OpenVPN en CentOS6.2

Forums: 

Hola maestro EPE, primero saludarte y las gracias por tus manuales que publicas.
bueno profesor la pregunta es que estoy configurando el Openvpn bajo CentOS6.2, pero al hacer los comandos que menciono me dice que como que permiso denegado, aqui te adjunto los resultados a ver si me hechas la mano profesor....gracias de antemano.


cp -a /usr/share/openvpn*/easy-rsa /etc/openvpn
cd /etc/openvpn/easy-rsa/2.0


[root@centos 2.0]# . vars
-bash: /etc/openvpn/easy-rsa/2.0/whichopensslcnf: Permiso denegado
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys


[root@centos 2.0]# sh clean-all
[root@centos 2.0]# sh build-ca
build-ca: line 8: /etc/openvpn/easy-rsa/2.0/pkitool: Permiso denegado

y aqui el listado del directorio..." /etc/openvpn/easy-rsa/2.0 "


[root@centos 2.0]# ll
total 132
-rw-r--r-- 1 root root 119 nov 24 2011 build-ca
-rw-r--r-- 1 root root 352 nov 24 2011 build-dh
-rw-r--r-- 1 root root 188 nov 24 2011 build-inter
-rw-r--r-- 1 root root 163 nov 24 2011 build-key
-rw-r--r-- 1 root root 157 nov 24 2011 build-key-pass
-rw-r--r-- 1 root root 249 nov 24 2011 build-key-pkcs12
-rw-r--r-- 1 root root 268 nov 24 2011 build-key-server
-rw-r--r-- 1 root root 213 nov 24 2011 build-req
-rw-r--r-- 1 root root 158 nov 24 2011 build-req-pass
-rw-r--r-- 1 root root 428 nov 24 2011 clean-all
-rw-r--r-- 1 root root 1457 nov 24 2011 inherit-inter
drwx------ 2 root root 4096 may 25 10:45 keys
-rw-r--r-- 1 root root 295 nov 24 2011 list-crl
-rw-r--r-- 1 root root 413 nov 24 2011 Makefile
-rw-r--r-- 1 root root 7768 oct 21 2010 openssl-0.9.6.cnf
-rw-r--r-- 1 root root 8325 nov 24 2011 openssl-0.9.8.cnf
-rw-r--r-- 1 root root 8222 nov 24 2011 openssl-1.0.0.cnf
-rw-r--r-- 1 root root 12675 nov 24 2011 pkitool
-rw-r--r-- 1 root root 9299 nov 24 2011 README
-rw-r--r-- 1 root root 918 nov 24 2011 revoke-full
-rw-r--r-- 1 root root 178 nov 24 2011 sign-req
-rw-r--r-- 1 root root 1841 nov 24 2011 vars
-rw-r--r-- 1 root root 714 nov 24 2011 whichopensslcnf

A ver si me dices que deberia hacer profesor..gracias.
saludos.

OpenVPN

Cristian20,

1. Instala OpenVPN desde los repositorios de CentOS

# yum install openvpn

2. Sigue la documentación oficial del proyecto, funciona a la primera.
http://openvpn.net/index.php/open-source/documentation/howto.html#config

Saludos,

PD:
Comentanos que tal te fue =)

Según veo los pasos que

Según veo los pasos que sigues son correctos, salvo el ultimo, cuando ejecutas el . vars:

Tu lo estás ejecutando así:


[root@firewall 2.0]# . vars
-bash: /etc/openvpn/easy-rsa/2.0/whichopensslcnf: Permiso denegado
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
[root@firewall 2.0]#

Debes hacer lo siguiente:


1) cd /etc/openvpn/easy-rsa/2.0/
2) chmod -R 755 *
3) cd keys/
4) rm -rf *
5) cd ..
6) . vars

ivanols

Listo mi amigo

Imagen de Cristian20

Listo mi amigo gracias..yasta, pero ahora cuando trato de conectarme al server vpn desde un cliente windows7
le hago ping al tunel vpn y viceversa..no responde. Pero si le asigna IP al cliente windows 7: 10.8.0.6
Que podra ser. Estoy trabajando sin firewall y probe con firewall tampoco funciona

VPN

Gracias.

El archivo: "server.conf"

Imagen de Cristian20

El archivo: "server.conf" esta de la siguiente forma.


port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 4

y en el windows 7: el archivo "fulano.ovpn"


client
dev tun
proto udp
remote 192.168.1.90 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert fulano.crt
key fulano.key
comp-lzo
verb 4

Ojala que con eso ya se pueda aclarar las cosas, hasta incluso ya hice


yum install route*

Gracias
Saludos

Me olvidaba les mando la

Imagen de Cristian20

Me olvidaba les mando la salida del comando:


[root@firewall ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
[root@firewall ~]#

Saludos.

Buenas tardes señores, aqui

Imagen de Cristian20

Buenas tardes señores, aqui el mensaje de ERROR al conectarme al server vpn desde el cliente Windows 7 Ultimate.


Tue May 29 14:32:01 2012 us=70000 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Tue May 29 14:32:01 2012 us=70000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue May 29 14:32:01 2012 us=70000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue May 29 14:32:01 2012 us=460000 LZO compression initialized
Tue May 29 14:32:01 2012 us=460000 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue May 29 14:32:01 2012 us=476000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue May 29 14:32:01 2012 us=476000 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue May 29 14:32:01 2012 us=476000 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue May 29 14:32:01 2012 us=476000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue May 29 14:32:01 2012 us=476000 Local Options hash (VER=V4): '41690919'
Tue May 29 14:32:01 2012 us=476000 Expected Remote Options hash (VER=V4): '530fdded'
Tue May 29 14:32:01 2012 us=476000 UDPv4 link local: [undef]
Tue May 29 14:32:01 2012 us=476000 UDPv4 link remote: 192.168.1.90:1194
Tue May 29 14:32:01 2012 us=476000 TLS: Initial packet from 192.168.1.90:1194, sid=d6de4fca 16c899d0
Tue May 29 14:32:01 2012 us=492000 VERIFY OK: depth=1, /C=PE/ST=Lima/L=Lima/O=Vargas/OU=IT/CN=vargas/emailAddress=milton@vargas.com
Tue May 29 14:32:01 2012 us=492000 VERIFY OK: depth=0, /C=PE/ST=Lima/L=Lima/O=Vargas/OU=IT/CN=server/emailAddress=milton@vargas.com
Tue May 29 14:32:01 2012 us=538000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 29 14:32:01 2012 us=538000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 29 14:32:01 2012 us=538000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 29 14:32:01 2012 us=538000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 29 14:32:01 2012 us=538000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue May 29 14:32:01 2012 us=538000 [server] Peer Connection Initiated with 192.168.1.90:1194
Tue May 29 14:32:03 2012 us=878000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue May 29 14:32:03 2012 us=878000 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue May 29 14:32:03 2012 us=878000 OPTIONS IMPORT: timers and/or timeouts modified
Tue May 29 14:32:03 2012 us=878000 OPTIONS IMPORT: --ifconfig/up options modified
Tue May 29 14:32:03 2012 us=878000 OPTIONS IMPORT: route options modified
Tue May 29 14:32:03 2012 us=878000 ROUTE default_gateway=192.168.1.1
Tue May 29 14:32:03 2012 us=894000 TAP-WIN32 device [Conexión de área local 2] opened: \\.\Global\{847AC6EF-E301-4A15-9373-8E501EFAC2F4}.tap
Tue May 29 14:32:03 2012 us=894000 TAP-Win32 Driver Version 9.9
Tue May 29 14:32:03 2012 us=894000 TAP-Win32 MTU=1500
Tue May 29 14:32:03 2012 us=894000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {847AC6EF-E301-4A15-9373-8E501EFAC2F4} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue May 29 14:32:03 2012 us=894000 NOTE: FlushIpNetTable failed on interface [28] {847AC6EF-E301-4A15-9373-8E501EFAC2F4} (status=5) : Acceso denegado.
Tue May 29 14:32:08 2012 us=184000 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Tue May 29 14:32:08 2012 us=184000 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Tue May 29 14:32:08 2012 us=184000 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.5
Tue May 29 14:32:08 2012 us=200000 ROUTE: route addition failed using CreateIpForwardEntry: Acceso denegado. [status=5 if_index=28]
Tue May 29 14:32:08 2012 us=200000 Route addition via IPAPI failed [adaptive]
Tue May 29 14:32:08 2012 us=200000 Route addition fallback to route.exe
La operaci¢n solicitada requiere elevaci¢n.
Tue May 29 14:32:08 2012 us=231000 ERROR: Windows route add command failed [adaptive]: returned error code 1
Tue May 29 14:32:08 2012 us=231000 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue May 29 14:32:08 2012 us=231000 ROUTE: route addition failed using CreateIpForwardEntry: Acceso denegado. [status=5 if_index=28]
Tue May 29 14:32:08 2012 us=231000 Route addition via IPAPI failed [adaptive]
Tue May 29 14:32:08 2012 us=231000 Route addition fallback to route.exe
La operaci¢n solicitada requiere elevaci¢n.
Tue May 29 14:32:08 2012 us=262000 ERROR: Windows route add command failed [adaptive]: returned error code 1
Tue May 29 14:32:08 2012 us=262000 Initialization Sequence Completed

Espero que no sea demaciado largo el log.
Gracias
Saludos.

Ejecutado como

Imagen de Cristian20

Ejecutado como Administrador:


Tue May 29 16:17:36 2012 us=677000 ip_win32_type = 3
Tue May 29 16:17:36 2012 us=677000 dhcp_masq_offset = 0
Tue May 29 16:17:36 2012 us=677000 dhcp_lease_time = 31536000
Tue May 29 16:17:36 2012 us=677000 tap_sleep = 0
Tue May 29 16:17:36 2012 us=677000 dhcp_options = DISABLED
Tue May 29 16:17:36 2012 us=677000 dhcp_renew = DISABLED
Tue May 29 16:17:36 2012 us=677000 dhcp_pre_release = DISABLED
Tue May 29 16:17:36 2012 us=677000 dhcp_release = DISABLED
Tue May 29 16:17:36 2012 us=739000 domain = '[UNDEF]'
Tue May 29 16:17:36 2012 us=739000 netbios_scope = '[UNDEF]'
Tue May 29 16:17:36 2012 us=739000 netbios_node_type = 0
Tue May 29 16:17:36 2012 us=739000 disable_nbt = DISABLED
Tue May 29 16:17:36 2012 us=739000 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Tue May 29 16:17:36 2012 us=739000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue May 29 16:17:36 2012 us=739000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue May 29 16:17:37 2012 us=223000 LZO compression initialized
Tue May 29 16:17:37 2012 us=223000 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue May 29 16:17:37 2012 us=223000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue May 29 16:17:37 2012 us=223000 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue May 29 16:17:37 2012 us=223000 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue May 29 16:17:37 2012 us=223000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue May 29 16:17:37 2012 us=223000 Local Options hash (VER=V4): '41690919'
Tue May 29 16:17:37 2012 us=223000 Expected Remote Options hash (VER=V4): '530fdded'
Tue May 29 16:17:37 2012 us=223000 UDPv4 link local: [undef]
Tue May 29 16:17:37 2012 us=223000 UDPv4 link remote: 192.168.1.90:1194
Tue May 29 16:17:37 2012 us=238000 TLS: Initial packet from 192.168.1.90:1194, sid=d74b11dd a342e677
Tue May 29 16:17:37 2012 us=269000 VERIFY OK: depth=1, /C=PE/ST=Lima/L=Lima/O=Vargas/OU=IT/CN=vargas/emailAddress=milton@vargas.com
Tue May 29 16:17:37 2012 us=269000 VERIFY OK: depth=0, /C=PE/ST=Lima/L=Lima/O=Vargas/OU=IT/CN=server/emailAddress=milton@vargas.com
Tue May 29 16:17:37 2012 us=347000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 29 16:17:37 2012 us=347000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 29 16:17:37 2012 us=347000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 29 16:17:37 2012 us=347000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 29 16:17:37 2012 us=347000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue May 29 16:17:37 2012 us=347000 [server] Peer Connection Initiated with 192.168.1.90:1194
Tue May 29 16:17:39 2012 us=500000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue May 29 16:17:39 2012 us=516000 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue May 29 16:17:39 2012 us=516000 OPTIONS IMPORT: timers and/or timeouts modified
Tue May 29 16:17:39 2012 us=516000 OPTIONS IMPORT: --ifconfig/up options modified
Tue May 29 16:17:39 2012 us=516000 OPTIONS IMPORT: route options modified
Tue May 29 16:17:39 2012 us=516000 ROUTE default_gateway=192.168.1.1
Tue May 29 16:17:39 2012 us=531000 TAP-WIN32 device [Conexión de área local 2] opened: \\.\Global\{847AC6EF-E301-4A15-9373-8E501EFAC2F4}.tap
Tue May 29 16:17:39 2012 us=531000 TAP-Win32 Driver Version 9.9
Tue May 29 16:17:39 2012 us=531000 TAP-Win32 MTU=1500
Tue May 29 16:17:39 2012 us=531000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {847AC6EF-E301-4A15-9373-8E501EFAC2F4} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue May 29 16:17:39 2012 us=531000 Successful ARP Flush on interface [28] {847AC6EF-E301-4A15-9373-8E501EFAC2F4}
Tue May 29 16:17:45 2012 us=7000 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Tue May 29 16:17:45 2012 us=7000 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Tue May 29 16:17:45 2012 us=7000 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.5
Tue May 29 16:17:45 2012 us=7000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue May 29 16:17:45 2012 us=7000 Route addition via IPAPI succeeded [adaptive]
Tue May 29 16:17:45 2012 us=23000 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue May 29 16:17:45 2012 us=23000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue May 29 16:17:45 2012 us=23000 Route addition via IPAPI succeeded [adaptive]
Tue May 29 16:17:45 2012 us=23000 Initialization Sequence Completed

Saludos.

Páginas