Hlavní navigace

Vlákno názorů k článku OpenVPN – VPN jednoduše (2) od fan - Zdravím, mohl by mi někdo, prosím poradit s nastavením...

  • Článek je starý, nové názory již nelze přidávat.
  • 9. 8. 2005 2:22

    fan (neregistrovaný)
    Zdravím,
    mohl by mi někdo, prosím poradit s nastavením OpenVPN? Když spusím VPN(v modu client) na Win XP, 2000, tak vypíše následující:

    Options error: Unknown key direction 'files\openvpn\easy-rsa\keys\ta.key' -- mus
    t be '0' or '1'
    Use --help for more information.
    Press any key to continue...

    Nikde jsem nenašel proč a domovské stránce projektu mi také neporadili. Podle mě dělám vše, jak je napsáno v dokumentaci(resp. v HOWTO). A tady je config klienta:

    # Specify that we are a client and that we
    # will be pulling certain config file directives
    # from the server.
    client

    # Use the same setting as you are using on
    # the server.
    # On most systems, the VPN will not function
    # unless you partially or fully disable
    # the firewall for the TUN/TAP interface.
    ;dev tap
    dev tun

    # Windows needs the TAP-Win32 adapter name
    # from the Network Connections panel
    # if you have more than one. On XP SP2,
    # you may need to disable the firewall
    # for the TAP adapter.
    ;dev-node MyTap

    # Are we connecting to a TCP or
    # UDP server? Use the same setting as
    # on the server.
    ;proto tcp
    proto udp

    # The hostname/IP and port of the server.
    # You can have multiple remote entries
    # to load balance between the servers.
    remote "IP mého serveru" 1194
    ;remote my-server-2 1194

    # Choose a random host from the remote
    # list for load-balancing. Otherwise
    # try hosts in the order specified.
    ;remote-random

    # Keep trying indefinitely to resolve the
    # host name of the OpenVPN server. Very useful
    # on machines which are not permanently connected
    # to the internet such as laptops.
    resolv-retry infinite

    # Most clients don't need to bind to
    # a specific local port number.
    nobind

    # Downgrade privileges after initialization (non-Windows only)
    ;user nobody
    ;group nobody

    # Try to preserve some state across restarts.
    persist-key
    persist-tun

    # If you are connecting through an
    # HTTP proxy to reach the actual OpenVPN
    # server, put the proxy server/IP and
    # port number here. See the man page
    # if your proxy server requires
    # authentication.
    ;http-proxy-retry # retry on connection failures
    ;http-proxy [proxy server] [proxy port #]

    # Wireless networks often produce a lot
    # of duplicate packets. Set this flag
    # to silence duplicate packet warnings.
    ;mute-replay-warnings

    # SSL/TLS parms.
    # See the server config file for more
    # description. It's best to use
    # a separate .crt/.key file pair
    # for each client. A single ca
    # file can be used for all clients.
    ca C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt
    cert C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\klient.crt
    key C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\klient.key

    # Verify server certificate by checking
    # that the certicate has the nsCertType
    # field set to "server". This is an
    # important precaution to protect against
    # a potential attack discussed here:
    # http://openvpn.net/howto.html#mitm
    #
    # To use this feature, you will need to generate
    # your server certificates with the nsCertType
    # field set to "server". The build-key-server
    # script in the easy-rsa folder will do this.
    ;ns-cert-type server

    # If a tls-auth key is used on the server
    # then every client must also have the key.
    tls-auth C:\\Program files\\openvpn\\easy-rsa\\keys\\ta.key 1

    # Select a cryptographic cipher.
    # If the cipher option is used on the server
    # then you must also specify it here.
    ;cipher x

    # Enable compression on the VPN link.
    # Don't enable this unless it is also
    # enabled in the server config file.
    comp-lzo

    # Set log file verbosity.
    verb 5

    # Silence repeating messages
    ;mute 20
  • 8. 10. 2005 14:10

    Petr Baláš (neregistrovaný)
    uvozovky okolo jmen souboru, co v sobe obsahuji mezeru (ca, cert, key, tls-auth):
    ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"