Configure seu próprio proxy sock5 via openvpn
Responsável: * Coffnix
Descrição
Orientar sobre como utilizar uma VPN com ou sem gateway default, com uso de proxy sock5, para ser utilizado em qualquer aplicação compatível, como web browser, aplicativo telegram e outros.
Requisitos
- Servidor Linux. Neste exemplo estamos utilizando Funtoo Linux, porém pode ser Gentoo, Opensuse ou qualquer outra distro, bastando adaptar os comandos de instalação de pacotes ou compilando os softwares utilizando o código fonte.
- Recomendável usar uma VPS na digital ocean, ou amazon AWS ou Azure, GCP ou OCI, rodando fora do país, preferenciamente EUA.
Configuração
Servidor
Google Authenticator
Compile a lib do google:
root # emerge sys-auth/google-authenticator
Crie o ambiente:
root # groupadd gauth root # useradd -g gauth gauth root # mkdir /etc/openvpn/google-authenticator root # chown gauth:gauth /etc/openvpn/google-authenticator root # chmod 0700 /etc/openvpn/google-authenticator
Script de criação de usuários
Crie um script para criação de usuários do openvpn + google 2FA:
root # touch /usr/sbin/gen-mfa.sh ; chmod +x /usr/sbin/gen-mfa.sh ; vi /usr/sbin/gen-mfa.sh
/usr/sbin/gen-mfa.sh
- script para criação de usuáriosMFA_LABEL='OpenVPN Server'
MFA_USER=gauth
MFA_DIR=/etc/openvpn/google-authenticator
user_id=$1
if [ "$user_id" == "" ]; then
echo "ERROR: No user id provided to generate MFA token"
exit 1
fi
useradd -M -c "$user_id" -s /sbin/false "$user_id"
passwd "$user_id"
echo "INFO: Generating MFA Token"
su -c "google-authenticator -t -d -r3 -R30 -W -f -l \"${MFA_LABEL}\" -s /etc/openvpn/google-authenticator/$user_id" - gauth
PAM + 2FA Google Auth
Crie o arquivo de configuração do pam:
root # vi /etc/pam.d/openvpn
/etc/pam.d/openvpn
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth required /lib64/security/pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER} user=gauth forward_pass
auth include system-auth
account include system-auth
password include system-auth
Integração do PAM com LDAP + MFA (opcional)
Configure o /etc/pam.d/openvpn da seguinte forma caso já possua uma base LDAP ativa e integrada com o PAM:
/etc/pam.d/openvpn
- Integração do PAM com LDAP + MFA#%PAM-1.0
auth required /usr/local/lib/security/pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER} user=gauth forward_pass
auth required pam_ldap.so config=/etc/openvpn/auth/testemfa.conf use_first_pass debug
account sufficient pam_permit.so
E configure o arquivo de autenticação na base LDAP /etc/openvpn/auth/testemfa.conf:
/etc/openvpn/auth/testemfa.conf
host 127.0.0.1
base dc=hackstore
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
pam_crypt local
ssl no
Configure também o arquivo /etc/ldap.conf:
/etc/ldap.conf
uri ldap://localhost/
base dc=hackstore
ldap_version 3
ssl start_tls
tls_checkpeer no
binddn cn=ldapadmin,dc=hackstore
bindpw senha@senha
OBS: Não se esqueça de compilar o PAM com suporte a LDAP, e realizar a configuração dos restantes dos arquivos do PAM.
=Servidor
Servidor OpenVPN
Compile o openvpn:
root # echo 'net-vpn/openvpn down-root examples iproute2 lzo pam pkcs11 plugins ssl -inotify -libressl -lz4 -mbedtls -selinux -static -systemd -test' >> /etc/portage/package.use root # emerge net-vpn/openvpn
Crie as chaves e certificados
root # cp -rp /usr/share/easy-rsa /etc/openvpn/keys root # cd /etc/openvpn/keys
Siga este artigo, respeitando o diretório original /etc/openvpn/keys:
https://wiki.gentoo.org/wiki/Create_a_Public_Key_Infrastructure_Using_the_easy-rsa_Scripts
Configuração
Crie o arquivo de configuração do servidor:
root # vi /etc/openvpn/openvpn.conf
/etc/openvpn/openvpn.conf
port 1194
proto udp
dev tun0
ca /etc/openvpn/keys/pki/ca.crt
cert /etc/openvpn/keys/pki/issued/FuntooHost.crt
key /etc/openvpn/keys/pki/private/FuntooHost.key
dh /etc/openvpn/keys/pki/dh.pem
server 10.100.0.0 255.255.255.0
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nobody
status openvpn-status.log
log /var/log/openvpn.log
verb 4
# PAM + 2FA Google Aut
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
Cliente
Cliente OpenVPN
Compile o openvpn:
root # echo 'net-vpn/openvpn down-root examples iproute2 lzo pam pkcs11 plugins ssl -inotify -libressl -lz4 -mbedtls -selinux -static -systemd -test' >> /etc/portage/package.use root # emerge net-vpn/openvpn
Configuração
Crie o arquivo de configuração do cliente:
root # vi /etc/openvpn/openvpn.conf
/etc/openvpn/openvpn.conf
# specify client-side
client
# tun/tap device
dev tun0
# protocol, according to server
proto udp
# server address
remote area31.net.br 1194
# connection
comp-lzo
resolv-retry 30
nobind
# persistent device and keys
persist-key
persist-tun
# keys settings
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key
# pull dns settings from the server
script-security 2
# Scripts
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
# logging
log /var/log/openvpn.log
verb 4
# 2FA Google Auth
# password generated using script /usr/sbin/connect-vpn-2fa.sh
ns-cert-type server
auth-user-pass /etc/openvpn/pass.txt
Servidor Dante Proxy (sock5)
Compile o ebuild net-proxy/dante:
root # emerge net-proxy/dante
Configure o arquivo /etc/socks/sockd.conf conforme o exemplo abaixo, alterando a rede do TUN do OpenVPN e em xxx.xxx.xxx.xxx colocando o IP de saída pra internet do seu servidor:
/etc/socks/sockd.conf
logoutput: syslog
internal: 172.40.0.1 port = 1080
external: xxx.xxx.xxx.xxx
socksmethod: none
clientmethod: none
user.privileged: sockd
user.notprivileged: sockd
client pass {
from: 172.40.0.0/24 to: 0.0.0.0/0
log: error # connect disconnect
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bind connect udpassociate
log: error # connect disconnect iooperation
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bindreply udpreply
log: error # connect disconnect iooperation
}
Execução
Servidor OpenVPN
Adicione o servidor openvpn ao boot e inicie o daemon:
root # rc-update add openvpn ; /etc/init.d/openvpn start
Crie um usuário de VPN. Ex:
root # /usr/sbin/gen-mfa.sh teste
Será solicitada a digitação da senha. Por favor, utilize mais de 12 caracteres.
Abra a URL e escaneie o QR code no aplicativo Authy (recomendado). Também é possível utilizar o aplicativo nativo do google.
Ex:
INFO: Generating MFA Token Warning: pasting the following URL into your browser exposes the OTP secret to Google: https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/OpenVPN%2520Server%3Fsecret%BRCB26KMG5R7TKQQXUBVW7D6A3%26issuer%3Dteste Failed to use libqrencode to show QR code visually for scanning. Consider typing the OTP secret into your app manually. Your new secret key is: BRCB26KMG5R7TKQQXUBVW7D6A3 Your verification code is 125654 Your emergency scratch codes are: 39144468 67723481 53844065 41433310 22803440 By default, a new token is generated every 30 seconds by the mobile app. In order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. This allows for a time skew of up to 30 seconds between authentication server and client. If you experience problems with poor time synchronization, you can increase the window from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server. Do you want to do so? (y/n) y
Cliente OpenVPN
crie um script para autenticação da openvpn. Será criado randomicamente o arquivo contendo usuário e senha no formato adequado, digitando a senha criada via /usr/bin/passwd no servidor + MFA gerada no aplicativo.
root # touch /usr/sbin/connect-vpn-2fa.sh ; chmod +x /usr/sbin/connect-vpn-2fa.sh ; vi /usr/sbin/connect-vpn-2fa.sh
/usr/sbin/connect-vpn-2fa.sh
- script para conexão do cliente#!/bin/bash
echo -e "\nDigite o usuário:"
read USERNAME
echo -e "\nDigite a senha:"
unset password;
while IFS= read -r -s -n1 pass; do
if [[ -z $pass ]]; then
echo
break
else
echo -n '*'
PASSWD+=$pass
fi
done
echo -e "\nDigite o codigo MFA gerado em seu celular:"
read MFA
echo -e "${USERNAME}\n${PASSWD}${MFA}" > /etc/openvpn/pass.txt ; /etc/init.d/openvpn restart
Execute o script:
root # /usr/sbin/connect-vpn-2fa.sh
Ex:
root # /usr/sbin/connect-vpn-2fa.sh
root ##i##Digite o usuário: coffnix root ##i##Digite a senha: ***************************************************** root ##i##Digite o codigo MFA gerado em seu celular: 722359
Demonstração
Log servidor
Acompanhe no log do servidor, deverá ser algo do tipo:
root # cat /var/log/openvpn.log
Sat Jun 30 20:49:56 2018 us=485682 Current Parameter Settings: Sat Jun 30 20:49:56 2018 us=485808 config = '/etc/openvpn/openvpn.conf' Sat Jun 30 20:49:56 2018 us=485832 mode = 1 Sat Jun 30 20:49:56 2018 us=485850 persist_config = DISABLED Sat Jun 30 20:49:56 2018 us=485883 persist_mode = 1 Sat Jun 30 20:49:56 2018 us=485904 show_ciphers = DISABLED Sat Jun 30 20:49:56 2018 us=485922 show_digests = DISABLED Sat Jun 30 20:49:56 2018 us=485939 show_engines = DISABLED Sat Jun 30 20:49:56 2018 us=485957 genkey = DISABLED Sat Jun 30 20:49:56 2018 us=485975 key_pass_file = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=485992 show_tls_ciphers = DISABLED Sat Jun 30 20:49:56 2018 us=486011 connect_retry_max = 0 Sat Jun 30 20:49:56 2018 us=486028 Connection profiles [0]: Sat Jun 30 20:49:56 2018 us=486047 proto = udp Sat Jun 30 20:49:56 2018 us=486065 local = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=486083 local_port = '1194' Sat Jun 30 20:49:56 2018 us=486101 remote = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=486118 remote_port = '1194' Sat Jun 30 20:49:56 2018 us=486136 remote_float = DISABLED Sat Jun 30 20:49:56 2018 us=486154 bind_defined = DISABLED Sat Jun 30 20:49:56 2018 us=486171 bind_local = ENABLED Sat Jun 30 20:49:56 2018 us=486189 bind_ipv6_only = DISABLED Sat Jun 30 20:49:56 2018 us=486207 connect_retry_seconds = 5 Sat Jun 30 20:49:56 2018 us=486225 connect_timeout = 120 Sat Jun 30 20:49:56 2018 us=486243 socks_proxy_server = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=486260 socks_proxy_port = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=486278 tun_mtu = 1500 Sat Jun 30 20:49:56 2018 us=486296 tun_mtu_defined = ENABLED Sat Jun 30 20:49:56 2018 us=486314 link_mtu = 1500 Sat Jun 30 20:49:56 2018 us=486331 link_mtu_defined = DISABLED Sat Jun 30 20:49:56 2018 us=486349 tun_mtu_extra = 0 Sat Jun 30 20:49:56 2018 us=486367 tun_mtu_extra_defined = DISABLED Sat Jun 30 20:49:56 2018 us=486384 mtu_discover_type = -1 Sat Jun 30 20:49:56 2018 us=486402 fragment = 0 Sat Jun 30 20:49:56 2018 us=486420 mssfix = 1450 Sat Jun 30 20:49:56 2018 us=486437 explicit_exit_notification = 0 Sat Jun 30 20:49:56 2018 us=486455 Connection profiles END Sat Jun 30 20:49:56 2018 us=486473 remote_random = DISABLED Sat Jun 30 20:49:56 2018 us=486491 ipchange = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=486508 dev = 'tun0' Sat Jun 30 20:49:56 2018 us=486526 dev_type = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=486543 dev_node = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=486561 lladdr = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=486578 topology = 1 Sat Jun 30 20:49:56 2018 us=486596 ifconfig_local = '10.100.0.1' Sat Jun 30 20:49:56 2018 us=486614 ifconfig_remote_netmask = '10.100.0.2' Sat Jun 30 20:49:56 2018 us=486632 ifconfig_noexec = DISABLED Sat Jun 30 20:49:56 2018 us=486649 ifconfig_nowarn = DISABLED Sat Jun 30 20:49:56 2018 us=486667 ifconfig_ipv6_local = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=486685 ifconfig_ipv6_netbits = 0 Sat Jun 30 20:49:56 2018 us=486702 ifconfig_ipv6_remote = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=486720 shaper = 0 Sat Jun 30 20:49:56 2018 us=486738 mtu_test = 0 Sat Jun 30 20:49:56 2018 us=486756 mlock = DISABLED Sat Jun 30 20:49:56 2018 us=486774 keepalive_ping = 10 Sat Jun 30 20:49:56 2018 us=486791 keepalive_timeout = 120 Sat Jun 30 20:49:56 2018 us=486809 inactivity_timeout = 0 Sat Jun 30 20:49:56 2018 us=486827 ping_send_timeout = 10 Sat Jun 30 20:49:56 2018 us=486844 ping_rec_timeout = 240 Sat Jun 30 20:49:56 2018 us=486862 ping_rec_timeout_action = 2 Sat Jun 30 20:49:56 2018 us=486880 ping_timer_remote = DISABLED Sat Jun 30 20:49:56 2018 us=486897 remap_sigusr1 = 0 Sat Jun 30 20:49:56 2018 us=486915 persist_tun = ENABLED Sat Jun 30 20:49:56 2018 us=486932 persist_local_ip = DISABLED Sat Jun 30 20:49:56 2018 us=486950 persist_remote_ip = DISABLED Sat Jun 30 20:49:56 2018 us=486968 persist_key = ENABLED Sat Jun 30 20:49:56 2018 us=486986 passtos = DISABLED Sat Jun 30 20:49:56 2018 us=487013 resolve_retry_seconds = 1000000000 Sat Jun 30 20:49:56 2018 us=487032 resolve_in_advance = DISABLED Sat Jun 30 20:49:56 2018 us=487050 username = 'nobody' Sat Jun 30 20:49:56 2018 us=487068 groupname = 'nobody' Sat Jun 30 20:49:56 2018 us=487086 chroot_dir = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487104 cd_dir = '/etc/openvpn' Sat Jun 30 20:49:56 2018 us=487122 writepid = '/var/run/openvpn.pid' Sat Jun 30 20:49:56 2018 us=487139 up_script = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487157 down_script = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487175 down_pre = DISABLED Sat Jun 30 20:49:56 2018 us=487192 up_restart = DISABLED Sat Jun 30 20:49:56 2018 us=487210 up_delay = DISABLED Sat Jun 30 20:49:56 2018 us=487227 daemon = ENABLED Sat Jun 30 20:49:56 2018 us=487244 inetd = 0 Sat Jun 30 20:49:56 2018 us=487262 log = ENABLED Sat Jun 30 20:49:56 2018 us=487279 suppress_timestamps = DISABLED Sat Jun 30 20:49:56 2018 us=487297 machine_readable_output = DISABLED Sat Jun 30 20:49:56 2018 us=487314 nice = 0 Sat Jun 30 20:49:56 2018 us=487332 verbosity = 4 Sat Jun 30 20:49:56 2018 us=487349 mute = 0 Sat Jun 30 20:49:56 2018 us=487366 gremlin = 0 Sat Jun 30 20:49:56 2018 us=487384 status_file = 'openvpn-status.log' Sat Jun 30 20:49:56 2018 us=487402 status_file_version = 1 Sat Jun 30 20:49:56 2018 us=487420 status_file_update_freq = 60 Sat Jun 30 20:49:56 2018 us=487437 occ = ENABLED Sat Jun 30 20:49:56 2018 us=487456 rcvbuf = 0 Sat Jun 30 20:49:56 2018 us=487473 sndbuf = 0 Sat Jun 30 20:49:56 2018 us=487491 mark = 0 Sat Jun 30 20:49:56 2018 us=487508 sockflags = 0 Sat Jun 30 20:49:56 2018 us=487526 fast_io = DISABLED Sat Jun 30 20:49:56 2018 us=487543 comp.alg = 2 Sat Jun 30 20:49:56 2018 us=487561 comp.flags = 1 Sat Jun 30 20:49:56 2018 us=487579 route_script = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487596 route_default_gateway = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487614 route_default_metric = 0 Sat Jun 30 20:49:56 2018 us=487632 route_noexec = DISABLED Sat Jun 30 20:49:56 2018 us=487650 route_delay = 0 Sat Jun 30 20:49:56 2018 us=487668 route_delay_window = 30 Sat Jun 30 20:49:56 2018 us=487686 route_delay_defined = DISABLED Sat Jun 30 20:49:56 2018 us=487703 route_nopull = DISABLED Sat Jun 30 20:49:56 2018 us=487721 route_gateway_via_dhcp = DISABLED Sat Jun 30 20:49:56 2018 us=487739 allow_pull_fqdn = DISABLED Sat Jun 30 20:49:56 2018 us=487762 route 10.100.0.0/255.255.255.0/default (not set)/default (not set) Sat Jun 30 20:49:56 2018 us=487781 management_addr = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487800 management_port = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487817 management_user_pass = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487835 management_log_history_cache = 250 Sat Jun 30 20:49:56 2018 us=487853 management_echo_buffer_size = 100 Sat Jun 30 20:49:56 2018 us=487871 management_write_peer_info_file = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487889 management_client_user = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487907 management_client_group = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487925 management_flags = 0 Sat Jun 30 20:49:56 2018 us=487951 plugin[0] /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]' Sat Jun 30 20:49:56 2018 us=487975 shared_secret_file = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=487993 key_direction = not set Sat Jun 30 20:49:56 2018 us=488011 ciphername = 'BF-CBC' Sat Jun 30 20:49:56 2018 us=488029 ncp_enabled = ENABLED Sat Jun 30 20:49:56 2018 us=488046 ncp_ciphers = 'AES-256-GCM:AES-128-GCM' Sat Jun 30 20:49:56 2018 us=488064 authname = 'SHA1' Sat Jun 30 20:49:56 2018 us=488082 prng_hash = 'SHA1' Sat Jun 30 20:49:56 2018 us=488100 prng_nonce_secret_len = 16 Sat Jun 30 20:49:56 2018 us=488117 keysize = 0 Sat Jun 30 20:49:56 2018 us=488135 engine = DISABLED Sat Jun 30 20:49:56 2018 us=488152 replay = ENABLED Sat Jun 30 20:49:56 2018 us=488170 mute_replay_warnings = DISABLED Sat Jun 30 20:49:56 2018 us=488188 replay_window = 64 Sat Jun 30 20:49:56 2018 us=488205 replay_time = 15 Sat Jun 30 20:49:56 2018 us=488223 packet_id_file = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488240 use_iv = ENABLED Sat Jun 30 20:49:56 2018 us=488258 test_crypto = DISABLED Sat Jun 30 20:49:56 2018 us=488275 tls_server = ENABLED Sat Jun 30 20:49:56 2018 us=488293 tls_client = DISABLED Sat Jun 30 20:49:56 2018 us=488311 key_method = 2 Sat Jun 30 20:49:56 2018 us=488329 ca_file = '/etc/openvpn/keys/pki/ca.crt' Sat Jun 30 20:49:56 2018 us=488346 ca_path = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488364 dh_file = '/etc/openvpn/keys/pki/dh.pem' Sat Jun 30 20:49:56 2018 us=488382 cert_file = '/etc/openvpn/keys/pki/issued/FuntooHost.crt' Sat Jun 30 20:49:56 2018 us=488401 extra_certs_file = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488419 priv_key_file = '/etc/openvpn/keys/pki/private/FuntooHost.key' Sat Jun 30 20:49:56 2018 us=488438 pkcs12_file = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488455 cipher_list = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488473 tls_cert_profile = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488491 tls_verify = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488508 tls_export_cert = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488526 verify_x509_type = 0 Sat Jun 30 20:49:56 2018 us=488544 verify_x509_name = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488562 crl_file = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488580 ns_cert_type = 0 Sat Jun 30 20:49:56 2018 us=488597 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488615 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488633 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488650 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488668 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488685 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488703 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488721 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488739 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488756 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488774 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488791 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488809 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488826 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488843 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488861 remote_cert_ku[i] = 0 Sat Jun 30 20:49:56 2018 us=488878 remote_cert_eku = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=488896 ssl_flags = 0 Sat Jun 30 20:49:56 2018 us=488914 tls_timeout = 2 Sat Jun 30 20:49:56 2018 us=488931 renegotiate_bytes = -1 Sat Jun 30 20:49:56 2018 us=488948 renegotiate_packets = 0 Sat Jun 30 20:49:56 2018 us=488966 renegotiate_seconds = 3600 Sat Jun 30 20:49:56 2018 us=488984 handshake_window = 60 Sat Jun 30 20:49:56 2018 us=489002 transition_window = 3600 Sat Jun 30 20:49:56 2018 us=489020 single_session = DISABLED Sat Jun 30 20:49:56 2018 us=489038 push_peer_info = DISABLED Sat Jun 30 20:49:56 2018 us=489056 tls_exit = DISABLED Sat Jun 30 20:49:56 2018 us=489074 tls_auth_file = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=489091 tls_crypt_file = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=489110 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489128 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489146 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489164 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489182 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489200 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489218 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489236 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489254 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489272 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489290 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489308 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489326 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489344 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489362 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489380 pkcs11_protected_authentication = DISABLED Sat Jun 30 20:49:56 2018 us=489399 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489418 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489436 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489454 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489471 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489490 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489508 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489526 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489544 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489562 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489580 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489598 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489616 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489633 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489651 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489670 pkcs11_private_mode = 00000000 Sat Jun 30 20:49:56 2018 us=489688 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489706 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489724 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489743 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489761 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489779 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489797 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489815 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489833 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489851 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489877 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489900 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489918 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489936 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489954 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489971 pkcs11_cert_private = DISABLED Sat Jun 30 20:49:56 2018 us=489990 pkcs11_pin_cache_period = -1 Sat Jun 30 20:49:56 2018 us=490007 pkcs11_id = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=490025 pkcs11_id_management = DISABLED Sat Jun 30 20:49:56 2018 us=490044 server_network = 10.100.0.0 Sat Jun 30 20:49:56 2018 us=490062 server_netmask = 255.255.255.0 Sat Jun 30 20:49:56 2018 us=490085 server_network_ipv6 = :: Sat Jun 30 20:49:56 2018 us=490105 server_netbits_ipv6 = 0 Sat Jun 30 20:49:56 2018 us=490124 server_bridge_ip = 0.0.0.0 Sat Jun 30 20:49:56 2018 us=490142 server_bridge_netmask = 0.0.0.0 Sat Jun 30 20:49:56 2018 us=490161 server_bridge_pool_start = 0.0.0.0 Sat Jun 30 20:49:56 2018 us=490179 server_bridge_pool_end = 0.0.0.0 Sat Jun 30 20:49:56 2018 us=490197 push_entry = 'route 10.100.0.1' Sat Jun 30 20:49:56 2018 us=490215 push_entry = 'topology net30' Sat Jun 30 20:49:56 2018 us=490233 push_entry = 'ping 10' Sat Jun 30 20:49:56 2018 us=490250 push_entry = 'ping-restart 120' Sat Jun 30 20:49:56 2018 us=490268 ifconfig_pool_defined = ENABLED Sat Jun 30 20:49:56 2018 us=490286 ifconfig_pool_start = 10.100.0.4 Sat Jun 30 20:49:56 2018 us=490304 ifconfig_pool_end = 10.100.0.251 Sat Jun 30 20:49:56 2018 us=490323 ifconfig_pool_netmask = 0.0.0.0 Sat Jun 30 20:49:56 2018 us=490340 ifconfig_pool_persist_filename = 'ipp.txt' Sat Jun 30 20:49:56 2018 us=490358 ifconfig_pool_persist_refresh_freq = 600 Sat Jun 30 20:49:56 2018 us=490376 ifconfig_ipv6_pool_defined = DISABLED Sat Jun 30 20:49:56 2018 us=490396 ifconfig_ipv6_pool_base = :: Sat Jun 30 20:49:56 2018 us=490415 ifconfig_ipv6_pool_netbits = 0 Sat Jun 30 20:49:56 2018 us=490433 n_bcast_buf = 256 Sat Jun 30 20:49:56 2018 us=490451 tcp_queue_limit = 64 Sat Jun 30 20:49:56 2018 us=490468 real_hash_size = 256 Sat Jun 30 20:49:56 2018 us=490486 virtual_hash_size = 256 Sat Jun 30 20:49:56 2018 us=490503 client_connect_script = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=490522 learn_address_script = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=490540 client_disconnect_script = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=490557 client_config_dir = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=490575 ccd_exclusive = DISABLED Sat Jun 30 20:49:56 2018 us=490593 tmp_dir = '/tmp' Sat Jun 30 20:49:56 2018 us=490610 push_ifconfig_defined = DISABLED Sat Jun 30 20:49:56 2018 us=490629 push_ifconfig_local = 0.0.0.0 Sat Jun 30 20:49:56 2018 us=490647 push_ifconfig_remote_netmask = 0.0.0.0 Sat Jun 30 20:49:56 2018 us=490665 push_ifconfig_ipv6_defined = DISABLED Sat Jun 30 20:49:56 2018 us=490684 push_ifconfig_ipv6_local = ::/0 Sat Jun 30 20:49:56 2018 us=490702 push_ifconfig_ipv6_remote = :: Sat Jun 30 20:49:56 2018 us=490720 enable_c2c = DISABLED Sat Jun 30 20:49:56 2018 us=490738 duplicate_cn = DISABLED Sat Jun 30 20:49:56 2018 us=490755 cf_max = 0 Sat Jun 30 20:49:56 2018 us=490773 cf_per = 0 Sat Jun 30 20:49:56 2018 us=490791 max_clients = 1024 Sat Jun 30 20:49:56 2018 us=490808 max_routes_per_client = 256 Sat Jun 30 20:49:56 2018 us=490826 auth_user_pass_verify_script = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=490843 auth_user_pass_verify_script_via_file = DISABLED Sat Jun 30 20:49:56 2018 us=490861 auth_token_generate = DISABLED Sat Jun 30 20:49:56 2018 us=490879 auth_token_lifetime = 0 Sat Jun 30 20:49:56 2018 us=490897 port_share_host = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=490915 port_share_port = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=490933 client = DISABLED Sat Jun 30 20:49:56 2018 us=490950 pull = DISABLED Sat Jun 30 20:49:56 2018 us=490968 auth_user_pass_file = '[UNDEF]' Sat Jun 30 20:49:56 2018 us=490988 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 29 2018 Sat Jun 30 20:49:56 2018 us=491016 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10 AUTH-PAM: BACKGROUND: INIT service='openvpn' Sat Jun 30 20:49:56 2018 us=492942 PLUGIN_INIT: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY Sat Jun 30 20:49:56 2018 us=493447 Diffie-Hellman initialized with 2048 bit key Sat Jun 30 20:49:56 2018 us=494024 TLS-Auth MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ] Sat Jun 30 20:49:56 2018 us=494333 ROUTE_GATEWAY 172.97.103.1/255.255.255.0 IFACE=eth0 HWADDR=00:16:3e:35:4c:3c Sat Jun 30 20:49:56 2018 us=494904 TUN/TAP device tun0 opened Sat Jun 30 20:49:56 2018 us=494953 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1) Sat Jun 30 20:49:56 2018 us=494986 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Sat Jun 30 20:49:56 2018 us=495014 /sbin/ip link set dev tun0 up mtu 1500 Sat Jun 30 20:49:56 2018 us=497424 /sbin/ip addr add dev tun0 local 10.100.0.1 peer 10.100.0.2 Sat Jun 30 20:49:56 2018 us=500205 /sbin/ip route add 10.100.0.0/24 via 10.100.0.2 Sat Jun 30 20:49:56 2018 us=501714 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ] Sat Jun 30 20:49:56 2018 us=502617 Could not determine IPv4/IPv6 protocol. Using AF_INET Sat Jun 30 20:49:56 2018 us=502670 Socket Buffers: R=[33554432->33554432] S=[33554432->33554432] Sat Jun 30 20:49:56 2018 us=502711 UDPv4 link local (bound): [AF_INET][undef]:1194 Sat Jun 30 20:49:56 2018 us=502733 UDPv4 link remote: [AF_UNSPEC] Sat Jun 30 20:49:56 2018 us=502761 GID set to nobody Sat Jun 30 20:49:56 2018 us=502796 UID set to nobody Sat Jun 30 20:49:56 2018 us=502832 MULTI: multi_init called, r=256 v=256 Sat Jun 30 20:49:56 2018 us=502892 IFCONFIG POOL: base=10.100.0.4 size=62, ipv6=0 Sat Jun 30 20:49:56 2018 us=502941 ifconfig_pool_read(), in='client1,10.100.0.4', TODO: IPv6 Sat Jun 30 20:49:56 2018 us=502966 succeeded -> ifconfig_pool_set() Sat Jun 30 20:49:56 2018 us=502989 IFCONFIG POOL LIST Sat Jun 30 20:49:56 2018 us=503009 client1,10.100.0.4 Sat Jun 30 20:49:56 2018 us=503051 Initialization Sequence Completed Sat Jun 30 20:50:22 2018 us=54652 MULTI: multi_create_instance called Sat Jun 30 20:50:22 2018 us=54856 187.104.48.10:59146 Re-using SSL/TLS context Sat Jun 30 20:50:22 2018 us=54904 187.104.48.10:59146 LZO compression initializing Sat Jun 30 20:50:22 2018 us=55088 187.104.48.10:59146 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ] Sat Jun 30 20:50:22 2018 us=55123 187.104.48.10:59146 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ] Sat Jun 30 20:50:22 2018 us=55176 187.104.48.10:59146 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Sat Jun 30 20:50:22 2018 us=55202 187.104.48.10:59146 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Sat Jun 30 20:50:22 2018 us=55265 187.104.48.10:59146 TLS: Initial packet from [AF_INET]187.104.48.10:59146, sid=649b0f94 1844f9aa Sat Jun 30 20:50:22 2018 us=645519 187.104.48.10:59146 VERIFY OK: depth=1, CN=FuntooHost Sat Jun 30 20:50:22 2018 us=645819 187.104.48.10:59146 VERIFY OK: depth=0, CN=client1 Sat Jun 30 20:50:22 2018 us=935014 187.104.48.10:59146 peer info: IV_VER=2.4.6 Sat Jun 30 20:50:22 2018 us=935095 187.104.48.10:59146 peer info: IV_PLAT=linux Sat Jun 30 20:50:22 2018 us=935118 187.104.48.10:59146 peer info: IV_PROTO=2 Sat Jun 30 20:50:22 2018 us=935137 187.104.48.10:59146 peer info: IV_NCP=2 Sat Jun 30 20:50:22 2018 us=935156 187.104.48.10:59146 peer info: IV_LZO=1 Sat Jun 30 20:50:22 2018 us=935176 187.104.48.10:59146 peer info: IV_COMP_STUB=1 Sat Jun 30 20:50:22 2018 us=935195 187.104.48.10:59146 peer info: IV_COMP_STUBv2=1 Sat Jun 30 20:50:22 2018 us=935214 187.104.48.10:59146 peer info: IV_TCPNL=1 AUTH-PAM: BACKGROUND: received command code: 0 AUTH-PAM: BACKGROUND: USER: coffnix AUTH-PAM: BACKGROUND: my_conv[0] query='Password & verification code: ' style=1 Sat Jun 30 20:50:22 2018 us=952869 187.104.48.10:59146 PLUGIN_CALL: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0 Sat Jun 30 20:50:22 2018 us=953049 187.104.48.10:59146 TLS: Username/Password authentication succeeded for username 'coffnix' Sat Jun 30 20:50:23 2018 us=241062 187.104.48.10:59146 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Sat Jun 30 20:50:23 2018 us=241203 187.104.48.10:59146 [client1] Peer Connection Initiated with [AF_INET]187.104.48.10:59146 Sat Jun 30 20:50:23 2018 us=241263 client1/187.104.48.10:59146 MULTI_sva: pool returned IPv4=10.100.0.6, IPv6=(Not enabled) Sat Jun 30 20:50:23 2018 us=241322 client1/187.104.48.10:59146 MULTI: Learn: 10.100.0.6 -> client1/187.104.48.10:59146 Sat Jun 30 20:50:23 2018 us=241344 client1/187.104.48.10:59146 MULTI: primary virtual IP for client1/187.104.48.10:59146: 10.100.0.6 Sat Jun 30 20:50:24 2018 us=458952 client1/187.104.48.10:59146 PUSH: Received control message: 'PUSH_REQUEST' Sat Jun 30 20:50:24 2018 us=459102 client1/187.104.48.10:59146 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.100.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.100.0.6 10.100.0.5,peer-id 0,cipher AES-256-GCM' (status=1) Sat Jun 30 20:50:24 2018 us=459130 client1/187.104.48.10:59146 Data Channel: using negotiated cipher 'AES-256-GCM' Sat Jun 30 20:50:24 2018 us=459164 client1/187.104.48.10:59146 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 AF:3/1 ] Sat Jun 30 20:50:24 2018 us=459306 client1/187.104.48.10:59146 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sat Jun 30 20:50:24 2018 us=459335 client1/187.104.48.10:59146 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sat Jun 30 20:50:29 2018 us=762034 client1/187.104.48.10:59146 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_00123] 0:7 0:6 t=1530402629[0] r=[-3,64,15,1,1] sl=[57,7,64,528]
Log Cliente
Acompanhe no log do cliente, deverá ser algo do tipo:
root # cat /var/log/openvpn.log
Sat Jun 30 20:50:21 2018 Multiple --up scripts defined. The previously configured script is overridden. Sat Jun 30 20:50:21 2018 Multiple --down scripts defined. The previously configured script is overridden. Sat Jun 30 20:50:21 2018 us=566336 WARNING: file '/etc/openvpn/pass.txt' is group or others accessible Sat Jun 30 20:50:21 2018 us=566354 Current Parameter Settings: Sat Jun 30 20:50:21 2018 us=566361 config = '/etc/openvpn/openvpn.conf' Sat Jun 30 20:50:21 2018 us=566367 mode = 0 Sat Jun 30 20:50:21 2018 us=566373 persist_config = DISABLED Sat Jun 30 20:50:21 2018 us=566379 persist_mode = 1 Sat Jun 30 20:50:21 2018 us=566385 show_ciphers = DISABLED Sat Jun 30 20:50:21 2018 us=566391 show_digests = DISABLED Sat Jun 30 20:50:21 2018 us=566396 show_engines = DISABLED Sat Jun 30 20:50:21 2018 us=566402 genkey = DISABLED Sat Jun 30 20:50:21 2018 us=566408 key_pass_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566414 show_tls_ciphers = DISABLED Sat Jun 30 20:50:21 2018 us=566419 connect_retry_max = 0 Sat Jun 30 20:50:21 2018 us=566425 Connection profiles [0]: Sat Jun 30 20:50:21 2018 us=566431 proto = udp Sat Jun 30 20:50:21 2018 us=566437 local = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566443 local_port = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566451 remote = 'area31.net.br' Sat Jun 30 20:50:21 2018 us=566457 remote_port = '1194' Sat Jun 30 20:50:21 2018 us=566463 remote_float = DISABLED Sat Jun 30 20:50:21 2018 us=566469 bind_defined = DISABLED Sat Jun 30 20:50:21 2018 us=566474 bind_local = DISABLED Sat Jun 30 20:50:21 2018 us=566480 bind_ipv6_only = DISABLED Sat Jun 30 20:50:21 2018 us=566486 connect_retry_seconds = 5 Sat Jun 30 20:50:21 2018 us=566492 connect_timeout = 120 Sat Jun 30 20:50:21 2018 us=566497 socks_proxy_server = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566503 socks_proxy_port = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566509 tun_mtu = 1500 Sat Jun 30 20:50:21 2018 us=566515 tun_mtu_defined = ENABLED Sat Jun 30 20:50:21 2018 us=566521 link_mtu = 1500 Sat Jun 30 20:50:21 2018 us=566526 link_mtu_defined = DISABLED Sat Jun 30 20:50:21 2018 us=566532 tun_mtu_extra = 0 Sat Jun 30 20:50:21 2018 us=566538 tun_mtu_extra_defined = DISABLED Sat Jun 30 20:50:21 2018 us=566544 mtu_discover_type = -1 Sat Jun 30 20:50:21 2018 us=566550 fragment = 0 Sat Jun 30 20:50:21 2018 us=566555 mssfix = 1450 Sat Jun 30 20:50:21 2018 us=566561 explicit_exit_notification = 0 Sat Jun 30 20:50:21 2018 us=566567 Connection profiles END Sat Jun 30 20:50:21 2018 us=566573 remote_random = DISABLED Sat Jun 30 20:50:21 2018 us=566578 ipchange = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566584 dev = 'tun0' Sat Jun 30 20:50:21 2018 us=566590 dev_type = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566596 dev_node = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566602 lladdr = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566607 topology = 1 Sat Jun 30 20:50:21 2018 us=566613 ifconfig_local = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566619 ifconfig_remote_netmask = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566625 ifconfig_noexec = DISABLED Sat Jun 30 20:50:21 2018 us=566630 ifconfig_nowarn = DISABLED Sat Jun 30 20:50:21 2018 us=566636 ifconfig_ipv6_local = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566642 ifconfig_ipv6_netbits = 0 Sat Jun 30 20:50:21 2018 us=566647 ifconfig_ipv6_remote = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566653 shaper = 0 Sat Jun 30 20:50:21 2018 us=566659 mtu_test = 0 Sat Jun 30 20:50:21 2018 us=566665 mlock = DISABLED Sat Jun 30 20:50:21 2018 us=566671 keepalive_ping = 0 Sat Jun 30 20:50:21 2018 us=566676 keepalive_timeout = 0 Sat Jun 30 20:50:21 2018 us=566682 inactivity_timeout = 0 Sat Jun 30 20:50:21 2018 us=566688 ping_send_timeout = 0 Sat Jun 30 20:50:21 2018 us=566693 ping_rec_timeout = 0 Sat Jun 30 20:50:21 2018 us=566699 ping_rec_timeout_action = 0 Sat Jun 30 20:50:21 2018 us=566705 ping_timer_remote = DISABLED Sat Jun 30 20:50:21 2018 us=566710 remap_sigusr1 = 0 Sat Jun 30 20:50:21 2018 us=566716 persist_tun = ENABLED Sat Jun 30 20:50:21 2018 us=566722 persist_local_ip = DISABLED Sat Jun 30 20:50:21 2018 us=566732 persist_remote_ip = DISABLED Sat Jun 30 20:50:21 2018 us=566738 persist_key = ENABLED Sat Jun 30 20:50:21 2018 us=566744 passtos = DISABLED Sat Jun 30 20:50:21 2018 us=566750 resolve_retry_seconds = 30 Sat Jun 30 20:50:21 2018 us=566756 resolve_in_advance = DISABLED Sat Jun 30 20:50:21 2018 us=566761 username = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566767 groupname = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566773 chroot_dir = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566779 cd_dir = '/etc/openvpn' Sat Jun 30 20:50:21 2018 us=566784 writepid = '/var/run/openvpn.pid' Sat Jun 30 20:50:21 2018 us=566790 up_script = '/etc/openvpn/up.sh' Sat Jun 30 20:50:21 2018 us=566796 down_script = '/etc/openvpn/down.sh' Sat Jun 30 20:50:21 2018 us=566802 down_pre = ENABLED Sat Jun 30 20:50:21 2018 us=566807 up_restart = ENABLED Sat Jun 30 20:50:21 2018 us=566813 up_delay = ENABLED Sat Jun 30 20:50:21 2018 us=566819 daemon = ENABLED Sat Jun 30 20:50:21 2018 us=566825 inetd = 0 Sat Jun 30 20:50:21 2018 us=566830 log = ENABLED Sat Jun 30 20:50:21 2018 us=566836 suppress_timestamps = DISABLED Sat Jun 30 20:50:21 2018 us=566842 machine_readable_output = DISABLED Sat Jun 30 20:50:21 2018 us=566848 nice = 0 Sat Jun 30 20:50:21 2018 us=566853 verbosity = 4 Sat Jun 30 20:50:21 2018 us=566859 mute = 0 Sat Jun 30 20:50:21 2018 us=566865 gremlin = 0 Sat Jun 30 20:50:21 2018 us=566871 status_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566876 status_file_version = 1 Sat Jun 30 20:50:21 2018 us=566882 status_file_update_freq = 60 Sat Jun 30 20:50:21 2018 us=566888 occ = ENABLED Sat Jun 30 20:50:21 2018 us=566894 rcvbuf = 0 Sat Jun 30 20:50:21 2018 us=566899 sndbuf = 0 Sat Jun 30 20:50:21 2018 us=566905 mark = 0 Sat Jun 30 20:50:21 2018 us=566911 sockflags = 0 Sat Jun 30 20:50:21 2018 us=566917 fast_io = DISABLED Sat Jun 30 20:50:21 2018 us=566923 comp.alg = 2 Sat Jun 30 20:50:21 2018 us=566928 comp.flags = 1 Sat Jun 30 20:50:21 2018 us=566934 route_script = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566940 route_default_gateway = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566946 route_default_metric = 0 Sat Jun 30 20:50:21 2018 us=566952 route_noexec = DISABLED Sat Jun 30 20:50:21 2018 us=566957 route_delay = 0 Sat Jun 30 20:50:21 2018 us=566963 route_delay_window = 30 Sat Jun 30 20:50:21 2018 us=566969 route_delay_defined = DISABLED Sat Jun 30 20:50:21 2018 us=566975 route_nopull = DISABLED Sat Jun 30 20:50:21 2018 us=566981 route_gateway_via_dhcp = DISABLED Sat Jun 30 20:50:21 2018 us=566987 allow_pull_fqdn = DISABLED Sat Jun 30 20:50:21 2018 us=566993 management_addr = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=566999 management_port = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567005 management_user_pass = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567011 management_log_history_cache = 250 Sat Jun 30 20:50:21 2018 us=567017 management_echo_buffer_size = 100 Sat Jun 30 20:50:21 2018 us=567023 management_write_peer_info_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567028 management_client_user = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567034 management_client_group = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567040 management_flags = 0 Sat Jun 30 20:50:21 2018 us=567046 shared_secret_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567052 key_direction = not set Sat Jun 30 20:50:21 2018 us=567058 ciphername = 'BF-CBC' Sat Jun 30 20:50:21 2018 us=567064 ncp_enabled = ENABLED Sat Jun 30 20:50:21 2018 us=567070 ncp_ciphers = 'AES-256-GCM:AES-128-GCM' Sat Jun 30 20:50:21 2018 us=567076 authname = 'SHA1' Sat Jun 30 20:50:21 2018 us=567081 prng_hash = 'SHA1' Sat Jun 30 20:50:21 2018 us=567087 prng_nonce_secret_len = 16 Sat Jun 30 20:50:21 2018 us=567093 keysize = 0 Sat Jun 30 20:50:21 2018 us=567099 engine = DISABLED Sat Jun 30 20:50:21 2018 us=567105 replay = ENABLED Sat Jun 30 20:50:21 2018 us=567111 mute_replay_warnings = DISABLED Sat Jun 30 20:50:21 2018 us=567117 replay_window = 64 Sat Jun 30 20:50:21 2018 us=567126 replay_time = 15 Sat Jun 30 20:50:21 2018 us=567132 packet_id_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567138 use_iv = ENABLED Sat Jun 30 20:50:21 2018 us=567144 test_crypto = DISABLED Sat Jun 30 20:50:21 2018 us=567150 tls_server = DISABLED Sat Jun 30 20:50:21 2018 us=567156 tls_client = ENABLED Sat Jun 30 20:50:21 2018 us=567162 key_method = 2 Sat Jun 30 20:50:21 2018 us=567167 ca_file = 'keys/ca.crt' Sat Jun 30 20:50:21 2018 us=567180 ca_path = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567188 dh_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567194 cert_file = 'keys/client1.crt' Sat Jun 30 20:50:21 2018 us=567200 extra_certs_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567206 priv_key_file = 'keys/client1.key' Sat Jun 30 20:50:21 2018 us=567212 pkcs12_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567217 cipher_list = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567223 tls_cert_profile = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567229 tls_verify = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567235 tls_export_cert = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567241 verify_x509_type = 0 Sat Jun 30 20:50:21 2018 us=567246 verify_x509_name = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567252 crl_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567258 ns_cert_type = 1 Sat Jun 30 20:50:21 2018 us=567264 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567270 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567276 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567281 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567287 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567293 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567299 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567305 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567311 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567316 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567322 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567328 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567334 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567340 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567346 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567351 remote_cert_ku[i] = 0 Sat Jun 30 20:50:21 2018 us=567357 remote_cert_eku = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567363 ssl_flags = 0 Sat Jun 30 20:50:21 2018 us=567369 tls_timeout = 2 Sat Jun 30 20:50:21 2018 us=567375 renegotiate_bytes = -1 Sat Jun 30 20:50:21 2018 us=567381 renegotiate_packets = 0 Sat Jun 30 20:50:21 2018 us=567387 renegotiate_seconds = 3600 Sat Jun 30 20:50:21 2018 us=567392 handshake_window = 60 Sat Jun 30 20:50:21 2018 us=567398 transition_window = 3600 Sat Jun 30 20:50:21 2018 us=567404 single_session = DISABLED Sat Jun 30 20:50:21 2018 us=567410 push_peer_info = DISABLED Sat Jun 30 20:50:21 2018 us=567416 tls_exit = DISABLED Sat Jun 30 20:50:21 2018 us=567422 tls_auth_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567428 tls_crypt_file = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567436 server_network = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567443 server_netmask = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567455 server_network_ipv6 = :: Sat Jun 30 20:50:21 2018 us=567463 server_netbits_ipv6 = 0 Sat Jun 30 20:50:21 2018 us=567470 server_bridge_ip = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567476 server_bridge_netmask = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567483 server_bridge_pool_start = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567489 server_bridge_pool_end = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567495 ifconfig_pool_defined = DISABLED Sat Jun 30 20:50:21 2018 us=567501 ifconfig_pool_start = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567508 ifconfig_pool_end = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567514 ifconfig_pool_netmask = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567520 ifconfig_pool_persist_filename = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567526 ifconfig_pool_persist_refresh_freq = 600 Sat Jun 30 20:50:21 2018 us=567532 ifconfig_ipv6_pool_defined = DISABLED Sat Jun 30 20:50:21 2018 us=567538 ifconfig_ipv6_pool_base = :: Sat Jun 30 20:50:21 2018 us=567547 ifconfig_ipv6_pool_netbits = 0 Sat Jun 30 20:50:21 2018 us=567554 n_bcast_buf = 256 Sat Jun 30 20:50:21 2018 us=567560 tcp_queue_limit = 64 Sat Jun 30 20:50:21 2018 us=567565 real_hash_size = 256 Sat Jun 30 20:50:21 2018 us=567571 virtual_hash_size = 256 Sat Jun 30 20:50:21 2018 us=567577 client_connect_script = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567583 learn_address_script = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567589 client_disconnect_script = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567594 client_config_dir = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567600 ccd_exclusive = DISABLED Sat Jun 30 20:50:21 2018 us=567606 tmp_dir = '/tmp' Sat Jun 30 20:50:21 2018 us=567612 push_ifconfig_defined = DISABLED Sat Jun 30 20:50:21 2018 us=567618 push_ifconfig_local = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567624 push_ifconfig_remote_netmask = 0.0.0.0 Sat Jun 30 20:50:21 2018 us=567630 push_ifconfig_ipv6_defined = DISABLED Sat Jun 30 20:50:21 2018 us=567636 push_ifconfig_ipv6_local = ::/0 Sat Jun 30 20:50:21 2018 us=567643 push_ifconfig_ipv6_remote = :: Sat Jun 30 20:50:21 2018 us=567649 enable_c2c = DISABLED Sat Jun 30 20:50:21 2018 us=567655 duplicate_cn = DISABLED Sat Jun 30 20:50:21 2018 us=567660 cf_max = 0 Sat Jun 30 20:50:21 2018 us=567666 cf_per = 0 Sat Jun 30 20:50:21 2018 us=567672 max_clients = 1024 Sat Jun 30 20:50:21 2018 us=567678 max_routes_per_client = 256 Sat Jun 30 20:50:21 2018 us=567684 auth_user_pass_verify_script = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567690 auth_user_pass_verify_script_via_file = DISABLED Sat Jun 30 20:50:21 2018 us=567696 auth_token_generate = DISABLED Sat Jun 30 20:50:21 2018 us=567702 auth_token_lifetime = 0 Sat Jun 30 20:50:21 2018 us=567707 port_share_host = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567713 port_share_port = '[UNDEF]' Sat Jun 30 20:50:21 2018 us=567719 client = ENABLED Sat Jun 30 20:50:21 2018 us=567725 pull = ENABLED Sat Jun 30 20:50:21 2018 us=567730 auth_user_pass_file = '/etc/openvpn/pass.txt' Sat Jun 30 20:50:21 2018 us=567737 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 30 2018 Sat Jun 30 20:50:21 2018 us=567749 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10 Sat Jun 30 20:50:21 2018 us=568049 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. Sat Jun 30 20:50:21 2018 us=568071 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sat Jun 30 20:50:21 2018 us=568631 LZO compression initializing Sat Jun 30 20:50:21 2018 us=568703 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ] Sat Jun 30 20:50:21 2018 us=901910 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:3/1 ] Sat Jun 30 20:50:21 2018 us=901978 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Sat Jun 30 20:50:21 2018 us=901988 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Sat Jun 30 20:50:21 2018 us=902005 TCP/UDP: Preserving recently used remote address: [AF_INET]172.97.103.52:1194 Sat Jun 30 20:50:21 2018 us=902028 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Jun 30 20:50:21 2018 us=902038 UDP link local: (not bound) Sat Jun 30 20:50:21 2018 us=902048 UDP link remote: [AF_INET]172.97.103.52:1194 Sat Jun 30 20:50:22 2018 us=190846 TLS: Initial packet from [AF_INET]172.97.103.52:1194, sid=a850029d 5e8d923c Sat Jun 30 20:50:22 2018 us=190980 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sat Jun 30 20:50:22 2018 us=487320 VERIFY OK: depth=1, CN=FuntooHost Sat Jun 30 20:50:22 2018 us=487563 VERIFY OK: nsCertType=SERVER Sat Jun 30 20:50:22 2018 us=487577 VERIFY OK: depth=0, CN=FuntooHost Sat Jun 30 20:50:23 2018 us=89113 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Sat Jun 30 20:50:23 2018 us=89193 [FuntooHost] Peer Connection Initiated with [AF_INET]172.97.103.52:1194 Sat Jun 30 20:50:24 2018 us=305228 SENT CONTROL [FuntooHost]: 'PUSH_REQUEST' (status=1) Sat Jun 30 20:50:24 2018 us=595382 PUSH: Received control message: 'PUSH_REPLY,route 10.100.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.100.0.6 10.100.0.5,peer-id 0,cipher AES-256-GCM' Sat Jun 30 20:50:24 2018 us=595484 OPTIONS IMPORT: timers and/or timeouts modified Sat Jun 30 20:50:24 2018 us=595496 OPTIONS IMPORT: --ifconfig/up options modified Sat Jun 30 20:50:24 2018 us=595504 OPTIONS IMPORT: route options modified Sat Jun 30 20:50:24 2018 us=595512 OPTIONS IMPORT: peer-id set Sat Jun 30 20:50:24 2018 us=595521 OPTIONS IMPORT: adjusting link_mtu to 1625 Sat Jun 30 20:50:24 2018 us=595529 OPTIONS IMPORT: data channel crypto options modified Sat Jun 30 20:50:24 2018 us=595539 Data Channel: using negotiated cipher 'AES-256-GCM' Sat Jun 30 20:50:24 2018 us=595556 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 AF:3/1 ] Sat Jun 30 20:50:24 2018 us=595651 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sat Jun 30 20:50:24 2018 us=595663 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sat Jun 30 20:50:24 2018 us=595797 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=9c:2a:70:89:91:e9 Sat Jun 30 20:50:24 2018 us=596050 TUN/TAP device tun0 opened Sat Jun 30 20:50:24 2018 us=596083 TUN/TAP TX queue length set to 100 Sat Jun 30 20:50:24 2018 us=596100 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Sat Jun 30 20:50:24 2018 us=596117 /bin/ifconfig tun0 10.100.0.6 pointopoint 10.100.0.5 mtu 1500 Sat Jun 30 20:50:24 2018 us=601965 /etc/openvpn/up.sh tun0 1500 1553 10.100.0.6 10.100.0.5 init Sat Jun 30 20:50:24 2018 us=676540 /bin/route add -net 10.100.0.1 netmask 255.255.255.255 gw 10.100.0.5 Sat Jun 30 20:50:24 2018 us=677323 Initialization Sequence Completed
Servidor Dante Proxy (sock5)
Inicie o Dante proxy e adicione ao boot:
root # /etc/init.d/dante-sockd start root # rc-update add dante-sockd
Cliente sock5
Abra o aplicativo e utilize o ip do TUN do servidor, exemplo 172.40.0.1 e porta 1080: