REASON: jaké komunikace - IP ? netflow sonda ?

skor ide o logovanie komunikacie

REASON:
/system logging action
set remote name=remote remote=1.2.3.4 target=remote
/system logging
add action=remote disabled=no prefix="" topics=warning
add action=remote disabled=no prefix="" topics=error
add action=remote disabled=no prefix="" topics=info


to hej ale nic neprichadza.
porty otvorene vsetko ako ma byt a predsa nic

REASON: v system/logging je moznost upravit nebo vytvorit akci typu "remote", ktera zpristupni zadani IP a portu serveru.

ole:)
viete mi poradit ako dostat logging z MK niekam na server?
dik

MIKZ: uz jsem trosku pokrocil...

v nastaveni serveru na MK jsem nemel usera, po doplneni to vypada trosku, ze se to posunulo, ale ted musim resit neco jineho...

projdou mi uz verify certifikatu, ale asi encoding nesedi...podivam se na to...ted uz alespon neco vypisuje i ten MK a da se nekam posunout

BREBER: nevím to tom, dělal jsem z něj jen klienta

a tun/tap ip/ethernet máš správně? zkusil bych snížit MTU, na ADSL třeba jsem se s výchozím mtu nepřipojil, zkus tak 1400, to snad musí fungovat všude

taky by možná chtělo ukázat ten config klienta a serveru

da se na tom MK nejak zapnout podrobnejsi logovani toho OVPN?

MIKZ: aha...rozvines to? :-)

asi byla povolena, ale po zakazu je to stejne

BREBER: tcp tam je, o je dobre, co komprese? ta nesmi byt povolena

MIKZ: práve že nic, server je na Mikrotiku, ale je tam je TCP connection established from...a to stále dokola, jak se zkousu klient pripojit

BREBER: a server říká něco?

AHARAZ: tady je, jen podotykam, ze jsem k tomuto reseni byl vicemene dotlacen...mel jsem tam PPTP, ale to nevyhovuje :-(

log:

Thu Jun 16 10:42:46 2011 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Thu Jun 16 10:42:46 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 16 10:42:46 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 16 10:42:46 2011 LZO compression initialized
Thu Jun 16 10:42:46 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 16 10:42:47 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 16 10:42:47 2011 Local Options hash (VER=V4): '69109d17'
Thu Jun 16 10:42:47 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Jun 16 10:42:47 2011 Attempting to establish TCP connection with 212.71.152.195:1194
Thu Jun 16 10:42:47 2011 TCP connection established with 212.71.152.195:1194
Thu Jun 16 10:42:47 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jun 16 10:42:47 2011 TCPv4_CLIENT link local: [undef]
Thu Jun 16 10:42:47 2011 TCPv4_CLIENT link remote: 212.71.152.195:1194
Thu Jun 16 10:42:48 2011 Connection reset, restarting [-1]
Thu Jun 16 10:42:48 2011 TCP/UDP: Closing socket
Thu Jun 16 10:42:48 2011 SIGUSR1[soft,connection-reset] received, process restarting
Thu Jun 16 10:42:48 2011 Restart pause, 5 second(s)
Thu Jun 16 10:42:53 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 16 10:42:53 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 16 10:42:53 2011 Re-using SSL/TLS context
Thu Jun 16 10:42:53 2011 LZO compression initialized
Thu Jun 16 10:42:53 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 16 10:42:53 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 16 10:42:53 2011 Local Options hash (VER=V4): '69109d17'
Thu Jun 16 10:42:53 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Jun 16 10:42:53 2011 Attempting to establish TCP connection with 212.71.152.195:1194
Thu Jun 16 10:42:53 2011 TCP connection established with 212.71.152.195:1194
Thu Jun 16 10:42:53 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jun 16 10:42:53 2011 TCPv4_CLIENT link local: [undef]
Thu Jun 16 10:42:53 2011 TCPv4_CLIENT link remote: 212.71.152.195:1194
Thu Jun 16 10:42:53 2011 Connection reset, restarting [0]
Thu Jun 16 10:42:53 2011 TCP/UDP: Closing socket
Thu Jun 16 10:42:53 2011 SIGUSR1[soft,connection-reset] received, process restarting
Thu Jun 16 10:42:53 2011 Restart pause, 5 second(s)
Thu Jun 16 10:42:58 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 16 10:42:58 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 16 10:42:58 2011 Re-using SSL/TLS context
Thu Jun 16 10:42:58 2011 LZO compression initialized
Thu Jun 16 10:42:58 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 16 10:42:58 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 16 10:42:58 2011 Local Options hash (VER=V4): '69109d17'
Thu Jun 16 10:42:58 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Jun 16 10:42:58 2011 Attempting to establish TCP connection with 212.71.152.195:1194
Thu Jun 16 10:42:58 2011 TCP/UDP: Closing socket
Thu Jun 16 10:42:58 2011 SIGTERM[hard,init_instance] received, process exiting

AHARAZ: ja delal certifikaty rovnez pres easy-rsa na win z OpenVPN .net

log hodim

BREBER: Jen z WinXP? koukal jsi jake jine tunely MK umi, je OpenVPN spravna volba? To se mne vzdycky ptali ostatni ;-)
Ad spojeni muzes-li dej konec logu z klienta.

MARECEK: Ja vzdy delal certifikaty pomoci easy-rsa na Linuxu, jinou zkusenost nemam...

MARECEK: vlastní CA a vlastní certifikáty
tak to dělám já

BREBER: resim ted uplne to samy.... mate nekdo nejakej lepsi postup nez je na wiki mikrotiku? hlavne okolo tech certifikatu...

se mi klient pripoji, probehne nejaky inicializacni proces, ale pak je spojeni resetovano a klient se spojuje znova :-(
nedojde ani na heslo a td

AHARAZ: optrebuju na MK rozjet OVPN ke kterymu se budu pripojovat z WinXP