Ahoj,
potrebuji pomoc s nastavenim openvpn kdy se z telefonu (client) pripojuji na Mikrotik (server)
Delam to pomoci protokolu ethernet (na adroidu znacene jako TAP)
zde je konfiguracni soubor na Androidu :
dev tap0
proto tcp-client
remote x.x.x.x 1194
ca ca.crt
cert lukas-android.crt
key lukas-android.key
tls-client
port 1194
persist-tun
persist-key
nobind
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass
route 192.168.10.0 255.255.255.0 172.25.25.1
route 10.10.10.0 255.255.255.0 172.25.25.1
redirect-gateway def1
push "dhcp-option DNS 213.46.172.36"VPN se navaze ale problem je ten, ze nejde ping napr. na 8.8.8.8 a google.com tedy nekde asi bude spatne DNS.
Protoze kdyz dam pryc #redirect -gateway def1 tak se VPN navaze a preklad funguje jelikoz jedu pres "hlavni inet" ne pres vpn.
SGS 3 root Oficialni ROM
VPN delam na : OpenVPN Settings (Friedrich Schäuffelhut)
na TAP0 jsem pouzil : OpenVPN Installer (Sascha Volkenandt)
kdyz to nekomu pomuze tak tady je log z androidu :
Mon May 20 13:51:22 2013 OpenVPN 2.1.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 2 2010
Mon May 20 13:51:22 2013 MANAGEMENT: TCP Socket listening on 127.0.0.1:57557
Mon May 20 13:51:22 2013 Need password(s) from management interface, waiting...
Mon May 20 13:51:22 2013 MANAGEMENT: Client connected from 127.0.0.1:57557
Mon May 20 13:51:22 2013 MANAGEMENT: CMD 'state'
Mon May 20 13:51:22 2013 MANAGEMENT: CMD 'state on'
Mon May 20 13:51:22 2013 MANAGEMENT: CMD 'bytecount 0'
Mon May 20 13:51:47 2013 MANAGEMENT: CMD 'username 'Auth' 'lukas''
Mon May 20 13:51:47 2013 MANAGEMENT: CMD 'password [...]'
Mon May 20 13:51:47 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon May 20 13:51:47 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon May 20 13:51:58 2013 MANAGEMENT: CMD 'password [...]'
Mon May 20 13:51:58 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon May 20 13:51:58 2013 WARNING: file 'lukas-android.key' is group or others accessible
Mon May 20 13:51:58 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon May 20 13:51:58 2013 MANAGEMENT: >STATE:1369050718,RESOLVE,,,
Mon May 20 13:51:58 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Mon May 20 13:51:58 2013 Local Options hash (VER=V4): 'b60e7885'
Mon May 20 13:51:58 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Mon May 20 13:51:58 2013 Attempting to establish TCP connection with X.X.X.X:1194 [nonblock]
Mon May 20 13:51:58 2013 MANAGEMENT: >STATE:1369050718,TCP_CONNECT,,,
Mon May 20 13:51:58 2013 MANAGEMENT: CMD 'bytecount 0'
Mon May 20 13:51:58 2013 MANAGEMENT: CMD 'bytecount 0'
Mon May 20 13:51:59 2013 TCP connection established with X.X.X.X:1194
Mon May 20 13:51:59 2013 Socket Buffers: R=[1048576->131072] S=[524288->131072]
Mon May 20 13:51:59 2013 TCPv4_CLIENT link local: [undef]
Mon May 20 13:51:59 2013 TCPv4_CLIENT link remote: X.X.X.X:1194
Mon May 20 13:51:59 2013 MANAGEMENT: >STATE:1369050719,WAIT,,,
Mon May 20 13:51:59 2013 MANAGEMENT: >STATE:1369050719,AUTH,,,
Mon May 20 13:51:59 2013 TLS: Initial packet from X.X.X.X:1194, sid=48ff9ff1 0f891bba
Mon May 20 13:51:59 2013 MANAGEMENT: CMD 'bytecount 0'
Mon May 20 13:51:59 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon May 20 13:51:59 2013 MANAGEMENT: CMD 'bytecount 0'
Mon May 20 13:52:00 2013 VERIFY OK: depth=1, /C=CZ/ST=CZ/L=Prague/O=caniss/OU=caniss/CN=MT-CA/emailAddress=gmail.com
Mon May 20 13:52:00 2013 VERIFY OK: depth=0, /C=CZ/ST=CZ/O=caniss/OU=caniss/CN=server/emailAddress=gmail.com
Mon May 20 13:52:02 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon May 20 13:52:02 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 20 13:52:02 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon May 20 13:52:02 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 20 13:52:02 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon May 20 13:52:02 2013 [server] Peer Connection Initiated with X.X.X.X :1194
Mon May 20 13:52:03 2013 MANAGEMENT: >STATE:1369050723,GET_CONFIG,,,
Mon May 20 13:52:03 2013 MANAGEMENT: CMD 'bytecount 0'
Mon May 20 13:52:04 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon May 20 13:52:04 2013 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 213.46.172.36,ping 20,ping-restart 60,route-gateway 172.25.25.1,ifconfig 172.25.25.20 255.255.255.0'
Mon May 20 13:52:04 2013 OPTIONS IMPORT: timers and/or timeouts modified
Mon May 20 13:52:04 2013 OPTIONS IMPORT: --ifconfig/up options modified
Mon May 20 13:52:04 2013 OPTIONS IMPORT: route-related options modified
Mon May 20 13:52:04 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon May 20 13:52:04 2013 ROUTE default_gateway=172.16.1.1
Mon May 20 13:52:04 2013 TUN/TAP device tap0 opened
Mon May 20 13:52:04 2013 TUN/TAP TX queue length set to 100
Mon May 20 13:52:04 2013 MANAGEMENT: >STATE:1369050724,ASSIGN_IP,,172.25.25.20,
Mon May 20 13:52:04 2013 /system/xbin/bb/ifconfig tap0 172.25.25.20 netmask 255.255.255.0 mtu 1500 broadcast 172.25.25.255
Mon May 20 13:52:04 2013 /system/xbin/bb/route add -net X.X.X.X netmask 255.255.255.255 gw 172.16.1.1
Mon May 20 13:52:04 2013 /system/xbin/bb/route add -net 0.0.0.0 netmask 128.0.0.0 gw 172.25.25.1
Mon May 20 13:52:04 2013 /system/xbin/bb/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.25.25.1
Mon May 20 13:52:04 2013 MANAGEMENT: >STATE:1369050724,ADD_ROUTES,,,
Mon May 20 13:52:04 2013 /system/xbin/bb/route add -net 192.168.10.0 netmask 255.255.255.0 gw 172.25.25.1
Mon May 20 13:52:04 2013 /system/xbin/bb/route add -net 10.10.10.0 netmask 255.255.255.0 gw 172.25.25.1
Mon May 20 13:52:04 2013 Initialization Sequence Completed
Mon May 20 13:52:04 2013 MANAGEMENT: >STATE:1369050724,CONNECTED,SUCCESS,172.25.25.20, X.X.X.X
Mon May 20 13:52:04 2013 MANAGEMENT: CMD 'bytecount 0'
Mon May 20 13:52:04 2013 MANAGEMENT: CMD 'bytecount 0'
Mon May 20 13:52:04 2013 MANAGEMENT: CMD 'bytecount 3'Mikrotik mam nastaven podle tohoto navodu :
http://ity.sdeluje.cz/3-openvpn-server-mikrotik-rb750-os-v-4-50.htmlneresil taky nekdo tento problem uz jsem opradu nestastny jelikoz to resim asi 2 tydny.
diky moc
3 Odpovědí
4585 Zhlédnutí