API tools faq
paste
Guest User

Untitled

a guest
Aug 31st, 2016
186
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.41 KB | None | 0 0
raw download clone embed print report
  1. Клиентский конфиг:
  2.  
  3. client
  4. dev tun
  5. persist-key
  6. persist-tun
  7. nobind
  8. remote 185.90.60.73 1193 udp
  9. comp-lzo
  10. tls-client
  11. ns-cert-type server
  12. verb 3
  13. script-security 2
  14. auth-nocache
  15. tun-mtu 1500
  16. cipher AES-256-CBC
  17. auth SHA512
  18. ns-cert-type server
  19. tls-auth ta.key 1
  20. cert client.crt
  21. key client.key
  22. ca ca.crt
  23. up update-resolv-conf
  24.  
  25. ===================================================================
  26. VPN ExitNode config
  27.  
  28. dev tun0
  29. port 1194
  30. persist-tun
  31. persist-key
  32. server 10.10.0.0 255.255.255.0
  33. management 127.0.0.1 7505
  34. duplicate-cn
  35. tun-mtu 1500
  36. ping-timer-rem
  37. keepalive 10 60
  38. comp-lzo
  39. auth SHA512
  40. cipher AES-256-CBC
  41. tls-server
  42. tls-auth ssl/ta.key 0
  43. dh ssl/dh4096.pem
  44. cert ssl/server.crt
  45. key ssl/server.key
  46. ca ssl/ca.crt
  47. verb 3
  48. log /var/log/openvpn.log
  49. status /var/log/openvpn-status.log
  50.  
  51. ===================================================================
  52. VPN EnterNode config
  53.  
  54. >>>>server<<<<
  55.  
  56. dev tun0
  57. proto udp
  58. port 1193
  59. persist-tun
  60. persist-key
  61. server 10.11.0.0 255.255.255.0
  62. management 127.0.0.1 7505
  63. duplicate-cn
  64. tun-mtu 1500
  65. push "redirect-gateway def1"
  66. push "dhcp-option DNS 10.10.0.1"
  67. ping-timer-rem
  68. keepalive 10 60
  69. comp-lzo
  70. auth SHA512
  71. cipher AES-256-CBC
  72. tls-server
  73. tls-auth ssl/ta.key 0
  74. dh ssl/dh4096.pem
  75. cert ssl/server.crt
  76. key ssl/server.key
  77. ca ssl/ca.crt
  78. verb 3
  79. log /var/log/openvpn.log
  80. status /var/log/openvpn-status.log
  81.  
  82.  
  83. >>>>client<<<<
  84.  
  85. client
  86. dev tun3
  87. persist-key
  88. persist-tun
  89. nobind
  90. remote 91.219.237.69 1194
  91. proto udp
  92. management 127.0.0.1 7506
  93. comp-lzo
  94. tls-client
  95. ns-cert-type server
  96. script-security 2
  97. auth-nocache
  98. tun-mtu 1500
  99. cipher AES-256-CBC
  100. auth SHA512
  101. ns-cert-type server
  102. tls-auth ssl2/ta.key 1
  103. cert ssl2/client.crt
  104. key ssl2/client.key
  105. ca ssl2/ca.crt
  106. verb 3
  107. log /var/log/openvpn.log
  108. status /var/log/openvpn-status.log
  109. up uproute.sh
  110.  
  111. ===================================================================
  112. >>>>uproute.sh<<<<
  113.  
  114. #!/bin/sh
  115. ip rule add from 10.11.0.0/24 table vpn
  116. ip route add default dev tun3 table vpn
  117. iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -o tun3 -j MASQUERADE
  118.  
  119.  
  120. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
  121. Client LOg
  122.  
  123. Wed Aug 31 19:11:09 2016 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
  124. Wed Aug 31 19:11:09 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
  125. Wed Aug 31 19:11:09 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
  126. Wed Aug 31 19:11:09 2016 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
  127. Wed Aug 31 19:11:09 2016 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
  128. Wed Aug 31 19:11:09 2016 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
  129. Wed Aug 31 19:11:09 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]
  130. Wed Aug 31 19:11:09 2016 UDPv4 link local: [undef]
  131. Wed Aug 31 19:11:09 2016 UDPv4 link remote: [AF_INET]185.90.60.73:1193
  132. Wed Aug 31 19:11:10 2016 TLS: Initial packet from [AF_INET]185.90.60.73:1193, sid=706a4869 b1542a4d
  133. Wed Aug 31 19:11:11 2016 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, [email protected]
  134. Wed Aug 31 19:11:11 2016 VERIFY OK: nsCertType=SERVER
  135. Wed Aug 31 19:11:11 2016 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, [email protected]
  136. Wed Aug 31 19:11:12 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
  137. Wed Aug 31 19:11:12 2016 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
  138. Wed Aug 31 19:11:12 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
  139. Wed Aug 31 19:11:12 2016 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
  140. Wed Aug 31 19:11:12 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
  141. Wed Aug 31 19:11:12 2016 [server] Peer Connection Initiated with [AF_INET]185.90.60.73:1193
  142. Wed Aug 31 19:11:15 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
  143. Wed Aug 31 19:11:15 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.0.1,route 10.11.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.11.0.6 10.11.0.5'
  144. Wed Aug 31 19:11:15 2016 OPTIONS IMPORT: timers and/or timeouts modified
  145. Wed Aug 31 19:11:15 2016 OPTIONS IMPORT: --ifconfig/up options modified
  146. Wed Aug 31 19:11:15 2016 OPTIONS IMPORT: route options modified
  147. Wed Aug 31 19:11:15 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
  148. Wed Aug 31 19:11:15 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlan0 HWADDR=38:91:fb:30:84:7b
  149. Wed Aug 31 19:11:15 2016 TUN/TAP device tun0 opened
  150. Wed Aug 31 19:11:15 2016 TUN/TAP TX queue length set to 100
  151. Wed Aug 31 19:11:15 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  152. Wed Aug 31 19:11:15 2016 /sbin/ip link set dev tun0 up mtu 1500
  153. Wed Aug 31 19:11:15 2016 /sbin/ip addr add dev tun0 local 10.11.0.6 peer 10.11.0.5
  154. Wed Aug 31 19:11:15 2016 update-resolv-conf tun0 1500 1602 10.11.0.6 10.11.0.5 init
  155. Wed Aug 31 19:11:15 2016 /sbin/ip route add 185.90.60.73/32 via 192.168.1.1
  156. Wed Aug 31 19:11:15 2016 /sbin/ip route add 0.0.0.0/1 via 10.11.0.5
  157. Wed Aug 31 19:11:15 2016 /sbin/ip route add 128.0.0.0/1 via 10.11.0.5
  158. Wed Aug 31 19:11:15 2016 /sbin/ip route add 10.11.0.1/32 via 10.11.0.5
  159. Wed Aug 31 19:11:15 2016 Initialization Sequence Completed
  160.  
  161.  
  162.  
  163.  
  164. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
  165. EnterNode lOg
  166.  
  167. Wed Aug 31 18:14:43 2016 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
  168. Wed Aug 31 18:14:43 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
  169. Wed Aug 31 18:14:43 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:7505
  170. Wed Aug 31 18:14:43 2016 Diffie-Hellman initialized with 4096 bit key
  171. Wed Aug 31 18:14:43 2016 Control Channel Authentication: using 'ssl/ta.key' as a OpenVPN static key file
  172. Wed Aug 31 18:14:43 2016 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
  173. Wed Aug 31 18:14:43 2016 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
  174. Wed Aug 31 18:14:43 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]
  175. Wed Aug 31 18:14:43 2016 ROUTE_GATEWAY 185.90.60.1/255.255Wed Aug 31 18:14:43 2016 UDPv4 link local: Wed Aug 31 18:14:43 2016 TUN/TAP device tun0 opened
  176. Wed Aug 31 18:14:43 2016 TUNWed Aug 31 18:14:43 2016 TLS: Initial packet from [AF_INET]91.219.237.69:1194, sid=043611a3 b5aea894
  177. Wed Aug 31 18:14:44 2016 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, [email protected]
  178. Wed Aug 31 18:14:44 2016 VERIFY OK: nsCertType=SERVER
  179. Wed Aug 31 18:14:44 2016 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, [email protected]
  180. Wed Aug 31 18:14:45 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
  181. Wed Aug 31 18:14:45 2016 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
  182. Wed Aug 31 18:14:45 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
  183. Wed Aug 31 18:14:45 2016 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
  184. Wed Aug 31 18:14:45 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
  185. Wed Aug 31 18:14:45 2016 [server] Peer Connection Initiated with [AF_INET]91.219.237.69:1194
  186. Wed Aug 31 18:14:47 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
  187. Wed Aug 31 18:14:47 2016 PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.10.0.6 10.10.0.5'
  188. Wed Aug 31 18:14:47 2016 OPTIONS IMPORT: timers and/or timeouts modified
  189. Wed Aug 31 18:14:47 2016 OPTIONS IMPORT: --ifconfig/up options modified
  190. Wed Aug 31 18:14:47 2016 OPTIONS IMPORT: route options modified
  191. Wed Aug 31 18:14:47 2016 ROUTE_GATEWAY 185.90.60.1/255.255.255.0 IFACE=eth0 HWADDR=00:16:3c:fc:1a:e2
  192. Wed Aug 31 18:14:47 2016 TUN/TAP device tun3 opened
  193. Wed Aug 31 18:14:47 2016 TUN/TAP TX queue length set to 100
  194. Wed Aug 31 18:14:47 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  195. Wed Aug 31 18:14:47 2016 /sbin/ip link set dev tun3 up mtu 1500
  196. Wed Aug 31 18:14:47 2016 /sbin/ip addr add dev tun3 local 10.10.0.6 peer 10.10.0.5
  197. Wed Aug 31 18:14:47 2016 uproute.sh tun3 1500 1602 10.10.0.6 10.10.0.5 init
  198. Wed Aug 31 18:14:48 2016 /sbin/ip route add 10.10.0.1/32 via 10.10.0.5
  199. Wed Aug 31 18:14:48 2016 Initialization Sequence Completed
  200.  
  201.  
  202.  
  203. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
  204. ExitNode log
  205.  
  206. Wed Aug 31 18:15:05 2016 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
  207. Wed Aug 31 18:15:05 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
  208. Wed Aug 31 18:15:05 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:7505
  209. Wed Aug 31 18:15:05 2016 Diffie-Hellman initialized with 4096 bit key
  210. Wed Aug 31 18:15:05 2016 Control Channel Authentication: using 'ssl/ta.key' as a OpenVPN static key file
  211. Wed Aug 31 18:15:05 2016 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
  212. Wed Aug 31 18:15:05 2016 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
  213. Wed Aug 31 18:15:05 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]
  214. Wed Aug 31 18:15:05 2016 ROUTE_GATEWAY 91.219.237.1/255.255.255.0 IFACE=eth0 HWADDR=aa:00:00:f5:a6:11
  215. Wed Aug 31 18:15:05 2016 TUN/TAP device tun0 opened
  216. Wed Aug 31 18:15:05 2016 TUN/TAP TX queue length set to 100
  217. Wed Aug 31 18:15:05 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  218. Wed Aug 31 18:15:05 2016 /sbin/ip link set dev tun0 up mtu 1500
  219. Wed Aug 31 18:15:05 2016 /sbin/ip addr add dev tun0 local 10.10.0.1 peer 10.10.0.2
  220. Wed Aug 31 18:15:05 2016 /sbin/ip route add 10.10.0.0/24 via 10.10.0.2
  221. Wed Aug 31 18:15:05 2016 UDPv4 link local (bound): [undef]
  222. Wed Aug 31 18:15:05 2016 UDPv4 link remote: [undef]
  223. Wed Aug 31 18:15:05 2016 MULTI: multi_init called, r=256 v=256
  224. Wed Aug 31 18:15:05 2016 IFCONFIG POOL: base=10.10.0.4 size=62, ipv6=0
  225. Wed Aug 31 18:15:05 2016 Initialization Sequence Completed
  226. Wed Aug 31 18:15:14 2016 185.90.60.73:35629 TLS: Initial packet from [AF_INET]185.90.60.73:35629, sid=03591868 e93fd232
  227. Wed Aug 31 18:15:15 2016 185.90.60.73:35629 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, [email protected]
  228. Wed Aug 31 18:15:15 2016 185.90.60.73:35629 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client, name=EasyRSA, [email protected]
  229. Wed Aug 31 18:15:16 2016 185.90.60.73:35629 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
  230. Wed Aug 31 18:15:16 2016 185.90.60.73:35629 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
  231. Wed Aug 31 18:15:16 2016 185.90.60.73:35629 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
  232. Wed Aug 31 18:15:16 2016 185.90.60.73:35629 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
  233. Wed Aug 31 18:15:16 2016 185.90.60.73:35629 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
  234. Wed Aug 31 18:15:16 2016 185.90.60.73:35629 [client] Peer Connection Initiated with [AF_INET]185.90.60.73:35629
  235. Wed Aug 31 18:15:16 2016 client/185.90.60.73:35629 MULTI_sva: pool returned IPv4=10.10.0.6, IPv6=(Not enabled)
  236. Wed Aug 31 18:15:16 2016 client/185.90.60.73:35629 MULTI: Learn: 10.10.0.6 -> client/185.90.60.73:35629
  237. Wed Aug 31 18:15:16 2016 client/185.90.60.73:35629 MULTI: primary virtual IP for client/185.90.60.73:35629: 10.10.0.6
  238. Wed Aug 31 18:15:18 2016 client/185.90.60.73:35629 PUSH: Received control message: 'PUSH_REQUEST'
  239. Wed Aug 31 18:15:18 2016 client/185.90.60.73:35629 send_push_reply(): safe_cap=940
  240. Wed Aug 31 18:15:18 2016 client/185.90.60.73:35629 SENT CONTROL [client]: 'PUSH_REPLY,route 10.10.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.10.0.6 10.10.0.5' (status=1)
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!