[Ajuda] OpenVPN - IOS

[rodolfo.blosfeld]

Boa Noite a Todos, depois de bastante pesquisar, consegui avançar na Conexão usando OpenVPN e um IPAD2.

O Arquivo .OVPN tem que ter a Hierarquia de Certificado e Possuir uma KEY (pode ser aleatória) com isso o Tablet consegue fechar um Tunel.

MAs agora a conexão e rejeitada pelo Endian contendo a seguinte mensagem:

2014-01-20 22:21:14 LZO-ASYM init swap=0 asym=0
2014-01-20 22:21:14 EVENT: RESOLVE
2014-01-20 22:21:14 Contacting 200.999.999.999:1194 via UDP
2014-01-20 22:21:14 EVENT: WAIT
2014-01-20 22:21:14 Connecting to 200.999.999.999:1194 (200.999.999.999) via UDPv4
2014-01-20 22:21:14 EVENT: CONNECTING
2014-01-20 22:21:14 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2014-01-20 22:21:14 Peer Info:
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2014-01-20 22:21:14 VERIFY OK: depth=1
cert. version : 3
serial number : 00
issuer name  : C=IT, O=efw, CN=efw CA
subject name  : C=IT, O=efw, CN=efw CA
issued  on    : 2013-10-02 12:42:02
expires on    : 2029-08-13 03:16:42
signed using  : RSA+MD5
RSA key size  : 2048 bits

2014-01-20 22:21:14 VERIFY OK: depth=0
cert. version : 3
serial number : 00
issuer name  : C=IT, O=efw, CN=efw CA
subject name  : C=IT, O=efw, CN=127.0.0.1
issued  on    : 2013-10-02 12:42:02
expires on    : 2029-08-13 03:16:42
signed using  : RSA+SHA1
RSA key size  : 1024 bits

2014-01-20 22:21:14 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2014-01-20 22:21:14 Session is ACTIVE
2014-01-20 22:21:15 EVENT: GET_CONFIG
2014-01-20 22:21:15 Sending PUSH_REQUEST to server...
2014-01-20 22:21:15 OPTIONS:
0 [route-gateway] [192.168.0.1]
1 [route-gateway] [192.168.0.1]
2 [ping] [8]
3 [ping-restart] [30]
4 [ifconfig] [192.168.0.131] [255.255.255.0]

2014-01-20 22:21:15 LZO-ASYM init swap=0 asym=0
2014-01-20 22:21:15 EVENT: ASSIGN_IP
2014-01-20 22:21:15 TUN Error: tun_builder_error: ifconfig addresses are not in the same /30 subnet (topology net30)
2014-01-20 22:21:15 EVENT: TUN_SETUP_FAILED tun_builder_error: ifconfig addresses are not in the same /30 subnet (topology net30) [ERR]
2014-01-20 22:21:15 EVENT: DISCONNECTED
2014-01-20 22:21:15 Raw stats on disconnect:
  BYTES_IN : 3123
  BYTES_OUT : 1360
  PACKETS_IN : 31
  PACKETS_OUT : 31
  TUN_SETUP_FAILED : 1
2014-01-20 22:21:15 Performance stats on disconnect:
  CPU usage (microseconds): 100298
  Network bytes per CPU second: 44696
  Tunnel bytes per CPU second: 0
2014-01-20 22:21:15 ----- OpenVPN Stop -----
2014-01-20 22:21:15 EVENT: DISCONNECT_PENDING

[rodolfo.blosfeld]

Só pra ilustrar, o arquivo . OVPN ficou com a seguinte estrutura:

Conforme falaei antes a estrutura <key>...</key> foi retirada da Internet e é Genérica.

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx
resolv-retry infinite
nobind
persist-key
persist-tun
ca LinuxFirewal.pem
auth-user-pass
comp-lzo

<cert>
-----BEGIN CERTIFICATE-----
MIIDWrg1f8DqROfW9FCkCr7vT7MDPfVe5EeDMxl3Z/JI
m3cYcYGLXN3ojjl28e5avgKZ16iHRu5IzAKpynnTEek1ojQ5lLiw85cllS4TXMVl
LcTd2V7rnxdagTMDJrY3goEqIuSfWgQl2fa2HlJpYyHaJC8eWjIuYgC+Q7Dg/g99
9s8WZzi1yZYUuQwN+969IMmRgd7Ze1NIPwZINcZ2kgHOoNKpd89dRwxjSPXcunNs
QIQnPQuOcB+jpMOBAgMBAAGjgYYwgYMwHQYDVR0OBBYEFKR4buFhIP1B6GTgewrV
x8D83vITMFQGA1UdIww==
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALVEXIZYYu1Inmej
uo4Si6Eo5AguTX5sg1pGbLkJSTR4BXQsy6ocUnZ9py8htYkipkUUhjY7zDu+wJlU
tWnVCwCYtewYfEc/+azH7+7eU6ueT2K2IKdik1KWhdtNbaNphVvSlgdyKiuZDTCe
dptgWyiL50N7FMcUUMjjXYh/hftBAgMBAAECgYEAsNjgOEYVRhEaUlzfzmpzhakC
SKT8AALYaAPbYO+ZVzJdh8mIbg+xuF7A9G+7z+5ZL35lrpXKnONuvmlxkK5ESwvV
Q7EOQYCZCqa8xf3li3GUBLwcwXKtOUr3AYXhdbOh2viQdisD4Ky7H6/Nd3yMc3bu
R4pErmWeHei+l6dIwAECQQDqljNxi9babmHiei6lHaznCMg5+jfAyDXgHvO/afFr
1bDQVDTDK+64kax4E9pvDZC6B/HGse9hOUGWXTjb0WZBAkEAxdAw/14iJIUcE5sz
HDy2R0RmbUQYFjrNgBCi5tnmr1Ay1zHAs1VEF+Rg5IOtCBO50I9jm4WCSwCtN6zF
FoFVAQJAUGfBJDcZIm9ZL6ZPXJrqS5oP/wdLmtFE3hfd1gr7C8oHu7BREWB6h1qu
8c1kPlI4+/qDHWaZtQpJ977mIToJwQJAMcgUHKAm/YPWLgT31tpckRDgqgzh9u4z
e1A0ft5FlMcdFFT8BuWlblHWJIwSxp6YO6lqSuBNiuyPqxw6uVAxAQJAWGxOgn2I
fGkWLLw4WMpkFHmwDVTQVwhTpmMP8rWGYEdYX+k9HeOJyVMrJKg2ZPXOPtybrw8T
PUZE7FgzVNxypQ==
-----END PRIVATE KEY-----
</key>

[Elton]

Parece que ele ta reclamando da subnet /30.