Ho softetherVpn server ed ho generato le configurazioni per i client (openvpn).
Vorrei che la connessione fosse TAP perchè così posso settare un MAC tramite la direttiva lladdr dal file di configurazione client di openvpn.
Il client in questo caso è un PLC Wago. Avevo fatto tutto ed è funzionato alla grande per vari mesi. Adesso ho avuto la necessità di flashare il firmware del Plc e quindi ho dovuto reimportare tutto.
Adesso però con la solita configurazione non funziona in modalità tap (in TUN sì).
Client Config:
Codice: Seleziona tutto
lladdr ca:f5:45:30:42:7b
dev tap
proto udp
remote vpn.miodominio.it 1194
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass "/root/credentials"
###############################################################################
# The certificate file of the destination VPN Server.
#
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have to
# specify the signer's root certificate (CA) here.
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
###############################################################################
# The client certificate file (dummy).
#
# In some implementations of OpenVPN Client software
# (for example: OpenVPN Client for iOS),
# a pair of client certificate and private key must be included on the
# configuration file due to the limitation of the client.
# So this sample configuration file has a dummy pair of client certificate
# and private key as follows.
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
Codice: Seleziona tutto
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: UDPv4 link local: [undef]
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: UDPv4 link remote: [AF_INET]<indirizzoIP>:1194
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: TLS: Initial packet from [AF_INET]<indirizzoIP>:1194, sid=5347dd9a 3a3e811c
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: VERIFY OK: depth=0, CN=miodominio.softether.net, O=miodominio Srl, C=IT
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jul 18 11:05:22 PFC200V3-43B7A9 ovpn-openvpn[1060]: [miodominio.softether.net] Peer Connection Initiated with [AF_INET]<indirizzoIP>:1194
Jul 18 11:05:22 PFC200V3-43B7A9 firewall[1547]: pid: 1547, ppid: 1546
Jul 18 11:05:22 PFC200V3-43B7A9 firewall[1547]: uid: 0, euid: 0
Jul 18 11:05:22 PFC200V3-43B7A9 firewall[1547]: gid: 0, egid: 0
Jul 18 11:05:22 PFC200V3-43B7A9 firewall[1547]: execution call: /etc/config-tools/firewall firewall --is-enabled
Jul 18 11:05:22 PFC200V3-43B7A9 firewall[1547]: exit value: 0 (success)
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: SENT CONTROL [miodominio.softether.net]: 'PUSH_REQUEST' (status=1)
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 172.17.0.33 172.17.0.34,dhcp-option DOMAIN CLIENTImiodominio.locale'
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: OPTIONS IMPORT: --ifconfig/up options modified
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: TUN/TAP device tap0 opened
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: TUN/TAP TX queue length set to 100
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: /usr/sbin/ifconfig tap0 hw ether a0:bc:12:34:56:78
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: TUN/TAP link layer address set to a0:bc:12:34:56:78
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: /usr/sbin/ifconfig tap0 172.17.0.33 netmask 172.17.0.34 mtu 1500 broadcast 255.255.255.253
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: Linux ifconfig failed: external program exited with error status: 1
Jul 18 11:05:24 PFC200V3-43B7A9 ovpn-openvpn[1060]: Exiting due to fatal error
Codice: Seleziona tutto
Fri May 17 03:46:41 2019 OpenVPN 2.3.13 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 7 2019
Fri May 17 03:46:41 2019 library versions: OpenSSL 1.0.2m 2 Nov 2017, LZO 2.09
Fri May 17 03:46:41 2019 WARNING: file '/root/credentials' is group or others accessible
Fri May 17 03:46:41 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri May 17 03:46:41 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri May 17 03:46:41 2019 UDPv4 link local: [undef]
Fri May 17 03:46:41 2019 UDPv4 link remote: [AF_INET]<indirizzoIP>:1194
Fri May 17 03:46:41 2019 TLS: Initial packet from [AF_INET]<indirizzoIP>:1194, sid=e57af651 44a5f436
Fri May 17 03:46:41 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri May 17 03:46:41 2019 VERIFY OK: depth=0, CN=miodominio.softether.net, O=miodominio Srl, C=IT
Fri May 17 03:46:41 2019 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May 17 03:46:41 2019 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 17 03:46:41 2019 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May 17 03:46:41 2019 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 17 03:46:41 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri May 17 03:46:41 2019 [miodominio.softether.net] Peer Connection Initiated with [AF_INET]<indirizzoIP>:1194
Fri May 17 03:46:43 2019 SENT CONTROL [miodominio.softether.net]: 'PUSH_REQUEST' (status=1)
Fri May 17 03:46:43 2019 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 172.17.0.33 172.17.0.34,dhcp-option DOMAIN CLIENTImiodominio.locale'
Fri May 17 03:46:43 2019 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 17 03:46:43 2019 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 17 03:46:43 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri May 17 03:46:43 2019 TUN/TAP device tun0 opened
Fri May 17 03:46:43 2019 TUN/TAP TX queue length set to 100
Fri May 17 03:46:43 2019 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May 17 03:46:43 2019 /usr/sbin/ifconfig tun0 172.17.0.33 pointopoint 172.17.0.34 mtu 1500
Fri May 17 03:46:43 2019 Initialization Sequence Completed