OpenVPN - Servidor Ubuntu 10.04 LTS e Clientes Windows

joserf

Neste Howto vou explicar, detalhadamente, como configurar uma VPN entre Ubuntu 10.04 LTS e Windows XP.

[ Hits: 31.645 ]

Por: José Rodrigues Filho em 27/08/2012

0 0

Denuncie Favoritos Indicar Impressora

Introdução

Reconheço que existem vários tutoriais aqui VOL, mas quando estava configurando minha própria VPN, tive algumas dúvidas em alguns artigos. Tudo estava certo, a VPN conectava, mas não tinha acesso ao servidor.

Então, estou postando a "receita de bolo" à minha maneira.

Pré-requisitos:

Servidor Ubuntu 10.04 LTS;
Cliente com Windows XP, ou superior, instalado.

Cenário:

Instalação do servidor OpenVPN

sudo apt-get install openvpn

Após a instalação, entre na pasta do OpenVPN, copie os arquivos de exemplo de configuração da pasta /usr/share/doc/openvpn/examples/easy-rsa/2.0/, para a pasta /etc/openvpn:

cd /etc/openvpn/
$ sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/

Entre na pasta 2.0:

cd 2.0/

Edite o arquivo "vars", ajustando as últimas linhas:

sudo vim vars

export KEY_COUNTRY="BR"
export KEY_PROVINCE="SP"
export KEY_CITY="FcoDaRocha"
# Coloque o nome da sua empresa abaixo
export KEY_ORG="Ubuntu"
export KEY_EMAIL="meuemail@meu_provedor.com"

Entre como root:

sudo su

Agora, execute os comandos abaixo, um de cada vez:

# source ./vars

Você vai receber a seguinte mensagem:

NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/2.0/keys

# ./clean-all

Ao rodar o comando abaixo, tecle ENTER apenas para ele completar as informações já adicionadas em "vars".

Ao chegar em: Organizational Unit Name (eg, section) []

- Colocar: TI
- Em Name []: Coloque exatamente como preenchido no arquivo "vars", no nosso exemplo, vai ficar Ubuntu

# ./build-ca

Próxima página

Páginas do artigo

   1. Introdução
   2. Certificados
   3. Configurando a Máquina Cliente

Outros artigos deste autor

Drivers de impressão para clientes com Windows 7/XP

FTP com autenticação LDAP

CUPS + Jasmine Ubuntu Server 10.04 LTS (gerenciador de impressões e relatórios de impressão)

Recebendo relatório do SARG via e-mail (Gmail)

CUPS + Jasmine (gerenciador de impressões e relatórios de impressão)

Leitura recomendada

Instalação Minimalista do Void Linux

Virtualização de sistemas

Bind9 slave em chroot no Debian Lenny

Squirrelmail em português sem gambiarra

Instalação do CentOS Atomic para Gerenciamento de Containers Docker

Comentários

[1] Comentário enviado por m29 em 23/12/2012 - 20:31h

conecta mas não pinga, ja pesquisei em outros forum muitas pessoas tem esse mesmo erro mas nimguem sabe a solução
caso possa ajudar estou no agurdo

0 0

[2] Comentário enviado por joserf em 12/02/2013 - 01:04h

amigo só agora vi sua msg, mas aqui funciona perfeitamente, ja conseguiu resolver ?

0 0

[3] Comentário enviado por m29 em 22/02/2013 - 22:16h

fiz tudo novamente e persiste o mesmo erro, conecta mas não pinga
fiz o teste com apache e funcionou, mas não pinga

olha a conexão:

Fri Feb 22 22:11:56 2013 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Feb 14 2013
Fri Feb 22 22:11:56 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 22 22:11:56 2013 Need hold release from management interface, waiting...
Fri Feb 22 22:11:56 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'state on'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'log all on'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'hold off'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'hold release'
Fri Feb 22 22:11:56 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Feb 22 22:11:56 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Feb 22 22:11:57 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 22 22:11:57 2013 UDPv4 link local (bound): [undef]
Fri Feb 22 22:11:57 2013 UDPv4 link remote: [AF_INET]187.21.108.240:6999
Fri Feb 22 22:11:57 2013 MANAGEMENT: >STATE:1361581917,WAIT,,,
Fri Feb 22 22:11:57 2013 MANAGEMENT: >STATE:1361581917,AUTH,,,
Fri Feb 22 22:11:57 2013 TLS: Initial packet from [AF_INET]172.16.1.254:6999, sid=557b6266 1e678bba
Fri Feb 22 22:11:57 2013 VERIFY OK: depth=1, C=BR, ST=SP, L=FcoDaRocha, O=Ubuntu, OU=TI, CN=Ubuntu CA, name=ubuntu, emailAddress=meuemail@meu_provedor.com
Fri Feb 22 22:11:57 2013 VERIFY OK: depth=0, C=BR, ST=SP, L=FcoDaRocha, O=Ubuntu, OU=TI, CN=vpn, name=vpn, emailAddress=meuemail@meu_provedor.com
Fri Feb 22 22:11:57 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 22 22:11:57 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 22 22:11:57 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 22 22:11:57 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 22 22:11:57 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 22 22:11:57 2013 [vpn] Peer Connection Initiated with [AF_INET]172.16.1.254:6999
Fri Feb 22 22:11:58 2013 MANAGEMENT: >STATE:1361581918,GET_CONFIG,,,
Fri Feb 22 22:12:00 2013 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Fri Feb 22 22:12:00 2013 PUSH: Received control message: 'PUSH_REPLY,route 10.15.0.0 255.255.255.0,route 10.15.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.15.0.6 10.15.0.5'
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: timers and/or timeouts modified
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: --ifconfig/up options modified
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: route options modified
Fri Feb 22 22:12:00 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 22 22:12:00 2013 MANAGEMENT: >STATE:1361581920,ASSIGN_IP,,10.15.0.6,
Fri Feb 22 22:12:00 2013 open_tun, tt->ipv6=0
Fri Feb 22 22:12:00 2013 TAP-WIN32 device [Conexão local 3] opened: \\.\Global\{6EB3C5AD-EBA8-4863-B23F-93ABC9CDCA3A}.tap
Fri Feb 22 22:12:00 2013 TAP-Windows Driver Version 9.9
Fri Feb 22 22:12:00 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.15.0.6/255.255.255.252 on interface {6EB3C5AD-EBA8-4863-B23F-93ABC9CDCA3A} [DHCP-serv: 10.15.0.5, lease-time: 31536000]
Fri Feb 22 22:12:00 2013 NOTE: FlushIpNetTable failed on interface [18] {6EB3^Vnx
Fri Feb 22 22:12:05 2013 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Fri Feb 22 22:12:05 2013 MANAGEMENT: >STATE:1361581925,ADD_ROUTES,,,
Fri Feb 22 22:12:05 2013 C:\Windows\system32\route.exe ADD 10.15.0.0 MASK 255.255.255.0 10.15.0.5
Fri Feb 22 22:12:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Acesso negado. [status=5 if_index=18]
Fri Feb 22 22:12:05 2013 Route addition via IPAPI failed [adaptive]
Fri Feb 22 22:12:05 2013 Route addition fallback to route.exe
Fri Feb 22 22:12:05 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 22 22:12:05 2013 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 22 22:12:05 2013 C:\Windows\system32\route.exe ADD 10.15.0.1 MASK 255.255.255.255 10.15.0.5
Fri Feb 22 22:12:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Acesso negado. [status=5 if_index=18]
Fri Feb 22 22:12:05 2013 Route addition via IPAPI failed [adaptive]
Fri Feb 22 22:12:05 2013 Route addition fallback to route.exe
Fri Feb 22 22:12:05 2013 env_bloº^VÒx
Fri Feb 22 22:12:05 2013 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 22 22:12:05 2013 Initialization Sequence Completed
Fri Feb 22 22:12:05 2013 MANAGEMENT: >STATE:1361581925,CONNECTED,SUCCESS,10.15.0.6,172.16.1.254

0 0

[4] Comentário enviado por joserf em 07/04/2013 - 20:44h

[3] Comentário enviado por newchel em 22/02/2013 - 22:16h:

fiz tudo novamente e persiste o mesmo erro, conecta mas não pinga
fiz o teste com apache e funcionou, mas não pinga

olha a conexão:

Fri Feb 22 22:11:56 2013 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Feb 14 2013
Fri Feb 22 22:11:56 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 22 22:11:56 2013 Need hold release from management interface, waiting...
Fri Feb 22 22:11:56 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'state on'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'log all on'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'hold off'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'hold release'
Fri Feb 22 22:11:56 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Feb 22 22:11:56 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Feb 22 22:11:57 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 22 22:11:57 2013 UDPv4 link local (bound): [undef]
Fri Feb 22 22:11:57 2013 UDPv4 link remote: [AF_INET]187.21.108.240:6999
Fri Feb 22 22:11:57 2013 MANAGEMENT: >STATE:1361581917,WAIT,,,
Fri Feb 22 22:11:57 2013 MANAGEMENT: >STATE:1361581917,AUTH,,,
Fri Feb 22 22:11:57 2013 TLS: Initial packet from [AF_INET]172.16.1.254:6999, sid=557b6266 1e678bba
Fri Feb 22 22:11:57 2013 VERIFY OK: depth=1, C=BR, ST=SP, L=FcoDaRocha, O=Ubuntu, OU=TI, CN=Ubuntu CA, name=ubuntu, emailAddress=meuemail@meu_provedor.com
Fri Feb 22 22:11:57 2013 VERIFY OK: depth=0, C=BR, ST=SP, L=FcoDaRocha, O=Ubuntu, OU=TI, CN=vpn, name=vpn, emailAddress=meuemail@meu_provedor.com
Fri Feb 22 22:11:57 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 22 22:11:57 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 22 22:11:57 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 22 22:11:57 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 22 22:11:57 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 22 22:11:57 2013 [vpn] Peer Connection Initiated with [AF_INET]172.16.1.254:6999
Fri Feb 22 22:11:58 2013 MANAGEMENT: >STATE:1361581918,GET_CONFIG,,,
Fri Feb 22 22:12:00 2013 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Fri Feb 22 22:12:00 2013 PUSH: Received control message: 'PUSH_REPLY,route 10.15.0.0 255.255.255.0,route 10.15.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.15.0.6 10.15.0.5'
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: timers and/or timeouts modified
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: --ifconfig/up options modified
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: route options modified
Fri Feb 22 22:12:00 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 22 22:12:00 2013 MANAGEMENT: >STATE:1361581920,ASSIGN_IP,,10.15.0.6,
Fri Feb 22 22:12:00 2013 open_tun, tt->ipv6=0
Fri Feb 22 22:12:00 2013 TAP-WIN32 device [Conexão local 3] opened: \\.\Global\{6EB3C5AD-EBA8-4863-B23F-93ABC9CDCA3A}.tap
Fri Feb 22 22:12:00 2013 TAP-Windows Driver Version 9.9
Fri Feb 22 22:12:00 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.15.0.6/255.255.255.252 on interface {6EB3C5AD-EBA8-4863-B23F-93ABC9CDCA3A} [DHCP-serv: 10.15.0.5, lease-time: 31536000]
Fri Feb 22 22:12:00 2013 NOTE: FlushIpNetTable failed on interface [18] {6EB3^Vnx
Fri Feb 22 22:12:05 2013 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Fri Feb 22 22:12:05 2013 MANAGEMENT: >STATE:1361581925,ADD_ROUTES,,,
Fri Feb 22 22:12:05 2013 C:\Windows\system32\route.exe ADD 10.15.0.0 MASK 255.255.255.0 10.15.0.5
Fri Feb 22 22:12:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Acesso negado. [status=5 if_index=18]
Fri Feb 22 22:12:05 2013 Route addition via IPAPI failed [adaptive]
Fri Feb 22 22:12:05 2013 Route addition fallback to route.exe
Fri Feb 22 22:12:05 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 22 22:12:05 2013 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 22 22:12:05 2013 C:\Windows\system32\route.exe ADD 10.15.0.1 MASK 255.255.255.255 10.15.0.5
Fri Feb 22 22:12:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Acesso negado. [status=5 if_index=18]
Fri Feb 22 22:12:05 2013 Route addition via IPAPI failed [adaptive]
Fri Feb 22 22:12:05 2013 Route addition fallback to route.exe
Fri Feb 22 22:12:05 2013 env_bloº^VÒx
Fri Feb 22 22:12:05 2013 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 22 22:12:05 2013 Initialization Sequence Completed
Fri Feb 22 22:12:05 2013 MANAGEMENT: >STATE:1361581925,CONNECTED,SUCCESS,10.15.0.6,172.16.1.254

Me explique melhor o seu cenario.

0 0

[5] Comentário enviado por marceloviana em 01/06/2015 - 16:35h

Joserf, Obrigado pelo artigo!

Como eu faço para permitir a comunicação entre os clientes que estão conectados no servidor?

0 0

[6] Comentário enviado por marceloviana em 01/06/2015 - 20:29h

Descobri como permitir a comunicação entre clientes, faltava só habilitar a travessia de pacotes:
echo 1 > /proc/sys/net/ipv4/ip_forward

Obrigado!

0 0