OpenVPN - Servidor Ubuntu 10.04 LTS e Clientes Windows

Neste Howto vou explicar, detalhadamente, como configurar uma VPN entre Ubuntu 10.04 LTS e Windows XP.

[ Hits: 30.653 ]

Por: José Rodrigues Filho em 27/08/2012


Configurando a Máquina Cliente



Faça o download do arquivo em:
Após a instalação, cole os arquivos "ca.crt", "joserf.crt" e "joserf.key" para a pasta C:Arquivos de programasOpenVPNconfig, no Windows XP.

Agora, com a ajuda de um editor de texto (recomendo o GEdit para Windows), crie um arquivo nesta mesma pasta "config" chamado joserf.ovpn, e cole o seguinte conteúdo:

client
dev tun0
# Porta usada para conexão caso remover essa linha ele busca a 1194
port 6999
proto udp
# Endereço de IP (REAL) para os clientes fecharem a conexão, caso não tenha um ip real é possível configurar aqui um endereço no-ip ou dyndns.
remote 200.154.56.80

# Exemplo:
remote seuendereço.dyndns.org

ca ca.crt
cert joserf.crt
key joserf.key
tls-client
# Envia um ping a cada 10 segundos e cancela a conexão se não houver resposta em 120 segundos.
keepalive 10 120
comp-lzo
persist-key
persist-tun
# Nível de Log.
verb 3


Abra o OpenVPN Connect, localizado no desktop, ele vai aparecer do lado do relógio do Windows:

Clique em "connect" e aguarde estabelecer a conexão:

Faça um teste para ver se esta tudo OK pelo prompt:

> ping 10.15.0.1

No meu caso, instalei o Apache para fazer um teste:

Pronto!

Seu servidor VPN está funcionando. :)

Página anterior    

Páginas do artigo
   1. Introdução
   2. Certificados
   3. Configurando a Máquina Cliente
Outros artigos deste autor

FTP com autenticação LDAP

Servidor Ubuntu 8.04 com proxy autenticado + SARG + Samba + CUPS

Administração - Controle de Acessos

Recebendo relatório do SARG via e-mail (Gmail)

CUPS + Jasmine (gerenciador de impressões e relatórios de impressão)

Leitura recomendada

Webacula - Instalação e Configuração no Ubuntu 10.04

Nagios - Configurando níveis de acesso e autenticação centralizada no Active Directory

Instalação de servidor Slackware 10.2

Gerando gráficos sem mistérios no MRTG (Debian)

Configuração Linux (Debian) com mínimo de recursos e interface gráfica super leve

  
Comentários
[1] Comentário enviado por m29 em 23/12/2012 - 20:31h

conecta mas não pinga, ja pesquisei em outros forum muitas pessoas tem esse mesmo erro mas nimguem sabe a solução
caso possa ajudar estou no agurdo

[2] Comentário enviado por joserf em 12/02/2013 - 01:04h

amigo só agora vi sua msg, mas aqui funciona perfeitamente, ja conseguiu resolver ?

[3] Comentário enviado por m29 em 22/02/2013 - 22:16h

fiz tudo novamente e persiste o mesmo erro, conecta mas não pinga
fiz o teste com apache e funcionou, mas não pinga

olha a conexão:

Fri Feb 22 22:11:56 2013 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Feb 14 2013
Fri Feb 22 22:11:56 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 22 22:11:56 2013 Need hold release from management interface, waiting...
Fri Feb 22 22:11:56 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'state on'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'log all on'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'hold off'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'hold release'
Fri Feb 22 22:11:56 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Feb 22 22:11:56 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Feb 22 22:11:57 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 22 22:11:57 2013 UDPv4 link local (bound): [undef]
Fri Feb 22 22:11:57 2013 UDPv4 link remote: [AF_INET]187.21.108.240:6999
Fri Feb 22 22:11:57 2013 MANAGEMENT: >STATE:1361581917,WAIT,,,
Fri Feb 22 22:11:57 2013 MANAGEMENT: >STATE:1361581917,AUTH,,,
Fri Feb 22 22:11:57 2013 TLS: Initial packet from [AF_INET]172.16.1.254:6999, sid=557b6266 1e678bba
Fri Feb 22 22:11:57 2013 VERIFY OK: depth=1, C=BR, ST=SP, L=FcoDaRocha, O=Ubuntu, OU=TI, CN=Ubuntu CA, name=ubuntu, emailAddress=meuemail@meu_provedor.com
Fri Feb 22 22:11:57 2013 VERIFY OK: depth=0, C=BR, ST=SP, L=FcoDaRocha, O=Ubuntu, OU=TI, CN=vpn, name=vpn, emailAddress=meuemail@meu_provedor.com
Fri Feb 22 22:11:57 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 22 22:11:57 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 22 22:11:57 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 22 22:11:57 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 22 22:11:57 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 22 22:11:57 2013 [vpn] Peer Connection Initiated with [AF_INET]172.16.1.254:6999
Fri Feb 22 22:11:58 2013 MANAGEMENT: >STATE:1361581918,GET_CONFIG,,,
Fri Feb 22 22:12:00 2013 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Fri Feb 22 22:12:00 2013 PUSH: Received control message: 'PUSH_REPLY,route 10.15.0.0 255.255.255.0,route 10.15.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.15.0.6 10.15.0.5'
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: timers and/or timeouts modified
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: --ifconfig/up options modified
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: route options modified
Fri Feb 22 22:12:00 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 22 22:12:00 2013 MANAGEMENT: >STATE:1361581920,ASSIGN_IP,,10.15.0.6,
Fri Feb 22 22:12:00 2013 open_tun, tt->ipv6=0
Fri Feb 22 22:12:00 2013 TAP-WIN32 device [Conexão local 3] opened: \\.\Global\{6EB3C5AD-EBA8-4863-B23F-93ABC9CDCA3A}.tap
Fri Feb 22 22:12:00 2013 TAP-Windows Driver Version 9.9
Fri Feb 22 22:12:00 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.15.0.6/255.255.255.252 on interface {6EB3C5AD-EBA8-4863-B23F-93ABC9CDCA3A} [DHCP-serv: 10.15.0.5, lease-time: 31536000]
Fri Feb 22 22:12:00 2013 NOTE: FlushIpNetTable failed on interface [18] {6EB3^Vnx 
Fri Feb 22 22:12:05 2013 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Fri Feb 22 22:12:05 2013 MANAGEMENT: >STATE:1361581925,ADD_ROUTES,,,
Fri Feb 22 22:12:05 2013 C:\Windows\system32\route.exe ADD 10.15.0.0 MASK 255.255.255.0 10.15.0.5
Fri Feb 22 22:12:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Acesso negado. [status=5 if_index=18]
Fri Feb 22 22:12:05 2013 Route addition via IPAPI failed [adaptive]
Fri Feb 22 22:12:05 2013 Route addition fallback to route.exe
Fri Feb 22 22:12:05 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 22 22:12:05 2013 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 22 22:12:05 2013 C:\Windows\system32\route.exe ADD 10.15.0.1 MASK 255.255.255.255 10.15.0.5
Fri Feb 22 22:12:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Acesso negado. [status=5 if_index=18]
Fri Feb 22 22:12:05 2013 Route addition via IPAPI failed [adaptive]
Fri Feb 22 22:12:05 2013 Route addition fallback to route.exe
Fri Feb 22 22:12:05 2013 env_bloº^VÒx 
Fri Feb 22 22:12:05 2013 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 22 22:12:05 2013 Initialization Sequence Completed
Fri Feb 22 22:12:05 2013 MANAGEMENT: >STATE:1361581925,CONNECTED,SUCCESS,10.15.0.6,172.16.1.254

[4] Comentário enviado por joserf em 07/04/2013 - 20:44h


[3] Comentário enviado por newchel em 22/02/2013 - 22:16h:

fiz tudo novamente e persiste o mesmo erro, conecta mas não pinga
fiz o teste com apache e funcionou, mas não pinga

olha a conexão:

Fri Feb 22 22:11:56 2013 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Feb 14 2013
Fri Feb 22 22:11:56 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 22 22:11:56 2013 Need hold release from management interface, waiting...
Fri Feb 22 22:11:56 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'state on'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'log all on'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'hold off'
Fri Feb 22 22:11:56 2013 MANAGEMENT: CMD 'hold release'
Fri Feb 22 22:11:56 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Feb 22 22:11:56 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Feb 22 22:11:57 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 22 22:11:57 2013 UDPv4 link local (bound): [undef]
Fri Feb 22 22:11:57 2013 UDPv4 link remote: [AF_INET]187.21.108.240:6999
Fri Feb 22 22:11:57 2013 MANAGEMENT: >STATE:1361581917,WAIT,,,
Fri Feb 22 22:11:57 2013 MANAGEMENT: >STATE:1361581917,AUTH,,,
Fri Feb 22 22:11:57 2013 TLS: Initial packet from [AF_INET]172.16.1.254:6999, sid=557b6266 1e678bba
Fri Feb 22 22:11:57 2013 VERIFY OK: depth=1, C=BR, ST=SP, L=FcoDaRocha, O=Ubuntu, OU=TI, CN=Ubuntu CA, name=ubuntu, emailAddress=meuemail@meu_provedor.com
Fri Feb 22 22:11:57 2013 VERIFY OK: depth=0, C=BR, ST=SP, L=FcoDaRocha, O=Ubuntu, OU=TI, CN=vpn, name=vpn, emailAddress=meuemail@meu_provedor.com
Fri Feb 22 22:11:57 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 22 22:11:57 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 22 22:11:57 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 22 22:11:57 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 22 22:11:57 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 22 22:11:57 2013 [vpn] Peer Connection Initiated with [AF_INET]172.16.1.254:6999
Fri Feb 22 22:11:58 2013 MANAGEMENT: >STATE:1361581918,GET_CONFIG,,,
Fri Feb 22 22:12:00 2013 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Fri Feb 22 22:12:00 2013 PUSH: Received control message: 'PUSH_REPLY,route 10.15.0.0 255.255.255.0,route 10.15.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.15.0.6 10.15.0.5'
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: timers and/or timeouts modified
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: --ifconfig/up options modified
Fri Feb 22 22:12:00 2013 OPTIONS IMPORT: route options modified
Fri Feb 22 22:12:00 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 22 22:12:00 2013 MANAGEMENT: >STATE:1361581920,ASSIGN_IP,,10.15.0.6,
Fri Feb 22 22:12:00 2013 open_tun, tt->ipv6=0
Fri Feb 22 22:12:00 2013 TAP-WIN32 device [Conexão local 3] opened: \\.\Global\{6EB3C5AD-EBA8-4863-B23F-93ABC9CDCA3A}.tap
Fri Feb 22 22:12:00 2013 TAP-Windows Driver Version 9.9
Fri Feb 22 22:12:00 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.15.0.6/255.255.255.252 on interface {6EB3C5AD-EBA8-4863-B23F-93ABC9CDCA3A} [DHCP-serv: 10.15.0.5, lease-time: 31536000]
Fri Feb 22 22:12:00 2013 NOTE: FlushIpNetTable failed on interface [18] {6EB3^Vnx 
Fri Feb 22 22:12:05 2013 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Fri Feb 22 22:12:05 2013 MANAGEMENT: >STATE:1361581925,ADD_ROUTES,,,
Fri Feb 22 22:12:05 2013 C:\Windows\system32\route.exe ADD 10.15.0.0 MASK 255.255.255.0 10.15.0.5
Fri Feb 22 22:12:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Acesso negado. [status=5 if_index=18]
Fri Feb 22 22:12:05 2013 Route addition via IPAPI failed [adaptive]
Fri Feb 22 22:12:05 2013 Route addition fallback to route.exe
Fri Feb 22 22:12:05 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 22 22:12:05 2013 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 22 22:12:05 2013 C:\Windows\system32\route.exe ADD 10.15.0.1 MASK 255.255.255.255 10.15.0.5
Fri Feb 22 22:12:05 2013 ROUTE: route addition failed using CreateIpForwardEntry: Acesso negado. [status=5 if_index=18]
Fri Feb 22 22:12:05 2013 Route addition via IPAPI failed [adaptive]
Fri Feb 22 22:12:05 2013 Route addition fallback to route.exe
Fri Feb 22 22:12:05 2013 env_bloº^VÒx 
Fri Feb 22 22:12:05 2013 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 22 22:12:05 2013 Initialization Sequence Completed
Fri Feb 22 22:12:05 2013 MANAGEMENT: >STATE:1361581925,CONNECTED,SUCCESS,10.15.0.6,172.16.1.254


Me explique melhor o seu cenario.

[5] Comentário enviado por marceloviana em 01/06/2015 - 16:35h

Joserf, Obrigado pelo artigo!

Como eu faço para permitir a comunicação entre os clientes que estão conectados no servidor?

[6] Comentário enviado por marceloviana em 01/06/2015 - 20:29h

Descobri como permitir a comunicação entre clientes, faltava só habilitar a travessia de pacotes:
echo 1 > /proc/sys/net/ipv4/ip_forward

Obrigado!




Contribuir com comentário




Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts