トップ > Win > OpenVPNクライアント側設定(2)client.ovpn設定、接続確認

OpenVPNクライアント側設定(2)client.ovpn設定、接続確認

Win メモ Security

C:\Program Files\OpenVPN\sample-config\client.ovpnをC:\Program Files\OpenVPN\configにコピーし、設定変更。
DDNSdebian.mydns.jpを取得しているとする。
client.ovpnを編集。

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote debian.mydns.jp 1194
;remote my-server-2 1194

クライアント名はClientWin。C:\Program Files\OpenVPN\configに、OpenVPNサーバからコピーしたca.crt, ClientWin.crt, ClientWin.keyを置く。

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca ca.crt
cert ClientWin.crt
key ClientWin.key

設定終了。
スタートメニュー > すべてのプログラム > OpenVPN > OpenVPN GUIを起動。右下のトレイにアイコンが出る。右クリックでConnectを選択。

Wed Jan 16 20:43:10 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Wed Jan 16 20:43:10 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jan 16 20:43:10 2008 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jan 16 20:43:16 2008 LZO compression initialized
Wed Jan 16 20:43:16 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jan 16 20:43:18 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jan 16 20:43:18 2008 Local Options hash (VER=V4): '41690919'
Wed Jan 16 20:43:18 2008 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jan 16 20:43:18 2008 UDPv4 link local: [undef]
Wed Jan 16 20:43:18 2008 UDPv4 link remote: 211.***.***.***:1194
Wed Jan 16 20:44:17 2008 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 16 20:44:17 2008 TLS Error: TLS handshake failed
Wed Jan 16 20:44:17 2008 TCP/UDP: Closing socket
Wed Jan 16 20:44:17 2008 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 16 20:44:17 2008 Restart pause, 2 second(s)
Wed Jan 16 20:44:19 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jan 16 20:44:19 2008 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jan 16 20:44:19 2008 Re-using SSL/TLS context
Wed Jan 16 20:44:19 2008 LZO compression initialized
Wed Jan 16 20:44:19 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jan 16 20:44:19 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jan 16 20:44:19 2008 Local Options hash (VER=V4): '41690919'
Wed Jan 16 20:44:19 2008 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jan 16 20:44:19 2008 UDPv4 link local: [undef]
Wed Jan 16 20:44:19 2008 UDPv4 link remote: 211.***.***.***:1194
Wed Jan 16 20:45:15 2008 TCP/UDP: Closing socket
Wed Jan 16 20:45:15 2008 SIGTERM[hard,] received, process exiting


繋がらない。
ルータのfirewallも設定したのになぁ。
あれ?ログにポート1194宛パケットの廃棄ログが。
しまった!TCPを開ける設定にしていた。UDPを開けないと!