How to configure OpenVPN between two virtual machines?

D

DrSchaufel2013-11-20 22:18:08

openvpn

DrSchaufel, 2013-11-20 22:18:08

On a laptop through VirtualBox raised two virtual machines.
The first is Ubuntu12.04
The second is WindowsXP
Ubuntu has an OpenVPN server and a WinXP client.
Both machines are configured with a local laptop through a virtual host adapter and the Internet through NAT.

ipconfig Ubuntu:

eth0      Link encap:Ethernet  HWaddr 08:00:27:38:f7:7a  
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
     

eth1      Link encap:Ethernet  HWaddr 08:00:27:f4:4c:c6  
          inet addr:192.168.78.22  Bcast:192.168.78.255  Mask:255.255.255.0

ipconfig WinXP:

Подключение по локальной сети - Ethernet адаптер:
        DNS-суффикс этого подключения . . : Dlink
        IP-адрес  . . . . . . . . . . . . : 10.0.2.15
        Маска подсети . . . . . . . . . . : 255.255.255.0
        Основной шлюз . . . . . . . . . . : 10.0.2.2
Подключение по локальной сети 2 - Ethernet адаптер:
        DNS-суффикс этого подключения . . :
        IP-адрес  . . . . . . . . . . . . : 192.168.22.101
        Маска подсети . . . . . . . . . . : 255.255.255.0
        Основной шлюз . . . . . . . . . . :

Server config:

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
#адрес и маска виртуальной сети
server 10.8.0.0 255.255.255.0
client-config-dir ccd
route 192.168.22.0 255.255.255.0
tls-server
tls-auth keys/ta.key 0
tls-timeout 120
auth MD5
cipher BF-CBC
client-to-client
keepalive 10 120
comp-lzo
max-clients 5
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
mute 20
crl-verify /etc/openvpn/crl.pem
client-config-dir /etc/openvpn/ccd

And the client config:

client
dev tun  
proto udp  
remote x.x.x.x 1194  
route-delay 3  
resolv-retry infinite
tls-client  
ns-cert-type server  
ca "C:\\Program Files\\OpenVPN\\keys\\ca.crt"  
cert "C:\\Program Files\\OpenVPN\\keys\\user.crt"  
key "C:\\Program Files\\OpenVPN\\keys\\user.key"  
tls-auth "C:\\Program Files\\OpenVPN\\keys\\ta.key" 1  
auth MD5
cipher BF-CBC
ns-cert-type server
comp-lzo  
persist-key
persist-tun
tun-mtu 1500  
tun-mtu-extra 32  
mssfix 1450  
ping-restart 60  
ping 10  
nobind
status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"  
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"  
verb 3
mute 20

The third day I go through different guides and options, I can’t set up the connection.
I understand that I screwed up somewhere. Most likely that I incorrectly specify addresses in configs. Does anyone have any ideas? I will be grateful for the answer.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

F

freelook00, 2013-11-21
@freelook00

remote xxxx 1194

What is the address instead of xxxx?
Are there connection logs from WinXP?

D

DrSchaufel, 2013-11-21
@DrSchaufel

It contains my local address of the Ubuntu machine. Purely according to the model, it is necessary to somehow register the routes, I think.

Thu Nov 21 03:29:00 2013 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\openvpn.log: Процесс не может получить доступ к файлу, так как этот файл занят другим процессом.   (errno=32)
Thu Nov 21 03:29:00 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Thu Nov 21 03:29:00 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Nov 21 03:29:00 2013 Control Channel Authentication: using 'C:\Program Files\OpenVPN\keys\ta.key' as a OpenVPN static key file
Thu Nov 21 03:29:00 2013 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Nov 21 03:29:00 2013 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Nov 21 03:29:00 2013 LZO compression initialized
Thu Nov 21 03:29:00 2013 Control Channel MTU parms [ L:1570 D:162 EF:62 EB:0 ET:0 EL:0 ]
Thu Nov 21 03:29:00 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 03:29:00 2013 Data Channel MTU parms [ L:1570 D:1450 EF:38 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 03:29:00 2013 Local Options hash (VER=V4): '47a2184b'
Thu Nov 21 03:29:00 2013 Expected Remote Options hash (VER=V4): 'd90bb6f0'
Thu Nov 21 03:29:00 2013 UDPv4 link local: [undef]
Thu Nov 21 03:29:00 2013 UDPv4 link remote: 192.168.78.22:1194

N

Nadz Goldman, 2013-11-21
@nadz

Start - Run - cmd - route print or netstat -nr
In Ubuntu, netstat -nr
What you gave as a log is not a log.
Let's log. But you don't write it, though, because:
Thu Nov 21 03:29:00 2013 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\openvpn.log: The process cannot access file because that file is in use by another process. (errno=32)
Do you ping machines with each other?
Normally ping flies?
First, make them see each other (so that they can ping).
After that, start setting up vpn.

D

DrSchaufel, 2013-11-21
@DrSchaufel

C:\Documents and Settings\User>route print
===========================================================================
Список интерфейсов
0x1 ........................... MS TCP Loopback interface
0x2 ...08 00 27 38 8f c0 ...... AMD PCNET ёхьхщёЄтю PCI Ethernet рфряЄхЁют -
шяюЁЄ яырэшЁют•шър яръхЄют
0x3 ...08 00 27 20 bb 9d ...... AMD PCNET ёхьхщёЄтю PCI Ethernet рфряЄхЁют #2
¦шэшяюЁЄ яырэшЁют•шър яръхЄют
0x4 ...00 ff e2 03 60 6e ...... TAP-Win32 Adapter V9 - ¦шэшяюЁЄ яырэшЁют•шър
хЄют
===========================================================================
===========================================================================
Активные маршруты:
Сетевой адрес           Маска сети      Адрес шлюза       Интерфейс  Метрика
          0.0.0.0          0.0.0.0         10.0.2.2       10.0.2.15       20
         10.0.2.0    255.255.255.0        10.0.2.15       10.0.2.15       20
        10.0.2.15  255.255.255.255        127.0.0.1       127.0.0.1       20
   10.255.255.255  255.255.255.255        10.0.2.15       10.0.2.15       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
     192.168.22.0    255.255.255.0   192.168.22.101  192.168.22.101       20
   192.168.22.101  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.22.255  255.255.255.255   192.168.22.101  192.168.22.101       20
        224.0.0.0        240.0.0.0        10.0.2.15       10.0.2.15       20
        224.0.0.0        240.0.0.0   192.168.22.101  192.168.22.101       20
  255.255.255.255  255.255.255.255        10.0.2.15       10.0.2.15       1
  255.255.255.255  255.255.255.255   192.168.22.101  192.168.22.101       1
  255.255.255.255  255.255.255.255   192.168.22.101               4       1
Основной шлюз:            10.0.2.2
===========================================================================
Постоянные маршруты:
  Отсутствует

[email protected]:~$ netstat -nr
Таблица маршутизации ядра протокола IP
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG        0 0          0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
192.168.22.0    10.8.0.2        255.255.255.0   UG        0 0          0 tun0
192.168.78.0    0.0.0.0         255.255.255.0   U         0 0          0 eth1