LINUX.ORG.RU
ФорумGeneral

Openvpn, cipher

 


0

1

При поднятии туннеля на клиенте в логах появляется строчка assertion failed at crypto.c:196 и туннель не поднимается. Что это может быть за ошибка и как ее можно исправить?

Проблема загрузки музыкальных треков в канал
Жесткий диск

Версия ОС, версия OpenVPN, логи подключения. У штатных экстрасенсов авитаминоз весенний.

Radjah ★★★★★
()
Ответ на: комментарий от Radjah

Версия ос Linux 3.2.0-27-generic

Версия openvpn 2.2.1

Лог клиента через пару минут скину

sarrazin
() автор топика
Ответ на: комментарий от Radjah

сервер 

port 1194
proto tcp-server
dev tun
#sndbuf 0
#rcvbuf 0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem

engine gost

cipher gost89
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.8.0 255.255.255.0"
route-gateway 10.8.0.1

topology subnet
tls-server
tls-auth ta.key 0
tls-timeout 120
auth gost-mac
#tls-cipher GOST2001-GOST89-GOST89


client-to-client
client-config-dir ccd
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.115.2"
keepalive 10 120

comp-lzo
#user nobody
#group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 4
mute 20
script-security 2
# 192.168.8.156 255.255.255.0
[\code]

client



client
port 1194
dev tun
proto tcp-client
#sndbuf 0
#rcvbuf 0

ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
dh /etc/openvpn/dh1024.pem


engine gost

cipher gost89
remote 192.168.8.156 

tls-client
tls-auth ta.key 1
auth gost-mac
#ns-cert-type server

keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
#resolv-retry infinite
#nobind
verb 4
mute 20
script-security 2
remote-cert-tls server 
[\code]
sarrazin
() автор топика
Ответ на: комментарий от Radjah

log server 

Thu Apr  5 13:35:15 2018 us=832524 Current Parameter Settings:
Thu Apr  5 13:35:15 2018 us=832672   config = '/etc/openvpn/server.conf'
Thu Apr  5 13:35:15 2018 us=832689   mode = 1
Thu Apr  5 13:35:15 2018 us=832703   persist_config = DISABLED
Thu Apr  5 13:35:15 2018 us=832716   persist_mode = 1
Thu Apr  5 13:35:15 2018 us=832730   show_ciphers = DISABLED
Thu Apr  5 13:35:15 2018 us=832743   show_digests = DISABLED
Thu Apr  5 13:35:15 2018 us=832756   show_engines = DISABLED
Thu Apr  5 13:35:15 2018 us=832770   genkey = DISABLED
Thu Apr  5 13:35:15 2018 us=832783   key_pass_file = '[UNDEF]'
Thu Apr  5 13:35:15 2018 us=832796   show_tls_ciphers = DISABLED
Thu Apr  5 13:35:15 2018 us=832809 Connection profiles [default]:
Thu Apr  5 13:35:15 2018 us=832823   proto = tcp-server
Thu Apr  5 13:35:15 2018 us=832836   local = '[UNDEF]'
Thu Apr  5 13:35:15 2018 us=832850   local_port = 1194
Thu Apr  5 13:35:15 2018 us=832863   remote = '[UNDEF]'
Thu Apr  5 13:35:15 2018 us=832877   remote_port = 1194
Thu Apr  5 13:35:15 2018 us=832890   remote_float = DISABLED
Thu Apr  5 13:35:15 2018 us=832903   bind_defined = DISABLED
Thu Apr  5 13:35:15 2018 us=832916   bind_local = ENABLED
Thu Apr  5 13:35:15 2018 us=832929 NOTE: --mute triggered...
Thu Apr  5 13:35:15 2018 us=832960 260 variation(s) on previous 20 message(s) suppressed by --mute
Thu Apr  5 13:35:15 2018 us=832987 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 22 2012
Thu Apr  5 13:35:15 2018 us=833243 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Apr  5 13:35:15 2018 us=855590 Initializing OpenSSL support for engine 'gost'
Thu Apr  5 13:35:15 2018 us=857706 Diffie-Hellman initialized with 1024 bit key
Thu Apr  5 13:35:15 2018 us=858136 WARNING: file '/etc/openvpn/server.key' is group or others accessible
Thu Apr  5 13:35:15 2018 us=858768 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Apr  5 13:35:15 2018 us=858828 Outgoing Control Channel Authentication: Using 32 bit message hash 'gost-mac' for HMAC authentication
Thu Apr  5 13:35:15 2018 us=858856 Incoming Control Channel Authentication: Using 32 bit message hash 'gost-mac' for HMAC authentication
Thu Apr  5 13:35:15 2018 us=858886 TLS-Auth MTU parms [ L:1525 D:152 EF:52 EB:0 ET:0 EL:0 ]
Thu Apr  5 13:35:15 2018 us=858963 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Apr  5 13:35:15 2018 us=867234 TUN/TAP device tun0 opened
Thu Apr  5 13:35:15 2018 us=867306 TUN/TAP TX queue length set to 100
Thu Apr  5 13:35:15 2018 us=867332 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr  5 13:35:15 2018 us=867378 /sbin/ifconfig tun0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Thu Apr  5 13:35:15 2018 us=894248 Data Channel MTU parms [ L:1525 D:1450 EF:25 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Apr  5 13:35:15 2018 us=902754 Listening for incoming TCP connection on [undef]
Thu Apr  5 13:35:15 2018 us=903006 TCPv4_SERVER link local (bound): [undef]
Thu Apr  5 13:35:15 2018 us=903022 TCPv4_SERVER link remote: [undef]
Thu Apr  5 13:35:15 2018 us=903097 MULTI: multi_init called, r=256 v=256
Thu Apr  5 13:35:15 2018 us=903463 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Thu Apr  5 13:35:15 2018 us=903503 IFCONFIG POOL LIST
Thu Apr  5 13:35:15 2018 us=903565 MULTI: TCP INIT maxclients=1024 maxevents=1028
Thu Apr  5 13:35:15 2018 us=903679 Initialization Sequence Completed
Thu Apr  5 13:45:23 2018 us=916926 MULTI: multi_create_instance called
Thu Apr  5 13:45:23 2018 us=917210 Re-using SSL/TLS context
Thu Apr  5 13:45:23 2018 us=917487 LZO compression initialized
Thu Apr  5 13:45:23 2018 us=918328 Control Channel MTU parms [ L:1525 D:152 EF:52 EB:0 ET:0 EL:0 ]
Thu Apr  5 13:45:23 2018 us=918385 Data Channel MTU parms [ L:1525 D:1450 EF:25 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Apr  5 13:45:23 2018 us=918542 Local Options String: 'V4,dev-type tun,link-mtu 1525,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher gost89,auth gost-mac,keysize 256,tls-auth,key-method 2,tls-server'
Thu Apr  5 13:45:23 2018 us=918577 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1525,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher gost89,auth gost-mac,keysize 256,tls-auth,key-method 2,tls-client'
Thu Apr  5 13:45:23 2018 us=918713 Local Options hash (VER=V4): '9f78c956'
Thu Apr  5 13:45:23 2018 us=918735 Expected Remote Options hash (VER=V4): '1ea73d16'
Thu Apr  5 13:45:23 2018 us=918799 TCP connection established with [AF_INET]192.168.8.157:47260
Thu Apr  5 13:45:23 2018 us=918827 TCPv4_SERVER link local: [undef]
Thu Apr  5 13:45:23 2018 us=918862 TCPv4_SERVER link remote: [AF_INET]192.168.8.157:47260
Thu Apr  5 13:45:24 2018 us=901315 192.168.8.157:47260 Connection reset, restarting [0]
Thu Apr  5 13:45:24 2018 us=901401 192.168.8.157:47260 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Apr  5 13:45:24 2018 us=901629 TCP/UDP: Closing socket
Thu Apr  5 13:53:58 2018 us=522406 MULTI: multi_create_instance called
Thu Apr  5 13:53:58 2018 us=522596 Re-using SSL/TLS context
Thu Apr  5 13:53:58 2018 us=522682 LZO compression initialized
Thu Apr  5 13:53:58 2018 us=522864 Control Channel MTU parms [ L:1525 D:152 EF:52 EB:0 ET:0 EL:0 ]
Thu Apr  5 13:53:58 2018 us=522899 Data Channel MTU parms [ L:1525 D:1450 EF:25 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Apr  5 13:53:58 2018 us=522994 Local Options String: 'V4,dev-type tun,link-mtu 1525,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher gost89,auth gost-mac,keysize 256,tls-auth,key-method 2,tls-server'
Thu Apr  5 13:53:58 2018 us=523011 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1525,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher gost89,auth gost-mac,keysize 256,tls-auth,key-method 2,tls-client'
Thu Apr  5 13:53:58 2018 us=523040 Local Options hash (VER=V4): '9f78c956'
Thu Apr  5 13:53:58 2018 us=523061 Expected Remote Options hash (VER=V4): '1ea73d16'
Thu Apr  5 13:53:58 2018 us=523104 TCP connection established with [AF_INET]192.168.8.157:47261
Thu Apr  5 13:53:58 2018 us=523128 TCPv4_SERVER link local: [undef]
Thu Apr  5 13:53:58 2018 us=523145 TCPv4_SERVER link remote: [AF_INET]192.168.8.157:47261
Thu Apr  5 13:53:59 2018 us=507187 192.168.8.157:47261 Connection reset, restarting [0]
Thu Apr  5 13:53:59 2018 us=507290 192.168.8.157:47261 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Apr  5 13:53:59 2018 us=507373 TCP/UDP: Closing socket
Thu Apr  5 13:54:24 2018 us=481090 MULTI: multi_create_instance called
Thu Apr  5 13:54:24 2018 us=504179 Re-using SSL/TLS context
Thu Apr  5 13:54:24 2018 us=504206 LZO compression initialized
Thu Apr  5 13:54:24 2018 us=504387 Control Channel MTU parms [ L:1525 D:152 EF:52 EB:0 ET:0 EL:0 ]
Thu Apr  5 13:54:24 2018 us=504414 Data Channel MTU parms [ L:1525 D:1450 EF:25 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Apr  5 13:54:24 2018 us=504460 Local Options String: 'V4,dev-type tun,link-mtu 1525,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher gost89,auth gost-mac,keysize 256,tls-auth,key-method 2,tls-server'
Thu Apr  5 13:54:24 2018 us=504476 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1525,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher gost89,auth gost-mac,keysize 256,tls-auth,key-method 2,tls-client'
Thu Apr  5 13:54:24 2018 us=504497 Local Options hash (VER=V4): '9f78c956'
Thu Apr  5 13:54:24 2018 us=504516 Expected Remote Options hash (VER=V4): '1ea73d16'
Thu Apr  5 13:54:24 2018 us=504552 TCP connection established with [AF_INET]192.168.8.157:47262
Thu Apr  5 13:54:24 2018 us=504570 TCPv4_SERVER link local: [undef]
Thu Apr  5 13:54:24 2018 us=504586 TCPv4_SERVER link remote: [AF_INET]192.168.8.157:47262
Thu Apr  5 13:54:25 2018 us=491258 192.168.8.157:47262 Connection reset, restarting [0]
Thu Apr  5 13:54:25 2018 us=491335 192.168.8.157:47262 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Apr  5 13:54:25 2018 us=491408 TCP/UDP: Closing socket
[\code]

sarrazin
() автор топика
Ответ на: комментарий от Radjah

log client 

Thu Apr  5 13:54:24 2018 us=298606 Current Parameter Settings:
Thu Apr  5 13:54:24 2018 us=298816   config = '/etc/openvpn/client1.conf'
Thu Apr  5 13:54:24 2018 us=298833   mode = 0
Thu Apr  5 13:54:24 2018 us=298847   persist_config = DISABLED
Thu Apr  5 13:54:24 2018 us=298861   persist_mode = 1
Thu Apr  5 13:54:24 2018 us=298874   show_ciphers = DISABLED
Thu Apr  5 13:54:24 2018 us=298888   show_digests = DISABLED
Thu Apr  5 13:54:24 2018 us=298901   show_engines = DISABLED
Thu Apr  5 13:54:24 2018 us=298914   genkey = DISABLED
Thu Apr  5 13:54:24 2018 us=298928   key_pass_file = '[UNDEF]'
Thu Apr  5 13:54:24 2018 us=298941   show_tls_ciphers = DISABLED
Thu Apr  5 13:54:24 2018 us=298954 Connection profiles [default]:
Thu Apr  5 13:54:24 2018 us=298968   proto = tcp-client
Thu Apr  5 13:54:24 2018 us=298981   local = '[UNDEF]'
Thu Apr  5 13:54:24 2018 us=298995   local_port = 0
Thu Apr  5 13:54:24 2018 us=299008   remote = '192.168.8.156'
Thu Apr  5 13:54:24 2018 us=299022   remote_port = 1194
Thu Apr  5 13:54:24 2018 us=299035   remote_float = DISABLED
Thu Apr  5 13:54:24 2018 us=299049   bind_defined = DISABLED
Thu Apr  5 13:54:24 2018 us=299062   bind_local = DISABLED
Thu Apr  5 13:54:24 2018 us=299075 NOTE: --mute triggered...
Thu Apr  5 13:54:24 2018 us=299105 253 variation(s) on previous 20 message(s) suppressed by --mute
Thu Apr  5 13:54:24 2018 us=299132 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 22 2012
Thu Apr  5 13:54:24 2018 us=299391 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Apr  5 13:54:24 2018 us=300330 Initializing OpenSSL support for engine 'gost'
Thu Apr  5 13:54:24 2018 us=301133 WARNING: file '/etc/openvpn/client1.key' is group or others accessible
Thu Apr  5 13:54:24 2018 us=301757 WARNING: file 'ta.key' is group or others accessible
Thu Apr  5 13:54:24 2018 us=301774 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Apr  5 13:54:24 2018 us=301857 Outgoing Control Channel Authentication: Using 32 bit message hash 'gost-mac' for HMAC authentication
Thu Apr  5 13:54:24 2018 us=301895 Incoming Control Channel Authentication: Using 32 bit message hash 'gost-mac' for HMAC authentication
Thu Apr  5 13:54:24 2018 us=328158 LZO compression initialized
Thu Apr  5 13:54:24 2018 us=328386 Control Channel MTU parms [ L:1525 D:152 EF:52 EB:0 ET:0 EL:0 ]
Thu Apr  5 13:54:24 2018 us=328475 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Apr  5 13:54:24 2018 us=328498 Data Channel MTU parms [ L:1525 D:1450 EF:25 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Apr  5 13:54:24 2018 us=328532 Local Options String: 'V4,dev-type tun,link-mtu 1525,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher gost89,auth gost-mac,keysize 256,tls-auth,key-method 2,tls-client'
Thu Apr  5 13:54:24 2018 us=328547 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1525,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher gost89,auth gost-mac,keysize 256,tls-auth,key-method 2,tls-server'
Thu Apr  5 13:54:24 2018 us=328578 Local Options hash (VER=V4): '1ea73d16'
Thu Apr  5 13:54:24 2018 us=328597 Expected Remote Options hash (VER=V4): '9f78c956'
Thu Apr  5 13:54:24 2018 us=333424 Attempting to establish TCP connection with [AF_INET]192.168.8.156:1194 [nonblock]
Thu Apr  5 13:54:25 2018 us=334394 TCP connection established with [AF_INET]192.168.8.156:1194
Thu Apr  5 13:54:25 2018 us=334465 TCPv4_CLIENT link local: [undef]
Thu Apr  5 13:54:25 2018 us=334490 TCPv4_CLIENT link remote: [AF_INET]192.168.8.156:1194
Thu Apr  5 13:54:25 2018 us=335090 Assertion failed at crypto.c:196
Thu Apr  5 13:54:25 2018 us=335117 Exiting
[\code]

sarrazin
() автор топика
Ответ на: комментарий от Tanger

Там просто меняют алгоритм шифрования. Так у меня тоже работает. Я хочу по ГОСТу все шифровать, а никак не получается

sarrazin
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Проблема загрузки музыкальных треков в канал
General
Жесткий диск