Hi kaschuppke,
ich habe jetzt die Server Push-Route Option "Green Network" wieder deaktiviert und einen Test durchgeführt.
Ich habe mich als RoadWarrior vom
candia Ubuntu Client mit NetworkManager zum
hermes IPCop OpenVPN Server verbunden (über den
Red Netzwerk).
Ich konnte dann z.B. auf http ://192.168.1.9 im
Green LAN zugreifen.
Dann habe ich die OpenVPN Verbindung beendet.
Hier sind die Logs.
Server
/var/log/messages:
Code:
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:44919, sid=39f83f08 fa70c17a
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 VERIFY SCRIPT OK: depth=1, C=zz, ST=yy, O=xxxx, CN=xxxxCA, emailAddress=uuuu@aaaa.zz
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 CRL CHECK OK: C=zz, ST=yy, O=xxxx, CN=xxxxCA, emailAddress=uuuu@aaaa.zz
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 VERIFY OK: depth=1, C=zz, ST=yy, O=xxxx, CN=xxxxCA, emailAddress=uuuu@aaaa.zz
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 VERIFY SCRIPT OK: depth=0, C=zz, ST=yy, O=xxxx, CN=candia
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 CRL CHECK OK: C=zz, ST=yy, O=xxxx, CN=candia
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 VERIFY OK: depth=0, C=zz, ST=yy, O=xxxx, CN=candia
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Feb 23 09:42:11 hermes openvpnserver[24575]: XXX.XXX.XXX.XXX:44919 [candia] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:44919
Feb 23 09:42:11 hermes openvpnserver[24575]: candia/XXX.XXX.XXX.XXX:44919 MULTI_sva: pool returned IPv4=10.204.41.6, IPv6=(Not enabled)
Feb 23 09:42:11 hermes openvpn: CONNECT candia 10.204.41.6 XXX.XXX.XXX.XXX
Feb 23 09:42:11 hermes openvpnserver[24575]: candia/XXX.XXX.XXX.XXX:44919 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_350ddbdfce6b0f9bd00b2b7ce6d53983.tmp
Feb 23 09:42:11 hermes openvpnserver[24575]: candia/XXX.XXX.XXX.XXX:44919 MULTI: Learn: 10.204.41.6 -> candia/XXX.XXX.XXX.XXX:44919
Feb 23 09:42:11 hermes openvpnserver[24575]: candia/XXX.XXX.XXX.XXX:44919 MULTI: primary virtual IP for candia/XXX.XXX.XXX.XXX:44919: 10.204.41.6
Feb 23 09:42:13 hermes openvpnserver[24575]: candia/XXX.XXX.XXX.XXX:44919 PUSH: Received control message: 'PUSH_REQUEST'
Feb 23 09:42:13 hermes openvpnserver[24575]: candia/XXX.XXX.XXX.XXX:44919 send_push_reply(): safe_cap=940
Feb 23 09:42:13 hermes openvpnserver[24575]: candia/XXX.XXX.XXX.XXX:44919 SENT CONTROL [candia]: 'PUSH_REPLY,route 10.204.41.1,topology net30,ping 10,ping-restart 60,ifconfig 10.204.41.6 10.204.41.5' (status=1)
Feb 23 09:45:16 hermes openvpnserver[24575]: candia/XXX.XXX.XXX.XXX:44919 [candia] Inactivity timeout (--ping-restart), restarting
Feb 23 09:45:16 hermes openvpnserver[24575]: candia/XXX.XXX.XXX.XXX:44919 SIGUSR1[soft,ping-restart] received, client-instance restarting
Feb 23 09:45:16 hermes openvpn: DISCONNECT candia 10.204.41.6 XXX.XXX.XXX.XXX 54183 170544
Client
/var/log/kern.log:
Code:
Feb 23 08:42:11 candia NetworkManager[1292]: <info> [1487839331.6420] audit: op="connection-activate" uuid="42937129-91a5-4e31-91a8-5353d5b6d160" name="candia to hermes" pid=6566 uid=1000 result="success"
Feb 23 08:42:11 candia NetworkManager[1292]: <info> [1487839331.6463] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",0]: Started the VPN service, PID 472
Feb 23 08:42:11 candia NetworkManager[1292]: <info> [1487839331.6526] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",0]: Saw the service appear; activating connection
Feb 23 08:42:11 candia NetworkManager[1292]: <info> [1487839331.7233] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",0]: VPN plugin: state changed: starting (3)
Feb 23 08:42:11 candia NetworkManager[1292]: <info> [1487839331.7234] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",0]: VPN connection: (ConnectInteractive) reply received
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2805] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/5)
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2859] devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2859] device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2884] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",0]: VPN connection: (IP Config Get) reply received.
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2892] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: VPN connection: (IP4 Config Get) reply received
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2900] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: VPN Gateway: YYY.YYY.YYY.YYY
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2902] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: Tunnel Device: tun0
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2903] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: IPv4 configuration:
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2904] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: Internal Gateway: 10.204.41.5
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2904] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: Internal Address: 10.204.41.6
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2904] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: Internal Prefix: 32
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2904] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: Internal Point-to-Point Address: 10.204.41.5
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2905] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: Maximum Segment Size (MSS): 0
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2905] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: Static Route: 10.204.41.1/32 Next Hop: 10.204.41.5
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2905] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: Forbid Default Route: no
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2905] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: DNS Domain: '(none)'
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2905] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: Data: No IPv6 configuration
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2905] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: VPN plugin: state changed: started (4)
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2919] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",6:(tun0)]: VPN connection: (IP Config Get) complete
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2921] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2955] manager: NetworkManager state is now CONNECTED_LOCAL
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2956] manager: NetworkManager state is now CONNECTED_GLOBAL
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2975] keyfile: add connection in-memory (c5160d59-317d-4506-b827-597f9cddf294,"tun0")
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2980] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2986] device (tun0): Activation: starting connection 'tun0' (c5160d59-317d-4506-b827-597f9cddf294)
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2993] device (tun0): state change: disconnected -> prepare (reason 'none') [30 40 0]
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2996] device (tun0): state change: prepare -> config (reason 'none') [40 50 0]
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.2997] device (tun0): state change: config -> ip-config (reason 'none') [50 70 0]
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.3002] device (tun0): state change: ip-config -> ip-check (reason 'none') [70 80 0]
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.3004] device (tun0): state change: ip-check -> secondaries (reason 'none') [80 90 0]
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.3006] device (tun0): state change: secondaries -> activated (reason 'none') [90 100 0]
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.3031] manager: NetworkManager state is now CONNECTED_LOCAL
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.3031] manager: NetworkManager state is now CONNECTED_GLOBAL
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.3032] policy: set 'tun0' (tun0) as default for IPv4 routing and DNS
Feb 23 08:42:14 candia NetworkManager[1292]: <info> [1487839334.3032] device (tun0): Activation: successful, device activated.
Feb 23 08:43:18 candia NetworkManager[1292]: <info> [1487839398.7354] audit: op="connection-deactivate" uuid="42937129-91a5-4e31-91a8-5353d5b6d160" name="candia to hermes" pid=6566 uid=1000 result="success"
Feb 23 08:43:18 candia NetworkManager[1292]: <info> [1487839398.7453] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",0]: VPN plugin: state changed: stopping (5)
Feb 23 08:43:18 candia NetworkManager[1292]: <info> [1487839398.7453] vpn-connection[0xabf1f0,42937129-91a5-4e31-91a8-5353d5b6d160,"candia to hermes",0]: VPN plugin: state changed: stopped (6)
Feb 23 08:43:18 candia NetworkManager[1292]: <info> [1487839398.7465] manager: NetworkManager state is now CONNECTED_LOCAL
Feb 23 08:43:18 candia NetworkManager[1292]: <info> [1487839398.7466] manager: NetworkManager state is now CONNECTED_GLOBAL
Feb 23 08:43:18 candia NetworkManager[1292]: <info> [1487839398.7466] policy: set 'Wired connection' (eth1) as default for IPv4 routing and DNS
Feb 23 08:43:18 candia NetworkManager[1292]: <info> [1487839398.7480] device (tun0): state change: activated -> unmanaged (reason 'unmanaged') [100 10 3]
Feb 23 08:43:18 candia NetworkManager[1292]: <info> [1487839398.7514] devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)
Danke!
erikire