TOTAL
Depuis Dec 2006
1'942'871 Visiteurs
4'218'042 Pages

Stats Nov 2010
82'909 Visiteurs
146'476 Pages
196 pays
Statistiques completes



Aidez-nous à traduire
nos tutoriaux!

REJOINGNEZ
l'équipe OpenManiak.
OPENVPN - Le Tutorial Facile - Ethernet IP

OpenVPN Ethernet VPN
Dernière modif: Dec 20 2007


Outil
Installation
Ergonomie
Forum



Détails OpenVPN, c'est quoi?
Captures d'écran
Prérequis & Installation
Tutorial OpenVPN
-----MODE DE SECURITÉ -----------
Tunnel transparent
Clef statique
SSL & PKI (certificats)
-----ÉTUDE DE CAS-----------
VPN IP (TUN)
VPN Ethernet (TAP)
Configurations VPN avancées
----------------
Bridging
Routing



⚠️⚠️⚠️
Please check our website about
attractions in Western Switzerland !! (Please use english translation).

⚠️⚠️⚠️
Merci de consulter notre site sur les
activités à faire en Suisse romande !!



Ethernet IP

Dans ce scénario, nous allons créer un tunnel OpenVPN dans le mode pont ou Ethernet avec un paramètrage minimum.
Une machine Microsoft Windows est utilisée en tant que client OpenVPN, un système en tant que serveur OpenVPN.

L'autre mode de tunnel OpenVPN est appelé mode IP ou routé. Voir une étude de cas à propos de ce mode.


1. PAS DE SECURITÉ 2. CLEFS PARTAGÉES 3. SSL


1. PAS DE SECURITÉ

trouvez plus d'informations à propos d'OpenVPN en mode transparent.
Référez-vous au tutorial OpenVPN pour des explications à propos des configurations.

BOITIÉ VPN WINDOWS - CLIENT OPENVPN:

fichier de configuration:
La configuration ci-dessous est stockée dans le fichier "C:\Program Files\OpenVPN\config\client.txt".

# OpenVPN server
remote 100.0.0.2
# Tunnel mode
dev tap
# IP addresses
ifconfig 10.8.0.2 10.8.0.1
# Cipher mode
cipher none
# Authentification mode
auth none
# Log verbosity
verb 2

Lancement d'OpenVPN

C:\Program Files\OpenVPN\config>openvpn client.txt

Sortie du journal:

1



2



5/6
7
8





9
10
11
12
OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
IMPORTANT: OpenVPN's default port number is now 1194, based on an official
   port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the
   default port.
******* WARNING *******: all encryption and authentication features disabled -- all data
   will be tunnelled as cleartext
TAP-WIN32 device [Connexion au réseau local 3] opened: \\.\Global\{928ACEB1-D160-420A-ADD6-A72E816FC022}.tap
TAP-Win32 MTU=1500
Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on
   interface {928ACEB1-D160-420A-ADD6-A72E816FC022} [DHCP-serv: 10.8.0.1,
   lease-time:31536000]
Successful ARP Flush on interface [3] {928ACEB1-D160-420A-ADD6-A72E816FC022}
Data Channel MTU parms [ L:1500 D:1450 EF:0 EB:4 ET:0 EL:0 ]
Local Options hash (VER=V4): '00f97e1a'
Expected Remote Options hash (VER=V4): '7cef60b0'
UDPv4 link local (bound): [undef]:1194
UDPv4 link remote: 100.0.0.2:1194
Peer Connection Initiated with 100.0.0.2:1194
Initialization Sequence Completed
Légende:

1.
2.
3.
4.
Version OpenVPN
Mode de security
Algorythme de chiffrement
Algorythme de hachage
5.
6.
7.
8.
Pilotes TUN/TAP
MTU du Tunnel
IP locale du Tunnel
IP distante du tunnel
9.
10.
11.
12
Port TCP ou UDP
IP du serveur OpenVPN
Equipement OpenVPN distant
Status OpenVPN

BOITIÉ VPN LINUX - SERVEUR OPENVPN:
La configuration ci-dessous est stockée dans le fichier "/etc/openvpn/server.txt".

# Mode tunnel
dev tap
# Adresses IP
ifconfig 10.8.0.1 10.8.0.2
# Mode de chiffrement
cipher none
# Mode d'authentification
auth none
# Verbosité du journal
verb 2

Lancement d'OpenVPN

/etc/openvpn#openvpn server.txt

Lisez des informations sur l'utilisation des scripts de démarrage OpenVPN.

Sortie du journal:

1




5
7/8
6


9

10
12
OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on May 21 2007
IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number
   assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
******* WARNING *******: all encryption and authentication features disabled -- all data
   will be tunnelled as cleartext
TUN/TAP device tap0 opened
ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Data Channel MTU parms [ L:1500 D:1450 EF:0 EB:4 ET:0 EL:0 ]
Local Options hash (VER=V4): '7cef60b0'
Expected Remote Options hash (VER=V4): '00f97e1a'
UDPv4 link local (bound): [undef]:1194
UDPv4 link remote: [undef]
Peer Connection Initiated with 50.0.0.2:1194
Initialization Sequence Completed
Poursuivez avec les statistiques réseaux

Haut de la page


2. CLEFS PARTAGÉES

Trouver des explications à propos d'OpenVPN en mode clef partagée pour savoir comment créer des clefs statiques ou pour obtenir plus d'informations.
Référez-vous au tutorial OpenVPN pour des explications à propos des configurations.

BOITIÉ VPN WINDOWS - CLIENT OPENVPN:

Fichier de configuration:
La configuration ci-dessous est stockée dans le fichier "C:\Program Files\OpenVPN\config\client.txt".

# Serveur OpenVPN
remote 100.0.0.2
# Mode tunnel
dev tap
# Adresses IP
ifconfig 10.8.0.2 10.8.0.1
# Clef partagée
secret "C:\\Program Files\\OpenVPN\\config\\key.txt"
# Verbosité du journal
verb 2

Lancement d'OpenVPN

C:\Program Files\OpenVPN\config>openvpn client.txt

Log output:

1


2/3
4


5

6
7
8





9
10

12
OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
IMPORTANT: OpenVPN's default port number is now 1194, based on an official port num.
   assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
TAP-WIN32 device [Local Area Connection 5] opened:
   \\.\Global\{E2D87AAD-28F7-432E-8A00-5E67BE6DD464}.tap
TAP-Win32 MTU=1500
Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on
   interface {E2D87AAD-28F7-432E-8A00-5E67BE6DD464} [DHCP-serv: 10.8.0.1,
   lease-time: 31536000]
Successful ARP Flush on interface [4] {E2D87AAD-28F7-432E-8A00-5E67BE6DD464}
Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:4 ET:0 EL:0 ]
Local Options hash (VER=V4): 'd3880969'
Expected Remote Options hash (VER=V4): 'c41bf3b8'
UDPv4 link local (bound): [undef]:1194
UDPv4 link remote: 100.0.0.2:1194
Peer Connection Initiated with 100.0.0.2:1194
Initialization Sequence Completed
Légende:

1.
2.
3.
4.
Version OpenVPN
Mode de security
Algorythme de chiffrement
Algorythme de hachage
5.
6.
7.
8.
Pilotes TUN/TAP
MTU du Tunnel
IP locale du Tunnel
IP distante du tunnel
9.
10.
11.
12
Port TCP ou UDP
IP du serveur OpenVPN
Equipement OpenVPN distant
Status OpenVPN

BOITIÉ VPN LINUX - SERVEUR OPENVPN:
La configuration ci-dessous est stockée dans le fichier "/etc/openvpn/server.txt".

# Mode tunnel
dev tap
# Adresses IP
ifconfig 10.8.0.1 10.8.0.2
# Clef partagée
secret /home/user/key.txt
# Verbosité du journal
verb 2

Lancement d'OpenVPN

/etc/openvpn#openvpn server.txt

Lisez des informations sur l'utilisation des scripts de démarrage OpenVPN.

Sortie du journal :

1



2/3
4


5
6/7
8


10

11
12
OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Mar 2 2007
IMPORTANT: OpenVPN's default port number is now 1194, based on an official port num.
   assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
WARNING: file '/home/po/key.txt' is group or others accessible
Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
TUN/TAP device tap0 opened
ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:4 ET:0 EL:0 ]
Local Options hash (VER=V4): 'c41bf3b8'
Expected Remote Options hash (VER=V4): 'd3880969'
UDPv4 link local (bound): [undef]:1194
UDPv4 link remote: [undef]
Peer Connection Initiated with 50.0.0.2:1194
Initialization Sequence Completed
Poursuivez avec les statistiques réseaux

Haut de la page


3. SSL

Lisez la page consacrée à OpenVPN en mode SSL pour savoir comment créer des clefs et certificats ou pour trouver plus d'information.
Référez-vous au tutorial OpenVPN pour trouver des explications sur les configurations.

BOITIÉ VPN WINDOWS - CLIENT OPENVPN :

Fichier de configuration:
La configuration ci-dessous est stockée dans le fichoer "C:\Program Files\OpenVPN\config\client.txt".

# TLS mode - client
tls-client
# openVPN server
remote 100.0.0.2
# Tunnel mode
dev tap
# IP addresses
ifconfig 10.8.0.2 10.8.0.1
# CA certificate
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
# client certificate
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
# client private key
key "C:\\Program Files\\OpenVPN\easy-rsa\\keys\\server.key"
# Log verbosity
verb 2

Lancement d'OpenVPN

C:\Program Files\OpenVPN\config>openvpn client.txt

Sortie du journal:

1






5

6
7
8




9
10


15

14

3
4


2
11
12
OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
IMPORTANT: OpenVPN's default port number is now 1194, based on an official port
   number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default
   port.
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
TAP-WIN32 device [Connexion au réseau local 3] opened: \\.\Global\{928ACEB1-D160-420A-ADD6-A72E816FC022}.tap
TAP-Win32 MTU=1500
Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on
   interface {928ACEB1-D160-420A-ADD6-A72E816FC022} [DHCP-serv: 10.8.0.1,
   lease-time: 31536000]
Successful ARP Flush on interface [3] {928ACEB1-D160-420A-ADD6-A72E816FC022}
Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Local Options hash (VER=V4): '4685920e'
Expected Remote Options hash (VER=V4): '2e130e6f'
UDPv4 link local (bound): [undef]:1194
UDPv4 link remote: 100.0.0.2:1194
TLS Error: local/remote TLS keys are out of sync: 100.0.0.2:1194 [0]
VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=OpenManiak/
   CN=OpenManiak_CA/emailAddress=me@myhost.mydomain
VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=OpenManiak/
   CN=server/emailAddress=me@myhost.mydomain
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[server] Peer Connection Initiated with 100.0.0.2:1194
Initialization Sequence Completed
Légende:

1.
2.
3.
4.
Version OpenVPN
Mode de security
Algorythme de chiffrement
Algorythme de hachage
5.
6.
7.
8.
Pilotes TUN/TAP
MTU du Tunnel
IP locale du Tunnel
IP distante du tunnel
9.
10.
11.
12
Port TCP ou UDP
IP du serveur OpenVPN
Equipement OpenVPN distant
Status OpenVPN
13.
14.
15.
Certificat client
Certificat serveur
Certificat du CA
BOITIÉ VPN LINUX - SERVEUR OPENVPN:
La configuration est stockée dans le fichier "/etc/openvpn/server.txt".

# TLS mode - server
tls-server
# Tunnel mode
dev tap
# IP addresses
ifconfig 10.8.0.1 10.8.0.2
# CA certificate
ca ca.crt
# server certificate
cert client.crt
# server private key
key server.key
# Diffie-Hellman Settings
dh dh1024.pem
# Log verbosity
verb 2

Lancement d'OpenVPN

/etc/openvpn#openvpn server.txt

Lisez des informations sur l'utilisation des scripts de démarrage OpenVPN.

Log output:

1




5
6/7
8


9

15

13

3
4


2
11
12
OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on May 21 2007
IMPORTANT: OpenVPN's default port number is now 1194, based on an official port
   number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default
   port.
Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
TUN/TAP device tap0 opened
ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Local Options hash (VER=V4): '2e130e6f'
Expected Remote Options hash (VER=V4): '4685920e'
UDPv4 link local (bound): [undef]:1194
UDPv4 link remote: [undef]
VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=OpenManiak/
   CN=OpenManiak_CA/emailAddress=me@myhost.mydomain
VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=OpenManiak/
   CN=client/emailAddress=me@myhost.mydomain
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[client] Peer Connection Initiated with 50.0.0.2:1194
Initialization Sequence Completed
Poursuivez avec les statistiques réseaux

Haut de la page


STATISTIQUES RÉSEAUX : (similaires pour les trois études de cas)

INTERFACES:

Client OpenVPN  C:\>ipconfig

Windows IP Configuration
     
Ethernet adapter Local Area Connection:
     
  Connection-specific DNS Suffix . :
  IP Address. . . . . . . . . . . . . . . : 50.0.0.2
  Subnet Mask . . . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . . . : 50.0.0.1
     
Ethernet adapter Local Area Connection 1:
     
  Connection-specific DNS Suffix .  
  IP Address. . . . . . . . . . . . . . . : 10.8.0.2
  Subnet Mask . . . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . . . :
Serveur OpenVPN   #ifconfig

eth0 Link encap:Ethernet HWaddr 11:22:33:44:55:66
  inet adr:100.0.0.2 Bcast:100.0.0.255 Mask:255.255.255.0
  adr inet6: fe80::212:3fff:3344:5566/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX Packets:1641 errors:0 :0 overruns:0 frame:0
  TX packets:2130 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:186894 (182.5 KiB) Octets transmis:231430 (226.0 KiB)
  Interrupt:16
   
lo Link encap:Local Loopback
  inet adr:127.0.0.1 Mask:255.0.0.0
  adr inet6: ::1/128 Scope:Host
  UP LOOPBACK RUNNING MTU:16436 Metric:1
  RX Packets:929 errors:0 :0 overruns:0 frame:0
  TX packets:929 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:128263 (125.2 KiB) TX bytes:128263 (125.2 KiB)
   
tun 0 Link encap:UNSPEC HWaddr 00:FF:11:22:33:44
  inet adr:10.8.0.1 Bcast:10.8.0.255 Mask:255.255.255.0
  inet6 addr: fe80::2ff:cfff:1122:3344/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  RX Packets:89 errors:0 :0 overruns:0 frame:0
  TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:100
  RX bytes:5340 (5.2 KiB) TX bytes:5424 (5.2 KiB)
TABLE DE ROUTAGE:

Client OpenVPN  C:\>route print

==============================================================
Interface List
0x1   MS TCP Loopback interface
0x2
 
00 08 02 94 c1 eb
 
Intel(R) PRO/100 VM Network Connection - Packet Scheduler Miniport
0x3 00 ff e2 d8 7a ad TAP-Win32 Adapter V8 - Packet Scheduler Miniport
===============================================================
===============================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 50.0.0.1 50.0.0.2 20
10.8.0.0 255.255.255.0 10.8.0.2 10.8.0.2 30
10.8.0.2 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.8.0.2 10.8.0.2 30
50.0.0.0 255.255.255.0 50.0.0.2 50.0.0.2 20
50.0.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20
50.255.255.255 255.255.255.255 50.0.0.2 50.0.0.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.8.0.2 10.8.0.2 30
224.0.0.0 240.0.0.0 50.0.0.2 50.0.0.2 20
255.255.255.255 255.255.255.255 10.8.0.2 10.8.0.2 1
255.255.255.255 255.255.255.255 10.8.0.2 3 1
255.255.255.255 255.255.255.255 50.0.0.2 50.0.0.2 1
Default Gateway: 50.0.0.1      
===============================================================
Persistent Routes:
  None            
Serveur OpenVPN  #route -n

Kernel Ip routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tap0
100.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 100.0.0.1 0.0.0.0 UG 0 0 0 eth0
VÉRIFICATION DE CONNÉCTIVITÉ:

OpenVPN client  C:\>tracert 10.8.0.1

Tracing route to 10.8.0.1 over a maximum of 30 hops

1  <1 ms  <1 ms   <1 ms  10.8.0.1

Trace complete.
OpenVPN client  C:\>tracert 100.0.0.2

Tracing route to 100.0.0.2 over a maximum of 30 hops

1  <1 ms  <1 ms  <1 ms  50.0.0.1
2  <1 ms  <1 ms  <1 ms  100.0.0.2

Trace complete.

Haut de la page