Hallo,
freetz-ng-18541
Ich setze als zusätzliche Parameter:
secret /tmp/flash/openvpn/static.key;auth SHA256;auth-nocache;push "route 192.168.4.0 255.255.255.0";push "dhcp-option DNS 192.168.124.254";push "dhcp-option DNS 192.168.124.253";push "dhcp-option WINS 192.168.124.254";push "dhcp-option WINS 192.168.4.253"
[Edit Novize: Riesenbild gemäß der Forumsregeln auf Vorschau verkleinert und Log in Code-Tags geklammert]
freetz-ng-18541
Ich setze als zusätzliche Parameter:
secret /tmp/flash/openvpn/static.key;auth SHA256;auth-nocache;push "route 192.168.4.0 255.255.255.0";push "dhcp-option DNS 192.168.124.254";push "dhcp-option DNS 192.168.124.253";push "dhcp-option WINS 192.168.124.254";push "dhcp-option WINS 192.168.4.253"
[Edit Novize: Riesenbild gemäß der Forumsregeln auf Vorschau verkleinert und Log in Code-Tags geklammert]
Code:
secret, auth, auth-nocache werden berücksichtigt, die push Befehle jedoch nicht.
root@ipv4-gw:/var/mod/root# cat /mod/etc/openvpn.conf
# OpenVPN 2.5.3 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [AEAD] built on Sep 21 2021
# library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
# Config date: Thu Sep 23 12:28:50 CEST 2021
proto udp
dev tun
secret /tmp/flash/openvpn/static.key
port 51194
ifconfig 10.0.125.1 10.0.125.2
tun-mtu 1500
mssfix
verb 3
cipher AES-256-CBC
comp-lzo
keepalive 10 120
status /var/log/openvpn.log
cd /var/tmp/openvpn
chroot /var/tmp/openvpn
user openvpn
group openvpn
persist-tun
persist-key
secret /tmp/flash/openvpn/static.key
auth SHA256
push "route 192.168.124.0 255.255.255.0"
push "dhcp-option DNS 192.168.124.254"
push "dhcp-option DNS 192.168.124.253"
push "dhcp-option WINS 192.168.124.254"
push "dhcp-option WINS 192.168.4.253"
root@ipv4-gw:/var/mod/root#
Thu Sep 23 12:49:47 2021 us=599957 Outgoing Static Key Encryption: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Sep 23 12:49:47 2021 us=599957 Outgoing Static Key Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Sep 23 12:49:47 2021 us=600954 Incoming Static Key Encryption: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Sep 23 12:49:47 2021 us=600954 Incoming Static Key Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Sep 23 12:49:47 2021 us=600954 LZO compression initializing
Thu Sep 23 12:49:47 2021 us=600954 MANAGEMENT: >STATE:1632394187,RESOLVE,,,,,,
Thu Sep 23 12:49:47 2021 us=608933 interactive service msg_channel=848
Thu Sep 23 12:49:47 2021 us=608933 open_tun
Thu Sep 23 12:49:47 2021 us=609930 TAP-WIN32 device [OpenVPN TAP #1] opened: \\.\Global\{3F21ACC7-CAEA-4C63-B03C-A759FED93E1F}.tap
Thu Sep 23 12:49:47 2021 us=609930 TAP-Windows Driver Version 9.23
Thu Sep 23 12:49:47 2021 us=609930 TAP-Windows MTU=1500
Thu Sep 23 12:49:47 2021 us=613920 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.125.2/255.255.255.252 on interface {3F21ACC7-CAEA-4C63-B03C-A759FED93E1F} [DHCP-serv: 10.0.125.1, lease-time: 31536000]
Thu Sep 23 12:49:47 2021 us=614917 Successful ARP Flush on interface [8] {3F21ACC7-CAEA-4C63-B03C-A759FED93E1F}
Thu Sep 23 12:49:47 2021 us=649824 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Sep 23 12:49:47 2021 us=649824 MANAGEMENT: >STATE:1632394187,ASSIGN_IP,,10.0.125.2,,,,
Thu Sep 23 12:49:47 2021 us=649824 Data Channel MTU parms [ L:1573 D:1450 EF:73 EB:398 ET:0 EL:3 ]
Thu Sep 23 12:49:47 2021 us=649824 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1573,tun-mtu 1500,proto UDPv4,ifconfig 10.0.125.1 10.0.125.2,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,secret'
Thu Sep 23 12:49:47 2021 us=649824 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1573,tun-mtu 1500,proto UDPv4,ifconfig 10.0.125.2 10.0.125.1,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,secret'
Thu Sep 23 12:49:47 2021 us=649824 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.124.1:51194
Thu Sep 23 12:49:47 2021 us=649824 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Sep 23 12:49:47 2021 us=649824 UDP link local: (not bound)
Thu Sep 23 12:49:47 2021 us=649824 UDP link remote: [AF_INET]192.168.124.1:51194
Thu Sep 23 12:49:57 2021 us=10798 Peer Connection Initiated with [AF_INET]192.168.124.1:51194
Thu Sep 23 12:50:03 2021 us=152433 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Thu Sep 23 12:50:03 2021 us=152433 Initialization Sequence Completed
Thu Sep 23 12:50:03 2021 us=153430 MANAGEMENT: >STATE:1632394203,CONNECTED,SUCCESS,10.0.125.2,192.168.124.1,51194,,
[/c0dote]
Da fehlt halt z.B. das "ROUTE ADD". Irgendwer eine Idee? Ich hab 2 weiter Instanzen auf *IX laufen, da klappt so ein push.
Danke!
EDIT:
[URL unfurl="true"]https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/[/URL]
[B]--pull[/B]
This option must be used on a client which is connecting to a multi-client server. It indicates to OpenVPN that it should accept options pushed by the server, provided they are part of the legal set of pushable options (note that the[B]--pull[/B] option is implied by [B]--client[/B] ).In particular, [B]--pull[/B] allows the server to push routes to the client, so you should not use [B]--pull[/B] or [B]--client[/B] in situations where you don't trust the server to have control over the client's routing table.
Ich bin im static mode...Liegt's daran?
Zuletzt bearbeitet von einem Moderator: