DHCPREQUEST on eth0 to 192.168.1.20 port 67
Oct 31 15:20:18 zdenal-desktop dhclient[1035]: DHCPACK from 192.168.1.20
Oct 31 15:20:18 zdenal-desktop dhclient[1035]: bound to 192.168.1.7 -- renewal in 1433 seconds.
Oct 31 15:38:58 zdenal-desktop dbus: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper)
Oct 31 15:38:58 zdenal-desktop dbus: [system] Successfully activated service 'org.freedesktop.PackageKit'
Oct 31 15:42:52 zdenal-desktop systemd[1]: Reexecuting.
Oct 31 15:42:52 zdenal-desktop systemd[1]: systemd 26 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +SYSVINIT +LIBCRYPTSETUP; fedora)
Oct 31 15:44:11 zdenal-desktop dhclient[1035]: DHCPREQUEST on eth0 to 192.168.1.20 port 67
Oct 31 15:44:11 zdenal-desktop dhclient[1035]: DHCPACK from 192.168.1.20
Oct 31 15:44:11 zdenal-desktop dhclient[1035]: bound to 192.168.1.7 -- renewal in 1386 seconds.
Oct 31 15:50:55 zdenal-desktop avahi-daemon[753]: Withdrawing workstation service for tun0.
Oct 31 15:50:55 zdenal-desktop lldpad[932]: evb_ifdown:port tun0 remove failed
Oct 31 15:50:55 zdenal-desktop lldpad[932]: vdp_ifdown:tun0 vdp data remove failed
Oct 31 15:50:55 zdenal-desktop lldpad[932]: evb_ifdown:port tun0 remove failed
Oct 31 15:50:55 zdenal-desktop lldpad[932]: vdp_ifdown:tun0 vdp data remove failed
Oct 31 15:50:55 zdenal-desktop lldpad[932]: evb_ifdown:port tun0 remove failed
Oct 31 15:50:55 zdenal-desktop lldpad[932]: vdp_ifdown:tun0 vdp data remove failed
Oct 31 15:50:56 zdenal-desktop NetworkManager[764]: <info> Policy set 'Wired connection 1' (eth0) as default for IPv4 routing and DNS.
Oct 31 15:50:56 zdenal-desktop dbus: [system] Activating service name='org.freedesktop.nm_dispatcher' (using servicehelper)
Oct 31 15:50:56 zdenal-desktop dbus: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Oct 31 15:50:56 zdenal-desktop nm-openvpn[2163]: SIGTERM[hard,] received, process exiting
Oct 31 15:51:01 zdenal-desktop NetworkManager[764]: <info> VPN service 'openvpn' disappeared
Oct 31 15:51:43 zdenal-desktop NetworkManager[764]: keyfile: removed /etc/NetworkManager/system-connections/client.
Oct 31 15:51:56 zdenal-desktop systemd[1]: PID 2225 read from file /var/run/sendmail.pid does not exist. Your service or init script might be broken.
Oct 31 15:53:06 zdenal-desktop NetworkManager[764]: <info> Starting VPN service 'openvpn'...
Oct 31 15:53:06 zdenal-desktop NetworkManager[764]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 15828
Oct 31 15:53:06 zdenal-desktop NetworkManager[764]: <info> VPN service 'openvpn' appeared; activating connections
Oct 31 15:53:06 zdenal-desktop NetworkManager[764]: <info> VPN plugin state changed: 1
Oct 31 15:53:16 zdenal-desktop NetworkManager[764]: <info> VPN plugin state changed: 3
Oct 31 15:53:16 zdenal-desktop NetworkManager[764]: <info> VPN connection 'client' (Connect) reply received.
Oct 31 15:53:16 zdenal-desktop nm-openvpn[15832]: OpenVPN 2.1.4 i386-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 17 2011
Oct 31 15:53:16 zdenal-desktop nm-openvpn[15832]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 31 15:53:16 zdenal-desktop nm-openvpn[15832]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 31 15:53:16 zdenal-desktop nm-openvpn[15832]: LZO compression initialized
Oct 31 15:53:16 zdenal-desktop nm-openvpn[15832]: UDPv4 link local: [undef]
Oct 31 15:53:16 zdenal-desktop nm-openvpn[15832]: UDPv4 link remote: 88.86.108.8:8080
Oct 31 15:53:17 zdenal-desktop nm-openvpn[15832]: [vpnhosting.cz] Peer Connection Initiated with 88.86.108.8:8080
Oct 31 15:53:19 zdenal-desktop nm-openvpn[15832]: TUN/TAP device tun0 opened
Oct 31 15:53:19 zdenal-desktop nm-openvpn[15832]: /usr/libexec/nm-openvpn-service-openvpn-helper tun0 1500 1542 10.8.3.182 10.8.3.181 init
Oct 31 15:53:19 zdenal-desktop lldpad[932]: evb_ifdown:port tun0 remove failed
Oct 31 15:53:19 zdenal-desktop lldpad[932]: vdp_ifdown:tun0 vdp data remove failed
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> VPN connection 'client' (IP Config Get) reply received.
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> VPN Gateway: 88.86.108.8
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> Internal Gateway: 10.8.3.181
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> Tunnel Device: tun0
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> Internal IP4 Address: 10.8.3.182
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> Internal IP4 Prefix: 32
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> Internal IP4 Point-to-Point Address: 10.8.3.181
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> Maximum Segment Size (MSS): 0
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> Static Route: 10.8.0.0/16 Next Hop: 10.8.0.0
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> Forbid Default Route: no
Oct 31 15:53:19 zdenal-desktop NetworkManager[764]: <info> DNS Domain: '(none)'
Oct 31 15:53:19 zdenal-desktop nm-openvpn[15832]: Initialization Sequence Completed
Oct 31 15:53:20 zdenal-desktop NetworkManager[764]: <info> VPN connection 'client' (IP Config Get) complete.
Oct 31 15:53:20 zdenal-desktop NetworkManager[764]: <info> Policy set 'client' (tun0) as default for IPv4 routing and DNS.
Oct 31 15:53:20 zdenal-desktop NetworkManager[764]: <info> VPN plugin state changed: 4
Jestli dobre koukam do logu, tak s vypnutym Selinuxem to funguje?
Problem je tedy v
nm-openvpn[1783]: Cannot load CA certificate file /home/zdenal/openvpn/ca.crt path (null) (SSL_CTX_load_verify_locations): error:0200100D:system library:fopentongue sticking out smileyermission denied: error:2006D002:BIO routines:BIO_new_file:system lib: error:0B084002:x509 certificate routinesangry smiley509_load_cert_crl_file:system lib
Podle me mas tedy nejaky problem s pravy na openvpn certifikat. Nevim kde system standardne predpoklada ulozeni certifikatu ale v /home/zdenal/openvpn to asi nebude.
jenom mne tak napadlo jestli nemuze bit problem nekde v tech tun/tap ovladacich.ja se na server sice pripojim ale neziskam verejnou ip kterou na serveru mam mit
Stale nechapu z jakeho titulu si myslis ze bys mel ziskat verejnou IP adresu?
Pripojenim na vpnhosting na server 88.86.108.8 se pripojis pres OpenVPN k tomuto stroji, ten ti prideli interni IP adresu 10.8.x.x, protoze to tak proste je nastavene na serveru. Pokud si platis u vpnhostingu nejakou sluzbu s verejnou IP, pak se obrat na ne. Poskytni jim log, ktery si posilal sem a jiste ti poradi.
platim si verejnou ip adresu u vpnhosting.mozna sem to npsal spatne nejde ani tak o verejnou ip adresu jako o to ze nemam otevrene porty.vzhledem ktomu ze mi to na ubuntu nebo debianu fungovalo bez problemu tak jsem usuzoval ze to bude spis problem operacniho sistemu.jak rikas skusim to resit prez ne.
zatim diky za pomoc
Pokud chces pristupovat na svuj pocitac zvenku, musis samozrejme ve FW povolit porty/sluzby na ktere chces pristupovat.
Pust si system-config-firewall - a sazmorejme zatim to vypada, ze musis vypnout selinux.
tak stacilo povolit ve firewallu tun rozhrani a uz to funguje.
Vsem diky za pomoc.
P.S.omlouvam se za pocatecni nedorozumneni,mnel jsem hned napsat ze nejsou otevrene porty.