OPENVPN DEBIAN
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
 |
OPENVPN DEBIAN
by Anderson Bertling
::
Rate this Message:
Boa tarde!
estou com duvida com relação ao plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth >>>>>>client-cert-not-required quando eu adiciono essas opçoes na configuração em teoria nao é para solicitar nenhum crtificado correto quando eu estou no cliente que eu bato só o usuario e senha do pam ele em teoria conecta mas com ifconfig nao aprece o tun bem como no log aparece que falta o ca.cert usei o kvpnc para testar e a mesma resposta que o ca.cert CA certificate file (keys/ca.crt) could not be found. Please check its path. Segue a configuração do server e do cliente para conpreender o problema ############################################# server # Dispositivo utilizado pelo OpenVPN dev tun # Define que atuaremos como servidor mode server # Indica que o servidor atuará como o # controlador no canal de comunicação # durante a conexão TLS tls-server # Permite que os clientes conectados ao # servidor troquem pacotes entre si client-to-client # with tls-auth server is value 0 and client is value 1 #tls-auth keys/ta.key 0 dh keys/dh1024.pem ca keys/ca.crt cert keys/server.crt key keys/server.key duplicate-cn server 171.171.100.0 255.255.255.0 # IP range clients ifconfig-pool-persist ipp.txt # note: initial tests used these, and they worked, but # the man page hade the two lines above. #ifconfig 192.168.100.1 192.168.100.2 #ifconfig-pool 171.171.100.5 171.171.200 # IP range clients route-up "route delete -net 171.171.100.0/24" route-up "route add -net 171.171.100.0/24 tun0" push "route 171.171.100.1" # add route to protected network # the next line tells the client to route all traffic thru the VPN # you might not want this #push "redirect-gateway def1" # if you do not want to route all client traffic thru VPN, do something like # the following (uncomment out and edit as needed) #push "route 10.90.134.0 255.255.255.0" #push "route 10.0.134.0 255.255.255.0" #push "route 195.214.241.0 255.255.255.0" # if you have mobile users, the following can be used: #push "dhcp-option DOMAIN riseup.net" #push the DNS domain suffix #push "dhcp-option DNS 10.32.1.14 " #push DNS entries to client #push "dhcp-option WINS 69.90.134.134 " #push WINS entries to client port 1194 user nobody #group nogroup ; comp-lzo ping 60 ; ping-restart 45 ; ping-timer-rem persist-tun persist-key verb 6 log-append /var/log/openvpn/openvpn.log status /var/log/openvpn/status.log # uncomment the following lines if you want to use PAM but # note that on debian, you need to apt-get install libpam0g-dev plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth client-cert-not-required ###################################### Cliente dev tun tls-client # 1 below means "client" #tls-auth keys/ta.key 1 ca keys/ca.crt #cert keys/client.crt #key keys/client.key # Our OpenVPN peer is the office gateway. remote 10.32.1.115 pull ;port 1194 user nobody #group nogroup ; comp-lzo ; ping 15 ; ping-restart 45 ; ping-timer-rem ;persist-tun ;persist-key verb 6 log-append /var/log/openvpn/openvpn.log status /var/log/openvpn/status.log # uncomment the following if the server uses PAM auth-user-pass ########################################## nao sei mais aonde procurar informações olha que o depois de procurar parece que o google ficou pequeno nao acho nada a esse respeito, pessoal qualquer ajuda fico grato -- Att Anderson Bertling |
|
|
Re: OPENVPN DEBIAN
by Alex Paulo Laner
::
Rate this Message:
Anderson,
Veja como esta o meu server.conf, no meu caso o OpenVPN esta rodando no NetBSD mas isso não tem nada haver. - server.conf ... # Plugin para autenticacao local # http://auth-passwd.sourceforge.net/ plugin /usr/pkg/etc/openvpn/plugins/openvpn-auth-passwd.so vpn Sendo que vpn é um no meu /etc/group - /etc/group ... vpn:*:1000:rootsh,user1,user2,userblabla Caso queria tirar o acesso do usúario apenas tirar ele do grupo. Alex Paulo Laner aka rootsh On Thu, Nov 5, 2009 at 1:50 PM, Anderson Bertling <andersonbertling@...> wrote: Boa tarde! |
|
|
Re: OPENVPN DEBIAN
by Fabricio Cannini-2
::
Rate this Message:
On Thursday 05 November 2009 13:50:07 Anderson Bertling wrote:
> Boa tarde! > estou com duvida com relação ao plugin /usr/lib/openvpn/openvpn-auth-pam.so > common-auth >>>>>>client-cert-not-required > quando eu adiciono essas opçoes na configuração em teoria nao é para > solicitar nenhum crtificado correto > quando eu estou no cliente que eu bato só o usuario e senha do pam ele em > teoria conecta mas com ifconfig nao aprece o tun > bem como no log aparece que falta o ca.cert usei o kvpnc para testar e a > mesma resposta que o ca.cert > CA certificate file (keys/ca.crt) could not be found. Please check its > path. > > > Segue a configuração do server e do cliente para conpreender o problema Pergunta boba, mas tu instalou esse pacote que fala aqui embaixo ? > # uncomment the following lines if you want to use PAM but > # note that on debian, you need to apt-get install libpam0g-dev > plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth > client-cert-not-required [ ]'s -- To UNSUBSCRIBE, email to debian-user-portuguese-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@... |
|
|
Re: OPENVPN DEBIAN
by Anderson Bertling
::
Rate this Message:
claro e confirmado no mesmo local indicado,
2009/11/5 Fabricio Cannini <fcannini@...>
-- Att Anderson Bertling |
| Free embeddable forum powered by Nabble | Forum Help |
