1 最后由 carlkyo (2013-08-28 22:41:00) 编辑

主题: Integration/OpenVPN.iRedMail.with.OpenLDAP/CentOS

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:8.4
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):
- 使用的 Linux/BSD 发行版名称及版本号:centos 6
- 与您的问题相关的日志信息:
====
请问有学长学姐可以分享一下centos 6装openvpn的过程吗
网上的好乱
iRedMail的都过期了
http://www.iredmail.org/wiki/index.php? … DAP/CentOS
谢谢了


我自己还在试

回复: Integration/OpenVPN.iRedMail.with.OpenLDAP/CentOS

思路和步骤基本没变化。你说的“过期”指的是文档里 CentOS 用的是老版本?

3 最后由 carlkyo (2013-09-02 09:12:19) 编辑

回复: Integration/OpenVPN.iRedMail.with.OpenLDAP/CentOS

ZhangHuangbin 写道:

思路和步骤基本没变化。你说的“过期”指的是文档里 CentOS 用的是老版本?

ref  http://safesrv.net/install-openvpn-on-centos/
      https://www.digitalocean.com/community/ … n-centos-6
/usr/share/openvpn/easy-rsa/这个要自己另外下载的,本身没有,
service slapd restart

http://www.iredmail.org/wiki/index.php? … DAP/CentOS
还是这的比较清楚


最后还是不行

Mon Sep 02 09:04:01 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 02 09:04:01 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 02 09:04:01 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 02 09:04:01 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 02 09:04:01 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Sep 02 09:04:01 2013 [changeme] Peer Connection Initiated with [AF_INET]192.168.1.3:1194
Mon Sep 02 09:04:02 2013 MANAGEMENT: >STATE:1378083842,GET_CONFIG,,,
Mon Sep 02 09:04:03 2013 SENT CONTROL [changeme]: 'PUSH_REQUEST' (status=1)
Mon Sep 02 09:04:03 2013 AUTH: Received control message: AUTH_FAILED
Mon Sep 02 09:04:03 2013 SIGUSR1[soft,auth-failure] received, process restarting
Mon Sep 02 09:04:03 2013 MANAGEMENT: >STATE:1378083843,RECONNECTING,auth-failure,,
Mon Sep 02 09:04:03 2013 Restart pause, 2 second(s)

4 最后由 carlkyo (2013-09-02 10:52:16) 编辑

回复: Integration/OpenVPN.iRedMail.with.OpenLDAP/CentOS

Mon Sep 02 09:54:47 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Mon Sep 02 09:54:47 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Sep 02 09:54:47 2013 Need hold release from management interface, waiting...
Mon Sep 02 09:54:48 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Sep 02 09:54:48 2013 MANAGEMENT: CMD 'state on'
Mon Sep 02 09:54:48 2013 MANAGEMENT: CMD 'log all on'
Mon Sep 02 09:54:48 2013 MANAGEMENT: CMD 'hold off'
Mon Sep 02 09:54:48 2013 MANAGEMENT: CMD 'hold release'
Mon Sep 02 09:55:06 2013 MANAGEMENT: CMD 'username "Auth" "postmaster@sample.com"'
Mon Sep 02 09:55:06 2013 MANAGEMENT: CMD 'password [...]'
Mon Sep 02 09:55:06 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 02 09:55:06 2013 MANAGEMENT: >STATE:1378086906,RESOLVE,,,
Mon Sep 02 09:55:06 2013 UDPv4 link local: [undef]
Mon Sep 02 09:55:06 2013 UDPv4 link remote: [AF_INET]110.10.233.10:1194
Mon Sep 02 09:55:06 2013 MANAGEMENT: >STATE:1378086906,WAIT,,,
Mon Sep 02 09:55:06 2013 MANAGEMENT: >STATE:1378086906,AUTH,,,
Mon Sep 02 09:55:06 2013 TLS: Initial packet from [AF_INET]110.10.233.10:1194, sid=b9f5f145 043ed2b6
Mon Sep 02 09:55:06 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Sep 02 09:55:06 2013 VERIFY OK: depth=1, C=CN, ST=CN, L=CN, O=CN, OU=CN, CN=mail.sample.com, name=CVPN, emailAddress=support@sample.com
Mon Sep 02 09:55:06 2013 VERIFY OK: nsCertType=SERVER
Mon Sep 02 09:55:06 2013 VERIFY OK: depth=0, C=CN, ST=CN, L=CN, O=CN, OU=CN, CN=mail.sample.com, name=CVPN, emailAddress=support@sample.com
Mon Sep 02 09:55:06 2013 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
Mon Sep 02 09:55:06 2013 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
Mon Sep 02 09:55:06 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 02 09:55:06 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 02 09:55:06 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 02 09:55:06 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 02 09:55:06 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Sep 02 09:55:06 2013 [mail.sample.com] Peer Connection Initiated with [AF_INET]110.10.233.10:1194
Mon Sep 02 09:55:07 2013 MANAGEMENT: >STATE:1378086907,GET_CONFIG,,,
Mon Sep 02 09:55:08 2013 SENT CONTROL [mail.sample.com]: 'PUSH_REQUEST' (status=1)
Mon Sep 02 09:55:08 2013 AUTH: Received control message: AUTH_FAILED
Mon Sep 02 09:55:08 2013 SIGUSR1[soft,auth-failure] received, process restarting
Mon Sep 02 09:55:08 2013 MANAGEMENT: >STATE:1378086908,RECONNECTING,auth-failure,,
Mon Sep 02 09:55:08 2013 Restart pause, 2 second(s)

请问一下张大哥和各位
我照做了还是不行
一直要我登入
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so /etc/openvpn/auth/ldap.conf
client-cert-not-required
是这个出错了吗
谢谢

ref  https://forums.openvpn.net/topic10726.html

yum --enablerepo=epel -y install openvpn bridge-utils  ???这个要装吗

回复: Integration/OpenVPN.iRedMail.with.OpenLDAP/CentOS

重装了第三次
好像差不多成功了
Mon Sep 02 16:28:46 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep 02 16:28:46 2013 TLS Error: TLS handshake failed
Mon Sep 02 16:28:46 2013 SIGUSR1[soft,tls-error] received, process restarting
Mon Sep 02 16:28:46 2013 MANAGEMENT: >STATE:1378110526,RECONNECTING,tls-error,,
Mon Sep 02 16:28:46 2013 Restart pause, 2 second(s)
Mon Sep 02 16:28:48 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 02 16:28:48 2013 UDPv4 link local: [undef]
Mon Sep 02 16:28:48 2013 UDPv4 link remote: [AF_INET]192.168.1.147:1194
Mon Sep 02 16:28:48 2013 MANAGEMENT: >STATE:1378110528,WAIT,,,

回复: Integration/OpenVPN.iRedMail.with.OpenLDAP/CentOS

Tue Sep 03 13:56:17 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Sep 03 13:56:18 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Sep 03 13:56:18 2013 UDPv4 link local: [undef]
Tue Sep 03 13:56:18 2013 UDPv4 link remote: [AF_INET]192.168.1.147:1194
Tue Sep 03 13:56:18 2013 MANAGEMENT: >STATE:1378187778,WAIT,,,
Tue Sep 03 13:56:18 2013 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
張大哥
有空可以幫看看那錯了嗎
謝謝了

回复: Integration/OpenVPN.iRedMail.with.OpenLDAP/CentOS

carlkyo 写道:

Tue Sep 03 13:56:17 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

这里很清楚地说明了问题所在:No server certificate verification method has been enabled.

8 最后由 carlkyo (2013-09-04 16:15:05) 编辑

回复: Integration/OpenVPN.iRedMail.with.OpenLDAP/CentOS

Wed Sep 04 16:06:53 2013 UDPv4 link local: [undef]
Wed Sep 04 16:06:53 2013 UDPv4 link remote: [AF_INET]192.168.1.147:1194
Wed Sep 04 16:06:53 2013 MANAGEMENT: >STATE:1378282013,WAIT,,,
Wed Sep 04 16:07:53 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 04 16:07:53 2013 TLS Error: TLS handshake failed
试了几天,剩下的问题

回复: Integration/OpenVPN.iRedMail.with.OpenLDAP/CentOS

carlkyo 写道:

Wed Sep 04 16:06:53 2013 MANAGEMENT: >STATE:1378282013,WAIT,,,
Wed Sep 04 16:07:53 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 04 16:07:53 2013 TLS Error: TLS handshake failed

日志显示是 TLS key 传输超时了,检查网络连接。
似乎超时的时间是1分钟?

10 最后由 carlkyo (2013-09-16 12:48:05) 编辑

回复: Integration/OpenVPN.iRedMail.with.OpenLDAP/CentOS

ZhangHuangbin 写道:
carlkyo 写道:

Wed Sep 04 16:06:53 2013 MANAGEMENT: >STATE:1378282013,WAIT,,,
Wed Sep 04 16:07:53 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 04 16:07:53 2013 TLS Error: TLS handshake failed

日志显示是 TLS key 传输超时了,检查网络连接。
似乎超时的时间是1分钟?

read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
试了好多次都不行
大家有空都试下
谢谢了

Post's attachments

OpenVPN and ldap support.pdf 408.68 kb, 4 downloads since 2013-09-16 

You don't have the permssions to download the attachments of this post.