ubuntu 16.04 OpenVPN Server / Client

ubuntu 16.04 OpenVPN Server / Client

 

Reference site: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-18-04

 

OpenVPN 설치전 시스템 의 모든 패키지를 업데이트 합니다.

test@ubuntu-vpn:~$ sudo apt upgrade -y

 

OpenVPN 설치

test@ubuntu-vpn:~$ sudo apt install -y openvpn

 

EasyRSA 을 다운 받고 압축을 해제 합니다.

test@vpn-test:~$ wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz
test@vpn-test:~$ tar xvf EasyRSA-3.0.4.tgz
test@vpn-test:~$ cd EasyRSA-3.0.4/

 

vars 파일 을 카피 하고 수정 합니다.

test@ubuntu-vpn:~$ cd EasyRSA-3.0.4/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ cp vars.example vars
test@ubuntu-vpn:~/EasyRSA-3.0.4$ vi vars

~중략
set_var EASYRSA_REQ_COUNTRY     "US"
set_var EASYRSA_REQ_PROVINCE    "California"
set_var EASYRSA_REQ_CITY        "San Francisco"
set_var EASYRSA_REQ_ORG        "Copyleft Certificate Co"
set_var EASYRSA_REQ_EMAIL       "me@example.net"
set_var EASYRSA_REQ_OU          "My Organizational Unit"

 

수정된 vars 를 이용하여 ca 를 생성합니다.

pki 디렉토리 생성

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa init-pki

Note: using Easy-RSA configuration from: ./vars

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /home/test/EasyRSA-3.0.4/pki

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

nopass 옵션사용시 비밀번호 없이 설정을 진행 합니다.

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa build-ca nopass

Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
......................+++
....................................................................................................+++
writing new private key to '/home/test/EasyRSA-3.0.4/pki/private/ca.key.kMZbbLCFHN'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/home/test/EasyRSA-3.0.4/pki/ca.crt

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

Server 인증서 만들기

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa gen-req server nopass

Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
...............+++
.........................................................+++
writing new private key to '/home/test/EasyRSA-3.0.4/pki/private/server.key.smJLxpp4h4'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [server]:

Keypair and certificate request completed. Your files are:
req: /home/test/EasyRSA-3.0.4/pki/reqs/server.req
key: /home/test/EasyRSA-3.0.4/pki/private/server.key

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

server.key 파일 복사

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/private/server.key /etc/openvpn/

 

server.crt 파일 생성 yes 로 설정을 마무리 합니다.

yes 를 입력

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa sign-req server server

Note: using Easy-RSA configuration from: ./vars


You are about to sign the following certificate.
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.

Request subject, to be signed as a server certificate for 3650 days:

subject=
    commonName                = server


Type the word 'yes' to continue, or any other input to abort.
  Confirm request details: yes
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'server'
Certificate is to be certified until Nov  3 08:59:07 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Certificate created at: /home/test/EasyRSA-3.0.4/pki/issued/server.crt

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

crt 파일을 복사 합니다.

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/issued/server.crt /etc/openvpn/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/ca.crt /etc/openvpn/

 

Diffie-Hellman key 생성

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa gen-dh

Note: using Easy-RSA configuration from: ./vars
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
......................+
~중략


DH parameters of size 2048 created at /home/test/EasyRSA-3.0.4/pki/dh.pem

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

ta.key 를 생성

test@ubuntu-vpn:~/EasyRSA-3.0.4$ openvpn --genkey --secret ta.key
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp ta.key /etc/openvpn/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/dh.pem /etc/openvpn/

 

openvpn-config 디렉토리 생성 및 디렉토리 권한 설정

test@ubuntu-vpn:~/EasyRSA-3.0.4$ mkdir -p ~/openvpn-config/key
test@ubuntu-vpn:~/EasyRSA-3.0.4$ chmod -R 700 ~/openvpn-config

 

Client 인증서 생성

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa gen-req user01 nopass

Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
..................................................................................................................................................................+++
..................+++
writing new private key to '/home/test/EasyRSA-3.0.4/pki/private/user01.key.xoi765b604'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [user01]:

Keypair and certificate request completed. Your files are:
req: /home/test/EasyRSA-3.0.4/pki/reqs/user01.req
key: /home/test/EasyRSA-3.0.4/pki/private/user01.key

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

user01.key 를 카피 합니다.

test@ubuntu-vpn:~/EasyRSA-3.0.4$ cp pki/private/user01.key ~/openvpn-config/key/test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa sign-req client user01

Note: using Easy-RSA configuration from: ./vars


You are about to sign the following certificate.
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.

Request subject, to be signed as a client certificate for 3650 days:

subject=
    commonName                = user01


Type the word 'yes' to continue, or any other input to abort.
  Confirm request details: yes
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'user01'
Certificate is to be certified until Nov  3 09:06:29 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Certificate created at: /home/test/EasyRSA-3.0.4/pki/issued/user01.crt

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

user01 crt 파일 복사

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/issued/user01.crt ~/openvpn-config/key/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp ta.key ~/openvpn-config/key/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp /etc/openvpn/ca.crt ~/openvpn-config/key/

 

server.conf.gz 파일 카피 및 압축해제

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo gzip -d /etc/openvpn/server.conf.gz

 

server.conf 설정

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo vi /etc/openvpn/server.conf
tls-auth ta.key 0 # This file is secret
key-direction 0

cipher AES-128-CBC   # AES
auth SHA256

;dh dh2048.pem
dh dh.pem

user nobody
group nogroup

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

 

sysctl.conf 설정

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo sysctl -p
net.ipv4.ip_forward = 1

 

UFW 설정

Default G/W 로 사용되는 Nic Device 를 확인 합니다.

test@ubuntu-vpn:~$ ip route |grep default
default via 192.168.0.2 dev ens33

 

ufw 를 설정 합니다. 

test@ubuntu-vpn:~$ sudo vi /etc/ufw/before.rules
#   ufw-before-forward
#

# Don't delete these required lines, otherwise there will be errors
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# ens33 MASQUERADE Settins
-A POSTROUTING -s 10.8.0.0/8 -o ens33 -j MASQUERADE
COMMIT
# END OPENVPN RULES
#

 

/etc/default/ufw 설정

DROP => ACCEPT 로 변경 합니다.

test@ubuntu-vpn:~$ sudo vi /etc/default/ufw
#DEFAULT_FORWARD_POLICY="DROP"
DEFAULT_FORWARD_POLICY="ACCEPT"

 

ufw Service 추가 

test@ubuntu-vpn:~$ sudo ufw allow 1194/udp
Rules updated
Rules updated (v6)
test@ubuntu-vpn:~$ sudo ufw allow OpenSSH
Rules updated
Rules updated (v6)
test@ubuntu-vpn:~$ sudo ufw disable
Firewall stopped and disabled on system startup
test@ubuntu-vpn:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
test@ubuntu-vpn:~$

 

openvpn Server 활성화 및 구동

test@ubuntu-vpn:~$ sudo systemctl enable openvpn@server
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn@server.service to /lib/systemd/system/openvpn@.service.
test@ubuntu-vpn:~$ sudo systemctl start openvpn@server

 

ifconfig 확인시 tun0 Device 를 확인 할수 있습니다.

test@ubuntu-vpn:~$ ifconfig
ens33     Link encap:Ethernet  HWaddr 00:0c:29:18:c3:ea
          inet addr:192.168.0.12  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe18:c3ea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3098 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4223 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:729938 (729.9 KB)  TX bytes:531750 (531.7 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:176 errors:0 dropped:0 overruns:0 frame:0
          TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:13296 (13.2 KB)  TX bytes:13296 (13.2 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

test@ubuntu-vpn:~$

 

base.conf 설정

test@ubuntu-vpn:~$ mkdir ~/openvpn-config/files
test@ubuntu-vpn:~$ cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/openvpn-config/base.conf
test@ubuntu-vpn:~$ vi ~/openvpn-config/base.conf
remote 192.168.0.12 1194

user nobody
group nogroup


#ca ca.crt
#cert client.crt
#key client.key

cipher AES-256-CBC
auth SHA256
key-direction 1


# 최하단 

;mute 20


# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf

 

make_config.sh 스크립트 작성

test@ubuntu-vpn:~$ vi ~/openvpn-config/make_config.sh

#!/bin/bash

# First argument: Client identifier

KEY_DIR=~/openvpn-config/key
OUTPUT_DIR=~/openvpn-config/files
BASE_CONFIG=~/openvpn-config/base.conf

cat ${BASE_CONFIG} \
    <(echo -e '<ca>') \
    ${KEY_DIR}/ca.crt \
    <(echo -e '</ca>\n<cert>') \
    ${KEY_DIR}/${1}.crt \
    <(echo -e '</cert>\n<key>') \
    ${KEY_DIR}/${1}.key \
    <(echo -e '</key>\n<tls-auth>') \
    ${KEY_DIR}/ta.key \
    <(echo -e '</tls-auth>') \
    > ${OUTPUT_DIR}/${1}.ovpn


test@ubuntu-vpn:~$ chmod 700 ~/openvpn-config/make_config.sh

 

user01 계정 생성

test@ubuntu-vpn:~$ cd openvpn-config/
test@ubuntu-vpn:~/openvpn-config$ sudo ./make_config.sh user01
test@ubuntu-vpn:~/openvpn-config$ cd files/
test@ubuntu-vpn:~/openvpn-config/files$ sudo cp ../key/ta.key .
test@ubuntu-vpn:~/openvpn-config/files$ sudo chmod 644 ta.key

 

접속시 필요한 파일은 ~/openvpn-config/files 에 있습니다.

test@ubuntu-vpn:~$ ls -al openvpn-config/files/
total 24
drwxrwxr-x 2 test test  4096 Nov  6 18:19 .
drwx------ 4 test test  4096 Nov  6 18:17 ..
-rw-r--r-- 1 root root   636 Nov  6 18:19 ta.key
-rw-r--r-- 1 root root 11545 Nov  6 18:18 user01.ovpn
test@ubuntu-vpn:~$

 

Ubuntu OpenVPN Client

 

openvpn 설치

test@ubuntu-client:~$ sudo apt update
test@ubuntu-client:~$ sudo apt install -y openvpn
test@ubuntu-client:~$ sudo snap install easy-openvpn

 

user01 인증서 복사

test@ubuntu-vpn:~/openvpn-config/files$ scp user01.ovpn test@192.168.0.14:/home/test/openvpn/
test@ubuntu-vpn:~/openvpn-config/files$ scp ta.key  test@192.168.0.14:/home/test/openvpn/

 

접속 테스트 

test@ubuntu-client:~/openvpn$ sudo openvpn --config user01.ovpn

~중략
option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Wed Nov  7 15:56:52 2018 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov  7 15:56:52 2018 OPTIONS IMPORT: --ifconfig/up options modified
Wed Nov  7 15:56:52 2018 OPTIONS IMPORT: route options modified
Wed Nov  7 15:56:52 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Nov  7 15:56:52 2018 ROUTE_GATEWAY 192.168.0.2/255.255.255.0 IFACE=ens33 HWADDR=00:0c:29:0f:e7:2a
Wed Nov  7 15:56:52 2018 TUN/TAP device tun0 opened
Wed Nov  7 15:56:52 2018 TUN/TAP TX queue length set to 100
Wed Nov  7 15:56:52 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Nov  7 15:56:52 2018 /sbin/ip link set dev tun0 up mtu 1500
Wed Nov  7 15:56:52 2018 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Wed Nov  7 15:56:52 2018 /sbin/ip route add 192.168.0.12/32 dev ens33
Wed Nov  7 15:56:52 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Wed Nov  7 15:56:52 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Wed Nov  7 15:56:52 2018 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Wed Nov  7 15:56:52 2018 GID set to nogroup
Wed Nov  7 15:56:52 2018 UID set to nobody
Wed Nov  7 15:56:52 2018 Initialization Sequence Completed

 

정상적으로 vpn 에 접속시 tun0 Device 를 확인 할수 있습니다. 

test@ubuntu-client:~$ ifconfig
ens33     Link encap:Ethernet  HWaddr 00:0c:29:0f:e7:2a
          inet addr:192.168.0.14  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe0f:e72a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:918 errors:0 dropped:0 overruns:0 frame:0
          TX packets:763 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:102521 (102.5 KB)  TX bytes:155757 (155.7 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:176 errors:0 dropped:0 overruns:0 frame:0
          TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:13296 (13.2 KB)  TX bytes:13296 (13.2 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

test@ubuntu-client:~$

 

systemd 에 추가 

test@ubuntu-client:~/openvpn$ sudo vi /lib/systemd/system/openvpn-client.service
[Unit]
Description=test.com OpenVPN Kr Service
After=multi-user.target

[Service]
Type=idle
ExecStart=/usr/sbin/openvpn --config /home/test/openvpn/user01.ovpn

[Install]
WantedBy=multi-user.target

test@ubuntu-client:~/openvpn$ sudo chmod 644 /lib/systemd/system/openvpn-client.service

 

systemd 활성화 및 실행 

test@ubuntu-client:~/openvpn$ sudo systemctl daemon-reload
test@ubuntu-client:~/openvpn$ sudo systemctl enable openvpn-client
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn-client.service to /lib/systemd/system/openvpn-client.service.
test@ubuntu-client:~/openvpn$ sudo systemctl start openvpn-client
test@ubuntu-client:~/openvpn$ sudo systemctl status openvpn-client
● openvpn-client.service - test.com OpenVPN Kr Service
   Loaded: loaded (/lib/systemd/system/openvpn-client.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-11-07 16:02:04 KST; 32s ago
 Main PID: 2034 (openvpn)
    Tasks: 1
   Memory: 828.0K
      CPU: 35ms
   CGroup: /system.slice/openvpn-client.service
           └─2034 /usr/sbin/openvpn --config /home/test/openvpn/user01.ovpn

Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 ERROR: Linux route add command failed: external program exited
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 GID set to nogroup
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 UID set to nobody
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 Initialization Sequence Completed

 

시스템 리부팅 및 동작 확인 

test@ubuntu-client:~/openvpn$ sudo init 6
test@ubuntu-client:~$ ifconfig
ens33     Link encap:Ethernet  HWaddr 00:0c:29:0f:e7:2a
          inet addr:192.168.0.14  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe0f:e72a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:152 errors:0 dropped:0 overruns:0 frame:0
          TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:30427 (30.4 KB)  TX bytes:33460 (33.4 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:176 errors:0 dropped:0 overruns:0 frame:0
          TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:13296 (13.2 KB)  TX bytes:13296 (13.2 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:1216 (1.2 KB)

test@ubuntu-client:~$ systemctl status openvpn-client
● openvpn-client.service - test.com OpenVPN Kr Service
   Loaded: loaded (/lib/systemd/system/openvpn-client.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-11-07 16:04:43 KST; 7min ago
 Main PID: 1312 (openvpn)
    Tasks: 1
   Memory: 1.7M
      CPU: 157ms
   CGroup: /system.slice/openvpn-client.service
           └─1312 /usr/sbin/openvpn --config /home/test/openvpn/user01.ovpn

Nov 07 16:10:59 ubuntu-client openvpn[1312]: Wed Nov  7 16:10:59 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modifi
Nov 07 16:10:59 ubuntu-client openvpn[1312]: Wed Nov  7 16:10:59 2018 Preserving previous TUN/TAP instance: tun0
Nov 07 16:10:59 ubuntu-client openvpn[1312]: Wed Nov  7 16:10:59 2018 Initialization Sequence Completed
Nov 07 16:11:09 ubuntu-client openvpn[1312]: Wed Nov  7 16:11:09 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:20 ubuntu-client openvpn[1312]: Wed Nov  7 16:11:20 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:30 ubuntu-client openvpn[1312]: Wed Nov  7 16:11:30 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:40 ubuntu-client openvpn[1312]: Wed Nov  7 16:11:40 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:51 ubuntu-client openvpn[1312]: Wed Nov  7 16:11:51 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:12:01 ubuntu-client openvpn[1312]: Wed Nov  7 16:12:01 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:12:10 ubuntu-client openvpn[1312]: Wed Nov  7 16:12:10 2018 Authenticate/Decrypt packet error: cipher final failed

test@ubuntu-client:~$

 

Authenticate/Decrypt packet error: cipher final failed 메시지 발생시 설정 확인 필요.

 

 

 

댓글 남기기