Configure seu próprio proxy sock5 via openvpn

De Área31 Hackerspace
Responsável:
* Coffnix


Descrição

Orientar sobre como utilizar uma VPN com ou sem gateway default, com uso de proxy sock5, para ser utilizado em qualquer aplicação compatível, como web browser, aplicativo telegram e outros.

Requisitos

- Servidor Linux. Neste exemplo estamos utilizando Funtoo Linux, porém pode ser Gentoo, Opensuse ou qualquer outra distro, bastando adaptar os comandos de instalação de pacotes ou compilando os softwares utilizando o código fonte.

- Recomendável usar uma VPS na digital ocean, ou amazon AWS ou Azure, GCP ou OCI, rodando fora do país, preferenciamente EUA.

Configuração

Servidor

Google Authenticator

Compile a lib do google:

root # emerge sys-auth/google-authenticator

Crie o ambiente:

root # groupadd gauth
root # useradd -g gauth gauth
root # mkdir /etc/openvpn/google-authenticator
root # chown gauth:gauth /etc/openvpn/google-authenticator
root # chmod 0700 /etc/openvpn/google-authenticator


Script de criação de usuários

Crie um script para criação de usuários do openvpn + google 2FA:

root # touch /usr/sbin/gen-mfa.sh ; chmod +x /usr/sbin/gen-mfa.sh ; vi /usr/sbin/gen-mfa.sh
   /usr/sbin/gen-mfa.sh - script para criação de usuários
MFA_LABEL='OpenVPN Server'
MFA_USER=gauth
MFA_DIR=/etc/openvpn/google-authenticator
user_id=$1
if [ "$user_id" == "" ]; then
  echo "ERROR: No user id provided to generate MFA token"
  exit 1
fi

useradd -M -c "$user_id" -s /sbin/false "$user_id"

passwd "$user_id"

echo "INFO: Generating MFA Token"
su -c "google-authenticator -t -d -r3 -R30 -W -f -l \"${MFA_LABEL}\" -s /etc/openvpn/google-authenticator/$user_id" - gauth

PAM + 2FA Google Auth

Crie o arquivo de configuração do pam:

root # vi /etc/pam.d/openvpn
   /etc/pam.d/openvpn
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth required /lib64/security/pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER} user=gauth forward_pass
auth include system-auth
account include system-auth
password include system-auth


Integração do PAM com LDAP + MFA (opcional)

Configure o /etc/pam.d/openvpn da seguinte forma caso já possua uma base LDAP ativa e integrada com o PAM:

   /etc/pam.d/openvpn - Integração do PAM com LDAP + MFA
#%PAM-1.0
auth required /usr/local/lib/security/pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER} user=gauth forward_pass
auth required pam_ldap.so config=/etc/openvpn/auth/testemfa.conf use_first_pass debug
account sufficient pam_permit.so


E configure o arquivo de autenticação na base LDAP /etc/openvpn/auth/testemfa.conf:

   /etc/openvpn/auth/testemfa.conf
host 127.0.0.1
base dc=hackstore
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
pam_crypt local
ssl no

Configure também o arquivo /etc/ldap.conf:

   /etc/ldap.conf
uri ldap://localhost/
base dc=hackstore
ldap_version 3

ssl start_tls

tls_checkpeer no

binddn cn=ldapadmin,dc=hackstore
bindpw senha@senha

OBS: Não se esqueça de compilar o PAM com suporte a LDAP, e realizar a configuração dos restantes dos arquivos do PAM.

=Servidor

Servidor OpenVPN

Compile o openvpn:

root # echo 'net-vpn/openvpn down-root examples iproute2 lzo pam pkcs11 plugins ssl -inotify -libressl -lz4 -mbedtls -selinux -static -systemd -test' >> /etc/portage/package.use
root # emerge net-vpn/openvpn

Crie as chaves e certificados

root # cp -rp /usr/share/easy-rsa /etc/openvpn/keys
root # cd /etc/openvpn/keys

Siga este artigo, respeitando o diretório original /etc/openvpn/keys:

https://wiki.gentoo.org/wiki/Create_a_Public_Key_Infrastructure_Using_the_easy-rsa_Scripts

Configuração

Crie o arquivo de configuração do servidor:

root # vi /etc/openvpn/openvpn.conf
   /etc/openvpn/openvpn.conf
port 1194
proto udp
dev tun0

ca /etc/openvpn/keys/pki/ca.crt
cert /etc/openvpn/keys/pki/issued/FuntooHost.crt
key /etc/openvpn/keys/pki/private/FuntooHost.key
dh /etc/openvpn/keys/pki/dh.pem

server 10.100.0.0 255.255.255.0

persist-key
persist-tun
ifconfig-pool-persist ipp.txt

keepalive 10 120
comp-lzo

user nobody
group nobody

status openvpn-status.log
log /var/log/openvpn.log
verb 4

# PAM + 2FA Google Aut
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn


Cliente

Cliente OpenVPN

Compile o openvpn:

root # echo 'net-vpn/openvpn down-root examples iproute2 lzo pam pkcs11 plugins ssl -inotify -libressl -lz4 -mbedtls -selinux -static -systemd -test' >> /etc/portage/package.use
root # emerge net-vpn/openvpn

Configuração

Crie o arquivo de configuração do cliente:

root # vi /etc/openvpn/openvpn.conf
   /etc/openvpn/openvpn.conf
# specify client-side
client

# tun/tap device
dev tun0

# protocol, according to server
proto udp

# server address
remote area31.net.br 1194

# connection
comp-lzo
resolv-retry 30
nobind

# persistent device and keys
persist-key
persist-tun

# keys settings
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key

# pull dns settings from the server
script-security 2

# Scripts
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh

# logging
log /var/log/openvpn.log
verb 4

# 2FA Google Auth
# password generated using script /usr/sbin/connect-vpn-2fa.sh
ns-cert-type server
auth-user-pass /etc/openvpn/pass.txt

Servidor Dante Proxy (sock5)

Compile o ebuild net-proxy/dante:

root # emerge net-proxy/dante

Configure o arquivo /etc/socks/sockd.conf conforme o exemplo abaixo, alterando a rede do TUN do OpenVPN e em xxx.xxx.xxx.xxx colocando o IP de saída pra internet do seu servidor:

   /etc/socks/sockd.conf
logoutput: syslog

internal: 172.40.0.1 port = 1080

external: xxx.xxx.xxx.xxx

socksmethod: none

clientmethod: none

user.privileged: sockd

user.notprivileged: sockd

client pass {
        from: 172.40.0.0/24 to: 0.0.0.0/0
	log: error # connect disconnect
}

socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bind connect udpassociate
        log: error # connect disconnect iooperation
}


socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bindreply udpreply
        log: error # connect disconnect iooperation
}

Execução

Servidor OpenVPN

Adicione o servidor openvpn ao boot e inicie o daemon:

root # rc-update add openvpn ; /etc/init.d/openvpn start

Crie um usuário de VPN. Ex:

root # /usr/sbin/gen-mfa.sh teste

Será solicitada a digitação da senha. Por favor, utilize mais de 12 caracteres.

Abra a URL e escaneie o QR code no aplicativo Authy (recomendado). Também é possível utilizar o aplicativo nativo do google.

Ex:

INFO: Generating MFA Token
Warning: pasting the following URL into your browser exposes the OTP secret to Google:
  https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/OpenVPN%2520Server%3Fsecret%BRCB26KMG5R7TKQQXUBVW7D6A3%26issuer%3Dteste
Failed to use libqrencode to show QR code visually for scanning.
Consider typing the OTP secret into your app manually.
Your new secret key is: BRCB26KMG5R7TKQQXUBVW7D6A3
Your verification code is 125654
Your emergency scratch codes are:
  39144468
  67723481
  53844065
  41433310
  22803440

By default, a new token is generated every 30 seconds by the mobile app.
In order to compensate for possible time-skew between the client and the server,
we allow an extra token before and after the current time. This allows for a
time skew of up to 30 seconds between authentication server and client. If you
experience problems with poor time synchronization, you can increase the window
from its default size of 3 permitted codes (one previous code, the current
code, the next code) to 17 permitted codes (the 8 previous codes, the current
code, and the 8 next codes). This will permit for a time skew of up to 4 minutes
between client and server.
Do you want to do so? (y/n) y


Cliente OpenVPN

crie um script para autenticação da openvpn. Será criado randomicamente o arquivo contendo usuário e senha no formato adequado, digitando a senha criada via /usr/bin/passwd no servidor + MFA gerada no aplicativo.

root # touch /usr/sbin/connect-vpn-2fa.sh ; chmod +x /usr/sbin/connect-vpn-2fa.sh ; vi /usr/sbin/connect-vpn-2fa.sh
   /usr/sbin/connect-vpn-2fa.sh - script para conexão do cliente
#!/bin/bash
  
echo -e "\nDigite o usuário:"
read USERNAME

echo -e "\nDigite a senha:"
unset password;
while IFS= read -r -s -n1 pass; do
  if [[ -z $pass ]]; then
     echo
     break
  else
     echo -n '*'
     PASSWD+=$pass
  fi
done


echo -e "\nDigite o codigo MFA gerado em seu celular:"
read MFA

echo -e "${USERNAME}\n${PASSWD}${MFA}" > /etc/openvpn/pass.txt ; /etc/init.d/openvpn restart


Execute o script:

root # /usr/sbin/connect-vpn-2fa.sh

Ex:

root # /usr/sbin/connect-vpn-2fa.sh
root ##i##Digite o usuário:
coffnix

root ##i##Digite a senha:
*****************************************************

root ##i##Digite o codigo MFA gerado em seu celular:
722359


Demonstração


Log servidor

Acompanhe no log do servidor, deverá ser algo do tipo:

root # cat /var/log/openvpn.log
Sat Jun 30 20:49:56 2018 us=485682 Current Parameter Settings:
Sat Jun 30 20:49:56 2018 us=485808   config = '/etc/openvpn/openvpn.conf'
Sat Jun 30 20:49:56 2018 us=485832   mode = 1
Sat Jun 30 20:49:56 2018 us=485850   persist_config = DISABLED
Sat Jun 30 20:49:56 2018 us=485883   persist_mode = 1
Sat Jun 30 20:49:56 2018 us=485904   show_ciphers = DISABLED
Sat Jun 30 20:49:56 2018 us=485922   show_digests = DISABLED
Sat Jun 30 20:49:56 2018 us=485939   show_engines = DISABLED
Sat Jun 30 20:49:56 2018 us=485957   genkey = DISABLED
Sat Jun 30 20:49:56 2018 us=485975   key_pass_file = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=485992   show_tls_ciphers = DISABLED
Sat Jun 30 20:49:56 2018 us=486011   connect_retry_max = 0
Sat Jun 30 20:49:56 2018 us=486028 Connection profiles [0]:
Sat Jun 30 20:49:56 2018 us=486047   proto = udp
Sat Jun 30 20:49:56 2018 us=486065   local = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=486083   local_port = '1194'
Sat Jun 30 20:49:56 2018 us=486101   remote = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=486118   remote_port = '1194'
Sat Jun 30 20:49:56 2018 us=486136   remote_float = DISABLED
Sat Jun 30 20:49:56 2018 us=486154   bind_defined = DISABLED
Sat Jun 30 20:49:56 2018 us=486171   bind_local = ENABLED
Sat Jun 30 20:49:56 2018 us=486189   bind_ipv6_only = DISABLED
Sat Jun 30 20:49:56 2018 us=486207   connect_retry_seconds = 5
Sat Jun 30 20:49:56 2018 us=486225   connect_timeout = 120
Sat Jun 30 20:49:56 2018 us=486243   socks_proxy_server = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=486260   socks_proxy_port = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=486278   tun_mtu = 1500
Sat Jun 30 20:49:56 2018 us=486296   tun_mtu_defined = ENABLED
Sat Jun 30 20:49:56 2018 us=486314   link_mtu = 1500
Sat Jun 30 20:49:56 2018 us=486331   link_mtu_defined = DISABLED
Sat Jun 30 20:49:56 2018 us=486349   tun_mtu_extra = 0
Sat Jun 30 20:49:56 2018 us=486367   tun_mtu_extra_defined = DISABLED
Sat Jun 30 20:49:56 2018 us=486384   mtu_discover_type = -1
Sat Jun 30 20:49:56 2018 us=486402   fragment = 0
Sat Jun 30 20:49:56 2018 us=486420   mssfix = 1450
Sat Jun 30 20:49:56 2018 us=486437   explicit_exit_notification = 0
Sat Jun 30 20:49:56 2018 us=486455 Connection profiles END
Sat Jun 30 20:49:56 2018 us=486473   remote_random = DISABLED
Sat Jun 30 20:49:56 2018 us=486491   ipchange = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=486508   dev = 'tun0'
Sat Jun 30 20:49:56 2018 us=486526   dev_type = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=486543   dev_node = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=486561   lladdr = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=486578   topology = 1
Sat Jun 30 20:49:56 2018 us=486596   ifconfig_local = '10.100.0.1'
Sat Jun 30 20:49:56 2018 us=486614   ifconfig_remote_netmask = '10.100.0.2'
Sat Jun 30 20:49:56 2018 us=486632   ifconfig_noexec = DISABLED
Sat Jun 30 20:49:56 2018 us=486649   ifconfig_nowarn = DISABLED
Sat Jun 30 20:49:56 2018 us=486667   ifconfig_ipv6_local = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=486685   ifconfig_ipv6_netbits = 0
Sat Jun 30 20:49:56 2018 us=486702   ifconfig_ipv6_remote = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=486720   shaper = 0
Sat Jun 30 20:49:56 2018 us=486738   mtu_test = 0
Sat Jun 30 20:49:56 2018 us=486756   mlock = DISABLED
Sat Jun 30 20:49:56 2018 us=486774   keepalive_ping = 10
Sat Jun 30 20:49:56 2018 us=486791   keepalive_timeout = 120
Sat Jun 30 20:49:56 2018 us=486809   inactivity_timeout = 0
Sat Jun 30 20:49:56 2018 us=486827   ping_send_timeout = 10
Sat Jun 30 20:49:56 2018 us=486844   ping_rec_timeout = 240
Sat Jun 30 20:49:56 2018 us=486862   ping_rec_timeout_action = 2
Sat Jun 30 20:49:56 2018 us=486880   ping_timer_remote = DISABLED
Sat Jun 30 20:49:56 2018 us=486897   remap_sigusr1 = 0
Sat Jun 30 20:49:56 2018 us=486915   persist_tun = ENABLED
Sat Jun 30 20:49:56 2018 us=486932   persist_local_ip = DISABLED
Sat Jun 30 20:49:56 2018 us=486950   persist_remote_ip = DISABLED
Sat Jun 30 20:49:56 2018 us=486968   persist_key = ENABLED
Sat Jun 30 20:49:56 2018 us=486986   passtos = DISABLED
Sat Jun 30 20:49:56 2018 us=487013   resolve_retry_seconds = 1000000000
Sat Jun 30 20:49:56 2018 us=487032   resolve_in_advance = DISABLED
Sat Jun 30 20:49:56 2018 us=487050   username = 'nobody'
Sat Jun 30 20:49:56 2018 us=487068   groupname = 'nobody'
Sat Jun 30 20:49:56 2018 us=487086   chroot_dir = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487104   cd_dir = '/etc/openvpn'
Sat Jun 30 20:49:56 2018 us=487122   writepid = '/var/run/openvpn.pid'
Sat Jun 30 20:49:56 2018 us=487139   up_script = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487157   down_script = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487175   down_pre = DISABLED
Sat Jun 30 20:49:56 2018 us=487192   up_restart = DISABLED
Sat Jun 30 20:49:56 2018 us=487210   up_delay = DISABLED
Sat Jun 30 20:49:56 2018 us=487227   daemon = ENABLED
Sat Jun 30 20:49:56 2018 us=487244   inetd = 0
Sat Jun 30 20:49:56 2018 us=487262   log = ENABLED
Sat Jun 30 20:49:56 2018 us=487279   suppress_timestamps = DISABLED
Sat Jun 30 20:49:56 2018 us=487297   machine_readable_output = DISABLED
Sat Jun 30 20:49:56 2018 us=487314   nice = 0
Sat Jun 30 20:49:56 2018 us=487332   verbosity = 4
Sat Jun 30 20:49:56 2018 us=487349   mute = 0
Sat Jun 30 20:49:56 2018 us=487366   gremlin = 0
Sat Jun 30 20:49:56 2018 us=487384   status_file = 'openvpn-status.log'
Sat Jun 30 20:49:56 2018 us=487402   status_file_version = 1
Sat Jun 30 20:49:56 2018 us=487420   status_file_update_freq = 60
Sat Jun 30 20:49:56 2018 us=487437   occ = ENABLED
Sat Jun 30 20:49:56 2018 us=487456   rcvbuf = 0
Sat Jun 30 20:49:56 2018 us=487473   sndbuf = 0
Sat Jun 30 20:49:56 2018 us=487491   mark = 0
Sat Jun 30 20:49:56 2018 us=487508   sockflags = 0
Sat Jun 30 20:49:56 2018 us=487526   fast_io = DISABLED
Sat Jun 30 20:49:56 2018 us=487543   comp.alg = 2
Sat Jun 30 20:49:56 2018 us=487561   comp.flags = 1
Sat Jun 30 20:49:56 2018 us=487579   route_script = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487596   route_default_gateway = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487614   route_default_metric = 0
Sat Jun 30 20:49:56 2018 us=487632   route_noexec = DISABLED
Sat Jun 30 20:49:56 2018 us=487650   route_delay = 0
Sat Jun 30 20:49:56 2018 us=487668   route_delay_window = 30
Sat Jun 30 20:49:56 2018 us=487686   route_delay_defined = DISABLED
Sat Jun 30 20:49:56 2018 us=487703   route_nopull = DISABLED
Sat Jun 30 20:49:56 2018 us=487721   route_gateway_via_dhcp = DISABLED
Sat Jun 30 20:49:56 2018 us=487739   allow_pull_fqdn = DISABLED
Sat Jun 30 20:49:56 2018 us=487762   route 10.100.0.0/255.255.255.0/default (not set)/default (not set)
Sat Jun 30 20:49:56 2018 us=487781   management_addr = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487800   management_port = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487817   management_user_pass = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487835   management_log_history_cache = 250
Sat Jun 30 20:49:56 2018 us=487853   management_echo_buffer_size = 100
Sat Jun 30 20:49:56 2018 us=487871   management_write_peer_info_file = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487889   management_client_user = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487907   management_client_group = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487925   management_flags = 0
Sat Jun 30 20:49:56 2018 us=487951   plugin[0] /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]'
Sat Jun 30 20:49:56 2018 us=487975   shared_secret_file = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=487993   key_direction = not set
Sat Jun 30 20:49:56 2018 us=488011   ciphername = 'BF-CBC'
Sat Jun 30 20:49:56 2018 us=488029   ncp_enabled = ENABLED
Sat Jun 30 20:49:56 2018 us=488046   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Jun 30 20:49:56 2018 us=488064   authname = 'SHA1'
Sat Jun 30 20:49:56 2018 us=488082   prng_hash = 'SHA1'
Sat Jun 30 20:49:56 2018 us=488100   prng_nonce_secret_len = 16
Sat Jun 30 20:49:56 2018 us=488117   keysize = 0
Sat Jun 30 20:49:56 2018 us=488135   engine = DISABLED
Sat Jun 30 20:49:56 2018 us=488152   replay = ENABLED
Sat Jun 30 20:49:56 2018 us=488170   mute_replay_warnings = DISABLED
Sat Jun 30 20:49:56 2018 us=488188   replay_window = 64
Sat Jun 30 20:49:56 2018 us=488205   replay_time = 15
Sat Jun 30 20:49:56 2018 us=488223   packet_id_file = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488240   use_iv = ENABLED
Sat Jun 30 20:49:56 2018 us=488258   test_crypto = DISABLED
Sat Jun 30 20:49:56 2018 us=488275   tls_server = ENABLED
Sat Jun 30 20:49:56 2018 us=488293   tls_client = DISABLED
Sat Jun 30 20:49:56 2018 us=488311   key_method = 2
Sat Jun 30 20:49:56 2018 us=488329   ca_file = '/etc/openvpn/keys/pki/ca.crt'
Sat Jun 30 20:49:56 2018 us=488346   ca_path = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488364   dh_file = '/etc/openvpn/keys/pki/dh.pem'
Sat Jun 30 20:49:56 2018 us=488382   cert_file = '/etc/openvpn/keys/pki/issued/FuntooHost.crt'
Sat Jun 30 20:49:56 2018 us=488401   extra_certs_file = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488419   priv_key_file = '/etc/openvpn/keys/pki/private/FuntooHost.key'
Sat Jun 30 20:49:56 2018 us=488438   pkcs12_file = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488455   cipher_list = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488473   tls_cert_profile = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488491   tls_verify = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488508   tls_export_cert = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488526   verify_x509_type = 0
Sat Jun 30 20:49:56 2018 us=488544   verify_x509_name = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488562   crl_file = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488580   ns_cert_type = 0
Sat Jun 30 20:49:56 2018 us=488597   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488615   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488633   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488650   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488668   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488685   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488703   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488721   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488739   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488756   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488774   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488791   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488809   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488826   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488843   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488861   remote_cert_ku[i] = 0
Sat Jun 30 20:49:56 2018 us=488878   remote_cert_eku = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=488896   ssl_flags = 0
Sat Jun 30 20:49:56 2018 us=488914   tls_timeout = 2
Sat Jun 30 20:49:56 2018 us=488931   renegotiate_bytes = -1
Sat Jun 30 20:49:56 2018 us=488948   renegotiate_packets = 0
Sat Jun 30 20:49:56 2018 us=488966   renegotiate_seconds = 3600
Sat Jun 30 20:49:56 2018 us=488984   handshake_window = 60
Sat Jun 30 20:49:56 2018 us=489002   transition_window = 3600
Sat Jun 30 20:49:56 2018 us=489020   single_session = DISABLED
Sat Jun 30 20:49:56 2018 us=489038   push_peer_info = DISABLED
Sat Jun 30 20:49:56 2018 us=489056   tls_exit = DISABLED
Sat Jun 30 20:49:56 2018 us=489074   tls_auth_file = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=489091   tls_crypt_file = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=489110   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489128   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489146   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489164   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489182   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489200   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489218   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489236   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489254   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489272   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489290   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489308   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489326   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489344   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489362   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489380   pkcs11_protected_authentication = DISABLED
Sat Jun 30 20:49:56 2018 us=489399   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489418   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489436   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489454   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489471   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489490   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489508   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489526   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489544   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489562   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489580   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489598   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489616   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489633   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489651   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489670   pkcs11_private_mode = 00000000
Sat Jun 30 20:49:56 2018 us=489688   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489706   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489724   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489743   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489761   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489779   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489797   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489815   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489833   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489851   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489877   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489900   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489918   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489936   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489954   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489971   pkcs11_cert_private = DISABLED
Sat Jun 30 20:49:56 2018 us=489990   pkcs11_pin_cache_period = -1
Sat Jun 30 20:49:56 2018 us=490007   pkcs11_id = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=490025   pkcs11_id_management = DISABLED
Sat Jun 30 20:49:56 2018 us=490044   server_network = 10.100.0.0
Sat Jun 30 20:49:56 2018 us=490062   server_netmask = 255.255.255.0
Sat Jun 30 20:49:56 2018 us=490085   server_network_ipv6 = ::
Sat Jun 30 20:49:56 2018 us=490105   server_netbits_ipv6 = 0
Sat Jun 30 20:49:56 2018 us=490124   server_bridge_ip = 0.0.0.0
Sat Jun 30 20:49:56 2018 us=490142   server_bridge_netmask = 0.0.0.0
Sat Jun 30 20:49:56 2018 us=490161   server_bridge_pool_start = 0.0.0.0
Sat Jun 30 20:49:56 2018 us=490179   server_bridge_pool_end = 0.0.0.0
Sat Jun 30 20:49:56 2018 us=490197   push_entry = 'route 10.100.0.1'
Sat Jun 30 20:49:56 2018 us=490215   push_entry = 'topology net30'
Sat Jun 30 20:49:56 2018 us=490233   push_entry = 'ping 10'
Sat Jun 30 20:49:56 2018 us=490250   push_entry = 'ping-restart 120'
Sat Jun 30 20:49:56 2018 us=490268   ifconfig_pool_defined = ENABLED
Sat Jun 30 20:49:56 2018 us=490286   ifconfig_pool_start = 10.100.0.4
Sat Jun 30 20:49:56 2018 us=490304   ifconfig_pool_end = 10.100.0.251
Sat Jun 30 20:49:56 2018 us=490323   ifconfig_pool_netmask = 0.0.0.0
Sat Jun 30 20:49:56 2018 us=490340   ifconfig_pool_persist_filename = 'ipp.txt'
Sat Jun 30 20:49:56 2018 us=490358   ifconfig_pool_persist_refresh_freq = 600
Sat Jun 30 20:49:56 2018 us=490376   ifconfig_ipv6_pool_defined = DISABLED
Sat Jun 30 20:49:56 2018 us=490396   ifconfig_ipv6_pool_base = ::
Sat Jun 30 20:49:56 2018 us=490415   ifconfig_ipv6_pool_netbits = 0
Sat Jun 30 20:49:56 2018 us=490433   n_bcast_buf = 256
Sat Jun 30 20:49:56 2018 us=490451   tcp_queue_limit = 64
Sat Jun 30 20:49:56 2018 us=490468   real_hash_size = 256
Sat Jun 30 20:49:56 2018 us=490486   virtual_hash_size = 256
Sat Jun 30 20:49:56 2018 us=490503   client_connect_script = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=490522   learn_address_script = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=490540   client_disconnect_script = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=490557   client_config_dir = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=490575   ccd_exclusive = DISABLED
Sat Jun 30 20:49:56 2018 us=490593   tmp_dir = '/tmp'
Sat Jun 30 20:49:56 2018 us=490610   push_ifconfig_defined = DISABLED
Sat Jun 30 20:49:56 2018 us=490629   push_ifconfig_local = 0.0.0.0
Sat Jun 30 20:49:56 2018 us=490647   push_ifconfig_remote_netmask = 0.0.0.0
Sat Jun 30 20:49:56 2018 us=490665   push_ifconfig_ipv6_defined = DISABLED
Sat Jun 30 20:49:56 2018 us=490684   push_ifconfig_ipv6_local = ::/0
Sat Jun 30 20:49:56 2018 us=490702   push_ifconfig_ipv6_remote = ::
Sat Jun 30 20:49:56 2018 us=490720   enable_c2c = DISABLED
Sat Jun 30 20:49:56 2018 us=490738   duplicate_cn = DISABLED
Sat Jun 30 20:49:56 2018 us=490755   cf_max = 0
Sat Jun 30 20:49:56 2018 us=490773   cf_per = 0
Sat Jun 30 20:49:56 2018 us=490791   max_clients = 1024
Sat Jun 30 20:49:56 2018 us=490808   max_routes_per_client = 256
Sat Jun 30 20:49:56 2018 us=490826   auth_user_pass_verify_script = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=490843   auth_user_pass_verify_script_via_file = DISABLED
Sat Jun 30 20:49:56 2018 us=490861   auth_token_generate = DISABLED
Sat Jun 30 20:49:56 2018 us=490879   auth_token_lifetime = 0
Sat Jun 30 20:49:56 2018 us=490897   port_share_host = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=490915   port_share_port = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=490933   client = DISABLED
Sat Jun 30 20:49:56 2018 us=490950   pull = DISABLED
Sat Jun 30 20:49:56 2018 us=490968   auth_user_pass_file = '[UNDEF]'
Sat Jun 30 20:49:56 2018 us=490988 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 29 2018
Sat Jun 30 20:49:56 2018 us=491016 library versions: OpenSSL 1.0.2o  27 Mar 2018, LZO 2.10
AUTH-PAM: BACKGROUND: INIT service='openvpn'
Sat Jun 30 20:49:56 2018 us=492942 PLUGIN_INIT: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY 
Sat Jun 30 20:49:56 2018 us=493447 Diffie-Hellman initialized with 2048 bit key
Sat Jun 30 20:49:56 2018 us=494024 TLS-Auth MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jun 30 20:49:56 2018 us=494333 ROUTE_GATEWAY 172.97.103.1/255.255.255.0 IFACE=eth0 HWADDR=00:16:3e:35:4c:3c
Sat Jun 30 20:49:56 2018 us=494904 TUN/TAP device tun0 opened
Sat Jun 30 20:49:56 2018 us=494953 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Sat Jun 30 20:49:56 2018 us=494986 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jun 30 20:49:56 2018 us=495014 /sbin/ip link set dev tun0 up mtu 1500
Sat Jun 30 20:49:56 2018 us=497424 /sbin/ip addr add dev tun0 local 10.100.0.1 peer 10.100.0.2
Sat Jun 30 20:49:56 2018 us=500205 /sbin/ip route add 10.100.0.0/24 via 10.100.0.2
Sat Jun 30 20:49:56 2018 us=501714 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ]
Sat Jun 30 20:49:56 2018 us=502617 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat Jun 30 20:49:56 2018 us=502670 Socket Buffers: R=[33554432->33554432] S=[33554432->33554432]
Sat Jun 30 20:49:56 2018 us=502711 UDPv4 link local (bound): [AF_INET][undef]:1194
Sat Jun 30 20:49:56 2018 us=502733 UDPv4 link remote: [AF_UNSPEC]
Sat Jun 30 20:49:56 2018 us=502761 GID set to nobody
Sat Jun 30 20:49:56 2018 us=502796 UID set to nobody
Sat Jun 30 20:49:56 2018 us=502832 MULTI: multi_init called, r=256 v=256
Sat Jun 30 20:49:56 2018 us=502892 IFCONFIG POOL: base=10.100.0.4 size=62, ipv6=0
Sat Jun 30 20:49:56 2018 us=502941 ifconfig_pool_read(), in='client1,10.100.0.4', TODO: IPv6
Sat Jun 30 20:49:56 2018 us=502966 succeeded -> ifconfig_pool_set()
Sat Jun 30 20:49:56 2018 us=502989 IFCONFIG POOL LIST
Sat Jun 30 20:49:56 2018 us=503009 client1,10.100.0.4
Sat Jun 30 20:49:56 2018 us=503051 Initialization Sequence Completed
Sat Jun 30 20:50:22 2018 us=54652 MULTI: multi_create_instance called
Sat Jun 30 20:50:22 2018 us=54856 187.104.48.10:59146 Re-using SSL/TLS context
Sat Jun 30 20:50:22 2018 us=54904 187.104.48.10:59146 LZO compression initializing
Sat Jun 30 20:50:22 2018 us=55088 187.104.48.10:59146 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jun 30 20:50:22 2018 us=55123 187.104.48.10:59146 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ]
Sat Jun 30 20:50:22 2018 us=55176 187.104.48.10:59146 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Jun 30 20:50:22 2018 us=55202 187.104.48.10:59146 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Jun 30 20:50:22 2018 us=55265 187.104.48.10:59146 TLS: Initial packet from [AF_INET]187.104.48.10:59146, sid=649b0f94 1844f9aa
Sat Jun 30 20:50:22 2018 us=645519 187.104.48.10:59146 VERIFY OK: depth=1, CN=FuntooHost
Sat Jun 30 20:50:22 2018 us=645819 187.104.48.10:59146 VERIFY OK: depth=0, CN=client1
Sat Jun 30 20:50:22 2018 us=935014 187.104.48.10:59146 peer info: IV_VER=2.4.6
Sat Jun 30 20:50:22 2018 us=935095 187.104.48.10:59146 peer info: IV_PLAT=linux
Sat Jun 30 20:50:22 2018 us=935118 187.104.48.10:59146 peer info: IV_PROTO=2
Sat Jun 30 20:50:22 2018 us=935137 187.104.48.10:59146 peer info: IV_NCP=2
Sat Jun 30 20:50:22 2018 us=935156 187.104.48.10:59146 peer info: IV_LZO=1
Sat Jun 30 20:50:22 2018 us=935176 187.104.48.10:59146 peer info: IV_COMP_STUB=1
Sat Jun 30 20:50:22 2018 us=935195 187.104.48.10:59146 peer info: IV_COMP_STUBv2=1
Sat Jun 30 20:50:22 2018 us=935214 187.104.48.10:59146 peer info: IV_TCPNL=1
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: coffnix
AUTH-PAM: BACKGROUND: my_conv[0] query='Password & verification code: ' style=1
Sat Jun 30 20:50:22 2018 us=952869 187.104.48.10:59146 PLUGIN_CALL: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sat Jun 30 20:50:22 2018 us=953049 187.104.48.10:59146 TLS: Username/Password authentication succeeded for username 'coffnix' 
Sat Jun 30 20:50:23 2018 us=241062 187.104.48.10:59146 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jun 30 20:50:23 2018 us=241203 187.104.48.10:59146 [client1] Peer Connection Initiated with [AF_INET]187.104.48.10:59146
Sat Jun 30 20:50:23 2018 us=241263 client1/187.104.48.10:59146 MULTI_sva: pool returned IPv4=10.100.0.6, IPv6=(Not enabled)
Sat Jun 30 20:50:23 2018 us=241322 client1/187.104.48.10:59146 MULTI: Learn: 10.100.0.6 -> client1/187.104.48.10:59146
Sat Jun 30 20:50:23 2018 us=241344 client1/187.104.48.10:59146 MULTI: primary virtual IP for client1/187.104.48.10:59146: 10.100.0.6
Sat Jun 30 20:50:24 2018 us=458952 client1/187.104.48.10:59146 PUSH: Received control message: 'PUSH_REQUEST'
Sat Jun 30 20:50:24 2018 us=459102 client1/187.104.48.10:59146 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.100.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.100.0.6 10.100.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Sat Jun 30 20:50:24 2018 us=459130 client1/187.104.48.10:59146 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Jun 30 20:50:24 2018 us=459164 client1/187.104.48.10:59146 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 AF:3/1 ]
Sat Jun 30 20:50:24 2018 us=459306 client1/187.104.48.10:59146 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 30 20:50:24 2018 us=459335 client1/187.104.48.10:59146 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 30 20:50:29 2018 us=762034 client1/187.104.48.10:59146 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_00123] 0:7 0:6 t=1530402629[0] r=[-3,64,15,1,1] sl=[57,7,64,528]



Log Cliente

Acompanhe no log do cliente, deverá ser algo do tipo:

root # cat /var/log/openvpn.log
Sat Jun 30 20:50:21 2018 Multiple --up scripts defined.  The previously configured script is overridden.
Sat Jun 30 20:50:21 2018 Multiple --down scripts defined.  The previously configured script is overridden.
Sat Jun 30 20:50:21 2018 us=566336 WARNING: file '/etc/openvpn/pass.txt' is group or others accessible
Sat Jun 30 20:50:21 2018 us=566354 Current Parameter Settings:
Sat Jun 30 20:50:21 2018 us=566361   config = '/etc/openvpn/openvpn.conf'
Sat Jun 30 20:50:21 2018 us=566367   mode = 0
Sat Jun 30 20:50:21 2018 us=566373   persist_config = DISABLED
Sat Jun 30 20:50:21 2018 us=566379   persist_mode = 1
Sat Jun 30 20:50:21 2018 us=566385   show_ciphers = DISABLED
Sat Jun 30 20:50:21 2018 us=566391   show_digests = DISABLED
Sat Jun 30 20:50:21 2018 us=566396   show_engines = DISABLED
Sat Jun 30 20:50:21 2018 us=566402   genkey = DISABLED
Sat Jun 30 20:50:21 2018 us=566408   key_pass_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566414   show_tls_ciphers = DISABLED
Sat Jun 30 20:50:21 2018 us=566419   connect_retry_max = 0
Sat Jun 30 20:50:21 2018 us=566425 Connection profiles [0]:
Sat Jun 30 20:50:21 2018 us=566431   proto = udp
Sat Jun 30 20:50:21 2018 us=566437   local = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566443   local_port = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566451   remote = 'area31.net.br'
Sat Jun 30 20:50:21 2018 us=566457   remote_port = '1194'
Sat Jun 30 20:50:21 2018 us=566463   remote_float = DISABLED
Sat Jun 30 20:50:21 2018 us=566469   bind_defined = DISABLED
Sat Jun 30 20:50:21 2018 us=566474   bind_local = DISABLED
Sat Jun 30 20:50:21 2018 us=566480   bind_ipv6_only = DISABLED
Sat Jun 30 20:50:21 2018 us=566486   connect_retry_seconds = 5
Sat Jun 30 20:50:21 2018 us=566492   connect_timeout = 120
Sat Jun 30 20:50:21 2018 us=566497   socks_proxy_server = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566503   socks_proxy_port = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566509   tun_mtu = 1500
Sat Jun 30 20:50:21 2018 us=566515   tun_mtu_defined = ENABLED
Sat Jun 30 20:50:21 2018 us=566521   link_mtu = 1500
Sat Jun 30 20:50:21 2018 us=566526   link_mtu_defined = DISABLED
Sat Jun 30 20:50:21 2018 us=566532   tun_mtu_extra = 0
Sat Jun 30 20:50:21 2018 us=566538   tun_mtu_extra_defined = DISABLED
Sat Jun 30 20:50:21 2018 us=566544   mtu_discover_type = -1
Sat Jun 30 20:50:21 2018 us=566550   fragment = 0
Sat Jun 30 20:50:21 2018 us=566555   mssfix = 1450
Sat Jun 30 20:50:21 2018 us=566561   explicit_exit_notification = 0
Sat Jun 30 20:50:21 2018 us=566567 Connection profiles END
Sat Jun 30 20:50:21 2018 us=566573   remote_random = DISABLED
Sat Jun 30 20:50:21 2018 us=566578   ipchange = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566584   dev = 'tun0'
Sat Jun 30 20:50:21 2018 us=566590   dev_type = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566596   dev_node = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566602   lladdr = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566607   topology = 1
Sat Jun 30 20:50:21 2018 us=566613   ifconfig_local = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566619   ifconfig_remote_netmask = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566625   ifconfig_noexec = DISABLED
Sat Jun 30 20:50:21 2018 us=566630   ifconfig_nowarn = DISABLED
Sat Jun 30 20:50:21 2018 us=566636   ifconfig_ipv6_local = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566642   ifconfig_ipv6_netbits = 0
Sat Jun 30 20:50:21 2018 us=566647   ifconfig_ipv6_remote = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566653   shaper = 0
Sat Jun 30 20:50:21 2018 us=566659   mtu_test = 0
Sat Jun 30 20:50:21 2018 us=566665   mlock = DISABLED
Sat Jun 30 20:50:21 2018 us=566671   keepalive_ping = 0
Sat Jun 30 20:50:21 2018 us=566676   keepalive_timeout = 0
Sat Jun 30 20:50:21 2018 us=566682   inactivity_timeout = 0
Sat Jun 30 20:50:21 2018 us=566688   ping_send_timeout = 0
Sat Jun 30 20:50:21 2018 us=566693   ping_rec_timeout = 0
Sat Jun 30 20:50:21 2018 us=566699   ping_rec_timeout_action = 0
Sat Jun 30 20:50:21 2018 us=566705   ping_timer_remote = DISABLED
Sat Jun 30 20:50:21 2018 us=566710   remap_sigusr1 = 0
Sat Jun 30 20:50:21 2018 us=566716   persist_tun = ENABLED
Sat Jun 30 20:50:21 2018 us=566722   persist_local_ip = DISABLED
Sat Jun 30 20:50:21 2018 us=566732   persist_remote_ip = DISABLED
Sat Jun 30 20:50:21 2018 us=566738   persist_key = ENABLED
Sat Jun 30 20:50:21 2018 us=566744   passtos = DISABLED
Sat Jun 30 20:50:21 2018 us=566750   resolve_retry_seconds = 30
Sat Jun 30 20:50:21 2018 us=566756   resolve_in_advance = DISABLED
Sat Jun 30 20:50:21 2018 us=566761   username = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566767   groupname = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566773   chroot_dir = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566779   cd_dir = '/etc/openvpn'
Sat Jun 30 20:50:21 2018 us=566784   writepid = '/var/run/openvpn.pid'
Sat Jun 30 20:50:21 2018 us=566790   up_script = '/etc/openvpn/up.sh'
Sat Jun 30 20:50:21 2018 us=566796   down_script = '/etc/openvpn/down.sh'
Sat Jun 30 20:50:21 2018 us=566802   down_pre = ENABLED
Sat Jun 30 20:50:21 2018 us=566807   up_restart = ENABLED
Sat Jun 30 20:50:21 2018 us=566813   up_delay = ENABLED
Sat Jun 30 20:50:21 2018 us=566819   daemon = ENABLED
Sat Jun 30 20:50:21 2018 us=566825   inetd = 0
Sat Jun 30 20:50:21 2018 us=566830   log = ENABLED
Sat Jun 30 20:50:21 2018 us=566836   suppress_timestamps = DISABLED
Sat Jun 30 20:50:21 2018 us=566842   machine_readable_output = DISABLED
Sat Jun 30 20:50:21 2018 us=566848   nice = 0
Sat Jun 30 20:50:21 2018 us=566853   verbosity = 4
Sat Jun 30 20:50:21 2018 us=566859   mute = 0
Sat Jun 30 20:50:21 2018 us=566865   gremlin = 0
Sat Jun 30 20:50:21 2018 us=566871   status_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566876   status_file_version = 1
Sat Jun 30 20:50:21 2018 us=566882   status_file_update_freq = 60
Sat Jun 30 20:50:21 2018 us=566888   occ = ENABLED
Sat Jun 30 20:50:21 2018 us=566894   rcvbuf = 0
Sat Jun 30 20:50:21 2018 us=566899   sndbuf = 0
Sat Jun 30 20:50:21 2018 us=566905   mark = 0
Sat Jun 30 20:50:21 2018 us=566911   sockflags = 0
Sat Jun 30 20:50:21 2018 us=566917   fast_io = DISABLED
Sat Jun 30 20:50:21 2018 us=566923   comp.alg = 2
Sat Jun 30 20:50:21 2018 us=566928   comp.flags = 1
Sat Jun 30 20:50:21 2018 us=566934   route_script = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566940   route_default_gateway = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566946   route_default_metric = 0
Sat Jun 30 20:50:21 2018 us=566952   route_noexec = DISABLED
Sat Jun 30 20:50:21 2018 us=566957   route_delay = 0
Sat Jun 30 20:50:21 2018 us=566963   route_delay_window = 30
Sat Jun 30 20:50:21 2018 us=566969   route_delay_defined = DISABLED
Sat Jun 30 20:50:21 2018 us=566975   route_nopull = DISABLED
Sat Jun 30 20:50:21 2018 us=566981   route_gateway_via_dhcp = DISABLED
Sat Jun 30 20:50:21 2018 us=566987   allow_pull_fqdn = DISABLED
Sat Jun 30 20:50:21 2018 us=566993   management_addr = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=566999   management_port = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567005   management_user_pass = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567011   management_log_history_cache = 250
Sat Jun 30 20:50:21 2018 us=567017   management_echo_buffer_size = 100
Sat Jun 30 20:50:21 2018 us=567023   management_write_peer_info_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567028   management_client_user = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567034   management_client_group = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567040   management_flags = 0
Sat Jun 30 20:50:21 2018 us=567046   shared_secret_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567052   key_direction = not set
Sat Jun 30 20:50:21 2018 us=567058   ciphername = 'BF-CBC'
Sat Jun 30 20:50:21 2018 us=567064   ncp_enabled = ENABLED
Sat Jun 30 20:50:21 2018 us=567070   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Jun 30 20:50:21 2018 us=567076   authname = 'SHA1'
Sat Jun 30 20:50:21 2018 us=567081   prng_hash = 'SHA1'
Sat Jun 30 20:50:21 2018 us=567087   prng_nonce_secret_len = 16
Sat Jun 30 20:50:21 2018 us=567093   keysize = 0
Sat Jun 30 20:50:21 2018 us=567099   engine = DISABLED
Sat Jun 30 20:50:21 2018 us=567105   replay = ENABLED
Sat Jun 30 20:50:21 2018 us=567111   mute_replay_warnings = DISABLED
Sat Jun 30 20:50:21 2018 us=567117   replay_window = 64
Sat Jun 30 20:50:21 2018 us=567126   replay_time = 15
Sat Jun 30 20:50:21 2018 us=567132   packet_id_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567138   use_iv = ENABLED
Sat Jun 30 20:50:21 2018 us=567144   test_crypto = DISABLED
Sat Jun 30 20:50:21 2018 us=567150   tls_server = DISABLED
Sat Jun 30 20:50:21 2018 us=567156   tls_client = ENABLED
Sat Jun 30 20:50:21 2018 us=567162   key_method = 2
Sat Jun 30 20:50:21 2018 us=567167   ca_file = 'keys/ca.crt'
Sat Jun 30 20:50:21 2018 us=567180   ca_path = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567188   dh_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567194   cert_file = 'keys/client1.crt'
Sat Jun 30 20:50:21 2018 us=567200   extra_certs_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567206   priv_key_file = 'keys/client1.key'
Sat Jun 30 20:50:21 2018 us=567212   pkcs12_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567217   cipher_list = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567223   tls_cert_profile = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567229   tls_verify = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567235   tls_export_cert = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567241   verify_x509_type = 0
Sat Jun 30 20:50:21 2018 us=567246   verify_x509_name = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567252   crl_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567258   ns_cert_type = 1
Sat Jun 30 20:50:21 2018 us=567264   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567270   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567276   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567281   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567287   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567293   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567299   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567305   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567311   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567316   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567322   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567328   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567334   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567340   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567346   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567351   remote_cert_ku[i] = 0
Sat Jun 30 20:50:21 2018 us=567357   remote_cert_eku = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567363   ssl_flags = 0
Sat Jun 30 20:50:21 2018 us=567369   tls_timeout = 2
Sat Jun 30 20:50:21 2018 us=567375   renegotiate_bytes = -1
Sat Jun 30 20:50:21 2018 us=567381   renegotiate_packets = 0
Sat Jun 30 20:50:21 2018 us=567387   renegotiate_seconds = 3600
Sat Jun 30 20:50:21 2018 us=567392   handshake_window = 60
Sat Jun 30 20:50:21 2018 us=567398   transition_window = 3600
Sat Jun 30 20:50:21 2018 us=567404   single_session = DISABLED
Sat Jun 30 20:50:21 2018 us=567410   push_peer_info = DISABLED
Sat Jun 30 20:50:21 2018 us=567416   tls_exit = DISABLED
Sat Jun 30 20:50:21 2018 us=567422   tls_auth_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567428   tls_crypt_file = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567436   server_network = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567443   server_netmask = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567455   server_network_ipv6 = ::
Sat Jun 30 20:50:21 2018 us=567463   server_netbits_ipv6 = 0
Sat Jun 30 20:50:21 2018 us=567470   server_bridge_ip = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567476   server_bridge_netmask = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567483   server_bridge_pool_start = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567489   server_bridge_pool_end = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567495   ifconfig_pool_defined = DISABLED
Sat Jun 30 20:50:21 2018 us=567501   ifconfig_pool_start = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567508   ifconfig_pool_end = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567514   ifconfig_pool_netmask = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567520   ifconfig_pool_persist_filename = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567526   ifconfig_pool_persist_refresh_freq = 600
Sat Jun 30 20:50:21 2018 us=567532   ifconfig_ipv6_pool_defined = DISABLED
Sat Jun 30 20:50:21 2018 us=567538   ifconfig_ipv6_pool_base = ::
Sat Jun 30 20:50:21 2018 us=567547   ifconfig_ipv6_pool_netbits = 0
Sat Jun 30 20:50:21 2018 us=567554   n_bcast_buf = 256
Sat Jun 30 20:50:21 2018 us=567560   tcp_queue_limit = 64
Sat Jun 30 20:50:21 2018 us=567565   real_hash_size = 256
Sat Jun 30 20:50:21 2018 us=567571   virtual_hash_size = 256
Sat Jun 30 20:50:21 2018 us=567577   client_connect_script = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567583   learn_address_script = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567589   client_disconnect_script = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567594   client_config_dir = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567600   ccd_exclusive = DISABLED
Sat Jun 30 20:50:21 2018 us=567606   tmp_dir = '/tmp'
Sat Jun 30 20:50:21 2018 us=567612   push_ifconfig_defined = DISABLED
Sat Jun 30 20:50:21 2018 us=567618   push_ifconfig_local = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567624   push_ifconfig_remote_netmask = 0.0.0.0
Sat Jun 30 20:50:21 2018 us=567630   push_ifconfig_ipv6_defined = DISABLED
Sat Jun 30 20:50:21 2018 us=567636   push_ifconfig_ipv6_local = ::/0
Sat Jun 30 20:50:21 2018 us=567643   push_ifconfig_ipv6_remote = ::
Sat Jun 30 20:50:21 2018 us=567649   enable_c2c = DISABLED
Sat Jun 30 20:50:21 2018 us=567655   duplicate_cn = DISABLED
Sat Jun 30 20:50:21 2018 us=567660   cf_max = 0
Sat Jun 30 20:50:21 2018 us=567666   cf_per = 0
Sat Jun 30 20:50:21 2018 us=567672   max_clients = 1024
Sat Jun 30 20:50:21 2018 us=567678   max_routes_per_client = 256
Sat Jun 30 20:50:21 2018 us=567684   auth_user_pass_verify_script = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567690   auth_user_pass_verify_script_via_file = DISABLED
Sat Jun 30 20:50:21 2018 us=567696   auth_token_generate = DISABLED
Sat Jun 30 20:50:21 2018 us=567702   auth_token_lifetime = 0
Sat Jun 30 20:50:21 2018 us=567707   port_share_host = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567713   port_share_port = '[UNDEF]'
Sat Jun 30 20:50:21 2018 us=567719   client = ENABLED
Sat Jun 30 20:50:21 2018 us=567725   pull = ENABLED
Sat Jun 30 20:50:21 2018 us=567730   auth_user_pass_file = '/etc/openvpn/pass.txt'
Sat Jun 30 20:50:21 2018 us=567737 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 30 2018
Sat Jun 30 20:50:21 2018 us=567749 library versions: OpenSSL 1.0.2o  27 Mar 2018, LZO 2.10
Sat Jun 30 20:50:21 2018 us=568049 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sat Jun 30 20:50:21 2018 us=568071 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jun 30 20:50:21 2018 us=568631 LZO compression initializing
Sat Jun 30 20:50:21 2018 us=568703 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jun 30 20:50:21 2018 us=901910 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ]
Sat Jun 30 20:50:21 2018 us=901978 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Jun 30 20:50:21 2018 us=901988 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Jun 30 20:50:21 2018 us=902005 TCP/UDP: Preserving recently used remote address: [AF_INET]172.97.103.52:1194
Sat Jun 30 20:50:21 2018 us=902028 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jun 30 20:50:21 2018 us=902038 UDP link local: (not bound)
Sat Jun 30 20:50:21 2018 us=902048 UDP link remote: [AF_INET]172.97.103.52:1194
Sat Jun 30 20:50:22 2018 us=190846 TLS: Initial packet from [AF_INET]172.97.103.52:1194, sid=a850029d 5e8d923c
Sat Jun 30 20:50:22 2018 us=190980 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jun 30 20:50:22 2018 us=487320 VERIFY OK: depth=1, CN=FuntooHost
Sat Jun 30 20:50:22 2018 us=487563 VERIFY OK: nsCertType=SERVER
Sat Jun 30 20:50:22 2018 us=487577 VERIFY OK: depth=0, CN=FuntooHost
Sat Jun 30 20:50:23 2018 us=89113 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jun 30 20:50:23 2018 us=89193 [FuntooHost] Peer Connection Initiated with [AF_INET]172.97.103.52:1194
Sat Jun 30 20:50:24 2018 us=305228 SENT CONTROL [FuntooHost]: 'PUSH_REQUEST' (status=1)
Sat Jun 30 20:50:24 2018 us=595382 PUSH: Received control message: 'PUSH_REPLY,route 10.100.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.100.0.6 10.100.0.5,peer-id 0,cipher AES-256-GCM'
Sat Jun 30 20:50:24 2018 us=595484 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jun 30 20:50:24 2018 us=595496 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jun 30 20:50:24 2018 us=595504 OPTIONS IMPORT: route options modified
Sat Jun 30 20:50:24 2018 us=595512 OPTIONS IMPORT: peer-id set
Sat Jun 30 20:50:24 2018 us=595521 OPTIONS IMPORT: adjusting link_mtu to 1625
Sat Jun 30 20:50:24 2018 us=595529 OPTIONS IMPORT: data channel crypto options modified
Sat Jun 30 20:50:24 2018 us=595539 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Jun 30 20:50:24 2018 us=595556 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 AF:3/1 ]
Sat Jun 30 20:50:24 2018 us=595651 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 30 20:50:24 2018 us=595663 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 30 20:50:24 2018 us=595797 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=9c:2a:70:89:91:e9
Sat Jun 30 20:50:24 2018 us=596050 TUN/TAP device tun0 opened
Sat Jun 30 20:50:24 2018 us=596083 TUN/TAP TX queue length set to 100
Sat Jun 30 20:50:24 2018 us=596100 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jun 30 20:50:24 2018 us=596117 /bin/ifconfig tun0 10.100.0.6 pointopoint 10.100.0.5 mtu 1500
Sat Jun 30 20:50:24 2018 us=601965 /etc/openvpn/up.sh tun0 1500 1553 10.100.0.6 10.100.0.5 init
Sat Jun 30 20:50:24 2018 us=676540 /bin/route add -net 10.100.0.1 netmask 255.255.255.255 gw 10.100.0.5
Sat Jun 30 20:50:24 2018 us=677323 Initialization Sequence Completed

Servidor Dante Proxy (sock5)

Inicie o Dante proxy e adicione ao boot:

root # /etc/init.d/dante-sockd start
root # rc-update add dante-sockd


Cliente sock5

Abra o aplicativo e utilize o ip do TUN do servidor, exemplo 172.40.0.1 e porta 1080:

Cookies nos ajudam a entregar nossos serviços. Ao usar nossos serviços, você concorda com o uso de cookies.