Koozali.org: home of the SME Server

configuration client vpn

Offline trazomtg

  • ***
  • 119
  • +0/-0
configuration client vpn
« on: July 15, 2017, 08:42:58 PM »
bonjour,
je voudrais me connecter à un server VPN : VPNBOOK depuis un ordi A situé derriere SMEserver

ordi A est connecté à internet via LA FREEBOX

openvpn sur SMEserver est en mode "bridge"
J'ai une interface tap0 sur SMEserver
mon SMEserver a une adresse LAN :  192.168.0.1 et une adresse externe 82.140.xxx.xxx
mon ordi a une adresse 192.168.0.20

j'ai donc téléchargé la config client depuis le site deVPNBOOK et j'ai installé les fichiers sur l'ordi A
comment paramètrer la connexion VPN depuis  l'ordi A?

voici le fichier client xxx.ovpn fourni par le provider VPNBOOK

client
dev tun1
proto tcp
remote 176.126.237.214 443
remote euro214.vpnbook.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
route-delay 2
redirect-gateway
<ca>
-----BEGIN CERTIFICATE-----
MIIDyzCCAzSgAwIBAgIJAKRtpjsIvek1MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
VQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNV
BAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9vay5j
b20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkB2
cG5ib29rLmNvbTAeFw0xMzA0MjQwNDA3NDhaFw0yMzA0MjIwNDA3NDhaMIGgMQsw
CQYDVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDAS
BgNVBAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9v
ay5jb20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1p
bkB2cG5ib29rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyNwZEYs6
WN+j1zXYLEwiQMShc1mHmY9f9cx18hF/rENG+TBgaS5RVx9zU+7a9X1P3r2OyLXi
WzqvEMmZIEhij8MtCxbZGEEUHktkbZqLAryIo8ubUigqke25+QyVLDIBuqIXjpw3
hJQMXIgMic1u7TGsvgEUahU/5qbLIGPNDlUCAwEAAaOCAQkwggEFMB0GA1UdDgQW
BBRZ4KGhnll1W+K/KJVFl/C2+KM+JjCB1QYDVR0jBIHNMIHKgBRZ4KGhnll1W+K/
KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmlj
aDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNvbTELMAkGA1UE
CxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2cG5ib29rLmNv
bTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCkbaY7CL3pNTAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKaoCEWk2pitKjbhChjl1rLj
6FwAZ74bcX/YwXM4X4st6k2+Fgve3xzwUWTXinBIyz/WDapQmX8DHk1N3Y5FuRkv
wOgathAN44PrxLAI8kkxkngxby1xrG7LtMmpATxY7fYLOQ9yHge7RRZKDieJcX3j
+ogTneOl2w6P0xP6lyI6
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID6DCCA1GgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCQ0gx
DzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5i
b29rLmNvbTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYD
VQQpEwt2cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5j
b20wHhcNMTMwNTA2MDMyMTIxWhcNMjMwNTA0MDMyMTIxWjB4MQswCQYDVQQGEwJD
SDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNVBAoTC3Zw
bmJvb2suY29tMQ8wDQYDVQQDEwZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWFkbWlu
QHZwbmJvb2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkTM/8E+JH
CjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwKwv1AHYYU6RHpCxS1qFp3BEKL
vQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqbOwxx2Ye/1WoakSHia0pItoZk
xK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQABo4IBVzCCAVMwCQYDVR0TBAIw
ADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRl
MB0GA1UdDgQWBBTDr4BCNSdOEh+Lx6+4RRK11x8XcDCB1QYDVR0jBIHNMIHKgBRZ
4KGhnll1W+K/KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNV
BAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNv
bTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2
cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCk
baY7CL3pNTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
hvcNAQEFBQADgYEAoDgD8mpVPnHUh7RhQziwhp8APC8K3jToZ0Dv4MYXQnzyXziH
QbewJZABCcOKYS0VRB/6zYX/9dIBogA/ieLgLrXESIeOp1SfP3xt+gGXSiJaohyA
/NLsTi/Am8OP211IFLyDLvPqZuqlh/+/GOLcMCeCrMj4RYxWstNxtguGQFc=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCkTM/8E+JHCjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwK
wv1AHYYU6RHpCxS1qFp3BEKLvQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqb
Owxx2Ye/1WoakSHia0pItoZkxK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQAB
AoGANX508WQf9nVUUFlJ8LUZnnr4U2sEr5uPPNbcQ7ImTZm8MiMOV6qo/ikesMw5
8qCS+5p26e1PJWRFENPUVhOW9c07z+nRMyHBQzFnNAFD7TiayjNk1gz1oIXarceR
edNGFDdWCwXh+nJJ6whbQn9ioyTg9aqScrcATmHQxTit0GECQQDR5FmwC7g0eGwZ
VHgSc/bZzo0q3VjNGakrA2zSXWUWrE0ybBm2wJNBYKAeskzWxoc6/gJa8mKEU+Vv
ugGb+J/tAkEAyGSEmWROUf4WX5DLl6nkjShdyv4LAQpByhiwLjmiZL7F4/irY4fo
ct2Ii5uMzwERRvHjJ7yzJJic8gkEca2adQJABxjZj4JV8DBCN3kLtlQFfMfnLhPd
9NFxTusGuvY9fM7GrXXKSMuqLwO9ZkxRHNIJsIz2N20Kt76+e1CmzUdS4QJAVvbQ
WKUgHBMRcI2s3PecuOmQspxG+D+UR3kpVBYs9F2aEZIEBuCfLuIW9Mcfd2I2NjyY
4NDSSYp1adAh/pdhVQJBANDrlnodYDu6A+a4YO9otjd+296/T8JpePI/KNxk7N0A
gm7SAhk379I6hr5NXdBbvTedlb1ULrhWV8lpwZ9HW2k=
-----END RSA PRIVATE KEY-----
</key>

merci beaucoup
T

voici les connexions du client et du server :

[thierry@fedora-msi ~]$ ifconfig
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.20  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::c9d3:d950:76bd:3241  prefixlen 64  scopeid 0x20<link>
        ether d8:cb:8a:85:1f:69  txqueuelen 1000  (Ethernet)
        RX packets 14447052  bytes 10255450249 (9.5 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6864879  bytes 575546806 (548.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19 

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Boucle locale)
        RX packets 843  bytes 70451 (68.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 843  bytes 70451 (68.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp5s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 0a:54:b8:9a:09:9f  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ET

[root@smeserver-toshiba ~]# ifconfig
br0       Link encap:Ethernet  HWaddr 00:24:9B:23:3F:6C 
          inet adr:192.168.0.1  Bcast:192.168.0.255  Masque:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:54236072 errors:0 dropped:0 overruns:0 frame:0
          TX packets:119870862 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          RX bytes:4886410765 (4.5 GiB)  TX bytes:165296142805 (153.9 GiB)

eth0      Link encap:Ethernet  HWaddr 00:1E:68:8C:02:E9 
          inet adr:82.240.xxx.xxx  Bcast:82.240.100.255  Masque:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:105744307 errors:0 dropped:1 overruns:0 frame:0
          TX packets:52464381 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000
          RX bytes:154044819753 (143.4 GiB)  TX bytes:5271113415 (4.9 GiB)
          Interruption:17

eth1      Link encap:Ethernet  HWaddr 00:24:9B:23:3F:6C 
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:54234239 errors:0 dropped:0 overruns:0 frame:0
          TX packets:107494606 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000
          RX bytes:4886294631 (4.5 GiB)  TX bytes:156180513967 (145.4 GiB)

lo        Link encap:Boucle locale 
          inet adr:127.0.0.1  Masque:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:179896 errors:0 dropped:0 overruns:0 frame:0
          TX packets:179896 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          RX bytes:24461914 (23.3 MiB)  TX bytes:24461914 (23.3 MiB)

tap0      Link encap:Ethernet  HWaddr 2E:EB:86:DE:AA:56 
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1846 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6279076 errors:0 dropped:6134656 overruns:0 carrier:0
          collisions:0 lg file transmission:100
          RX bytes:149778 (146.2 KiB)  TX bytes:9370772000 (8.7 GiB)
« Last Edit: July 16, 2017, 10:29:39 AM by trazomtg »

Offline trazomtg

  • ***
  • 119
  • +0/-0
Re: configuration client vpn
« Reply #1 on: July 16, 2017, 11:28:03 AM »
je lance la commande : openvpn --config vpnbook-euro2-tcp443.ovpn

et j'ai l'erreur:

[root@fedora-msi VPNBOOK]# openvpn --config vpnbook-euro2-tcp443.ovpn
Sun Jul 16 11:23:41 2017 OpenVPN 2.4.2 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 11 2017
Sun Jul 16 11:23:41 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.08
Enter Auth Username: vpnbook
Enter Auth Password: *******
Sun Jul 16 11:23:53 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 16 11:23:53 2017 NOTE: --fast-io is disabled since we are not using UDP
Sun Jul 16 11:23:53 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]176.126.237.214:443
Sun Jul 16 11:23:53 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Sun Jul 16 11:23:53 2017 Attempting to establish TCP connection with [AF_INET]176.126.237.214:443 [nonblock]
Sun Jul 16 11:23:53 2017 TCP: connect to [AF_INET]176.126.237.214:443 failed: Network is unreachable
Sun Jul 16 11:23:53 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Sun Jul 16 11:23:53 2017 Restart pause, 5 second(s)
Sun Jul 16 11:23:58 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 16 11:23:58 2017 NOTE: --fast-io is disabled since we are not using UDP
Sun Jul 16 11:23:58 2017 RESOLVE: Cannot resolve host address: euro214.vpnbook.com:443 (Name or service not known)
Sun Jul 16 11:23:58 2017 RESOLVE: Cannot resolve host address: euro214.vpnbook.com:443 (Name or service not known)
Sun Jul 16 11:23:58 2017 Could not determine IPv4/IPv6 protocol

je ne comprends pas
merci
Sun Jul 16 11:23:58 2017 SIGUSR1[soft,init_instance] received, process restarting
Sun Jul 16 11:23:58 2017 Restart pause, 5 second(s)

Offline trazomtg

  • ***
  • 119
  • +0/-0
Re: configuration client vpn
« Reply #2 on: July 16, 2017, 12:03:20 PM »
si j'etablis la connexion classique avec mon interface ethernet enp4s0 PUIS que je lance la commande openvpn --config /...monfichier de configuration de mon fournisseur VPNBOOK
je suis bien connecté en VPN!!!
j'ai vérifié.

ifconfig sur mon poste client:

[thierry@fedora-msi ~]$ ifconfig
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.20  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::c9d3:d950:76bd:3241  prefixlen 64  scopeid 0x20<link>
        ether d8:cb:8a:85:1f:69  txqueuelen 1000  (Ethernet)
        RX packets 14728759  bytes 10653515492 (9.9 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7042624  bytes 588420859 (561.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19 

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Boucle locale)
        RX packets 4990  bytes 410345 (400.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4990  bytes 410345 (400.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.9.0.178  netmask 255.255.255.255  destination 10.9.0.177
        inet6 fe80::7bfe:d60a:c5a4:5019  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 17  bytes 1394 (1.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp5s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether ca:22:46:8e:59:31  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Offline trazomtg

  • ***
  • 119
  • +0/-0
Re: configuration client vpn
« Reply #3 on: July 18, 2017, 12:47:37 PM »
hello,
pouvez vous me dire comment , depuis mon poste A derriere le server OPNVPN installé sur SMEserver, je peux vérifier ma connexion VPN depuis internet (hors de mon LAN) à mon server VPN  SMEserver et à mon poste A derrière le SMEserver?
merci

Offline stephdl

  • *
  • 1,519
  • +0/-0
    • Linux et Geekeries
Re: configuration client vpn
« Reply #4 on: July 18, 2017, 03:13:40 PM »
J'ai peur de ne pas comprendre la question, je vais qd meme essayer d'y repondre.... derrière le lan de la sme, meme si tu peux initier une connection de ton vpn sur ton client tu ne verras pas grand chose. L'unique test a faire est de se connecter depuis ton gsm ou de l exterieur de ton lan pour verifier si tous les services sont accessibles.
See http://wiki.contribs.org/Koozali_Foundation
irc : Freenode #sme_server #sme-fr

!!! Please write your knowledge to the Wiki !!!

Offline trazomtg

  • ***
  • 119
  • +0/-0
Re: configuration client vpn
« Reply #5 on: July 23, 2017, 08:31:39 PM »
merci,
il faut donc pour tester la connexion depus internet sur un ordi de mon lan, que je me connecte physiquement avec un ordi exterieur connecté à internet.
c'est ça?

merci

Offline trazomtg

  • ***
  • 119
  • +0/-0
Re: configuration client vpn
« Reply #6 on: July 28, 2017, 10:34:06 AM »
bonjour,
est ce que quelqu'un de confiance pourrait tester ma connexion VPN depuis internet?
merci

guest22

Re: configuration client vpn
« Reply #7 on: July 28, 2017, 11:03:51 AM »
Only if we can switch to English

Offline trazomtg

  • ***
  • 119
  • +0/-0
Re: configuration client vpn
« Reply #8 on: August 02, 2017, 05:09:24 PM »
ok for english
let me say what you need to access to my server and the computers behind this server

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: configuration client vpn
« Reply #9 on: August 02, 2017, 05:19:50 PM »
a little OT but..

if you feel confortable with english, write on english sections.. your posts will have a bigger visibility