openvpn

0

0

Есть vpn сервер на openvpn. В конфиге указанно что клиенты видяд друг друга.
Вопрос следующий, как некотороым клиентам запретить видет всех кроме сервера.
вот конфиг:
port 1194
proto tcp
dev tun
ca /usr/share/openvpn/easy-rsa/keys/ca.crt
cert /usr/share/openvpn/easy-rsa/keys/1.crt
key /usr/share/openvpn/easy-rsa/keys/1.key
dh /usr/share/openvpn/easy-rsa/keys/dh1024.pem
server 10.1.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.16.2.0 255.255.255.0"
client-config-dir ccd
route 10.1.1.0 255.255.255.252
push "dhcp-option DNS 172.16.2.1"
keepalive 10 120
tls-auth /usr/share/openvpn/easy-rsa/keys/ta.key 0
comp-lzo
max-clients 100
persist-key
persist-tun

Ссылка

←	как оценить конфигурацию?

Проблемы с YaST2 от SuSE.

→

И еще вопрос, несколько клиентов постоянно вылетают, но сразу подключаются по новой. В логе сервера вот что: Fri Feb 29 10:09:22 2008 Expected Remote Options hash (VER=V4): 'ee93268d' Fri Feb 29 10:09:22 2008 TCP connection established with 91.122.45.241:42805 Fri Feb 29 10:09:22 2008 Socket Buffers: R=[131072->131072] S=[131072->131072] Fri Feb 29 10:09:22 2008 TCPv4_SERVER link local: [undef] Fri Feb 29 10:09:22 2008 TCPv4_SERVER link remote: 91.122.45.241:42805 Fri Feb 29 10:09:22 2008 91.122.45.241:42805 TLS: Initial packet from 91.122.45.241:42805, sid=405a2a65 bb413dd3 Fri Feb 29 10:09:22 2008 91.122.45.241:42805 TLS Error: cannot locate HMAC in incoming packet from 91.122.45.241:42805 Fri Feb 29 10:09:22 2008 91.122.45.241:42805 Fatal TLS error (check_tls_errors_co), restarting Fri Feb 29 10:09:22 2008 91.122.45.241:42805 SIGUSR1[soft,tls-error] received, client-instance restarting Fri Feb 29 10:09:22 2008 TCP/UDP: Closing socket Fri Feb 29 10:09:27 2008 MULTI: multi_create_instance called Fri Feb 29 10:09:27 2008 Re-using SSL/TLS context Fri Feb 29 10:09:27 2008 LZO compression initialized Fri Feb 29 10:09:27 2008 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Fri Feb 29 10:09:27 2008 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Fri Feb 29 10:09:27 2008 Local Options hash (VER=V4): 'bd577cd1' Fri Feb 29 10:09:27 2008 Expected Remote Options hash (VER=V4): 'ee93268d' Fri Feb 29 10:09:27 2008 TCP connection established with 91.122.45.241:42808 Fri Feb 29 10:09:27 2008 Socket Buffers: R=[131072->131072] S=[131072->131072] Fri Feb 29 10:09:27 2008 TCPv4_SERVER link local: [undef] Fri Feb 29 10:09:27 2008 TCPv4_SERVER link remote: 91.122.45.241:42808 Fri Feb 29 10:09:27 2008 91.122.45.241:42808 TLS: Initial packet from 91.122.45.241:42808, sid=3f0a44d0 eafd8f50 Fri Feb 29 10:09:27 2008 91.122.45.241:42808 TLS Error: cannot locate HMAC in incoming packet from 91.122.45.241:42808 Fri Feb 29 10:09:27 2008 91.122.45.241:42808 Fatal TLS error (check_tls_errors_co), restarting Fri Feb 29 10:09:27 2008 91.122.45.241:42808 SIGUSR1[soft,tls-error] received, client-instance restarting Fri Feb 29 10:09:27 2008 TCP/UDP: Closing socket

nau ★
(29.02.08 10:12:09 MSK) автор топика

Ответ на: комментарий от nau 29.02.08 10:12:09 MSK

Expected Remote Options hash (VER=V4): 'ee93268d'
TCP connection established with 91.122.45.241:42805
Socket Buffers: R=[131072->131072] S=[131072->131072]
TCPv4_SERVER link local: [undef]
TCPv4_SERVER link remote: 91.122.45.241:42805
91.122.45.241:42805 TLS: Initial packet from 91.122.45.241:42805, sid=405a2a65 bb413dd3
91.122.45.241:42805 TLS Error: cannot locate HMAC in incoming packet from 91.122.45.241:42805
91.122.45.241:42805 Fatal TLS error (check_tls_errors_co), restarting
91.122.45.241:42805 SIGUSR1[soft,tls-error] received, client-instance restarting
TCP/UDP: Closing socket
MULTI: multi_create_instance called
Re-using SSL/TLS context