Re: upgradea auf jessie -> OpenVPN produziert Fehlermeldung: TLS Error: TLS handshake failed
Am 14.06.2015 um 16:55 schrieb Anton Blau:
Hier noch mehr zur Konfirguration:
OpenVPN
server.conf
*Code:*
port 1194
proto udp
dev tun
ca ./easy-rsa2/keys/ca.crt
cert ./easy-rsa2/keys/micky.crt
key ./easy-rsa2/keys/micky.key # Diese Datei geheim halten.
dh ./easy-rsa2/keys/dh1024.pem # Diffie-Hellman-Parameter
server 192.168.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
push "redirect-gateway"
push "dhcp-option DNS 192.168.10.1"
push "dhcp-option WINS 192.168.1.200"
client-to-client
keepalive 10 120
cipher AES-128-CBC # AES
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 6
client.conf
*Code:*
client
dev tun
proto udp
# --- für Zugriff aus dem Internet
remote star.dynvpn.de 1194
# für Zugriff aus dem WLAN
remote 192.168.4.254 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
cipher AES-128-CBC
comp-lzo
verb 3
shorewall
interfaces
*Code:*
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 detect
tcpflags,dhcp,routefilter,norfc1918,nosmurfs,logmartians
loc eth0 detect tcpflags,detectnets,nosmurfs
dmz eth2 detect tcpflags,detectnets,nosmurfs
ovpn tun0 detect tcpflags,detectnets,nosmurfs
wlan eth3 detect tcpflags,detectnets,nosmurfs
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
policy
*Code:*
loc net ACCEPT info
loc vmn ACCEPT info
loc ovpn ACCEPT info
loc dmz REJECT info
loc $FW REJECT info
loc wlan ACCEPT info
loc all REJECT info
--snip--
$FW net ACCEPT info
$FW dmz ACCEPT info
$FW loc ACCEPT info
$FW vmn ACCEPT info
$FW wlan ACCEPT info
$FW all ACCEPT info
---snip---
net dmz DROP info
net $FW DROP info
net loc DROP info
net vmn DROP info
net wlan DROP info
net all DROP info
ovpn net ACCEPT info
ovpn loc ACCEPT info
ovpn vmn ACCEPT info
ovpn wlan ACCEPT info
ovpn dmz REJECT info
ovpn $FW REJECT info
ovpn all REJECT info
wlan net ACCEPT info
wlan loc ACCEPT info
wlan vmn ACCEPT info
wlan dmz REJECT info
wlan $FW ACCEPT info
wlan ovpn REJECT info
wlan all REJECT info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
rules
*Code:*
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE USER/
#
# Accept DNS connections from the firewall to the Internet
DNS/ACCEPT $FW net
DNS/ACCEPT dmz net
DNS/ACCEPT loc net
DNS/ACCEPT loc $FW
DNS/ACCEPT vmn net
DNS/ACCEPT vmn $FW
DNS/ACCEPT ovpn net
DNS/ACCEPT ovpn $FW
DNS/ACCEPT wlan net
DNS/ACCEPT wlan $FW
DNS/ACCEPT dmz $FW
#
Ping/ACCEPT loc $FW
Ping/ACCEPT loc ovpn
Ping/ACCEPT loc net
Ping/ACCEPT loc dmz
Ping/ACCEPT vmn $FW
Ping/ACCEPT vmn loc
Ping/ACCEPT vmn ovpn
Ping/ACCEPT vmn net
Ping/ACCEPT vmn dmz
Ping/ACCEPT dmz $FW
Ping/ACCEPT dmz loc
Ping/ACCEPT dmz vmn
Ping/ACCEPT dmz net
Ping/ACCEPT ovpn $FW
Ping/ACCEPT ovpn loc
Ping/ACCEPT ovpn vmn
Ping/ACCEPT ovpn dmz
Ping/ACCEPT $FW ovpn
Ping/ACCEPT $FW wlan
---snip ---
#
Web/ACCEPT loc $FW
Web/ACCEPT loc wlan
Web/ACCEPT vmn $FW
Web/ACCEPT vmn wlan
Web/ACCEPT ovpn $FW
#
--- snip ---
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
tunnels
*Code:*
#TYPE ZONE GATEWAY GATEWAY
# ZONE
openvpnserver:1194 net 0.0.0.0/0
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Reply to: