Beantwortet: Kaskadierung Linux Problem

D

drv

Junior Member
hi

habe die kaskadierung nach der linux anleitung durchgeführt. Es scheint auch alles zu klappen aber meine ip ändert sich nicht :D

die konsole gibt nach dem hop auch .... sueccessful aus. dann kann ich auch wie beschrieben einen 2,3 hop machen aber auch weiterhin bleibt meine real ip bestehen.

eine einfache vpn verbindung über den networkmanager funktioniert einwandfrei.

was könnte das problem sein?

btw ich nutze arch + openbox

thx schonmal !!
 
Sort by date Sort by votes
Wenn eine einfache Verbindung funktioniert, sollte auch eine Kaskade gehen. Poste doch mal deine aktive routing Tabelle nachdem du zb einen 2er Hop gemacht hast mit:

Code: 
netstat -nr
 
Upvote 0 Downvote
Die einfache verbindung funktioniert NUR wenn ich diese mit dem NetworkManager aufbaue .
Über die shell funktioniert die nur ohne script und ohne route-noexec d.h. mit dem angegebenen befehl funktioniert sie nicht.

So sieht netstat -nr aus wenn ich die verbindung ueber die shell (wie in der anleitung angegeben) herstelle:

Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlp3s0
10.17.12.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp3s0

mehr nicht.
:/
 
Upvote 0 Downvote
Die wichtigen Routen fehlen alle. Was gibt denn OpenVPN für Meldungen aus, vermute OpenVPN kann das Skript nicht ausführen, weil es das nicht findet etc.
 
Upvote 0 Downvote
hier aus syslog:

Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): new Tun device (carrier: OFF, driver: 'tun', ifindex: 9)
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): link connected
Dez 14 20:07:47 aBook NetworkManager[610]: <info> keyfile: add connection in-memory (a955e97f-268d-4a12-8f6d-2721b0aff575,"tun0")
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): device state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): device state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): Activation: starting connection 'tun0' (a955e97f-268d-4a12-8f6d-2721b0aff575)
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): device state change: prepare -> config (reason 'none') [40 50 0]
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): device state change: config -> ip-config (reason 'none') [50 70 0]
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Dez 14 20:07:47 aBook NetworkManager[610]: <info> (tun0): Activation: successful, device activated.
 
Upvote 0 Downvote
Doch nicht die Meldungen vom Network Manager, da klappt doch alles. Du sollst die Ausgaben von openvpn posten, wenn du openvpn aus der Bash heraus startest. Und zwar mit dem Befehl, wo es eben nicht klappt, dass sich deine IP ändert.
 
Upvote 0 Downvote
Enter Auth Username: **********
Enter Auth Password: *******************
Tue Dec 15 00:11:53 2015 us=361553 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Dec 15 00:11:53 2015 us=362619 WARNING: file 'Paris_cl.key' is group or others accessible
Tue Dec 15 00:11:53 2015 us=362996 Deprecated TLS cipher name 'DHE-RSA-AES256-GCM-SHA384', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384'
Tue Dec 15 00:11:53 2015 us=363032 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA256', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
Tue Dec 15 00:11:53 2015 us=363055 Deprecated TLS cipher name 'DHE-RSA-AES128-GCM-SHA256', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-GCM-SHA256'
Tue Dec 15 00:11:53 2015 us=363076 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA256', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA256'
Tue Dec 15 00:11:53 2015 us=363096 Deprecated TLS cipher name 'DHE-RSA-CAMELLIA256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA'
Tue Dec 15 00:11:53 2015 us=363117 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
Tue Dec 15 00:11:53 2015 us=363137 Deprecated TLS cipher name 'DHE-RSA-CAMELLIA128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA'
Tue Dec 15 00:11:53 2015 us=363156 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA'
Tue Dec 15 00:11:53 2015 us=363175 Deprecated TLS cipher name 'CAMELLIA256-SHA', please use IANA name 'TLS-RSA-WITH-CAMELLIA-256-CBC-SHA'
Tue Dec 15 00:11:53 2015 us=363194 Deprecated TLS cipher name 'AES256-SHA', please use IANA name 'TLS-RSA-WITH-AES-256-CBC-SHA'
Tue Dec 15 00:11:53 2015 us=363213 Deprecated TLS cipher name 'CAMELLIA128-SHA', please use IANA name 'TLS-RSA-WITH-CAMELLIA-128-CBC-SHA'
Tue Dec 15 00:11:53 2015 us=363231 Deprecated TLS cipher name 'AES128-SHA', please use IANA name 'TLS-RSA-WITH-AES-128-CBC-SHA'
Tue Dec 15 00:11:53 2015 us=363592 WARNING: file 'Paris_ta.key' is group or others accessible
Tue Dec 15 00:11:53 2015 us=363616 Control Channel Authentication: using 'Paris_ta.key' as a OpenVPN static key file
Tue Dec 15 00:11:53 2015 us=363666 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Dec 15 00:11:53 2015 us=363695 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Dec 15 00:11:53 2015 us=363745 LZO compression initialized
Tue Dec 15 00:11:53 2015 us=363896 Control Channel MTU parms [ L:1606 D:210 EF:110 EB:0 ET:0 EL:3 ]
Tue Dec 15 00:11:53 2015 us=364028 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue Dec 15 00:11:53 2015 us=405806 Data Channel MTU parms [ L:1606 D:1300 EF:106 EB:143 ET:0 EL:3 AF:3/1 ]
Tue Dec 15 00:11:53 2015 us=405967 Fragmentation MTU parms [ L:1606 D:1300 EF:105 EB:143 ET:1 EL:3 AF:3/1 ]
Tue Dec 15 00:11:53 2015 us=406080 Local Options String: 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Tue Dec 15 00:11:53 2015 us=406131 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Tue Dec 15 00:11:53 2015 us=406218 Local Options hash (VER=V4): '73c06b87'
Tue Dec 15 00:11:53 2015 us=406284 Expected Remote Options hash (VER=V4): 'ad1c1209'
Tue Dec 15 00:11:53 2015 us=406352 UDPv4 link local: [undef]
Tue Dec 15 00:11:53 2015 us=406410 UDPv4 link remote: [AF_INET]5.135.143.84:1149
Tue Dec 15 00:11:53 2015 us=439618 TLS: Initial packet from [AF_INET]5.135.143.84:1149, sid=dd021351 c63da4b3
Tue Dec 15 00:11:53 2015 us=439927 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Dec 15 00:11:53 2015 us=799333 VERIFY OK: depth=1, C=NZ, ST=Wellington, L=Johnsonville, O=perfect-privacy, CN=perfect-privacy, emailAddress=admin@perfect-privacy.com
Tue Dec 15 00:11:53 2015 us=800415 VERIFY OK: nsCertType=SERVER
Tue Dec 15 00:11:53 2015 us=800482 VERIFY OK: depth=0, C=NZ, ST=Wellington, O=perfect-privacy, CN=server, emailAddress=admin@perfect-privacy.com
Tue Dec 15 00:11:54 2015 us=530361 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Dec 15 00:11:54 2015 us=530485 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Dec 15 00:11:54 2015 us=530526 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Dec 15 00:11:54 2015 us=530562 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Dec 15 00:11:54 2015 us=530678 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-CAMELLIA256-SHA, 4096 bit RSA
Tue Dec 15 00:11:54 2015 us=530764 [server] Peer Connection Initiated with [AF_INET]5.135.143.84:1149
Tue Dec 15 00:11:56 2015 us=981502 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Dec 15 00:11:57 2015 us=15043 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 131072,rcvbuf 131072,topology subnet,route-gateway 10.17.11.1,ping 10,ping-restart 60,dhcp-option DNS 45.48.54.75dhcp-option DNS 4.44.54.195,ifconfig 10.17.11.22 255.255.255.0'
Tue Dec 15 00:11:57 2015 us=15212 OPTIONS IMPORT: timers and/or timeouts modified
Tue Dec 15 00:11:57 2015 us=15231 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Dec 15 00:11:57 2015 us=15246 Socket Buffers: R=[131072->262144] S=[131072->262144]
Tue Dec 15 00:11:57 2015 us=15254 OPTIONS IMPORT: --ifconfig/up options modified
Tue Dec 15 00:11:57 2015 us=15265 OPTIONS IMPORT: route options modified
Tue Dec 15 00:11:57 2015 us=15276 OPTIONS IMPORT: route-related options modified
Tue Dec 15 00:11:57 2015 us=15290 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Dec 15 00:11:57 2015 us=15511 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wl3 HWADDR=b0:66:b2:3d:gd:h4
Tue Dec 15 00:11:57 2015 us=15963 TUN/TAP device tun0 opened
Tue Dec 15 00:11:57 2015 us=15995 TUN/TAP TX queue length set to 100
Tue Dec 15 00:11:57 2015 us=16020 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Dec 15 00:11:57 2015 us=16056 /usr/bin/ip link set dev tun0 up mtu 1500
Tue Dec 15 00:11:57 2015 us=17883 /usr/bin/ip addr add dev tun0 10.17.11.22/24 broadcast 10.17.11.255
Tue Dec 15 00:11:57 2015 us=23508 updown.sh tun0 1500 1606 10.17.11.22 255.255.255.0 init
updown.sh: STARTED
updown.sh: hop number: (default: 1)
updown.sh: gateway of previous hop: (default: local gateway)
updown.sh: local gateway: 192.168.1.1
updown.sh: VPN: int. IP address: 10.17.11.22
updown.sh: VPN: netmask: 255.255.255.0
updown.sh: VPN: gateway: 10.17.11.1
updown.sh: VPN: public IP address: 5.135.143.84
updown.sh: Notice: You didn't set 'hopid'. Assuming this to be the first hop (hopid=1).
updown.sh: Notice: You didn't set the previous gateway. The gateway of your local network ('192.168.1.1') will be used.
which: no ip in ((null))
updown.sh: executing: ' route add 5.135.143.84 via 192.168.1.1'
Usage: inet_route [-vF] del {-host|-net} Target[/prefix] [gw Gw] [metric M] [[dev] If]
inet_route [-vF] add {-host|-net} Target[/prefix] [gw Gw] [metric M]
[netmask N] [mss Mss] [window W] [irtt I]
[mod] [dyn] [reinstate] [[dev] If]
inet_route [-vF] add {-host|-net} Target[/prefix] [metric M] reject
inet_route [-FC] flush NOT supported
updown.sh: executing: ' route add 0.0.0.0/1 via 10.17.11.1'
Usage: inet_route [-vF] del {-host|-net} Target[/prefix] [gw Gw] [metric M] [[dev] If]
inet_route [-vF] add {-host|-net} Target[/prefix] [gw Gw] [metric M]
[netmask N] [mss Mss] [window W] [irtt I]
[mod] [dyn] [reinstate] [[dev] If]
inet_route [-vF] add {-host|-net} Target[/prefix] [metric M] reject
inet_route [-FC] flush NOT supported
updown.sh: executing: ' route add 128.0.0.0/1 via 10.17.11.1'
Usage: inet_route [-vF] del {-host|-net} Target[/prefix] [gw Gw] [metric M] [[dev] If]
inet_route [-vF] add {-host|-net} Target[/prefix] [gw Gw] [metric M]
[netmask N] [mss Mss] [window W] [irtt I]
[mod] [dyn] [reinstate] [[dev] If]
inet_route [-vF] add {-host|-net} Target[/prefix] [metric M] reject
inet_route [-FC] flush NOT supported
updown.sh: HINT: For the next hop, start openvpn with the following options:
updown.sh: HINT: openvpn --config <config.ovpn> --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec --setenv hopid 2 --setenv prevgw 10.17.11.1
updown.sh: execuding: '/etc/openvpn/update-resolv-conf'
dhcp-option DNS 45.48.54.75
dhcp-option DNS 4.44.54.195
updown.sh: FINISHED
Tue Dec 15 00:11:59 2015 us=535462 Initialization Sequence Completed
 
Last edited:
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top