j'ai déjà désactiver selinux
comment tu peut le voir dans le script il y a les commande suivante
echo 0 > /selinux/enforce
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
cependant même en utilisant setenforce 0 toujours le même problème
httpd n'est pas installer
le port 443 n'est peut être pas le port par défaut pour openvpn mes c'est le plus utilisez car il permet de passez outre les blocage de port des fai comme c'est mon cas
sur mon ordi seul les tcp 443 80 8080 22 25 143 110 et udp 53 22 sont ouvert
la raison et que je me connecte depuis un hotpost sfr wifi car je suis presque tout temps en déplacement et presque jamais cher moi
voici ce qui et afficher sur le client quand je me connecte avec les commande
cd /etc/openvpn
sudo openvpn client.conf
andy@andy-ubuntu:/etc/openvpn$ sudo openvpn client.conf
Thu Feb 28 20:05:32 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
Thu Feb 28 20:05:32 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 28 20:05:32 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb 28 20:05:32 2013 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Thu Feb 28 20:05:32 2013 WARNING: file 'andys1.key' is group or others accessible
Thu Feb 28 20:05:32 2013 LZO compression initialized
Thu Feb 28 20:05:32 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Feb 28 20:05:32 2013 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Feb 28 20:05:32 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Feb 28 20:05:32 2013 Local Options hash (VER=V4): '2547efd2'
Thu Feb 28 20:05:32 2013 Expected Remote Options hash (VER=V4): '77cf0943'
Thu Feb 28 20:05:32 2013 Attempting to establish TCP connection with [AF_INET]91.121.177.128:443 [nonblock]
Thu Feb 28 20:05:33 2013 TCP connection established with [AF_INET]91.121.177.128:443
Thu Feb 28 20:05:33 2013 TCPv4_CLIENT link local: [undef]
Thu Feb 28 20:05:33 2013 TCPv4_CLIENT link remote: [AF_INET]91.121.177.128:443
Thu Feb 28 20:05:33 2013 TLS: Initial packet from [AF_INET]91.121.177.128:443, sid=23f20421 c710a228
Thu Feb 28 20:05:34 2013 VERIFY OK: depth=1, /C=FR/ST=59/L=Roubaix/O=s1.frabelu.eu/OU=changeme/CN=changeme/name=changeme/emailAddress=andykimpe@gmail.com
Thu Feb 28 20:05:34 2013 VERIFY OK: depth=0, /C=FR/ST=59/L=Roubaix/O=s1.frabelu.eu/OU=changeme/CN=server/name=changeme/emailAddress=andykimpe@gmail.com
Thu Feb 28 20:05:35 2013 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1576', remote='link-mtu 1544'
Thu Feb 28 20:05:35 2013 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Thu Feb 28 20:05:35 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 28 20:05:35 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 28 20:05:35 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 28 20:05:35 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 28 20:05:35 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Feb 28 20:05:35 2013 [server] Peer Connection Initiated with [AF_INET]91.121.177.128:443
Thu Feb 28 20:05:37 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Feb 28 20:05:37 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5'
Thu Feb 28 20:05:37 2013 OPTIONS IMPORT: timers and/or timeouts modified
Thu Feb 28 20:05:37 2013 OPTIONS IMPORT: --ifconfig/up options modified
Thu Feb 28 20:05:37 2013 OPTIONS IMPORT: route options modified
Thu Feb 28 20:05:37 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Feb 28 20:05:37 2013 ROUTE default_gateway=192.168.2.1
Thu Feb 28 20:05:37 2013 TUN/TAP device tun0 opened
Thu Feb 28 20:05:37 2013 TUN/TAP TX queue length set to 100
Thu Feb 28 20:05:37 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Feb 28 20:05:37 2013 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Thu Feb 28 20:05:37 2013 /etc/openvpn/update-resolv-conf tun0 1500 1576 10.8.0.6 10.8.0.5 init
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
Thu Feb 28 20:05:37 2013 /sbin/route add -net 91.121.177.128 netmask 255.255.255.255 gw 192.168.2.1
Thu Feb 28 20:05:37 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Thu Feb 28 20:05:37 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Thu Feb 28 20:05:37 2013 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Thu Feb 28 20:05:37 2013 Initialization Sequence Completed
et fichier de status du serveur /etc/openvpn/443.log
[root@ks363075 ~]#cat /etc/openvpn/443.log
OpenVPN CLIENT LIST
Updated,Thu Feb 28 20:09:04 2013
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
andys1,109.28.132.11:38359,127721,33661,Thu Feb 28 20:05:32 2013
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,andys1,109.28.132.11:38359,Thu Feb 28 20:09:03 2013
GLOBAL STATS
Max bcast/mcast queue length,0
END
fichier de configuration du serveur
[root@ks363075 ~]# cat /etc/openvpn/server.conf
mode server
proto tcp
port 443
dev tun
# Cles et certificats
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
# Reseau
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 443.log
verb 3
fichier de configuration du serveur
andy@andy-ubuntu:/etc/openvpn$
# Client
client
dev tun
proto tcp
remote ipduserveur 443
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
cert andys1.crt
key andys1.key
comp-lzo
reneg-sec 0
verb 3
script-security 3 system
up /etc/openvpn/update-resolv-conf
sur le client dans /etc/openvpn/update-resolv-conf j'ai ceci
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
[ -x /sbin/resolvconf ] || exit 0
case $script_type in
up)
for optionname in ${!foreign_option_*} ; do
option="${!optionname}"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [ "$part2" == "DOMAIN" ] ; then
IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
fi
fi
done
R=""
for SS in $IF_DNS_SEARCH ; do
R="${R}search $SS
"
done
for NS in $IF_DNS_NAMESERVERS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
;;
down)
/sbin/resolvconf -d "${dev}.inet"
;;
esac
pour information le serveur et cher ovh il et installer sur la distribution Fedora Core 17 "Beefy Miracle" qui et une distribution 64 bit
le client et sur ubuntu 12.04 64 bit également