IP Phone: OpenVPN - Routing funktioniert nicht

Internetverbindung über Lan1 ist auf beiden Seiten eingestellt.

Verbindung kommt zustande, trotzdem kann ich z.B. nicht die FritzBox der anderen Seite über 192.168.2.1 ansprechen.

Was mir aufgefallen ist:
Er konfiguriert einmalig die Route aber beim schließen der Verbindung wird die Route nicht gelöscht, was bei einem erneutem Start Probleme macht.

Was mache ich falsch?

PS:
Die Unterschiedliche Uhrzeit kommt zustande weil ich auf der Client Seite die Uhrzeit auf der Fritz!box manuell stellen musste.

Server:

Code:

root@fritz:/var/mod/root# cat /var/tmp/debug_openvpn.out

Sat Aug 22 12:50:36 2015 OpenVPN 2.3.8 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [IPv6] built on Aug 7 2015

Sat Aug 22 12:50:36 2015 library versions: OpenSSL 0.9.8zg 11 Jun 2015, LZO 2.09

Sat Aug 22 12:50:36 2015 Diffie-Hellman initialized with 2048 bit key

Sat Aug 22 12:50:36 2015 Control Channel Authentication: using '/tmp/flash/openvpn/static.key' as a OpenVPN static key file

Sat Aug 22 12:50:36 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 12:50:36 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 12:50:36 2015 TUN/TAP device tap0 opened

Sat Aug 22 12:50:36 2015 TUN/TAP TX queue length set to 100

Sat Aug 22 12:50:36 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Sat Aug 22 12:50:36 2015 /sbin/ifconfig tap0 192.168.2.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.2.255

Sat Aug 22 12:50:36 2015 /sbin/route add -net 192.168.188.0 netmask 255.255.255.0 gw 192.168.188.1

route: SIOCADDRT: File exists

Sat Aug 22 12:50:36 2015 ERROR: Linux route add command failed: external program exited with error status: 1

Sat Aug 22 12:50:36 2015 chroot to '/var/tmp/openvpn' and cd to '/' succeeded

Sat Aug 22 12:50:36 2015 GID set to openvpn

Sat Aug 22 12:50:36 2015 UID set to openvpn

Sat Aug 22 12:50:37 2015 TCP connection established with [AF_INET]192.168.99.2:48927

Sat Aug 22 12:50:37 2015 TCPv4_SERVER link local: [inetd]

Sat Aug 22 12:50:37 2015 TCPv4_SERVER link remote: [AF_INET]192.168.99.2:48927

Sat Aug 22 12:50:37 2015 MULTI: multi_init called, r=256 v=256

Sat Aug 22 12:50:37 2015 IFCONFIG POOL: base=192.168.2.200 size=51, ipv6=0

Sat Aug 22 12:50:37 2015 MULTI: TCP INIT maxclients=9 maxevents=13

Sat Aug 22 12:50:37 2015 Initialization Sequence Completed

Sat Aug 22 12:50:37 2015 TCP connection established with [AF_INET]192.168.99.2:48927

Sat Aug 22 12:50:37 2015 192.168.99.2:48927 TLS: Initial packet from [AF_INET]192.168.99.2:48927, sid=3e1bb397 5c26dac4

Sat Aug 22 12:50:40 2015 192.168.99.2:48927 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=Internet Ltd., OU=MyOrganizationalUnit, CN=Internet Ltd. CA, name=xxx, emailAddress=xxx

Sat Aug 22 12:50:40 2015 192.168.99.2:48927 VERIFY OK: depth=0, C=DE, ST=XXX2, L=XXX2, O=Internet Ltd., OU=MyOrganizationalUnit, CN=xxx2, name=xxx, emailAddress=xxx

Sat Aug 22 12:50:40 2015 192.168.99.2:48927 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Aug 22 12:50:40 2015 192.168.99.2:48927 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 12:50:40 2015 192.168.99.2:48927 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Aug 22 12:50:40 2015 192.168.99.2:48927 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 12:50:40 2015 192.168.99.2:48927 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Sat Aug 22 12:50:40 2015 192.168.99.2:48927 [bruehl] Peer Connection Initiated with [AF_INET]192.168.99.2:48927

Sat Aug 22 12:50:40 2015 bruehl/192.168.99.2:48927 MULTI_sva: pool returned IPv4=192.168.2.200, IPv6=(Not enabled)

Sat Aug 22 12:50:42 2015 bruehl/192.168.99.2:48927 PUSH: Received control message: 'PUSH_REQUEST'

Sat Aug 22 12:50:42 2015 bruehl/192.168.99.2:48927 send_push_reply(): safe_cap=940

Sat Aug 22 12:50:42 2015 bruehl/192.168.99.2:48927 SENT CONTROL [bruehl]: 'PUSH_REPLY,route-gateway 192.168.2.1,route 192.168.2.0 255.255.255.0 192.168.2.1,route 192.168.2.1,ping 10,ping-restart 120,ifconfig 192.168.2.200 255.255.255.0' (status=1)

Sat Aug 22 12:50:43 2015 bruehl/192.168.99.2:48927 MULTI: Learn: xx:xx:xx:xx:xx:xx -> xxx2/192.168.99.2:48927

Sat Aug 22 12:50:44 2015 bruehl/192.168.99.2:48927 MULTI: Learn: xx2:xx2:xx2:xx2:xx2:xx2 -> xxx2/192.168.99.2:48927

root@fritz:/var/mod/root# cat /var/tmp/debug_openvpn.out

Sat Aug 22 13:18:32 2015 OpenVPN 2.3.8 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [IPv6] built on Aug 7 2015

Sat Aug 22 13:18:32 2015 library versions: OpenSSL 0.9.8zg 11 Jun 2015, LZO 2.09

Sat Aug 22 13:18:33 2015 Diffie-Hellman initialized with 2048 bit key

Sat Aug 22 13:18:33 2015 Control Channel Authentication: using '/tmp/flash/openvpn/static.key' as a OpenVPN static key file

Sat Aug 22 13:18:33 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:18:33 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:18:33 2015 TUN/TAP device tun0 opened

Sat Aug 22 13:18:33 2015 TUN/TAP TX queue length set to 100

Sat Aug 22 13:18:33 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Sat Aug 22 13:18:33 2015 /sbin/ifconfig tun0 192.168.2.1 pointopoint 192.168.188.1 mtu 1500

Sat Aug 22 13:18:33 2015 /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.188.1

Sat Aug 22 13:18:33 2015 chroot to '/var/tmp/openvpn' and cd to '/' succeeded

Sat Aug 22 13:18:33 2015 GID set to openvpn

Sat Aug 22 13:18:33 2015 UID set to openvpn

Sat Aug 22 13:18:34 2015 TCP connection established with [AF_INET]192.168.99.2:58992

Sat Aug 22 13:18:34 2015 TCPv4_SERVER link local: [inetd]

Sat Aug 22 13:18:34 2015 TCPv4_SERVER link remote: [AF_INET]192.168.99.2:58992

Sat Aug 22 13:18:34 2015 MULTI: multi_init called, r=256 v=256

Sat Aug 22 13:18:34 2015 IFCONFIG POOL: base=192.168.2.200 size=13, ipv6=0

Sat Aug 22 13:18:34 2015 MULTI: TCP INIT maxclients=1020 maxevents=1024

Sat Aug 22 13:18:34 2015 Initialization Sequence Completed

Sat Aug 22 13:18:34 2015 TCP connection established with [AF_INET]192.168.99.2:58992

Sat Aug 22 13:18:34 2015 192.168.99.2:58992 TLS: Initial packet from [AF_INET]192.168.99.2:58992, sid=397dc691 acdc0e0e

Sat Aug 22 13:18:36 2015 192.168.99.2:58992 VERIFY OK: depth=1, C=DE, ST=xxx L=xxx, O=Internet Ltd., OU=MyOrganizationalUnit, CN=Internet Ltd. CA, name=xxx, emailAddress=xxx

Sat Aug 22 13:18:36 2015 192.168.99.2:58992 VERIFY OK: depth=0, C=DE, ST=xxx2, L=xxx2, O=Internet Ltd., OU=MyOrganizationalUnit, CN=xxx2, name=xxx, emailAddress=xxx

Sat Aug 22 13:18:37 2015 192.168.99.2:58992 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Aug 22 13:18:37 2015 192.168.99.2:58992 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:18:37 2015 192.168.99.2:58992 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Aug 22 13:18:37 2015 192.168.99.2:58992 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:18:37 2015 192.168.99.2:58992 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Sat Aug 22 13:18:37 2015 192.168.99.2:58992 [bruehl] Peer Connection Initiated with [AF_INET]192.168.99.2:58992

Sat Aug 22 13:18:37 2015 bruehl/192.168.99.2:58992 MULTI_sva: pool returned IPv4=192.168.2.202, IPv6=(Not enabled)

Sat Aug 22 13:18:37 2015 bruehl/192.168.99.2:58992 MULTI: Learn: 192.168.2.202 -> bruehl/192.168.99.2:58992

Sat Aug 22 13:18:37 2015 bruehl/192.168.99.2:58992 MULTI: primary virtual IP for bruehl/192.168.99.2:58992: 192.168.2.202

root@fritz:/var/mod/root# cat /var/tmp/debug_openvpn.out

Sat Aug 22 13:23:07 2015 OpenVPN 2.3.8 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [IPv6] built on Aug 7 2015

Sat Aug 22 13:23:07 2015 library versions: OpenSSL 0.9.8zg 11 Jun 2015, LZO 2.09

Sat Aug 22 13:23:08 2015 Diffie-Hellman initialized with 2048 bit key

Sat Aug 22 13:23:08 2015 Control Channel Authentication: using '/tmp/flash/openvpn/static.key' as a OpenVPN static key file

Sat Aug 22 13:23:08 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:23:08 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:23:08 2015 TUN/TAP device tun0 opened

Sat Aug 22 13:23:08 2015 TUN/TAP TX queue length set to 100

Sat Aug 22 13:23:08 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Sat Aug 22 13:23:08 2015 /sbin/ifconfig tun0 192.168.2.1 pointopoint 192.168.188.1 mtu 1500

Sat Aug 22 13:23:08 2015 /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.188.1

Sat Aug 22 13:23:08 2015 chroot to '/var/tmp/openvpn' and cd to '/' succeeded

Sat Aug 22 13:23:08 2015 GID set to openvpn

Sat Aug 22 13:23:08 2015 UID set to openvpn

Sat Aug 22 13:23:09 2015 TCP connection established with [AF_INET]192.168.99.2:58993

Sat Aug 22 13:23:09 2015 TCPv4_SERVER link local: [inetd]

Sat Aug 22 13:23:09 2015 TCPv4_SERVER link remote: [AF_INET]192.168.99.2:58993

Sat Aug 22 13:23:09 2015 MULTI: multi_init called, r=256 v=256

Sat Aug 22 13:23:09 2015 IFCONFIG POOL: base=192.168.2.200 size=13, ipv6=0

Sat Aug 22 13:23:09 2015 MULTI: TCP INIT maxclients=1020 maxevents=1024

Sat Aug 22 13:23:09 2015 Initialization Sequence Completed

Sat Aug 22 13:23:09 2015 TCP connection established with [AF_INET]192.168.99.2:58993

Sat Aug 22 13:23:09 2015 192.168.99.2:58993 TLS: Initial packet from [AF_INET]192.168.99.2:58993, sid=5d082e97 f5b8ea24

Sat Aug 22 13:23:11 2015 192.168.99.2:58993 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=Internet Ltd., OU=MyOrganizationalUnit, CN=Internet Ltd. CA, name=xxx, emailAddress=xxx

Sat Aug 22 13:23:11 2015 192.168.99.2:58993 VERIFY OK: depth=0, C=DE, ST=xxx2, L=xxx2, O=Internet Ltd., OU=MyOrganizationalUnit, CN=xxx, name=xxx, emailAddress=xxx

Sat Aug 22 13:23:12 2015 192.168.99.2:58993 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Aug 22 13:23:12 2015 192.168.99.2:58993 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:23:12 2015 192.168.99.2:58993 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Aug 22 13:23:12 2015 192.168.99.2:58993 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:23:12 2015 192.168.99.2:58993 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Sat Aug 22 13:23:12 2015 192.168.99.2:58993 [bruehl] Peer Connection Initiated with [AF_INET]192.168.99.2:58993

Sat Aug 22 13:23:12 2015 bruehl/192.168.99.2:58993 MULTI_sva: pool returned IPv4=192.168.2.202, IPv6=(Not enabled)

Sat Aug 22 13:23:12 2015 bruehl/192.168.99.2:58993 MULTI: Learn: 192.168.2.202 -> xxx2/192.168.99.2:58993

Sat Aug 22 13:23:12 2015 bruehl/192.168.99.2:58993 MULTI: primary virtual IP for xxx2/192.168.99.2:58993: 192.168.2.202

Sat Aug 22 13:23:14 2015 bruehl/192.168.99.2:58993 PUSH: Received control message: 'PUSH_REQUEST'

Sat Aug 22 13:23:14 2015 bruehl/192.168.99.2:58993 send_push_reply(): safe_cap=940

Sat Aug 22 13:23:14 2015 bruehl/192.168.99.2:58993 SENT CONTROL [xxx2]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 192.168.2.1,route 192.168.2.1,ping 10,ping-restart 120,ifconfig 192.168.2.202 192.168.2.201' (status=1)

server.png

Client:

Code:

root@fritz:/var/mod/root# cat /var/tmp/debug_openvpn.out

Sat Aug 22 13:21:33 2015 OpenVPN 2.3.8 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [IPv6] built on Aug  9 2015

Sat Aug 22 13:21:33 2015 library versions: OpenSSL 0.9.8zg 11 Jun 2015, LZO 2.09

Sat Aug 22 13:21:33 2015 WARNING: No server certificate verification method has been enabled.  See http://ift.tt/oqAHkN for more info.

Sat Aug 22 13:21:33 2015 Control Channel Authentication: using '/tmp/flash/openvpn/static.key' as a OpenVPN static key file

Sat Aug 22 13:21:33 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:21:33 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:21:33 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]

Sat Aug 22 13:21:33 2015 NOTE: chroot will be delayed because of --client, --pull, or --up-delay

Sat Aug 22 13:21:33 2015 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

Sat Aug 22 13:21:33 2015 Attempting to establish TCP connection with [AF_INET]192.168.99.1:443 [nonblock]

Sat Aug 22 13:21:34 2015 TCP connection established with [AF_INET]192.168.99.1:443

Sat Aug 22 13:21:34 2015 TCPv4_CLIENT link local: [undef]

Sat Aug 22 13:21:34 2015 TCPv4_CLIENT link remote: [AF_INET]192.168.99.1:443

Sat Aug 22 13:21:34 2015 TLS: Initial packet from [AF_INET]192.168.99.1:443, sid=79e252dc 0fa86f49

Sat Aug 22 13:21:35 2015 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=Internet Ltd., OU=MyOrganizationalUnit, CN=Internet Ltd. CA, name=xxx, emailAddress=xxx

Sat Aug 22 13:21:35 2015 VERIFY OK: depth=0, C=DE, ST=xxx, L=xxx, O=Internet Ltd., OU=MyOrganizationalUnit, CN=xxx, name=xxx, emailAddress=xxx

Sat Aug 22 13:21:37 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Aug 22 13:21:37 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:21:37 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Sat Aug 22 13:21:37 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Aug 22 13:21:37 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Sat Aug 22 13:21:37 2015 [xxx] Peer Connection Initiated with [AF_INET]192.168.99.1:443

Sat Aug 22 13:21:39 2015 SENT CONTROL [xxx]: 'PUSH_REQUEST' (status=1)

Sat Aug 22 13:21:40 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 192.168.2.1,route 192.168.2.1,ping 10,ping-restart 120,ifconfig 192.168.2.202 192.168.2.201'

Sat Aug 22 13:21:40 2015 OPTIONS IMPORT: timers and/or timeouts modified

Sat Aug 22 13:21:40 2015 OPTIONS IMPORT: --ifconfig/up options modified

Sat Aug 22 13:21:40 2015 OPTIONS IMPORT: route options modified

Sat Aug 22 13:21:40 2015 TUN/TAP device tun0 opened

Sat Aug 22 13:21:40 2015 TUN/TAP TX queue length set to 100

Sat Aug 22 13:21:40 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Sat Aug 22 13:21:40 2015 /sbin/ifconfig tun0 192.168.2.202 pointopoint 192.168.2.201 mtu 1500

Sat Aug 22 13:21:40 2015 /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1

route: SIOCADDRT: File exists

Sat Aug 22 13:21:40 2015 ERROR: Linux route add command failed: external program exited with error status: 1

Sat Aug 22 13:21:40 2015 /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1

route: SIOCADDRT: File exists

Sat Aug 22 13:21:40 2015 ERROR: Linux route add command failed: external program exited with error status: 1

Sat Aug 22 13:21:40 2015 /sbin/route add -net 192.168.2.1 netmask 255.255.255.255 gw 192.168.2.201

Sat Aug 22 13:21:40 2015 chroot to '/var/tmp/openvpn' and cd to '/' succeeded

Sat Aug 22 13:21:40 2015 GID set to openvpn

Sat Aug 22 13:21:40 2015 UID set to openvpn

Sat Aug 22 13:21:40 2015 Initialization Sequence Completed

root@fritz:/var/mod/root# netstat -r

Kernel IP routing table

Destination    Gateway        Genmask        Flags  MSS Window  irtt Iface

192.168.180.1  *              255.255.255.255 UH        0 0          0 dsl

192.168.2.201  *              255.255.255.255 UH        0 0          0 tun0

192.168.180.2  *              255.255.255.255 UH        0 0          0 dsl

192.168.2.1    192.168.2.201  255.255.255.255 UGH      0 0          0 tun0

192.168.99.1    *              255.255.255.255 UH        0 0          0 dsl

192.168.2.0    192.168.2.1    255.255.255.0  UG        0 0          0 dsl

192.168.99.0    *              255.255.255.0  U        0 0          0 dsl

192.168.188.0  *              255.255.255.0  U        0 0          0 lan

192.168.189.0  *              255.255.255.0  U        0 0          0 guest

169.254.0.0    *              255.255.0.0    U        0 0          0 lan

default        *              0.0.0.0        U        0 0          0 dsl

client.png

Angehängte Grafiken

server.png (76,1 KB)
client.png (67,9 KB)

OpenVPN - Routing funktioniert nicht

IP Phone

samedi 22 août 2015

OpenVPN - Routing funktioniert nicht

Aucun commentaire:

Enregistrer un commentaire