Przy łaczeniu z klienta log
Wed Jan 15 21:41:35 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jun 3 2013
Wed Jan 15 21:41:36 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Wed Jan 15 21:41:36 2014 Need hold release from management interface, waiting…
Wed Jan 15 21:41:36 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Wed Jan 15 21:41:36 2014 MANAGEMENT: CMD 'state on’
Wed Jan 15 21:41:36 2014 MANAGEMENT: CMD 'log all on’
Wed Jan 15 21:41:36 2014 MANAGEMENT: CMD 'hold off’
Wed Jan 15 21:41:36 2014 MANAGEMENT: CMD 'hold release’
Wed Jan 15 21:41:41 2014 MANAGEMENT: CMD 'password […]'
Wed Jan 15 21:41:41 2014 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 15 21:41:41 2014 MANAGEMENT: >STATE:1389818501,RESOLVE,
Wed Jan 15 21:41:41 2014 UDPv4 link local: [undef]
Wed Jan 15 21:41:41 2014 UDPv4 link remote: [AF_INET]77.255.211.136:1198
Wed Jan 15 21:41:41 2014 MANAGEMENT: >STATE:1389818501,WAIT,
Wed Jan 15 21:42:41 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 15 21:42:41 2014 TLS Error: TLS handshake failed
Wed Jan 15 21:42:41 2014 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 15 21:42:41 2014 MANAGEMENT: >STATE:1389818561,RECONNECTING,tls-error,
Wed Jan 15 21:42:41 2014 Restart pause, 2 second(s)
Wed Jan 15 21:42:43 2014 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 15 21:42:43 2014 MANAGEMENT: >STATE:1389818563,RESOLVE,
Wed Jan 15 21:42:43 2014 UDPv4 link local: [undef]
Wed Jan 15 21:42:43 2014 UDPv4 link remote: [AF_INET]77.255.211.136:1198
Wed Jan 15 21:42:43 2014 MANAGEMENT: >STATE:1389818563,WAIT,
Pliki konfiguracyjne klienta plik .ovpn
##############################################
Sample client-side OpenVPN 2.0 config file
for connecting to multi-client server.
This configuration can be used by multiple
clients, however each client should have
its own cert and key files.
On Windows, you might want to rename this
file so it has a .ovpn extension
##############################################
Specify that we are a client and that we
will be pulling certain config file directives
from the server.
client
Use the same setting as you are using on
the server.
On most systems, the VPN will not function
unless you partially or fully disable
the firewall for the TUN/TAP interface.
;dev tap
dev tun
Windows needs the TAP-Win32 adapter name
from the Network Connections panel
if you have more than one. On XP SP2,
you may need to disable the firewall
for the TAP adapter.
;dev-node MyTap
Are we connecting to a TCP or
UDP server? Use the same setting as
on the server.
;proto tcp
proto udp
The hostname/IP and port of the server.
You can have multiple remote entries
to load balance between the servers.
remote nzozkrosnice.no-ip.biz 1198
;remote my-server-2 1194
Choose a random host from the remote
list for load-balancing. Otherwise
try hosts in the order specified.
;remote-random
Keep trying indefinitely to resolve the
host name of the OpenVPN server. Very useful
on machines which are not permanently connected
to the internet such as laptops.
resolv-retry infinite
Most clients don’t need to bind to
a specific local port number.
nobind
Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
Try to preserve some state across restarts.
persist-key
persist-tun
If you are connecting through an
HTTP proxy to reach the actual OpenVPN
server, put the proxy server/IP and
port number here. See the man page
if your proxy server requires
authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
Wireless networks often produce a lot
of duplicate packets. Set this flag
to silence duplicate packet warnings.
;mute-replay-warnings
SSL/TLS parms.
See the server config file for more
description. It’s best to use
a separate .crt/.key file pair
for each client. A single ca
file can be used for all clients.
ca ca.crt
cert kuznica_dr.crt
key kuznica_dr.key
Verify server certificate by checking
that the certicate has the nsCertType
field set to “server”. This is an
important precaution to protect against
a potential attack discussed here:
To use this feature, you will need to generate
your server certificates with the nsCertType
field set to “server”. The build-key-server
script in the easy-rsa folder will do this.
ns-cert-type server
If a tls-auth key is used on the server
then every client must also have the key.
;tls-auth ta.key 1
Select a cryptographic cipher.
If the cipher option is used on the server
then you must also specify it here.
;cipher BF-CBC
Enable compression on the VPN link.
Don’t enable this unless it is also
enabled in the server config file.
comp-lzo
Set log file verbosity.
verb 3
Silence repeating messages
;mute 20
auth-nocache
Plik konfiguracyjny klienta .ovpn na którym połaczenie działa
##############################################
Sample client-side OpenVPN 2.0 config file
for connecting to multi-client server.
This configuration can be used by multiple
clients, however each client should have
its own cert and key files.
On Windows, you might want to rename this
file so it has a .ovpn extension
##############################################
Specify that we are a client and that we
will be pulling certain config file directives
from the server.
client
Use the same setting as you are using on
the server.
On most systems, the VPN will not function
unless you partially or fully disable
the firewall for the TUN/TAP interface.
;dev tap
dev tun
Windows needs the TAP-Win32 adapter name
from the Network Connections panel
if you have more than one. On XP SP2,
you may need to disable the firewall
for the TAP adapter.
;dev-node MyTap
Are we connecting to a TCP or
UDP server? Use the same setting as
on the server.
;proto tcp
proto udp
The hostname/IP and port of the server.
You can have multiple remote entries
to load balance between the servers.
remote nzozkrosnice.no-ip.biz 1198
;remote my-server-2 1194
Choose a random host from the remote
list for load-balancing. Otherwise
try hosts in the order specified.
;remote-random
Keep trying indefinitely to resolve the
host name of the OpenVPN server. Very useful
on machines which are not permanently connected
to the internet such as laptops.
resolv-retry infinite
Most clients don’t need to bind to
a specific local port number.
nobind
Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
Try to preserve some state across restarts.
persist-key
persist-tun
If you are connecting through an
HTTP proxy to reach the actual OpenVPN
server, put the proxy server/IP and
port number here. See the man page
if your proxy server requires
authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
Wireless networks often produce a lot
of duplicate packets. Set this flag
to silence duplicate packet warnings.
;mute-replay-warnings
SSL/TLS parms.
See the server config file for more
description. It’s best to use
a separate .crt/.key file pair
for each client. A single ca
file can be used for all clients.
ca ca.crt
cert kuznica_dr.crt
key kuznica_dr.key
Verify server certificate by checking
that the certicate has the nsCertType
field set to “server”. This is an
important precaution to protect against
a potential attack discussed here:
To use this feature, you will need to generate
your server certificates with the nsCertType
field set to “server”. The build-key-server
script in the easy-rsa folder will do this.
ns-cert-type server
If a tls-auth key is used on the server
then every client must also have the key.
;tls-auth ta.key 1
Select a cryptographic cipher.
If the cipher option is used on the server
then you must also specify it here.
;cipher BF-CBC
Enable compression on the VPN link.
Don’t enable this unless it is also
enabled in the server config file.
comp-lzo
Set log file verbosity.
verb 3
Silence repeating messages
;mute 20
auth-nocache
Co mam jeszcze podać? Czy jeszcze jakieś pliki mam tu podać?
Do moda: W dokumentacji szperałem ale nie mogę znaleźć nic na temat postawienia serwera na windows serwer. Wszystkie komendy są linuxowe. Poradniki w sieci przejrzałem.