» Wie testet ein Noob eine Internetleitung?

openvpn --config C:\Program Files\OpenVPN\config\server.ovpn

Zitat

Options warning: Bad backslash ('\') usage in server.ovpn:10: remember that backslashes are treated as shell-escapes and if you need to pass backslash characters as part of a Windows filename, you should use double backslashes such as "c:\\openvpn\\static.key"
Use --help for more information.

ca "C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt"

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"

sudo nmap -sT -sU -p T:443,1594-1600,U:443,1594-1600 192.168.123.123

Zitat

Wed Jul 30 10:42:11 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 5 2014
Wed Jul 30 10:42:11 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Wed Jul 30 10:42:11 2014 Diffie-Hellman initialized with 1024 bit key
Wed Jul 30 10:42:11 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jul 30 10:42:11 2014 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.***.***:****: Die angeforderte Adresse ist in diesem Kontext ungültig.
Wed Jul 30 10:42:11 2014 Exiting due to fatal error

Zitat

Wed Jul 30 10:58:52 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 5 2014
Wed Jul 30 10:58:52 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Wed Jul 30 10:58:52 2014 Diffie-Hellman initialized with 1024 bit key
Wed Jul 30 10:58:52 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jul 30 10:58:52 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jul 30 10:58:52 2014 open_tun, tt->ipv6=0
Wed Jul 30 10:58:52 2014 CreateFile failed on TAP device: \\.\Global\{592AD8A5-1C5A-44E4-934C-***}.tap
Wed Jul 30 10:58:52 2014 All TAP-Windows adapters on this system are currently in use.
Wed Jul 30 10:58:52 2014 Exiting due to fatal error

Zitat

Wed Jul 30 11:00:52 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 5 2014
Wed Jul 30 11:00:52 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Wed Jul 30 11:00:52 2014 Diffie-Hellman initialized with 1024 bit key
Wed Jul 30 11:00:52 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jul 30 11:00:52 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jul 30 11:00:52 2014 open_tun, tt->ipv6=0
Wed Jul 30 11:00:52 2014 TAP-WIN32 device [LAN-Verbindung 4] opened: \\.\Global\{592AD8A5-1C5A-44E4-934C-***}.tap
Wed Jul 30 11:00:52 2014 TAP-Windows Driver Version 9.9
Wed Jul 30 11:00:52 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.***.***/255.255.255.0 on interface {592AD8A5-1C5A-44E4-934C-***} [DHCP-serv: 192.168.***.***, lease-time: 31536000]
Wed Jul 30 11:00:52 2014 Sleeping for 10 seconds...
Wed Jul 30 11:01:02 2014 Successful ARP Flush on interface [28] {592AD8A5-1C5A-44E4-934C-****}
Wed Jul 30 11:01:02 2014 Listening for incoming TCP connection on [AF_INET]192.168.***.***:***
Wed Jul 30 11:01:02 2014 TCPv4_SERVER link local (bound): [AF_INET]192.168.***.***:***
Wed Jul 30 11:01:02 2014 TCPv4_SERVER link remote: [undef]
Wed Jul 30 11:01:02 2014 MULTI: multi_init called, r=256 v=256
Wed Jul 30 11:01:02 2014 IFCONFIG POOL: base=192.168.***.*** size=253, ipv6=0
Wed Jul 30 11:01:02 2014 IFCONFIG POOL LIST
Wed Jul 30 11:01:02 2014 MULTI: TCP INIT maxclients=60 maxevents=64
Wed Jul 30 11:01:02 2014 Initialization Sequence Completed

Zitat

pi@raspberrypi ~ $ sudo openvpn --config /etc/openvpn/***.ovpn
Tue Jul 29 22:41:37 2014 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 12 2013
Tue Jul 29 22:41:37 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jul 29 22:41:37 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig her to call user-defined scripts or executables
Tue Jul 29 22:41:37 2014 WARNING: file '/etc/openvpn/***' is group o r others accessible
Tue Jul 29 22:41:37 2014 LZO compression initialized
Tue Jul 29 22:41:37 2014 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET: 0 EL:0 ]
Tue Jul 29 22:41:37 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Jul 29 22:41:37 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET: 0 EL:0 AF:3/1 ]
Tue Jul 29 22:41:37 2014 Local Options hash (VER=V4): '69109d17'
Tue Jul 29 22:41:37 2014 Expected Remote Options hash (VER=V4): 'c0103fa8'
Tue Jul 29 22:41:37 2014 Attempting to establish TCP connection with [AF_INET]19 2.168.***.***:*** [nonblock]
Tue Jul 29 22:41:38 2014 TCP connection established with [AF_INET]192.168.***.*** :***
Tue Jul 29 22:41:38 2014 TCPv4_CLIENT link local: [undef]
Tue Jul 29 22:41:38 2014 TCPv4_CLIENT link remote: [AF_INET]192.168.***.***:***
Tue Jul 29 22:41:38 2014 TLS: Initial packet from [AF_INET]192.168.***.***:***, sid=e9a1c5f1 c2121f0d
Tue Jul 29 22:41:38 2014 VERIFY OK: depth=1, ***
Tue Jul 29 22:41:38 2014 VERIFY OK: depth=0, ***
Tue Jul 29 22:41:38 2014 WARNING: 'dev-type' is used inconsistently, local='dev- type tun', remote='dev-type tap'
Tue Jul 29 22:41:38 2014 WARNING: 'link-mtu' is used inconsistently, local='link -mtu 1544', remote='link-mtu 1576'
Tue Jul 29 22:41:38 2014 WARNING: 'tun-mtu' is used inconsistently, local='tun-m tu 1500', remote='tun-mtu 1532'
Tue Jul 29 22:41:38 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 29 22:41:38 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 29 22:41:38 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 29 22:41:38 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 29 22:41:38 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2 56-SHA, 1024 bit RSA
Tue Jul 29 22:41:38 2014 [vpn.gutt.it] Peer Connection Initiated with [AF_INET]1 92.168.***.***:***
Tue Jul 29 22:41:40 2014 SENT CONTROL [vpn.gutt.it]: 'PUSH_REQUEST' (status=1)
Tue Jul 29 22:41:40 2014 PUSH: Received control message: 'PUSH_REPLY,route-gatew ay 192.168.***.***,ping 10,ping-restart 120,ifconfig 192.168.***.*** 255.255.255.0'
Tue Jul 29 22:41:40 2014 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 29 22:41:40 2014 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 29 22:41:40 2014 OPTIONS IMPORT: route-related options modified
Tue Jul 29 22:41:40 2014 WARNING: Since you are using --dev tun with a point-to- point topology, the second argument to --ifconfig must be an IP address. You ar e using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Tue Jul 29 22:41:40 2014 ROUTE default_gateway=192.168.***.***
Tue Jul 29 22:41:40 2014 TUN/TAP device tun0 opened
Tue Jul 29 22:41:40 2014 TUN/TAP TX queue length set to 100
Tue Jul 29 22:41:40 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jul 29 22:41:40 2014 /sbin/ifconfig tun0 192.168.***.*** pointopoint 255.255.2 55.0 mtu 1500
SIOCSIFDSTADDR: Invalid argument
Tue Jul 29 22:41:40 2014 Linux ifconfig failed: external program exited with err or status: 1
Tue Jul 29 22:41:40 2014 Exiting

Zitat

TCP: connect to [AF_INET]79.232.***.***:443 failed, will try again in 5 seconds: Connection timed out

Zitat

pi@raspberrypi ~ $ sudo nmap -sT -sU -p T:443,1194-1200,U:443,1194-1200 ddns.example.org

Starting Nmap 6.00 ( http://nmap.org ) at 2014-07-30 09:41 UTC
Nmap scan report for ddns.example.org (79.232.***.***)
Host is up (0.066s latency).
rDNS record for 79.232.***.***: ***.dip0.t-ipconnect.de
PORT STATE SERVICE
443/tcp filtered https
1194/tcp open openvpn
1195/tcp open rsf-1
1196/tcp open netmagic
1197/tcp open unknown
1198/tcp open cajo-discovery
1199/tcp open dmidi
1200/tcp open scol
443/udp filtered https
1194/udp filtered openvpn
1195/udp filtered unknown
1196/udp filtered unknown
1197/udp filtered unknown
1198/udp filtered cajo-discovery
1199/udp filtered unknown
1200/udp filtered scol

Nmap done: 1 IP address (1 host up) scanned in 5.19 seconds

mgutt

Desweiteren verstehe ich nicht, warum mein PC über den Router des RPI online ist. Scheinbar hat Windows entschieden der LAN Verbindung den Vorzug zu geben (und ich bin damit über den Stick des Routers online und nicht über das DSL).

mgutt

Der RPI wirft jetzt in jedem Fall die Fehlermeldung aus

mgutt

Vor allen Dingen verstehe ich nicht warum die anderen TCP Ports auf Open stehen. Die müsste doch die Fritz!Box eigentlich geschlossen haben oder nicht

Zitat

Wed Jul 30 17:07:13 2014 Attempting to establish TCP connection with [AF_INET]79.232.***.***:1194 [nonblock]
Wed Jul 30 17:07:14 2014 TCP connection established with [AF_INET]79.232.***.***:1194
Wed Jul 30 17:07:14 2014 TCPv4_CLIENT link local: [undef]
Wed Jul 30 17:07:14 2014 TCPv4_CLIENT link remote: [AF_INET]79.232.***.***:1194
Wed Jul 30 17:07:21 2014 Connection reset, restarting [0]
Wed Jul 30 17:07:21 2014 TCP/UDP: Closing socket
Wed Jul 30 17:07:21 2014 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jul 30 17:07:21 2014 Restart pause, 5 second(s)

Zitat

SIGTERM[hard,] received, process exiting

Zitat

Thu Jul 31 09:18:57 2014 203.64.***.***:2142 WARNING: Bad encapsulated packet length from peer (15530), which must be > 0 and <= 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

link-mtu 1400

DrehstuhlRanger

mgutt

Vor allen Dingen verstehe ich nicht warum die anderen TCP Ports auf Open stehen. Die müsste doch die Fritz!Box eigentlich geschlossen haben oder nicht

Die Fritz!Box schließt doch nur die Ports direkt am Router und nicht am Raspberry Pi. Somit sind sie im eigenen Netzwerk offen und nach draußen geschlossen, oder?

iroute 192.168.179.0 255.255.255.0

Zitat

Options error: option 'iroute' cannot be used in this context

Zitat

The client must have a unique Common Name in its certificate ("client2" in our example), and the duplicate-cn flag must not be used in the OpenVPN server configuration file.

iroute 192.168.179.0 255.255.255.0

Zitat

Thu Jul 31 11:11:23 2014 ClientName/109.44.***.***:36883 MULTI: internal route 192.168.179.0/24 -> ClientName/109.44.***.***:36883
Thu Jul 31 11:11:23 2014 ClientName/109.44.***.***:36883 MULTI: Learn: 192.168.179.0/24 ->ClientName/109.44.***.***:36883

Zitat

OpenVPN CLIENT LIST
Updated,Thu Jul 31 11:12:15 2014
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ClientName,109.44.***.***:36883,4332,13596,Thu Jul 31 11:11:19 2014
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
192.168.179.0/24,ClientName,109.44.***.***:36883,Thu Jul 31 11:11:23 2014
192.168.180.6,ClientName,109.44.***.***:36883,Thu Jul 31 11:11:23 2014
GLOBAL STATS
Max bcast/mcast queue length,1
END

Mach mit!