SHARE
TWEET

Untitled

a guest Jun 12th, 2019 149 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Last login: Wed Jun 12 08:56:00 on ttys000
  2. ➜  ~ sudo -i
  3. Password:
  4. HuongNVs-MacBook-Pro:~ root# ssh fs@192.168.0.233
  5. fs@192.168.0.233's password:
  6. Permission denied, please try again.
  7. fs@192.168.0.233's password:
  8. Permission denied, please try again.
  9. fs@192.168.0.233's password:
  10. fs@192.168.0.233: Permission denied (publickey,password).
  11. HuongNVs-MacBook-Pro:~ root# ping 192.168.0.233
  12. PING 192.168.0.233 (192.168.0.233): 56 data bytes
  13. 64 bytes from 192.168.0.233: icmp_seq=0 ttl=63 time=6.792 ms
  14. 64 bytes from 192.168.0.233: icmp_seq=1 ttl=63 time=7.324 ms
  15. ^Z
  16. [1]+  Stopped(SIGTSTP)        ping 192.168.0.233
  17. HuongNVs-MacBook-Pro:~ root#
  18. HuongNVs-MacBook-Pro:~ root#
  19. HuongNVs-MacBook-Pro:~ root# ssh vpn@192.168.0.233
  20. vpn@192.168.0.233's password:
  21. Linux vpn 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64
  22.  
  23. The programs included with the Debian GNU/Linux system are free software;
  24. the exact distribution terms for each program are described in the
  25. individual files in /usr/share/doc/*/copyright.
  26.  
  27. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
  28. permitted by applicable law.
  29. Last login: Tue Jun 11 22:48:02 2019 from 10.80.0.6
  30. vpn@vpn:~$
  31. vpn@vpn:~$
  32. OpenVPN CLIENT LIST
  33. vpn@vpn:~$ sudo -i
  34. root@vpn:~# systemctl status openvpn
  35. openvpn@server.service  openvpn.service
  36. root@vpn:~# systemctl status openvpn@server.service
  37. ● openvpn@server.service - OpenVPN connection to server
  38. #!/bin/bash
  39.    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
  40.    Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 9min ago
  41.      Docs: man:openvpn(8)
  42.            https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
  43.            https://community.openvpn.net/openvpn/wiki/HOWTO
  44.   Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid (code=exited, status=0/SUCCESS)
  45.  Main PID: 3812 (openvpn)
  46.     Tasks: 1 (limit: 4915)
  47.    CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
  48.            └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid
  49.  
  50. Jun 11 22:27:38 vpn ovpn-server[3812]: Could not determine IPv4/IPv6 protocol. Using AF_INET
  51. Jun 11 22:27:38 vpn ovpn-server[3812]: Socket Buffers: R=[212992->212992] S=[212992->212992]
  52. Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link local (bound): [AF_INET][undef]:1195
  53. Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link remote: [AF_UNSPEC]
  54. Jun 11 22:27:38 vpn ovpn-server[3812]: GID set to nogroup
  55. Jun 11 22:27:38 vpn ovpn-server[3812]: UID set to nobody
  56. Jun 11 22:27:38 vpn ovpn-server[3812]: MULTI: multi_init called, r=256 v=256
  57. Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
  58. Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL LIST
  59. Jun 11 22:27:38 vpn ovpn-server[3812]: Initialization Sequence Completed
  60. root@vpn:~#
  61. root@vpn:~#
  62. root@vpn:~#
  63. root@vpn:~#
  64. root@vpn:~#
  65. root@vpn:~#
  66. root@vpn:~# ip a
  67. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
  68.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  69.     inet 127.0.0.1/8 scope host lo
  70.        valid_lft forever preferred_lft forever
  71.     inet6 ::1/128 scope host
  72.        valid_lft forever preferred_lft forever
  73. 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
  74.     link/ether 00:0c:29:c9:18:76 brd ff:ff:ff:ff:ff:ff
  75.     inet 192.168.0.233/24 brd 192.168.0.255 scope global ens192
  76.        valid_lft forever preferred_lft forever
  77.     inet6 fe80::20c:29ff:fec9:1876/64 scope link
  78.        valid_lft forever preferred_lft forever
  79. 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
  80.     link/none
  81.     inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
  82.        valid_lft forever preferred_lft forever
  83.     inet6 fe80::c6:42a3:c01c:1d52/64 scope link flags 800
  84.        valid_lft forever preferred_lft forever
  85. root@vpn:~#
  86. root@vpn:~#
  87. root@vpn:~# ping 192.168.0.191
  88. PING 192.168.0.191 (192.168.0.191) 56(84) bytes of data.
  89. ^Z
  90. [1]+  Stopped                 ping 192.168.0.191
  91. root@vpn:~# ping 192.168.0.221
  92. PING 192.168.0.221 (192.168.0.221) 56(84) bytes of data.
  93. ^Z
  94. [2]+  Stopped                 ping 192.168.0.221
  95. root@vpn:~#
  96. root@vpn:~#
  97. root@vpn:~#
  98. root@vpn:~#
  99. root@vpn:~#
  100. root@vpn:~#
  101. root@vpn:~#
  102. root@vpn:~# tailf /var/log/
  103. alternatives.log  apt/              auth.log          btmp              cups/             daemon.log        debug             dpkg.log          exim4/            faillog           fontconfig.log    hp/               installer/        kern.log          lastlog           messages          syslog            ufw.log           wtmp
  104. root@vpn:~# tailf /var/log/
  105. alternatives.log  apt/              auth.log          btmp              cups/             daemon.log        debug             dpkg.log          exim4/            faillog           fontconfig.log    hp/               installer/        kern.log          lastlog           messages          syslog            ufw.log           wtmp
  106. root@vpn:~#
  107. root@vpn:~#
  108. root@vpn:~#
  109. root@vpn:~#
  110. root@vpn:~# vim /etc/openvpn/
  111. ca.crt              client/             dh2048.pem          ipp.txt             openvpn-status.log  server/             server.conf         Snappy.crt          Snappy.key          ta.key              .ta.key.swp         update-resolv-conf
  112. root@vpn:~# vim /etc/openvpn/
  113. ca.crt              client/             dh2048.pem          ipp.txt             openvpn-status.log  server/             server.conf         Snappy.crt          Snappy.key          ta.key              .ta.key.swp         update-resolv-conf
  114. root@vpn:~# vim /etc/openvpn/
  115. ca.crt              client/             dh2048.pem          ipp.txt             openvpn-status.log  server/             server.conf         Snappy.crt          Snappy.key          ta.key              .ta.key.swp         update-resolv-conf
  116. root@vpn:~# vim /etc/openvpn/openvpn-status.log
  117.  
  118. [3]+  Stopped                 vim /etc/openvpn/openvpn-status.log
  119. root@vpn:~# vim /etc/openvpn/
  120. ca.crt                   client/                  dh2048.pem               ipp.txt                  openvpn-status.log       .openvpn-status.log.swp  server/                  server.conf              Snappy.crt               Snappy.key               ta.key                   .ta.key.swp              update-resolv-conf
  121. root@vpn:~# vim /etc/openvpn/update-resolv-conf
  122.  
  123. [4]+  Stopped                 vim /etc/openvpn/update-resolv-conf
  124. root@vpn:~#
  125. root@vpn:~#
  126. root@vpn:~#
  127. root@vpn:~#
  128. root@vpn:~#
  129. root@vpn:~#
  130. root@vpn:~#
  131. root@vpn:~# ls
  132. client-configs  openvpn-ca
  133. root@vpn:~# cd openvpn-ca/
  134. root@vpn:~/openvpn-ca# ls
  135. build-ca  build-inter  build-key-pass    build-key-server  build-req-pass  inherit-inter  list-crl       openssl-0.9.8.cnf  openssl.cnf  revoke-full  vars
  136. build-dh  build-key    build-key-pkcs12  build-req     clean-all       keys       openssl-0.9.6.cnf  openssl-1.0.0.cnf  pkitool      sign-req     whichopensslcnf
  137. root@vpn:~/openvpn-ca# cd /etc/openvpn/
  138. root@vpn:/etc/openvpn# ls
  139. Snappy.crt  Snappy.key  ca.crt  client  dh2048.pem  ipp.txt  openvpn-status.log  server  server.conf  ta.key  update-resolv-conf
  140. root@vpn:/etc/openvpn# cd
  141. root@vpn:~#
  142. root@vpn:~# cd
  143. # Which local IP address should OpenVPN
  144. client-configs/ openvpn-ca/
  145. root@vpn:~# cd openvpn-ca/
  146. root@vpn:~/openvpn-ca# ls
  147. build-ca  build-inter  build-key-pass    build-key-server  build-req-pass  inherit-inter  list-crl       openssl-0.9.8.cnf  openssl.cnf  revoke-full  vars
  148.  
  149.  
  150.  
  151.  
  152.  
  153.  
  154.  
  155.  
  156.  
  157.  
  158.  
  159.  
  160.  
  161.  
  162.  
  163.  
  164.  
  165.  
  166.  
  167.  
  168. #
  169. build-dh  build-key    build-key-pkcs12  build-req     clean-all       keys       openssl-0.9.6.cnf  openssl-1.0.0.cnf  pkitool      sign-req     whichopensslcnf
  170. root@vpn:~/openvpn-ca# cd keys/
  171. root@vpn:~/openvpn-ca/keys# ls
  172. 01.pem  Snappy.crt  Snappy.key  ca.key      index.txt       index.txt.attr.old  pm.crt  pm.key  serial.old
  173. 02.pem  Snappy.csr  ca.crt  dh2048.pem  index.txt.attr  index.txt.old   pm.csr  serial  ta.key
  174. root@vpn:~/openvpn-ca/keys# scp ca.crt pm.crt pm.key cc2@192.168.0.221:/home/cc2/
  175. The authenticity of host '192.168.0.221 (192.168.0.221)' can't be established.
  176. ECDSA key fingerprint is SHA256:X5XeeYTc+F7oacAZIaX75rTXltIwCi4eP5v0e6pvpWU.
  177. Are you sure you want to continue connecting (yes/no)? yes
  178. Warning: Permanently added '192.168.0.221' (ECDSA) to the list of known hosts.
  179. cc2@192.168.0.221's password:
  180. ca.crt                                                                                                                                             100% 1679     1.4MB/s   00:00
  181. pm.crt                                                                                                                                             100% 5365    13.7MB/s   00:00
  182. pm.key                                                                                                                                             100% 1704     5.4MB/s   00:00
  183. root@vpn:~/openvpn-ca/keys# systemctl status openvpn
  184. openvpn@server.service  openvpn.service
  185. root@vpn:~/openvpn-ca/keys# systemctl status openvpn
  186. openvpn@server.service  openvpn.service
  187. root@vpn:~/openvpn-ca/keys# systemctl status openvpn@server.service
  188. ● openvpn@server.service - OpenVPN connection to server
  189.    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
  190.    Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 29min ago
  191.      Docs: man:openvpn(8)
  192.            https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
  193.            https://community.openvpn.net/openvpn/wiki/HOWTO
  194.   Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
  195.  Main PID: 3812 (openvpn)
  196.     Tasks: 1 (limit: 4915)
  197.    CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
  198.            └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
  199.  
  200. Jun 11 22:27:38 vpn ovpn-server[3812]: Could not determine IPv4/IPv6 protocol. Using AF_INET
  201. Jun 11 22:27:38 vpn ovpn-server[3812]: Socket Buffers: R=[212992->212992] S=[212992->212992]
  202. Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link local (bound): [AF_INET][undef]:1195
  203. Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link remote: [AF_UNSPEC]
  204. Jun 11 22:27:38 vpn ovpn-server[3812]: GID set to nogroup
  205. Jun 11 22:27:38 vpn ovpn-server[3812]: UID set to nobody
  206. Jun 11 22:27:38 vpn ovpn-server[3812]: MULTI: multi_init called, r=256 v=256
  207. Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
  208. Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL LIST
  209. Jun 11 22:27:38 vpn ovpn-server[3812]: Initialization Sequence Completed
  210.  
  211. [5]+  Stopped                 systemctl status openvpn@server.service
  212. root@vpn:~/openvpn-ca/keys#
  213. root@vpn:~/openvpn-ca/keys#
  214. root@vpn:~/openvpn-ca/keys# history
  215.     1  vim /etc/sudoers
  216.     2  apt update -y
  217.     3  apt dist-upgrade -y
  218.     4  apt install ufw -y
  219.     5  systemctl status openvpn@server.service
  220.     6  ip a
  221.     7  ping 192.168.0.191
  222.     8  ping 192.168.0.221
  223.     9  vim /etc/openvpn/openvpn-status.log
  224.    10  vim /etc/openvpn/update-resolv-conf
  225.    11  ls
  226.    12  cd openvpn-ca/
  227.    13  ls
  228.    14  cd /etc/openvpn/
  229.    15  ls
  230.    16  cd
  231.    17  cd openvpn-ca/
  232.    18  ls
  233.    19  cd keys/
  234.    20  ls
  235.    21  scp ca.crt pm.crt pm.key cc2@192.168.0.221:/home/cc2/
  236.    22  systemctl status openvpn@server.service
  237.    23  history
  238. root@vpn:~/openvpn-ca/keys#
  239. root@vpn:~/openvpn-ca/keys#
  240. root@vpn:~/openvpn-ca/keys#
  241. root@vpn:~/openvpn-ca/keys#
  242. root@vpn:~/openvpn-ca/keys#
  243. root@vpn:~/openvpn-ca/keys# cd /etc/openvpn/
  244. root@vpn:/etc/openvpn# ls
  245. Snappy.crt  Snappy.key  ca.crt  client  dh2048.pem  ipp.txt  openvpn-status.log  server  server.conf  ta.key  update-resolv-conf
  246. root@vpn:/etc/openvpn# vim server.conf
  247.  
  248. [6]+  Stopped                 vim server.conf
  249. root@vpn:/etc/openvpn#
  250. root@vpn:/etc/openvpn# vim server.conf
  251.  
  252. [7]+  Stopped                 vim server.conf
  253. root@vpn:/etc/openvpn#
  254. root@vpn:/etc/openvpn#
  255. root@vpn:/etc/openvpn# systemctl status openvpn
  256. openvpn@server.service  openvpn.service
  257. root@vpn:/etc/openvpn# systemctl status openvpn
  258. openvpn@server.service  openvpn.service
  259. root@vpn:/etc/openvpn# systemctl status openvpn@server.service
  260. ● openvpn@server.service - OpenVPN connection to server
  261.    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
  262.    Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 36min ago
  263.      Docs: man:openvpn(8)
  264.            https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
  265.            https://community.openvpn.net/openvpn/wiki/HOWTO
  266.   Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
  267.  Main PID: 3812 (openvpn)
  268.     Tasks: 1 (limit: 4915)
  269.    CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
  270.            └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
  271.  
  272. Jun 12 01:02:05 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49167
  273. Jun 12 01:02:40 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
  274. Jun 12 01:02:42 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
  275. Jun 12 01:02:46 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
  276. Jun 12 01:02:54 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
  277. Jun 12 01:03:10 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
  278. Jun 12 01:03:45 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
  279. Jun 12 01:03:47 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
  280. Jun 12 01:03:51 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
  281. Jun 12 01:03:59 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
  282.  
  283. [8]+  Stopped                 systemctl status openvpn@server.service
  284. root@vpn:/etc/openvpn#
  285. root@vpn:/etc/openvpn#
  286. root@vpn:/etc/openvpn#
  287. root@vpn:/etc/openvpn#
  288. root@vpn:/etc/openvpn# ufw
  289. ca.crt                   ipp.txt                  server/                  .server.conf.swp         ta.key
  290. client/                  openvpn-status.log       server.conf              Snappy.crt               update-resolv-conf
  291. dh2048.pem               .openvpn-status.log.swp  .server.conf.swo         Snappy.key               .update-resolv-conf.swp
  292. root@vpn:/etc/openvpn# ufw
  293. ca.crt                   ipp.txt                  server/                  .server.conf.swp         ta.key
  294. client/                  openvpn-status.log       server.conf              Snappy.crt               update-resolv-conf
  295. dh2048.pem               .openvpn-status.log.swp  .server.conf.swo         Snappy.key               .update-resolv-conf.swp
  296. root@vpn:/etc/openvpn# ufw status
  297. Status: active
  298.  
  299. To                         Action      From
  300. --                         ------      ----
  301. 1195/udp                   ALLOW       Anywhere
  302. OpenSSH                    ALLOW       Anywhere
  303. 1195/udp (v6)              ALLOW       Anywhere (v6)
  304. OpenSSH (v6)               ALLOW       Anywhere (v6)
  305.  
  306. root@vpn:/etc/openvpn# systemctl status openvpn@server.service
  307. ● openvpn@server.service - OpenVPN connection to server
  308.    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
  309.    Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 39min ago
  310.      Docs: man:openvpn(8)
  311.            https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
  312.            https://community.openvpn.net/openvpn/wiki/HOWTO
  313.   Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
  314.  Main PID: 3812 (openvpn)
  315.     Tasks: 1 (limit: 4915)
  316.    CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
  317.            └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
  318.  
  319. Jun 12 01:04:50 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
  320. Jun 12 01:04:52 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
  321. Jun 12 01:04:56 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
  322. Jun 12 01:05:04 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
  323. Jun 12 01:05:20 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
  324. Jun 12 01:06:00 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
  325. Jun 12 01:06:02 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
  326. Jun 12 01:06:06 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
  327. Jun 12 01:06:14 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
  328. Jun 12 01:06:30 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
  329.  
  330. [9]+  Stopped                 systemctl status openvpn@server.service
  331. root@vpn:/etc/openvpn# his
  332. history
  333.     1  vim /etc/sudoers
  334.     2  apt update -y
  335.     3  apt dist-upgrade -y
  336.     4  apt install ufw -y
  337.     5  systemctl status openvpn@server.service
  338.     6  ip a
  339.     7  ping 192.168.0.191
  340.     8  ping 192.168.0.221
  341.     9  vim /etc/openvpn/openvpn-status.log
  342.    10  vim /etc/openvpn/update-resolv-conf
  343.    11  ls
  344.    12  cd openvpn-ca/
  345.    13  ls
  346.    14  cd /etc/openvpn/
  347.    15  ls
  348.    16  cd
  349.    17  cd openvpn-ca/
  350.    18  ls
  351.    19  cd keys/
  352.    20  ls
  353.    21  scp ca.crt pm.crt pm.key cc2@192.168.0.221:/home/cc2/
  354.    22  systemctl status openvpn@server.service
  355.    23  history
  356.    24  cd /etc/openvpn/
  357.    25  ls
  358.    26  vim server.conf
  359.  
  360.  
  361.  
  362.  
  363.  
  364.  
  365.  
  366.  
  367.  
  368.  
  369.  
  370.  
  371.  
  372.  
  373.  
  374.  
  375.  
  376.  
  377.  
  378.  
  379. # listen on? (optional)
  380. ;local a.b.c.d
  381.  
  382. # Which TCP/UDP port should OpenVPN listen on?
  383. # If you want to run multiple OpenVPN instances
  384. # on the same machine, use a different port
  385. # number for each one.  You will need to
  386. # open up this port on your firewall.
  387. port 1195
  388.  
  389. # TCP or UDP server?
  390. ;proto tcp
  391. proto udp
  392.  
  393. # "dev tun" will create a routed IP tunnel,
  394. # "dev tap" will create an ethernet tunnel.
  395. # Use "dev tap0" if you are ethernet bridging
  396. # and have precreated a tap0 virtual interface
  397. # and bridged it with your ethernet interface.
  398. # If you want to control access policies
  399. # over the VPN, you must create firewall
  400. # rules for the the TUN/TAP interface.
  401. # On non-Windows systems, you can give
  402. # an explicit unit number, such as tun0.
  403. # On Windows, use "dev-node" for this.
  404. # On most systems, the VPN will not function
  405. # unless you partially or fully disable
  406. # the firewall for the TUN/TAP interface.
  407. ;dev tap
  408. dev tun
  409.  
  410. # Windows needs the TAP-Win32 adapter name
  411. # from the Network Connections panel if you
  412. # have more than one.  On XP SP2 or higher,
  413. # you may need to selectively disable the
  414. # Windows firewall for the TAP adapter.
  415. # Non-Windows systems usually don't need this.
  416. ;dev-node MyTap
  417.  
  418. # SSL/TLS root certificate (ca), certificate
  419. # (cert), and private key (key).  Each client
  420. # and the server must have their own cert and
  421. # key file.  The server and all clients will
  422. # use the same ca file.
  423. #
  424. # See the "easy-rsa" directory for a series
  425. # of scripts for generating RSA certificates
  426. # and private keys.  Remember to use
  427. # a unique Common Name for the server
  428. # and each of the client certificates.
  429. #
  430. # Any X509 key management system can be used.
  431. # OpenVPN can also use a PKCS #12 formatted key file
  432. # (see "pkcs12" directive in man page).
  433. ca ca.crt
  434. cert Snappy.crt
  435. key Snappy.key  # This file should be kept secret
  436.  
  437. # Diffie hellman parameters.
  438. # Generate your own with:
  439. #   openssl dhparam -out dh2048.pem 2048
  440. dh dh2048.pem
  441.  
  442. # Network topology
  443. # Should be subnet (addressing via IP)
  444. # unless Windows clients v2.0.9 and lower have to
  445. # be supported (then net30, i.e. a /30 per client)
  446. # Defaults to net30 (not recommended)
  447. ;topology subnet
  448.  
  449. # Configure server mode and supply a VPN subnet
  450. # for OpenVPN to draw client addresses from.
  451. # The server will take 10.8.0.1 for itself,
  452. # the rest will be made available to clients.
  453. # Each client will be able to reach the server
  454. # on 10.8.0.1. Comment this line out if you are
  455. # ethernet bridging. See the man page for more info.
  456. server 10.8.0.0 255.255.255.0
  457.  
  458. # Maintain a record of client <-> virtual IP address
  459. # associations in this file.  If OpenVPN goes down or
  460. # is restarted, reconnecting clients can be assigned
  461. /tl
  462. # clients to be able to "see" each other.
  463.    27  vim server.conf
  464.    28  systemctl status openvpn@server.service
  465.    29  ufw status
  466.    30  systemctl status openvpn@server.service
  467.  
  468.  
  469.  
  470.  
  471.  
  472.  
  473.  
  474.  
  475.  
  476.  
  477.  
  478.  
  479.  
  480.  
  481.  
  482.  
  483.  
  484.  
  485.  
  486.  
  487. # listen on? (optional)
  488. ;local a.b.c.d
  489.  
  490. # Which TCP/UDP port should OpenVPN listen on?
  491. # If you want to run multiple OpenVPN instances
  492. # on the same machine, use a different port
  493. # number for each one.  You will need to
  494. # open up this port on your firewall.
  495. port 1195
  496.  
  497. # TCP or UDP server?
  498. ;proto tcp
  499. proto udp
  500.  
  501. # "dev tun" will create a routed IP tunnel,
  502. # "dev tap" will create an ethernet tunnel.
  503. # Use "dev tap0" if you are ethernet bridging
  504. # and have precreated a tap0 virtual interface
  505. # and bridged it with your ethernet interface.
  506. # If you want to control access policies
  507. # over the VPN, you must create firewall
  508. # rules for the the TUN/TAP interface.
  509. # On non-Windows systems, you can give
  510. # an explicit unit number, such as tun0.
  511. # On Windows, use "dev-node" for this.
  512. # On most systems, the VPN will not function
  513. # unless you partially or fully disable
  514. # the firewall for the TUN/TAP interface.
  515. ;dev tap
  516. dev tun
  517.  
  518. # Windows needs the TAP-Win32 adapter name
  519. # from the Network Connections panel if you
  520. # have more than one.  On XP SP2 or higher,
  521. # you may need to selectively disable the
  522. # Windows firewall for the TAP adapter.
  523. # Non-Windows systems usually don't need this.
  524. ;dev-node MyTap
  525.  
  526. # SSL/TLS root certificate (ca), certificate
  527. # (cert), and private key (key).  Each client
  528. # and the server must have their own cert and
  529. # key file.  The server and all clients will
  530. # use the same ca file.
  531. #
  532. # See the "easy-rsa" directory for a series
  533. # of scripts for generating RSA certificates
  534. # and private keys.  Remember to use
  535. # a unique Common Name for the server
  536. # and each of the client certificates.
  537. #
  538. # Any X509 key management system can be used.
  539. # OpenVPN can also use a PKCS #12 formatted key file
  540. # (see "pkcs12" directive in man page).
  541. ca ca.crt
  542. cert Snappy.crt
  543. key Snappy.key  # This file should be kept secret
  544.  
  545. # Diffie hellman parameters.
  546. # Generate your own with:
  547. #   openssl dhparam -out dh2048.pem 2048
  548. dh dh2048.pem
  549.  
  550. # Network topology
  551. # Should be subnet (addressing via IP)
  552. # unless Windows clients v2.0.9 and lower have to
  553. # be supported (then net30, i.e. a /30 per client)
  554. # Defaults to net30 (not recommended)
  555. ;topology subnet
  556.  
  557. # Configure server mode and supply a VPN subnet
  558. # for OpenVPN to draw client addresses from.
  559. # The server will take 10.8.0.1 for itself,
  560. # the rest will be made available to clients.
  561. # Each client will be able to reach the server
  562. # on 10.8.0.1. Comment this line out if you are
  563. # ethernet bridging. See the man page for more info.
  564. server 10.8.0.0 255.255.255.0
  565.  
  566. # Maintain a record of client <-> virtual IP address
  567. # associations in this file.  If OpenVPN goes down or
  568. # is restarted, reconnecting clients can be assigned
  569. /tl
  570. # clients to be able to "see" each other.
  571.    31  history
  572. root@vpn:/etc/openvpn# systemctl status openvpn@server.service
  573. ● openvpn@server.service - OpenVPN connection to server
  574.    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
  575.    Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 44min ago
  576.      Docs: man:openvpn(8)
  577.            https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
  578.            https://community.openvpn.net/openvpn/wiki/HOWTO
  579.   Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
  580.  Main PID: 3812 (openvpn)
  581.     Tasks: 1 (limit: 4915)
  582.    CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
  583.            └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
  584.  
  585. Jun 12 01:09:31 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:54271
  586. Jun 12 01:11:04 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
  587. Jun 12 01:11:06 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
  588. Jun 12 01:11:10 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
  589. Jun 12 01:11:18 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
  590. Jun 12 01:11:21 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
  591. Jun 12 01:11:23 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
  592. Jun 12 01:11:27 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
  593. Jun 12 01:11:34 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
  594. Jun 12 01:11:35 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
  595.  
  596. [10]+  Stopped                 systemctl status openvpn@server.service
  597. root@vpn:/etc/openvpn#
  598. root@vpn:/etc/openvpn#
  599. root@vpn:/etc/openvpn#
  600. root@vpn:/etc/openvpn#
  601. root@vpn:/etc/openvpn#
  602. root@vpn:/etc/openvpn#
  603. root@vpn:/etc/openvpn#
  604. root@vpn:/etc/openvpn#
  605. root@vpn:/etc/openvpn# ls
  606. Snappy.crt  Snappy.key  ca.crt  client  dh2048.pem  ipp.txt  openvpn-status.log  server  server.conf  ta.key  update-resolv-conf
  607. root@vpn:/etc/openvpn#
  608. root@vpn:/etc/openvpn#
  609. root@vpn:/etc/openvpn#
  610. root@vpn:/etc/openvpn# scp ta.key cc2@192.168.0.221:/home/cc2/
  611. cc2@192.168.0.221's password:
  612. ta.key                                                                                                                                             100%  636     1.7MB/s   00:00
  613. root@vpn:/etc/openvpn# scp ta.key cc2@192.168.0.221:/home/cc2/
  614. cc2@192.168.0.221's password:
  615.  
  616. [11]+  Stopped                 scp ta.key cc2@192.168.0.221:/home/cc2/
  617. root@vpn:/etc/openvpn# systemctl status openvpn@server.service
  618. ● openvpn@server.service - OpenVPN connection to server
  619.    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
  620.    Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 50min ago
  621.      Docs: man:openvpn(8)
  622.            https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
  623.            https://community.openvpn.net/openvpn/wiki/HOWTO
  624.   Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
  625.  Main PID: 3812 (openvpn)
  626.     Tasks: 1 (limit: 4915)
  627.    CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
  628.            └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
  629.  
  630. Jun 12 01:13:21 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51262
  631. Jun 12 01:13:31 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51262
  632. # UDP server?  Use the same setting as
  633. Jun 12 01:13:47 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51262
  634. Jun 12 01:14:20 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33148
  635. Jun 12 01:14:23 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33148
  636. Jun 12 01:15:01 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
  637. Jun 12 01:15:03 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
  638. Jun 12 01:15:07 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
  639. Jun 12 01:15:15 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
  640. Jun 12 01:15:31 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
  641.  
  642. [12]+  Stopped                 systemctl status openvpn@server.service
  643. root@vpn:/etc/openvpn#
  644. root@vpn:/etc/openvpn#
  645. root@vpn:/etc/openvpn#
  646. root@vpn:/etc/openvpn#
  647. root@vpn:/etc/openvpn#
  648. root@vpn:/etc/openvpn#
  649. root@vpn:/etc/openvpn# vim server.conf
  650.  
  651. [13]+  Stopped                 vim server.conf
  652. root@vpn:/etc/openvpn#
  653. root@vpn:/etc/openvpn# vim server.conf
  654.  
  655. [14]+  Stopped                 vim server.conf
  656. root@vpn:/etc/openvpn# systemctl status openvpn@server.service
  657. ● openvpn@server.service - OpenVPN connection to server
  658.    Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
  659.  
  660.  
  661.  
  662.  
  663.  
  664.  
  665.  
  666.  
  667.  
  668.  
  669.  
  670.  
  671.  
  672.  
  673.  
  674.  
  675.  
  676.  
  677.  
  678.  
  679. cipher AES-256-CBC
  680.    Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 59min ago
  681.      Docs: man:openvpn(8)
  682.            https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
  683.            https://community.openvpn.net/openvpn/wiki/HOWTO
  684.   Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
  685.  Main PID: 3812 (openvpn)
  686.     Tasks: 1 (limit: 4915)
  687.    CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
  688.            └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
  689.  
  690. Jun 12 01:26:47 vpn ovpn-server[3812]: 192.168.0.221:58231 peer info: IV_TCPNL=1
  691. Jun 12 01:26:47 vpn ovpn-server[3812]: 192.168.0.221:58231 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
  692. Jun 12 01:26:47 vpn ovpn-server[3812]: 192.168.0.221:58231 [pm] Peer Connection Initiated with [AF_INET]192.168.0.221:58231
  693. Jun 12 01:26:47 vpn ovpn-server[3812]: pm/192.168.0.221:58231 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
  694. Jun 12 01:26:47 vpn ovpn-server[3812]: pm/192.168.0.221:58231 MULTI: Learn: 10.8.0.6 -> pm/192.168.0.221:58231
  695. Jun 12 01:26:47 vpn ovpn-server[3812]: pm/192.168.0.221:58231 MULTI: primary virtual IP for pm/192.168.0.221:58231: 10.8.0.6
  696. Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 PUSH: Received control message: 'PUSH_REQUEST'
  697. Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 SENT CONTROL [pm]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-i
  698. Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
  699. Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
  700.  
  701. [15]+  Stopped                 systemctl status openvpn@server.service
  702. root@vpn:/etc/openvpn#
  703. root@vpn:/etc/openvpn#
  704. root@vpn:/etc/openvpn# ip a
  705. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
  706.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  707.     inet 127.0.0.1/8 scope host lo
  708.        valid_lft forever preferred_lft forever
  709.     inet6 ::1/128 scope host
  710.        valid_lft forever preferred_lft forever
  711. 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
  712.     link/ether 00:0c:29:c9:18:76 brd ff:ff:ff:ff:ff:ff
  713.     inet 192.168.0.233/24 brd 192.168.0.255 scope global ens192
  714.        valid_lft forever preferred_lft forever
  715.     inet6 fe80::20c:29ff:fec9:1876/64 scope link
  716.        valid_lft forever preferred_lft forever
  717. 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
  718.     link/none
  719.     inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
  720.        valid_lft forever preferred_lft forever
  721.     inet6 fe80::c6:42a3:c01c:1d52/64 scope link flags 800
  722.        valid_lft forever preferred_lft forever
  723. root@vpn:/etc/openvpn#
  724. root@vpn:/etc/openvpn#
  725. root@vpn:/etc/openvpn# cd
  726. root@vpn:~#
  727. root@vpn:~# ls
  728. client-configs  openvpn-ca
  729. root@vpn:~# cd client-configs/
  730. root@vpn:~/client-configs# ls
  731. base.conf  files  make_config.sh
  732. root@vpn:~/client-configs# cd files/
  733. root@vpn:~/client-configs/files# ls
  734. huongnv.ovpn  pm.ovpn
  735. root@vpn:~/client-configs/files# vim huongnv.ovpn
  736.  
  737. [16]+  Stopped                 vim huongnv.ovpn
  738. root@vpn:~/client-configs/files# ip a
  739. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
  740.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  741.     inet 127.0.0.1/8 scope host lo
  742.        valid_lft forever preferred_lft forever
  743.     inet6 ::1/128 scope host
  744.        valid_lft forever preferred_lft forever
  745. 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
  746.     link/ether 00:0c:29:c9:18:76 brd ff:ff:ff:ff:ff:ff
  747.     inet 192.168.0.233/24 brd 192.168.0.255 scope global ens192
  748.        valid_lft forever preferred_lft forever
  749.     inet6 fe80::20c:29ff:fec9:1876/64 scope link
  750.        valid_lft forever preferred_lft forever
  751. 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
  752.     link/none
  753.     inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
  754.        valid_lft forever preferred_lft forever
  755.     inet6 fe80::c6:42a3:c01c:1d52/64 scope link flags 800
  756.        valid_lft forever preferred_lft forever
  757. root@vpn:~/client-configs/files# ls
  758. huongnv.ovpn  pm.ovpn
  759. root@vpn:~/client-configs/files#
  760. root@vpn:~/client-configs/files#
  761. root@vpn:~/client-configs/files# vim huongnv.ovpn
  762. root@vpn:~/client-configs/files#
  763. root@vpn:~/client-configs/files#
  764. root@vpn:~/client-configs/files#
  765. root@vpn:~/client-configs/files#
  766. root@vpn:~/client-configs/files#
  767. root@vpn:~/client-configs/files#
  768. root@vpn:~/client-configs/files#
  769. root@vpn:~/client-configs/files#
  770. root@vpn:~/client-configs/files# ls
  771. huongnv.ovpn  pm.ovpn
  772. root@vpn:~/client-configs/files#
  773. root@vpn:~/client-configs/files#
  774. root@vpn:~/client-configs/files# cat huongnv.ovpn
  775. ##############################################
  776. # Sample client-side OpenVPN 2.0 config file #
  777. # for connecting to multi-client server.     #
  778. #                                            #
  779. # This configuration can be used by multiple #
  780. # clients, however each client should have   #
  781. # its own cert and key files.                #
  782. #                                            #
  783. # On Windows, you might want to rename this  #
  784. # file so it has a .ovpn extension           #
  785. ##############################################
  786.  
  787. # Specify that we are a client and that we
  788. # will be pulling certain config file directives
  789. # from the server.
  790. client
  791.  
  792. # Use the same setting as you are using on
  793. # the server.
  794. # On most systems, the VPN will not function
  795. # unless you partially or fully disable
  796. # the firewall for the TUN/TAP interface.
  797. ;dev tap
  798. dev tun
  799.  
  800. # Windows needs the TAP-Win32 adapter name
  801. # from the Network Connections panel
  802. # if you have more than one.  On XP SP2,
  803. # you may need to disable the firewall
  804. # for the TAP adapter.
  805. ;dev-node MyTap
  806.  
  807. # Are we connecting to a TCP or
  808. # UDP server?  Use the same setting as
  809. # on the server.
  810. ;proto tcp
  811. proto udp
  812.  
  813. # The hostname/IP and port of the server.
  814. # You can have multiple remote entries
  815. # to load balance between the servers.
  816. remote 192.168.0.233 1195
  817. ;remote my-server-2 1194
  818.  
  819. # Choose a random host from the remote
  820. # list for load-balancing.  Otherwise
  821. # try hosts in the order specified.
  822. ;remote-random
  823.  
  824. # Keep trying indefinitely to resolve the
  825. # host name of the OpenVPN server.  Very useful
  826. # on machines which are not permanently connected
  827. # to the internet such as laptops.
  828. resolv-retry infinite
  829.  
  830. # Most clients don't need to bind to
  831. # a specific local port number.
  832. nobind
  833.  
  834. # Downgrade privileges after initialization (non-Windows only)
  835. user nobody
  836. group nogroup
  837.  
  838. # Try to preserve some state across restarts.
  839. persist-key
  840. persist-tun
  841.  
  842. # If you are connecting through an
  843. # HTTP proxy to reach the actual OpenVPN
  844. # server, put the proxy server/IP and
  845. # port number here.  See the man page
  846. # if your proxy server requires
  847. # authentication.
  848. ;http-proxy-retry # retry on connection failures
  849. ;http-proxy [proxy server] [proxy port #]
  850.  
  851. # Wireless networks often produce a lot
  852. # of duplicate packets.  Set this flag
  853. # to silence duplicate packet warnings.
  854. ;mute-replay-warnings
  855.  
  856. # SSL/TLS parms.
  857. # See the server config file for more
  858. # description.  It's best to use
  859. # a separate .crt/.key file pair
  860. # for each client.  A single ca
  861. # file can be used for all clients.
  862. #ca ca.crt
  863. #cert client.crt
  864. #key client.key
  865.  
  866. # Verify server certificate by checking that the
  867. # certicate has the correct key usage set.
  868. # This is an important precaution to protect against
  869. # a potential attack discussed here:
  870. #  http://openvpn.net/howto.html#mitm
  871. #
  872. # To use this feature, you will need to generate
  873. # your server certificates with the keyUsage set to
  874. #   digitalSignature, keyEncipherment
  875. # and the extendedKeyUsage to
  876. #   serverAuth
  877. # EasyRSA can do this for you.
  878. remote-cert-tls server
  879.  
  880.  
  881.  
  882.  
  883.  
  884.  
  885.  
  886.  
  887.  
  888.  
  889.  
  890.  
  891.  
  892.  
  893.  
  894.  
  895.  
  896.  
  897.  
  898.  
  899.  
  900.  
  901. # try hosts in the order specified.
  902. ;remote-random
  903.  
  904. # Keep trying indefinitely to resolve the
  905. # host name of the OpenVPN server.  Very useful
  906. # on machines which are not permanently connected
  907. # to the internet such as laptops.
  908. resolv-retry infinite
  909.  
  910. # Most clients don't need to bind to
  911. # a specific local port number.
  912. nobind
  913.  
  914. # Downgrade privileges after initialization (non-Windows only)
  915. user nobody
  916. group nogroup
  917.  
  918. # Try to preserve some state across restarts.
  919. persist-key
  920. persist-tun
  921.  
  922. # If you are connecting through an
  923. # HTTP proxy to reach the actual OpenVPN
  924. # server, put the proxy server/IP and
  925. # port number here.  See the man page
  926. # if your proxy server requires
  927. # authentication.
  928. ;http-proxy-retry # retry on connection failures
  929. ;http-proxy [proxy server] [proxy port #]
  930.  
  931. # Wireless networks often produce a lot
  932. # of duplicate packets.  Set this flag
  933. # to silence duplicate packet warnings.
  934. ;mute-replay-warnings
  935.  
  936. # SSL/TLS parms.
  937. # See the server config file for more
  938. # description.  It's best to use
  939. # a separate .crt/.key file pair
  940. # for each client.  A single ca
  941. # file can be used for all clients.
  942. #ca ca.crt
  943. #cert client.crt
  944. #key client.key
  945.  
  946. # Verify server certificate by checking that the
  947. # certicate has the correct key usage set.
  948. # This is an important precaution to protect against
  949. # a potential attack discussed here:
  950. #  http://openvpn.net/howto.html#mitm
  951. #
  952. # To use this feature, you will need to generate
  953. # your server certificates with the keyUsage set to
  954. #   digitalSignature, keyEncipherment
  955. # and the extendedKeyUsage to
  956. #   serverAuth
  957. # EasyRSA can do this for you.
  958. remote-cert-tls server
  959.  
  960. # If a tls-auth key is used on the server
  961. # then every client must also have the key.
  962. tls-auth ta.key 1
  963. key-direction 1
  964.  
  965.  
  966. # Select a cryptographic cipher.
  967. # If the cipher option is used on the server
  968. # then you must also specify it here.
  969. # Note that 2.4 client/server will automatically
  970. # negotiate AES-256-GCM in TLS mode.
  971. # See also the ncp-cipher option in the manpage
  972. cipher AES-256-CBC
  973. auth SHA256
  974.  
  975. # Enable compression on the VPN link.
  976. # Don't enable this unless it is also
  977. # enabled in the server config file.
  978. #comp-lzo
  979.  
  980. # Set log file verbosity.
  981. verb 3
  982.  
  983. "huongnv.ovpn" [readonly] 186L, 5994C                                                                                                                              123,20        44%
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top