关于OPENVPN,SOS!!
同一局域网内主机A和B,都是可以独立访问INTERNET的,A做SERVER,IP:32.96.29.220,
自己连接后,状态栏图标由未连接的黄色变为绿色,自己可以得到10.8.0.1的IP,
但是客户端B始终连接不上SERVER,不知何故??
附上SERVER的配置文件如下:
port 443
proto udp
dev tap
ca ca.crt
cert server01.crt
key server01.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
tls-auth ta.key 0
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
另外server的LOG文件如下:
Wed Jun 04 15:30:49 2008 NOTE: --user option is not implemented on Windows
Wed Jun 04 15:30:49 2008 NOTE: --group option is not implemented on Windows
Wed Jun 04 15:30:49 2008 OpenVPN 2.1_rc7 Win32-MinGW [SSL] [LZO2] [PKCS11] built on Jan 29 2008
Wed Jun 04 15:30:49 2008 Diffie-Hellman initialized with 1024 bit key
Wed Jun 04 15:30:50 2008 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Wed Jun 04 15:30:50 2008 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 04 15:30:50 2008 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 04 15:30:50 2008 TLS-Auth MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Jun 04 15:30:50 2008 TAP-WIN32 device [本地连接 3] opened: \\.\Global\{5FC34681-FD54-4923-BF4E-C876E9221475}.tap
Wed Jun 04 15:30:50 2008 TAP-Win32 Driver Version 9.4
Wed Jun 04 15:30:50 2008 TAP-Win32 MTU=1500
Wed Jun 04 15:30:50 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.0 on interface {5FC34681-FD54-4923-BF4E-C876E9221475} [DHCP-serv: 10.8.0.0, lease-time: 31536000]
Wed Jun 04 15:30:50 2008 Sleeping for 5 seconds...
Wed Jun 04 15:30:55 2008 Successful ARP Flush on interface [327683] {5FC34681-FD54-4923-BF4E-C876E9221475}
Wed Jun 04 15:30:55 2008 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Jun 04 15:30:55 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jun 04 15:30:55 2008 UDPv4 link local (bound): [undef]:443
Wed Jun 04 15:30:55 2008 UDPv4 link remote: [undef]
Wed Jun 04 15:30:55 2008 MULTI: multi_init called, r=256 v=256
Wed Jun 04 15:30:55 2008 IFCONFIG POOL: base=10.8.0.2 size=253
Wed Jun 04 15:30:55 2008 IFCONFIG POOL LIST
Wed Jun 04 15:30:55 2008 Initialization Sequence Completed
客户端配置如下:
dev tap
proto udp
remote 32.96.29.220 443
resolv-retry infinite
nobind
user nobody
group nobody
route 0.0.0.0 0.0.0.0
persist-key
persist-tun
ca C:\\Program Files\\OpenVPN\\config\\ca.crt
cert C:\\Program Files\\OpenVPN\\config\\sunjian.crt
key C:\\Program Files\\OpenVPN\\config\\sunjian.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 4
再贴上客户机的LOG:
Wed Jun 04 15:47:30 2008 NOTE: --user option is not implemented on Windows
Wed Jun 04 15:47:30 2008 NOTE: --group option is not implemented on Windows
Options error: Parameter ca_file can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.
Use --help for more information.
