Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Last login: Wed Jun 12 08:56:00 on ttys000
- ➜ ~ sudo -i
- Password:
- HuongNVs-MacBook-Pro:~ root# ssh fs@192.168.0.233
- fs@192.168.0.233's password:
- Permission denied, please try again.
- fs@192.168.0.233's password:
- Permission denied, please try again.
- fs@192.168.0.233's password:
- fs@192.168.0.233: Permission denied (publickey,password).
- HuongNVs-MacBook-Pro:~ root# ping 192.168.0.233
- PING 192.168.0.233 (192.168.0.233): 56 data bytes
- 64 bytes from 192.168.0.233: icmp_seq=0 ttl=63 time=6.792 ms
- 64 bytes from 192.168.0.233: icmp_seq=1 ttl=63 time=7.324 ms
- ^Z
- [1]+ Stopped(SIGTSTP) ping 192.168.0.233
- HuongNVs-MacBook-Pro:~ root#
- HuongNVs-MacBook-Pro:~ root#
- HuongNVs-MacBook-Pro:~ root# ssh vpn@192.168.0.233
- vpn@192.168.0.233's password:
- Linux vpn 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64
- The programs included with the Debian GNU/Linux system are free software;
- the exact distribution terms for each program are described in the
- individual files in /usr/share/doc/*/copyright.
- Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
- permitted by applicable law.
- Last login: Tue Jun 11 22:48:02 2019 from 10.80.0.6
- vpn@vpn:~$
- vpn@vpn:~$
- OpenVPN CLIENT LIST
- vpn@vpn:~$ sudo -i
- root@vpn:~# systemctl status openvpn
- openvpn@server.service openvpn.service
- root@vpn:~# systemctl status openvpn@server.service
- ● openvpn@server.service - OpenVPN connection to server
- #!/bin/bash
- Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
- Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 9min ago
- Docs: man:openvpn(8)
- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
- https://community.openvpn.net/openvpn/wiki/HOWTO
- Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid (code=exited, status=0/SUCCESS)
- Main PID: 3812 (openvpn)
- Tasks: 1 (limit: 4915)
- CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
- └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid
- Jun 11 22:27:38 vpn ovpn-server[3812]: Could not determine IPv4/IPv6 protocol. Using AF_INET
- Jun 11 22:27:38 vpn ovpn-server[3812]: Socket Buffers: R=[212992->212992] S=[212992->212992]
- Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link local (bound): [AF_INET][undef]:1195
- Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link remote: [AF_UNSPEC]
- Jun 11 22:27:38 vpn ovpn-server[3812]: GID set to nogroup
- Jun 11 22:27:38 vpn ovpn-server[3812]: UID set to nobody
- Jun 11 22:27:38 vpn ovpn-server[3812]: MULTI: multi_init called, r=256 v=256
- Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
- Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL LIST
- Jun 11 22:27:38 vpn ovpn-server[3812]: Initialization Sequence Completed
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~# ip a
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
- link/ether 00:0c:29:c9:18:76 brd ff:ff:ff:ff:ff:ff
- inet 192.168.0.233/24 brd 192.168.0.255 scope global ens192
- valid_lft forever preferred_lft forever
- inet6 fe80::20c:29ff:fec9:1876/64 scope link
- valid_lft forever preferred_lft forever
- 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
- link/none
- inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
- valid_lft forever preferred_lft forever
- inet6 fe80::c6:42a3:c01c:1d52/64 scope link flags 800
- valid_lft forever preferred_lft forever
- root@vpn:~#
- root@vpn:~#
- root@vpn:~# ping 192.168.0.191
- PING 192.168.0.191 (192.168.0.191) 56(84) bytes of data.
- ^Z
- [1]+ Stopped ping 192.168.0.191
- root@vpn:~# ping 192.168.0.221
- PING 192.168.0.221 (192.168.0.221) 56(84) bytes of data.
- ^Z
- [2]+ Stopped ping 192.168.0.221
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~# tailf /var/log/
- alternatives.log apt/ auth.log btmp cups/ daemon.log debug dpkg.log exim4/ faillog fontconfig.log hp/ installer/ kern.log lastlog messages syslog ufw.log wtmp
- root@vpn:~# tailf /var/log/
- alternatives.log apt/ auth.log btmp cups/ daemon.log debug dpkg.log exim4/ faillog fontconfig.log hp/ installer/ kern.log lastlog messages syslog ufw.log wtmp
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~# vim /etc/openvpn/
- ca.crt client/ dh2048.pem ipp.txt openvpn-status.log server/ server.conf Snappy.crt Snappy.key ta.key .ta.key.swp update-resolv-conf
- root@vpn:~# vim /etc/openvpn/
- ca.crt client/ dh2048.pem ipp.txt openvpn-status.log server/ server.conf Snappy.crt Snappy.key ta.key .ta.key.swp update-resolv-conf
- root@vpn:~# vim /etc/openvpn/
- ca.crt client/ dh2048.pem ipp.txt openvpn-status.log server/ server.conf Snappy.crt Snappy.key ta.key .ta.key.swp update-resolv-conf
- root@vpn:~# vim /etc/openvpn/openvpn-status.log
- [3]+ Stopped vim /etc/openvpn/openvpn-status.log
- root@vpn:~# vim /etc/openvpn/
- ca.crt client/ dh2048.pem ipp.txt openvpn-status.log .openvpn-status.log.swp server/ server.conf Snappy.crt Snappy.key ta.key .ta.key.swp update-resolv-conf
- root@vpn:~# vim /etc/openvpn/update-resolv-conf
- [4]+ Stopped vim /etc/openvpn/update-resolv-conf
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~#
- root@vpn:~# ls
- client-configs openvpn-ca
- root@vpn:~# cd openvpn-ca/
- root@vpn:~/openvpn-ca# ls
- build-ca build-inter build-key-pass build-key-server build-req-pass inherit-inter list-crl openssl-0.9.8.cnf openssl.cnf revoke-full vars
- build-dh build-key build-key-pkcs12 build-req clean-all keys openssl-0.9.6.cnf openssl-1.0.0.cnf pkitool sign-req whichopensslcnf
- root@vpn:~/openvpn-ca# cd /etc/openvpn/
- root@vpn:/etc/openvpn# ls
- Snappy.crt Snappy.key ca.crt client dh2048.pem ipp.txt openvpn-status.log server server.conf ta.key update-resolv-conf
- root@vpn:/etc/openvpn# cd
- root@vpn:~#
- root@vpn:~# cd
- # Which local IP address should OpenVPN
- client-configs/ openvpn-ca/
- root@vpn:~# cd openvpn-ca/
- root@vpn:~/openvpn-ca# ls
- build-ca build-inter build-key-pass build-key-server build-req-pass inherit-inter list-crl openssl-0.9.8.cnf openssl.cnf revoke-full vars
- #
- build-dh build-key build-key-pkcs12 build-req clean-all keys openssl-0.9.6.cnf openssl-1.0.0.cnf pkitool sign-req whichopensslcnf
- root@vpn:~/openvpn-ca# cd keys/
- root@vpn:~/openvpn-ca/keys# ls
- 01.pem Snappy.crt Snappy.key ca.key index.txt index.txt.attr.old pm.crt pm.key serial.old
- 02.pem Snappy.csr ca.crt dh2048.pem index.txt.attr index.txt.old pm.csr serial ta.key
- root@vpn:~/openvpn-ca/keys# scp ca.crt pm.crt pm.key cc2@192.168.0.221:/home/cc2/
- The authenticity of host '192.168.0.221 (192.168.0.221)' can't be established.
- ECDSA key fingerprint is SHA256:X5XeeYTc+F7oacAZIaX75rTXltIwCi4eP5v0e6pvpWU.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '192.168.0.221' (ECDSA) to the list of known hosts.
- cc2@192.168.0.221's password:
- ca.crt 100% 1679 1.4MB/s 00:00
- pm.crt 100% 5365 13.7MB/s 00:00
- pm.key 100% 1704 5.4MB/s 00:00
- root@vpn:~/openvpn-ca/keys# systemctl status openvpn
- openvpn@server.service openvpn.service
- root@vpn:~/openvpn-ca/keys# systemctl status openvpn
- openvpn@server.service openvpn.service
- root@vpn:~/openvpn-ca/keys# systemctl status openvpn@server.service
- ● openvpn@server.service - OpenVPN connection to server
- Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
- Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 29min ago
- Docs: man:openvpn(8)
- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
- https://community.openvpn.net/openvpn/wiki/HOWTO
- Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
- Main PID: 3812 (openvpn)
- Tasks: 1 (limit: 4915)
- CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
- └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
- Jun 11 22:27:38 vpn ovpn-server[3812]: Could not determine IPv4/IPv6 protocol. Using AF_INET
- Jun 11 22:27:38 vpn ovpn-server[3812]: Socket Buffers: R=[212992->212992] S=[212992->212992]
- Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link local (bound): [AF_INET][undef]:1195
- Jun 11 22:27:38 vpn ovpn-server[3812]: UDPv4 link remote: [AF_UNSPEC]
- Jun 11 22:27:38 vpn ovpn-server[3812]: GID set to nogroup
- Jun 11 22:27:38 vpn ovpn-server[3812]: UID set to nobody
- Jun 11 22:27:38 vpn ovpn-server[3812]: MULTI: multi_init called, r=256 v=256
- Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
- Jun 11 22:27:38 vpn ovpn-server[3812]: IFCONFIG POOL LIST
- Jun 11 22:27:38 vpn ovpn-server[3812]: Initialization Sequence Completed
- [5]+ Stopped systemctl status openvpn@server.service
- root@vpn:~/openvpn-ca/keys#
- root@vpn:~/openvpn-ca/keys#
- root@vpn:~/openvpn-ca/keys# history
- 1 vim /etc/sudoers
- 2 apt update -y
- 3 apt dist-upgrade -y
- 4 apt install ufw -y
- 5 systemctl status openvpn@server.service
- 6 ip a
- 7 ping 192.168.0.191
- 8 ping 192.168.0.221
- 9 vim /etc/openvpn/openvpn-status.log
- 10 vim /etc/openvpn/update-resolv-conf
- 11 ls
- 12 cd openvpn-ca/
- 13 ls
- 14 cd /etc/openvpn/
- 15 ls
- 16 cd
- 17 cd openvpn-ca/
- 18 ls
- 19 cd keys/
- 20 ls
- 21 scp ca.crt pm.crt pm.key cc2@192.168.0.221:/home/cc2/
- 22 systemctl status openvpn@server.service
- 23 history
- root@vpn:~/openvpn-ca/keys#
- root@vpn:~/openvpn-ca/keys#
- root@vpn:~/openvpn-ca/keys#
- root@vpn:~/openvpn-ca/keys#
- root@vpn:~/openvpn-ca/keys#
- root@vpn:~/openvpn-ca/keys# cd /etc/openvpn/
- root@vpn:/etc/openvpn# ls
- Snappy.crt Snappy.key ca.crt client dh2048.pem ipp.txt openvpn-status.log server server.conf ta.key update-resolv-conf
- root@vpn:/etc/openvpn# vim server.conf
- [6]+ Stopped vim server.conf
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn# vim server.conf
- [7]+ Stopped vim server.conf
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn# systemctl status openvpn
- openvpn@server.service openvpn.service
- root@vpn:/etc/openvpn# systemctl status openvpn
- openvpn@server.service openvpn.service
- root@vpn:/etc/openvpn# systemctl status openvpn@server.service
- ● openvpn@server.service - OpenVPN connection to server
- Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
- Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 36min ago
- Docs: man:openvpn(8)
- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
- https://community.openvpn.net/openvpn/wiki/HOWTO
- Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
- Main PID: 3812 (openvpn)
- Tasks: 1 (limit: 4915)
- CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
- └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
- Jun 12 01:02:05 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49167
- Jun 12 01:02:40 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
- Jun 12 01:02:42 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
- Jun 12 01:02:46 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
- Jun 12 01:02:54 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
- Jun 12 01:03:10 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33299
- Jun 12 01:03:45 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
- Jun 12 01:03:47 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
- Jun 12 01:03:51 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
- Jun 12 01:03:59 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51164
- [8]+ Stopped systemctl status openvpn@server.service
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn# ufw
- ca.crt ipp.txt server/ .server.conf.swp ta.key
- client/ openvpn-status.log server.conf Snappy.crt update-resolv-conf
- dh2048.pem .openvpn-status.log.swp .server.conf.swo Snappy.key .update-resolv-conf.swp
- root@vpn:/etc/openvpn# ufw
- ca.crt ipp.txt server/ .server.conf.swp ta.key
- client/ openvpn-status.log server.conf Snappy.crt update-resolv-conf
- dh2048.pem .openvpn-status.log.swp .server.conf.swo Snappy.key .update-resolv-conf.swp
- root@vpn:/etc/openvpn# ufw status
- Status: active
- To Action From
- -- ------ ----
- 1195/udp ALLOW Anywhere
- OpenSSH ALLOW Anywhere
- 1195/udp (v6) ALLOW Anywhere (v6)
- OpenSSH (v6) ALLOW Anywhere (v6)
- root@vpn:/etc/openvpn# systemctl status openvpn@server.service
- ● openvpn@server.service - OpenVPN connection to server
- Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
- Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 39min ago
- Docs: man:openvpn(8)
- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
- https://community.openvpn.net/openvpn/wiki/HOWTO
- Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
- Main PID: 3812 (openvpn)
- Tasks: 1 (limit: 4915)
- CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
- └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
- Jun 12 01:04:50 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
- Jun 12 01:04:52 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
- Jun 12 01:04:56 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
- Jun 12 01:05:04 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
- Jun 12 01:05:20 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:44467
- Jun 12 01:06:00 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
- Jun 12 01:06:02 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
- Jun 12 01:06:06 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
- Jun 12 01:06:14 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
- Jun 12 01:06:30 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:49383
- [9]+ Stopped systemctl status openvpn@server.service
- root@vpn:/etc/openvpn# his
- history
- 1 vim /etc/sudoers
- 2 apt update -y
- 3 apt dist-upgrade -y
- 4 apt install ufw -y
- 5 systemctl status openvpn@server.service
- 6 ip a
- 7 ping 192.168.0.191
- 8 ping 192.168.0.221
- 9 vim /etc/openvpn/openvpn-status.log
- 10 vim /etc/openvpn/update-resolv-conf
- 11 ls
- 12 cd openvpn-ca/
- 13 ls
- 14 cd /etc/openvpn/
- 15 ls
- 16 cd
- 17 cd openvpn-ca/
- 18 ls
- 19 cd keys/
- 20 ls
- 21 scp ca.crt pm.crt pm.key cc2@192.168.0.221:/home/cc2/
- 22 systemctl status openvpn@server.service
- 23 history
- 24 cd /etc/openvpn/
- 25 ls
- 26 vim server.conf
- # listen on? (optional)
- ;local a.b.c.d
- # Which TCP/UDP port should OpenVPN listen on?
- # If you want to run multiple OpenVPN instances
- # on the same machine, use a different port
- # number for each one. You will need to
- # open up this port on your firewall.
- port 1195
- # TCP or UDP server?
- ;proto tcp
- proto udp
- # "dev tun" will create a routed IP tunnel,
- # "dev tap" will create an ethernet tunnel.
- # Use "dev tap0" if you are ethernet bridging
- # and have precreated a tap0 virtual interface
- # and bridged it with your ethernet interface.
- # If you want to control access policies
- # over the VPN, you must create firewall
- # rules for the the TUN/TAP interface.
- # On non-Windows systems, you can give
- # an explicit unit number, such as tun0.
- # On Windows, use "dev-node" for this.
- # On most systems, the VPN will not function
- # unless you partially or fully disable
- # the firewall for the TUN/TAP interface.
- ;dev tap
- dev tun
- # Windows needs the TAP-Win32 adapter name
- # from the Network Connections panel if you
- # have more than one. On XP SP2 or higher,
- # you may need to selectively disable the
- # Windows firewall for the TAP adapter.
- # Non-Windows systems usually don't need this.
- ;dev-node MyTap
- # SSL/TLS root certificate (ca), certificate
- # (cert), and private key (key). Each client
- # and the server must have their own cert and
- # key file. The server and all clients will
- # use the same ca file.
- #
- # See the "easy-rsa" directory for a series
- # of scripts for generating RSA certificates
- # and private keys. Remember to use
- # a unique Common Name for the server
- # and each of the client certificates.
- #
- # Any X509 key management system can be used.
- # OpenVPN can also use a PKCS #12 formatted key file
- # (see "pkcs12" directive in man page).
- ca ca.crt
- cert Snappy.crt
- key Snappy.key # This file should be kept secret
- # Diffie hellman parameters.
- # Generate your own with:
- # openssl dhparam -out dh2048.pem 2048
- dh dh2048.pem
- # Network topology
- # Should be subnet (addressing via IP)
- # unless Windows clients v2.0.9 and lower have to
- # be supported (then net30, i.e. a /30 per client)
- # Defaults to net30 (not recommended)
- ;topology subnet
- # Configure server mode and supply a VPN subnet
- # for OpenVPN to draw client addresses from.
- # The server will take 10.8.0.1 for itself,
- # the rest will be made available to clients.
- # Each client will be able to reach the server
- # on 10.8.0.1. Comment this line out if you are
- # ethernet bridging. See the man page for more info.
- server 10.8.0.0 255.255.255.0
- # Maintain a record of client <-> virtual IP address
- # associations in this file. If OpenVPN goes down or
- # is restarted, reconnecting clients can be assigned
- /tl
- # clients to be able to "see" each other.
- 27 vim server.conf
- 28 systemctl status openvpn@server.service
- 29 ufw status
- 30 systemctl status openvpn@server.service
- # listen on? (optional)
- ;local a.b.c.d
- # Which TCP/UDP port should OpenVPN listen on?
- # If you want to run multiple OpenVPN instances
- # on the same machine, use a different port
- # number for each one. You will need to
- # open up this port on your firewall.
- port 1195
- # TCP or UDP server?
- ;proto tcp
- proto udp
- # "dev tun" will create a routed IP tunnel,
- # "dev tap" will create an ethernet tunnel.
- # Use "dev tap0" if you are ethernet bridging
- # and have precreated a tap0 virtual interface
- # and bridged it with your ethernet interface.
- # If you want to control access policies
- # over the VPN, you must create firewall
- # rules for the the TUN/TAP interface.
- # On non-Windows systems, you can give
- # an explicit unit number, such as tun0.
- # On Windows, use "dev-node" for this.
- # On most systems, the VPN will not function
- # unless you partially or fully disable
- # the firewall for the TUN/TAP interface.
- ;dev tap
- dev tun
- # Windows needs the TAP-Win32 adapter name
- # from the Network Connections panel if you
- # have more than one. On XP SP2 or higher,
- # you may need to selectively disable the
- # Windows firewall for the TAP adapter.
- # Non-Windows systems usually don't need this.
- ;dev-node MyTap
- # SSL/TLS root certificate (ca), certificate
- # (cert), and private key (key). Each client
- # and the server must have their own cert and
- # key file. The server and all clients will
- # use the same ca file.
- #
- # See the "easy-rsa" directory for a series
- # of scripts for generating RSA certificates
- # and private keys. Remember to use
- # a unique Common Name for the server
- # and each of the client certificates.
- #
- # Any X509 key management system can be used.
- # OpenVPN can also use a PKCS #12 formatted key file
- # (see "pkcs12" directive in man page).
- ca ca.crt
- cert Snappy.crt
- key Snappy.key # This file should be kept secret
- # Diffie hellman parameters.
- # Generate your own with:
- # openssl dhparam -out dh2048.pem 2048
- dh dh2048.pem
- # Network topology
- # Should be subnet (addressing via IP)
- # unless Windows clients v2.0.9 and lower have to
- # be supported (then net30, i.e. a /30 per client)
- # Defaults to net30 (not recommended)
- ;topology subnet
- # Configure server mode and supply a VPN subnet
- # for OpenVPN to draw client addresses from.
- # The server will take 10.8.0.1 for itself,
- # the rest will be made available to clients.
- # Each client will be able to reach the server
- # on 10.8.0.1. Comment this line out if you are
- # ethernet bridging. See the man page for more info.
- server 10.8.0.0 255.255.255.0
- # Maintain a record of client <-> virtual IP address
- # associations in this file. If OpenVPN goes down or
- # is restarted, reconnecting clients can be assigned
- /tl
- # clients to be able to "see" each other.
- 31 history
- root@vpn:/etc/openvpn# systemctl status openvpn@server.service
- ● openvpn@server.service - OpenVPN connection to server
- Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
- Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 44min ago
- Docs: man:openvpn(8)
- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
- https://community.openvpn.net/openvpn/wiki/HOWTO
- Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
- Main PID: 3812 (openvpn)
- Tasks: 1 (limit: 4915)
- CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
- └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
- Jun 12 01:09:31 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:54271
- Jun 12 01:11:04 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
- Jun 12 01:11:06 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
- Jun 12 01:11:10 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
- Jun 12 01:11:18 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
- Jun 12 01:11:21 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
- Jun 12 01:11:23 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
- Jun 12 01:11:27 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
- Jun 12 01:11:34 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:48300
- Jun 12 01:11:35 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:35237
- [10]+ Stopped systemctl status openvpn@server.service
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn# ls
- Snappy.crt Snappy.key ca.crt client dh2048.pem ipp.txt openvpn-status.log server server.conf ta.key update-resolv-conf
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn# scp ta.key cc2@192.168.0.221:/home/cc2/
- cc2@192.168.0.221's password:
- ta.key 100% 636 1.7MB/s 00:00
- root@vpn:/etc/openvpn# scp ta.key cc2@192.168.0.221:/home/cc2/
- cc2@192.168.0.221's password:
- [11]+ Stopped scp ta.key cc2@192.168.0.221:/home/cc2/
- root@vpn:/etc/openvpn# systemctl status openvpn@server.service
- ● openvpn@server.service - OpenVPN connection to server
- Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
- Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 50min ago
- Docs: man:openvpn(8)
- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
- https://community.openvpn.net/openvpn/wiki/HOWTO
- Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
- Main PID: 3812 (openvpn)
- Tasks: 1 (limit: 4915)
- CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
- └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
- Jun 12 01:13:21 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51262
- Jun 12 01:13:31 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51262
- # UDP server? Use the same setting as
- Jun 12 01:13:47 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:51262
- Jun 12 01:14:20 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33148
- Jun 12 01:14:23 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:33148
- Jun 12 01:15:01 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
- Jun 12 01:15:03 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
- Jun 12 01:15:07 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
- Jun 12 01:15:15 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
- Jun 12 01:15:31 vpn ovpn-server[3812]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.221:47201
- [12]+ Stopped systemctl status openvpn@server.service
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn# vim server.conf
- [13]+ Stopped vim server.conf
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn# vim server.conf
- [14]+ Stopped vim server.conf
- root@vpn:/etc/openvpn# systemctl status openvpn@server.service
- ● openvpn@server.service - OpenVPN connection to server
- Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
- cipher AES-256-CBC
- Active: active (running) since Tue 2019-06-11 22:27:38 EDT; 2h 59min ago
- Docs: man:openvpn(8)
- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
- https://community.openvpn.net/openvpn/wiki/HOWTO
- Process: 3811 ExecStart=/usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/s
- Main PID: 3812 (openvpn)
- Tasks: 1 (limit: 4915)
- CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
- └─3812 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pi
- Jun 12 01:26:47 vpn ovpn-server[3812]: 192.168.0.221:58231 peer info: IV_TCPNL=1
- Jun 12 01:26:47 vpn ovpn-server[3812]: 192.168.0.221:58231 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
- Jun 12 01:26:47 vpn ovpn-server[3812]: 192.168.0.221:58231 [pm] Peer Connection Initiated with [AF_INET]192.168.0.221:58231
- Jun 12 01:26:47 vpn ovpn-server[3812]: pm/192.168.0.221:58231 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
- Jun 12 01:26:47 vpn ovpn-server[3812]: pm/192.168.0.221:58231 MULTI: Learn: 10.8.0.6 -> pm/192.168.0.221:58231
- Jun 12 01:26:47 vpn ovpn-server[3812]: pm/192.168.0.221:58231 MULTI: primary virtual IP for pm/192.168.0.221:58231: 10.8.0.6
- Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 PUSH: Received control message: 'PUSH_REQUEST'
- Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 SENT CONTROL [pm]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-i
- Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
- Jun 12 01:26:48 vpn ovpn-server[3812]: pm/192.168.0.221:58231 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
- [15]+ Stopped systemctl status openvpn@server.service
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn# ip a
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
- link/ether 00:0c:29:c9:18:76 brd ff:ff:ff:ff:ff:ff
- inet 192.168.0.233/24 brd 192.168.0.255 scope global ens192
- valid_lft forever preferred_lft forever
- inet6 fe80::20c:29ff:fec9:1876/64 scope link
- valid_lft forever preferred_lft forever
- 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
- link/none
- inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
- valid_lft forever preferred_lft forever
- inet6 fe80::c6:42a3:c01c:1d52/64 scope link flags 800
- valid_lft forever preferred_lft forever
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn#
- root@vpn:/etc/openvpn# cd
- root@vpn:~#
- root@vpn:~# ls
- client-configs openvpn-ca
- root@vpn:~# cd client-configs/
- root@vpn:~/client-configs# ls
- base.conf files make_config.sh
- root@vpn:~/client-configs# cd files/
- root@vpn:~/client-configs/files# ls
- huongnv.ovpn pm.ovpn
- root@vpn:~/client-configs/files# vim huongnv.ovpn
- [16]+ Stopped vim huongnv.ovpn
- root@vpn:~/client-configs/files# ip a
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
- link/ether 00:0c:29:c9:18:76 brd ff:ff:ff:ff:ff:ff
- inet 192.168.0.233/24 brd 192.168.0.255 scope global ens192
- valid_lft forever preferred_lft forever
- inet6 fe80::20c:29ff:fec9:1876/64 scope link
- valid_lft forever preferred_lft forever
- 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
- link/none
- inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
- valid_lft forever preferred_lft forever
- inet6 fe80::c6:42a3:c01c:1d52/64 scope link flags 800
- valid_lft forever preferred_lft forever
- root@vpn:~/client-configs/files# ls
- huongnv.ovpn pm.ovpn
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files# vim huongnv.ovpn
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files# ls
- huongnv.ovpn pm.ovpn
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files#
- root@vpn:~/client-configs/files# cat huongnv.ovpn
- ##############################################
- # Sample client-side OpenVPN 2.0 config file #
- # for connecting to multi-client server. #
- # #
- # This configuration can be used by multiple #
- # clients, however each client should have #
- # its own cert and key files. #
- # #
- # On Windows, you might want to rename this #
- # file so it has a .ovpn extension #
- ##############################################
- # Specify that we are a client and that we
- # will be pulling certain config file directives
- # from the server.
- client
- # Use the same setting as you are using on
- # the server.
- # On most systems, the VPN will not function
- # unless you partially or fully disable
- # the firewall for the TUN/TAP interface.
- ;dev tap
- dev tun
- # Windows needs the TAP-Win32 adapter name
- # from the Network Connections panel
- # if you have more than one. On XP SP2,
- # you may need to disable the firewall
- # for the TAP adapter.
- ;dev-node MyTap
- # Are we connecting to a TCP or
- # UDP server? Use the same setting as
- # on the server.
- ;proto tcp
- proto udp
- # The hostname/IP and port of the server.
- # You can have multiple remote entries
- # to load balance between the servers.
- remote 192.168.0.233 1195
- ;remote my-server-2 1194
- # Choose a random host from the remote
- # list for load-balancing. Otherwise
- # try hosts in the order specified.
- ;remote-random
- # Keep trying indefinitely to resolve the
- # host name of the OpenVPN server. Very useful
- # on machines which are not permanently connected
- # to the internet such as laptops.
- resolv-retry infinite
- # Most clients don't need to bind to
- # a specific local port number.
- nobind
- # Downgrade privileges after initialization (non-Windows only)
- user nobody
- group nogroup
- # Try to preserve some state across restarts.
- persist-key
- persist-tun
- # If you are connecting through an
- # HTTP proxy to reach the actual OpenVPN
- # server, put the proxy server/IP and
- # port number here. See the man page
- # if your proxy server requires
- # authentication.
- ;http-proxy-retry # retry on connection failures
- ;http-proxy [proxy server] [proxy port #]
- # Wireless networks often produce a lot
- # of duplicate packets. Set this flag
- # to silence duplicate packet warnings.
- ;mute-replay-warnings
- # SSL/TLS parms.
- # See the server config file for more
- # description. It's best to use
- # a separate .crt/.key file pair
- # for each client. A single ca
- # file can be used for all clients.
- #ca ca.crt
- #cert client.crt
- #key client.key
- # Verify server certificate by checking that the
- # certicate has the correct key usage set.
- # This is an important precaution to protect against
- # a potential attack discussed here:
- # http://openvpn.net/howto.html#mitm
- #
- # To use this feature, you will need to generate
- # your server certificates with the keyUsage set to
- # digitalSignature, keyEncipherment
- # and the extendedKeyUsage to
- # serverAuth
- # EasyRSA can do this for you.
- remote-cert-tls server
- # try hosts in the order specified.
- ;remote-random
- # Keep trying indefinitely to resolve the
- # host name of the OpenVPN server. Very useful
- # on machines which are not permanently connected
- # to the internet such as laptops.
- resolv-retry infinite
- # Most clients don't need to bind to
- # a specific local port number.
- nobind
- # Downgrade privileges after initialization (non-Windows only)
- user nobody
- group nogroup
- # Try to preserve some state across restarts.
- persist-key
- persist-tun
- # If you are connecting through an
- # HTTP proxy to reach the actual OpenVPN
- # server, put the proxy server/IP and
- # port number here. See the man page
- # if your proxy server requires
- # authentication.
- ;http-proxy-retry # retry on connection failures
- ;http-proxy [proxy server] [proxy port #]
- # Wireless networks often produce a lot
- # of duplicate packets. Set this flag
- # to silence duplicate packet warnings.
- ;mute-replay-warnings
- # SSL/TLS parms.
- # See the server config file for more
- # description. It's best to use
- # a separate .crt/.key file pair
- # for each client. A single ca
- # file can be used for all clients.
- #ca ca.crt
- #cert client.crt
- #key client.key
- # Verify server certificate by checking that the
- # certicate has the correct key usage set.
- # This is an important precaution to protect against
- # a potential attack discussed here:
- # http://openvpn.net/howto.html#mitm
- #
- # To use this feature, you will need to generate
- # your server certificates with the keyUsage set to
- # digitalSignature, keyEncipherment
- # and the extendedKeyUsage to
- # serverAuth
- # EasyRSA can do this for you.
- remote-cert-tls server
- # If a tls-auth key is used on the server
- # then every client must also have the key.
- tls-auth ta.key 1
- key-direction 1
- # Select a cryptographic cipher.
- # If the cipher option is used on the server
- # then you must also specify it here.
- # Note that 2.4 client/server will automatically
- # negotiate AES-256-GCM in TLS mode.
- # See also the ncp-cipher option in the manpage
- cipher AES-256-CBC
- auth SHA256
- # Enable compression on the VPN link.
- # Don't enable this unless it is also
- # enabled in the server config file.
- #comp-lzo
- # Set log file verbosity.
- verb 3
- "huongnv.ovpn" [readonly] 186L, 5994C 123,20 44%
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement