| Equipos y materiales > Openwrt & LEDE |
| ¿¿Como hacer que el router se conecte a VPN y nosotros a través de él ?? |
| << < (2/2) |
| peperfus:
CREO QUE LO HE CONSEGUIDO !! ;D ;D Lo único que he tenido que hacer es asignar la ip del router-vpn al ordenador para prueba y parece ser que sí me lo está pasando por la vpn. Antes de conectar a vpn: --- Código: ---C:\Users\Pepe>tracert www.disney.com Traza a la dirección e7979.g.akamaiedge.net [104.75.120.137] sobre un máximo de 30 saltos: 1 <1 ms <1 ms * JAZZTEL.lan [192.168.0.251] 2 <1 ms <1 ms <1 ms 192.168.0.254 3 9 ms 24 ms 48 ms 192.168.144.1 4 13 ms 15 ms 15 ms 49.red-81-46-6.customer.static.ccgg.telefonica.net [81.46.6.49] 5 13 ms 12 ms 12 ms 181.red-80-58-76.staticip.rima-tde.net [80.58.76.181] 6 13 ms 13 ms 20 ms 84.16.6.157 7 15 ms 14 ms 14 ms 84.16.13.202 8 14 ms 14 ms 14 ms 94.142.121.65 9 14 ms 14 ms 14 ms ae-27.r01.mdrdsp03.es.bb.gin.ntt.net [129.250.66.85] 10 34 ms 34 ms 34 ms 81.19.109.166 11 34 ms 34 ms 34 ms a104-75-120-137.deploy.static.akamaitechnologies.com [104.75.120.137] Traza completa. --- Fin del código --- Después de conectar el router a la vpn: --- Código: ---C:\Users\Pepe>tracert www.disney.com Traza a la dirección e7979.g.akamaiedge.net [104.75.120.137] sobre un máximo de 30 saltos: 1 <1 ms <1 ms <1 ms JAZZTEL.lan [192.168.0.251] 2 66 ms 66 ms 66 ms 154.16..... 3 69 ms 69 ms 333 ms 191.96.... 4 67 ms 67 ms 66 ms 10.20..... 5 138 ms 65 ms 168 ms 10.44...... 6 66 ms 67 ms 65 ms mcn-b2-link.telia.net [62.115.32.236] 7 75 ms 74 ms 74 ms mad-b1-link.telia.net [62.115.125.209] 8 76 ms 75 ms 77 ms ae-11.r01.mdrdsp03.es.bb.gin.ntt.net [213.248.91.10] 9 74 ms 338 ms 74 ms 81.19.109.166 10 75 ms 74 ms 74 ms a104-75-120-137.deploy.static.akamaitechnologies.com [104.75.120.137] Traza completa. --- Fin del código --- He omitido partes de las ips por si no es conveniente que se sepan... (no sé si es importante o una chorrada) Pero la conclusión es que al ir por caminos distintos, supongo que sí estoy yendo por la vpv, verdad? Sobre todo, ya no aparece nada de timofónica en el segundo tracert. ¿estoy en lo correcto? Gracias. |
| Garcad:
Cuando este conectado por vpn haz un cat /tmp/openvpn.log por ssh al router La salida que te da se vera si esta correcto. Salu2 |
| Garcad:
BusyBox v1.25.1 () built-in shell (ash) _________ / /\ _ ___ ___ ___ / LE / \ | | | __| \| __| / DE / \ | |__| _|| |) | _| /________/ LE \ |____|___|___/|___| lede-project.org \ \ DE / \ LE \ / ----------------------------------------------------------- \ DE \ / Reboot (17.01.0, r3205-59508e3) \________\/ ----------------------------------------------------------- root@LEDE:~# cat /tmp/openvpn.log Wed Mar 22 01:44:04 2017 OpenVPN 2.4.0 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] Wed Mar 22 01:44:04 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 Wed Mar 22 01:44:05 2017 Diffie-Hellman initialized with 2048 bit key Wed Mar 22 01:44:06 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 01:44:06 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 01:44:06 2017 TUN/TAP device tun0 opened Wed Mar 22 01:44:06 2017 TUN/TAP TX queue length set to 100 Wed Mar 22 01:44:06 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Wed Mar 22 01:44:06 2017 /sbin/ifconfig tun0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255 Wed Mar 22 01:44:06 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Wed Mar 22 01:44:06 2017 Socket Buffers: R=[159744->159744] S=[159744->159744] Wed Mar 22 01:44:06 2017 setsockopt(IPV6_V6ONLY=0) Wed Mar 22 01:44:06 2017 UDPv6 link local (bound): [AF_INET6][undef]:1194 Wed Mar 22 01:44:06 2017 UDPv6 link remote: [AF_UNSPEC] Wed Mar 22 01:44:06 2017 GID set to nogroup Wed Mar 22 01:44:06 2017 UID set to nobody Wed Mar 22 01:44:06 2017 MULTI: multi_init called, r=256 v=256 Wed Mar 22 01:44:06 2017 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0 Wed Mar 22 01:44:06 2017 Initialization Sequence Completed Wed Mar 22 01:54:51 2017 192.168.1.2 TLS: Initial packet from [AF_INET6]::ffff:192.168.1.2:53658, sid=f739ed14 e520568b Wed Mar 22 01:54:52 2017 192.168.1.2 VERIFY OK: depth=1, C=ES, ST=MADRID, L=MADRID, O=GARCAD, OU=GARCAD, CN=MADRID ES, name=EasyRSA, emailAddress=email@GMAIL.COM Wed Mar 22 01:54:52 2017 192.168.1.2 VERIFY OK: depth=0, C=ES, ST=MA, L=MADRID, O=SEGURIDADWIRELESS, OU=GARCAD, CN=GARCAD, name=EasyRSA, emailAddress=email@gmail.com Wed Mar 22 01:54:52 2017 192.168.1.2 peer info: IV_VER=2.3.11 Wed Mar 22 01:54:52 2017 192.168.1.2 peer info: IV_PLAT=linux Wed Mar 22 01:54:52 2017 192.168.1.2 peer info: IV_PROTO=2 Wed Mar 22 01:54:52 2017 192.168.1.2 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 22 01:54:52 2017 192.168.1.2 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Wed Mar 22 01:54:52 2017 192.168.1.2 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 01:54:52 2017 192.168.1.2 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 22 01:54:52 2017 192.168.1.2 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Wed Mar 22 01:54:52 2017 192.168.1.2 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 01:54:52 2017 192.168.1.2 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks. Wed Mar 22 01:54:52 2017 192.168.1.2 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Wed Mar 22 01:54:52 2017 192.168.1.2 [GARCAD] Peer Connection Initiated with [AF_INET6]::ffff:192.168.1.2:53658 Wed Mar 22 01:54:52 2017 GARCAD/192.168.1.2 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled) Wed Mar 22 01:54:52 2017 GARCAD/192.168.1.2 MULTI: Learn: 10.8.0.2 -> GARCAD/192.168.1.2 Wed Mar 22 01:54:52 2017 GARCAD/192.168.1.2 MULTI: primary virtual IP for GARCAD/192.168.1.2: 10.8.0.2 Wed Mar 22 01:54:54 2017 GARCAD/192.168.1.2 PUSH: Received control message: 'PUSH_REQUEST' Wed Mar 22 01:54:54 2017 GARCAD/192.168.1.2 SENT CONTROL [GARCAD]: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0' (status=1) root@LEDE:~# Salu2 |
| peperfus:
Sí, sí. Sí que sale lo de "Initialization Sequence Completed" y todo lo demás...; sí conecta bien y navego a través de vpn. Lo sé además porque me cambia la ip pública, etc... Ahora me pasa una cosa rara y supongo que algo tendrá que ver. Al cabo de un rato, me dejan de funcionar los puertos 1 y 2 del switch. Es como si se apagaran. Cualquier cacharro conectado a uno de esos puertos pierde la conexión de red. Tengo que reiniciar el router para que vuelvan a funcionar. Sospecho que es por algo de la vpn, pero no entiendo qué tiene que ver ni por qué pasa. ¿Se te ocurre algo? Gracias por la ayuda. |
| Garcad:
Descarga de los archivos de configuracion, certificados y llaves hacia el pc root@LEDE:~#cd /tmp/ # tar -zcvf easy-rsa.tar.gz /etc/easy-rsa/ # mv easy-rsa.tar.gz /www/ Ahora en la direccion ip local del router tenemos un archivo easy-rsa.tar.gz Entrando por el navegador en mi caso http://192.168.3.1/easy-rsa.tar.gz puedo descargarlo para poder usarlo o subirlos mas adelante. Para subirlos desde un terminal .... wifislax64 ~ # scp /root/Descargas/Huawei_HG556a/etc/easy-rsa/* root@192.168.3.1:/etc/easy-rsa/ wifislax64 ~ # scp /root/Descargas/Huawei_HG556a/etc/easy-rsa/keys/* root@192.168.3.1:/etc/easy-rsa/keys/ Conectando con el router OpenWrt que hemos configurado con un cliente. Yo estoy usando Netwokmanager Abrimos el editor de conexiones de Newtworkmanager Pulsamos en Añadir > nueva conexión vpn Puerta de enlace la dirección ip local del router 192.168.1.3 . Certificado X.509 Archivo AC > /etc/easy-rsa/keys/ca.crt Certificado > /etc/easy-rsa/keys/myuser.crt Clave > /etc/easy-rsa/keys/myuser.key Contraseña > la que hemos puesto al crear el certificado. Avanzado > Preferencias tsl > Usar autentificacion tsl > clave > /etc/easy-rsa/keys/ta.key Dirección de la clave > Cliente 1 Guardamos los cambios, conectamos con el router que hemos configurado con Openvpn, una vez conectados, conectamos también con la configuración vpn anterior creada. Si la conexión es correcta veremos un candado en nuestra conexión. ssh root@192.168.3.1 root@192.168.3.1's password: BusyBox v1.25.1 () built-in shell (ash) _________ / /\ _ ___ ___ ___ / LE / \ | | | __| \| __| / DE / \ | |__| _|| |) | _| /________/ LE \ |____|___|___/|___| lede-project.org \ \ DE / \ LE \ / ----------------------------------------------------------- \ DE \ / Reboot (17.01.0, r3205-59508e3) \________\/ ----------------------------------------------------------- root@LEDE:~# cat /tmp/openvpn.log --- Código: ---Wed Mar 22 18:51:09 2017 OpenVPN 2.4.0 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] Wed Mar 22 18:51:09 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 Wed Mar 22 18:51:09 2017 Diffie-Hellman initialized with 2048 bit key Wed Mar 22 18:51:09 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 18:51:09 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 18:51:09 2017 TUN/TAP device tun0 opened Wed Mar 22 18:51:09 2017 TUN/TAP TX queue length set to 100 Wed Mar 22 18:51:09 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Wed Mar 22 18:51:09 2017 /sbin/ifconfig tun0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255 Wed Mar 22 18:51:09 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET Wed Mar 22 18:51:09 2017 Socket Buffers: R=[159744->159744] S=[159744->159744] Wed Mar 22 18:51:09 2017 UDPv4 link local (bound): [AF_INET][undef]:1194 Wed Mar 22 18:51:09 2017 UDPv4 link remote: [AF_UNSPEC] Wed Mar 22 18:51:09 2017 GID set to nogroup Wed Mar 22 18:51:09 2017 UID set to nobody Wed Mar 22 18:51:09 2017 MULTI: multi_init called, r=256 v=256 Wed Mar 22 18:51:09 2017 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0 Wed Mar 22 18:51:09 2017 Initialization Sequence Completed Wed Mar 22 19:02:31 2017 192.168.1.2:43505 TLS: Initial packet from [AF_INET]192.168.1.2:43505, sid=c393f78f 0a9b54b9 Wed Mar 22 19:02:31 2017 192.168.1.2:43505 VERIFY OK: depth=1, C=ES, ST=MADRID, L=MADRID, O=GARCAD, OU=GARCAD, CN=MADRID ES, name=EasyRSA, emailAddress=email@GMAIL.COM Wed Mar 22 19:02:31 2017 192.168.1.2:43505 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=myuser, name=EasyRSA, emailAddress=me@myhost.mydomain Wed Mar 22 19:02:31 2017 192.168.1.2:43505 peer info: IV_VER=2.3.11 Wed Mar 22 19:02:31 2017 192.168.1.2:43505 peer info: IV_PLAT=linux Wed Mar 22 19:02:31 2017 192.168.1.2:43505 peer info: IV_PROTO=2 Wed Mar 22 19:02:31 2017 192.168.1.2:43505 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 22 19:02:31 2017 192.168.1.2:43505 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Wed Mar 22 19:02:31 2017 192.168.1.2:43505 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 19:02:31 2017 192.168.1.2:43505 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 22 19:02:31 2017 192.168.1.2:43505 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Wed Mar 22 19:02:31 2017 192.168.1.2:43505 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 19:02:31 2017 192.168.1.2:43505 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks. Wed Mar 22 19:02:31 2017 192.168.1.2:43505 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Wed Mar 22 19:02:31 2017 192.168.1.2:43505 [myuser] Peer Connection Initiated with [AF_INET]192.168.1.2:43505 Wed Mar 22 19:02:31 2017 myuser/192.168.1.2:43505 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled) Wed Mar 22 19:02:31 2017 myuser/192.168.1.2:43505 MULTI: Learn: 10.8.0.2 -> myuser/192.168.1.2:43505 Wed Mar 22 19:02:31 2017 myuser/192.168.1.2:43505 MULTI: primary virtual IP for myuser/192.168.1.2:43505: 10.8.0.2 Wed Mar 22 19:02:33 2017 myuser/192.168.1.2:43505 PUSH: Received control message: 'PUSH_REQUEST' Wed Mar 22 19:02:33 2017 myuser/192.168.1.2:43505 SENT CONTROL [myuser]: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0' (status=1) Wed Mar 22 19:06:22 2017 192.168.3.2:52632 TLS: Initial packet from [AF_INET]192.168.3.2:52632, sid=e7dde5c7 bbf7c1e5 Wed Mar 22 19:06:23 2017 192.168.3.2:52632 VERIFY OK: depth=1, C=ES, ST=MADRID, L=MADRID, O=GARCAD, OU=GARCAD, CN=MADRID ES, name=EasyRSA, emailAddress=email@GMAIL.COM Wed Mar 22 19:06:23 2017 192.168.3.2:52632 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=myuser, name=EasyRSA, emailAddress=me@myhost.mydomain Wed Mar 22 19:06:23 2017 192.168.3.2:52632 peer info: IV_VER=2.3.11 Wed Mar 22 19:06:23 2017 192.168.3.2:52632 peer info: IV_PLAT=linux Wed Mar 22 19:06:23 2017 192.168.3.2:52632 peer info: IV_PROTO=2 Wed Mar 22 19:06:23 2017 192.168.3.2:52632 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 22 19:06:23 2017 192.168.3.2:52632 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Wed Mar 22 19:06:23 2017 192.168.3.2:52632 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 19:06:23 2017 192.168.3.2:52632 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 22 19:06:23 2017 192.168.3.2:52632 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Wed Mar 22 19:06:23 2017 192.168.3.2:52632 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 19:06:23 2017 192.168.3.2:52632 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks. Wed Mar 22 19:06:23 2017 192.168.3.2:52632 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Wed Mar 22 19:06:23 2017 192.168.3.2:52632 [myuser] Peer Connection Initiated with [AF_INET]192.168.3.2:52632 Wed Mar 22 19:06:23 2017 MULTI: new connection by client 'myuser' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect. Wed Mar 22 19:06:23 2017 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled) Wed Mar 22 19:06:23 2017 MULTI: Learn: 10.8.0.2 -> myuser/192.168.3.2:52632 Wed Mar 22 19:06:23 2017 MULTI: primary virtual IP for myuser/192.168.3.2:52632: 10.8.0.2 Wed Mar 22 19:06:25 2017 myuser/192.168.3.2:52632 PUSH: Received control message: 'PUSH_REQUEST' Wed Mar 22 19:06:25 2017 myuser/192.168.3.2:52632 SENT CONTROL [myuser]: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 1' (status=1) Wed Mar 22 19:08:41 2017 192.168.3.2:40448 TLS: Initial packet from [AF_INET]192.168.3.2:40448, sid=9cc5dd03 a34adec3 Wed Mar 22 19:08:42 2017 192.168.3.2:40448 VERIFY OK: depth=1, C=ES, ST=MADRID, L=MADRID, O=GARCAD, OU=GARCAD, CN=MADRID ES, name=EasyRSA, emailAddress=email@GMAIL.COM Wed Mar 22 19:08:42 2017 192.168.3.2:40448 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=myuser, name=EasyRSA, emailAddress=me@myhost.mydomain Wed Mar 22 19:08:42 2017 192.168.3.2:40448 peer info: IV_VER=2.3.11 Wed Mar 22 19:08:42 2017 192.168.3.2:40448 peer info: IV_PLAT=linux Wed Mar 22 19:08:42 2017 192.168.3.2:40448 peer info: IV_PROTO=2 Wed Mar 22 19:08:42 2017 192.168.3.2:40448 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 22 19:08:42 2017 192.168.3.2:40448 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Wed Mar 22 19:08:42 2017 192.168.3.2:40448 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 19:08:42 2017 192.168.3.2:40448 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 22 19:08:42 2017 192.168.3.2:40448 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Wed Mar 22 19:08:42 2017 192.168.3.2:40448 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 19:08:42 2017 192.168.3.2:40448 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks. Wed Mar 22 19:08:42 2017 192.168.3.2:40448 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Wed Mar 22 19:08:42 2017 192.168.3.2:40448 [myuser] Peer Connection Initiated with [AF_INET]192.168.3.2:40448 Wed Mar 22 19:08:42 2017 MULTI: new connection by client 'myuser' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect. Wed Mar 22 19:08:42 2017 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled) Wed Mar 22 19:08:42 2017 MULTI: Learn: 10.8.0.2 -> myuser/192.168.3.2:40448 Wed Mar 22 19:08:42 2017 MULTI: primary virtual IP for myuser/192.168.3.2:40448: 10.8.0.2 Wed Mar 22 19:08:44 2017 myuser/192.168.3.2:40448 PUSH: Received control message: 'PUSH_REQUEST' Wed Mar 22 19:08:44 2017 myuser/192.168.3.2:40448 SENT CONTROL [myuser]: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0' (status=1) Wed Mar 22 19:49:12 2017 192.168.3.153:46213 TLS: Initial packet from [AF_INET]192.168.3.153:46213, sid=d2e85bc0 bdba9a5a Wed Mar 22 19:49:12 2017 192.168.3.153:46213 VERIFY OK: depth=1, C=ES, ST=MADRID, L=MADRID, O=GARCAD, OU=GARCAD, CN=MADRID ES, name=EasyRSA, emailAddress=email@GMAIL.COM Wed Mar 22 19:49:12 2017 192.168.3.153:46213 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=myuser, name=EasyRSA, emailAddress=me@myhost.mydomain Wed Mar 22 19:49:13 2017 192.168.3.153:46213 peer info: IV_VER=2.3.11 Wed Mar 22 19:49:13 2017 192.168.3.153:46213 peer info: IV_PLAT=linux Wed Mar 22 19:49:13 2017 192.168.3.153:46213 peer info: IV_PROTO=2 Wed Mar 22 19:49:13 2017 192.168.3.153:46213 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 22 19:49:13 2017 192.168.3.153:46213 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Wed Mar 22 19:49:13 2017 192.168.3.153:46213 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 19:49:13 2017 192.168.3.153:46213 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Mar 22 19:49:13 2017 192.168.3.153:46213 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Wed Mar 22 19:49:13 2017 192.168.3.153:46213 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Mar 22 19:49:13 2017 192.168.3.153:46213 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks. Wed Mar 22 19:49:13 2017 192.168.3.153:46213 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Wed Mar 22 19:49:13 2017 192.168.3.153:46213 [myuser] Peer Connection Initiated with [AF_INET]192.168.3.153:46213 Wed Mar 22 19:49:13 2017 MULTI: new connection by client 'myuser' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect. Wed Mar 22 19:49:13 2017 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled) Wed Mar 22 19:49:13 2017 MULTI: Learn: 10.8.0.2 -> myuser/192.168.3.153:46213 Wed Mar 22 19:49:13 2017 MULTI: primary virtual IP for myuser/192.168.3.153:46213: 10.8.0.2 Wed Mar 22 19:49:15 2017 myuser/192.168.3.153:46213 PUSH: Received control message: 'PUSH_REQUEST' Wed Mar 22 19:49:15 2017 myuser/192.168.3.153:46213 SENT CONTROL [myuser]: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 1' (status=1) root@LEDE:~# --- Fin del código --- wifislax64 ~ # ssh root@192.168.3.1 root@192.168.3.1's password: BusyBox v1.25.1 () built-in shell (ash) _________ / /\ _ ___ ___ ___ / LE / \ | | | __| \| __| / DE / \ | |__| _|| |) | _| /________/ LE \ |____|___|___/|___| lede-project.org \ \ DE / \ LE \ / ----------------------------------------------------------- \ DE \ / Reboot (17.01.0, r3205-59508e3) \________\/ ----------------------------------------------------------- root@LEDE:~# cat /var/log/openvpn_status.log --- Código: ---OpenVPN CLIENT LIST Updated,Wed Mar 22 19:55:13 2017 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since myuser,192.168.3.153:46213,114672,203736,Wed Mar 22 19:49:12 2017 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref 10.8.0.2,myuser,192.168.3.153:46213,Wed Mar 22 19:54:50 2017 GLOBAL STATS Max bcast/mcast queue length,0 END root@LEDE:~# --- Fin del código --- root@LEDE:~# traceroute www.google.es --- Código: ---traceroute to www.google.es (216.58.214.163), 30 hops max, 38 byte packets 1 192.168.2.1 (192.168.2.1) 0.972 ms 3.292 ms 1.391 ms 2 192.168.1.1 (192.168.1.1) 2.808 ms 18.861 ms 2.706 ms 3 111.pool62-36-171.static.orange.es (62.36.171.111) 48.097 ms 49.373 ms 47.283 ms 4 10.34.197.70 (10.34.197.70) 49.715 ms 10.34.196.54 (10.34.196.54) 48.287 ms 51.161 ms 5 10.34.196.5 (10.34.196.5) 50.803 ms 10.34.197.5 (10.34.197.5) 52.083 ms 10.34.196.5 (10.34.196.5) 50.393 ms 6 * * * 7 72.14.195.132 (72.14.195.132) 80.696 ms 72.14.195.156 (72.14.195.156) 49.356 ms 72.14.203.138 (72.14.203.138) 48.751 ms 8 216.239.46.218 (216.239.46.218) 55.618 ms 56.962 ms 50.484 ms 9 216.239.40.219 (216.239.40.219) 52.428 ms 50.280 ms 48.724 ms 10 mad01s26-in-f163.1e100.net (216.58.214.163) 50.318 ms 75.155 ms 49.903 ms root@LEDE:~# --- Fin del código --- Salu2 |
| Navegación |
| Índice de Mensajes |
| Página Anterior |