• Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001, не ответили про лог что делать
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001, у меня при установке впн вылазило предупреждения что не установлены драйвера потому что они не серцефицированы,может поэтому? не забывайте указывать где смотреть и как,мозг бывает жестко тупит да и в большинстве своем хз что и как делать потому что делаю в 1ый раз
    файла нет
    log-attend /var/log/openvpn.log
    local 127.0.0.1
    port 1194
    proto tcp
    dev tun
    ca ca.crt /etc/openvpn/server
    cert server.crt /etc/openvpn/server
    key server.key /etc/openvpn/server
    dh dh.pem /etc/openvpn/server
    auth SHA512
    tls-crypt tc.key /etc/openvpn/server
    topology subnet
    server 10.8.0.0 255.255.255.0
    push "redirect-gateway def1 bypass-dhcp"
    ifconfig-pool-persist ipp.txt
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    keepalive 10 120
    cipher AES-256-CBC
    user nobody
    group nogroup
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    crl-verify crl.pem
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001,
    2020.12.27 22:07:13 LOG5[ui]: stunnel 5.56 on x86_64-pc-linux-gnu platform
    2020.12.27 22:07:13 LOG5[ui]: Compiled with OpenSSL 1.1.1c 28 May 2019
    2020.12.27 22:07:13 LOG5[ui]: Running with OpenSSL 1.1.1f 31 Mar 2020
    2020.12.27 22:07:13 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
    2020.12.27 22:07:13 LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf
    2020.12.27 22:07:13 LOG5[ui]: UTF-8 byte order mark not detected
    2020.12.27 22:07:13 LOG5[ui]: FIPS mode disabled
    2020.12.27 22:07:13 LOG5[ui]: Configuration successful
    2020.12.27 22:07:19 LOG5[0]: Service [openvpn] accepted connection from 37.215.48.74:19946
    2020.12.27 22:07:19 LOG3[0]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
    2020.12.27 22:07:19 LOG3[0]: No more addresses to connect
    2020.12.27 22:07:19 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
    2020.12.27 22:07:25 LOG5[1]: Service [openvpn] accepted connection from 37.215.48.74:49432
    2020.12.27 22:07:25 LOG3[1]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
    2020.12.27 22:07:25 LOG3[1]: No more addresses to connect
    2020.12.27 22:07:25 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
    2020.12.27 22:07:30 LOG5[2]: Service [openvpn] accepted connection from 37.215.48.74:29946
    2020.12.27 22:07:30 LOG3[2]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
    2020.12.27 22:07:30 LOG3[2]: No more addresses to connect
    2020.12.27 22:07:30 LOG5[2]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
    2020.12.27 22:07:35 LOG5[3]: Service [openvpn] accepted connection from 37.215.48.74:52121
    2020.12.27 22:07:35 LOG3[3]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
    2020.12.27 22:07:35 LOG3[3]: No more addresses to connect
    2020.12.27 22:07:35 LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
    2020.12.27 22:07:41 LOG5[4]: Service [openvpn] accepted connection from 37.215.48.74:55350
    2020.12.27 22:07:41 LOG3[4]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
    2020.12.27 22:07:41 LOG3[4]: No more addresses to connect
    2020.12.27 22:07:41 LOG5[4]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
    2020.12.27 22:07:51 LOG5[5]: Service [openvpn] accepted connection from 37.215.48.74:24912
    2020.12.27 22:07:51 LOG3[5]: s_connect: connect 127.0.0.1:1194: Connection refused (111)
    2020.12.27 22:07:51 LOG3[5]: No more addresses to connect
    2020.12.27 22:07:51 LOG5[5]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
    2020.12.27 22:14:24 LOG5[main]: Terminated
    2020.12.27 22:14:24 LOG5[main]: Terminating 1 service thread(s)
    2020.12.27 22:14:24 LOG5[main]: Service threads terminated
    2020.12.27 22:14:24 LOG7[ui]: Clients allowed=500
    2020.12.27 22:14:24 LOG5[ui]: stunnel 5.56 on x86_64-pc-linux-gnu platform
    2020.12.27 22:14:24 LOG5[ui]: Compiled with OpenSSL 1.1.1c 28 May 2019
    2020.12.27 22:14:24 LOG5[ui]: Running with OpenSSL 1.1.1f 31 Mar 2020
    2020.12.27 22:14:24 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
    2020.12.27 22:14:24 LOG7[ui]: errno: (*__errno_location ())
    2020.12.27 22:14:24 LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf
    2020.12.27 22:14:24 LOG5[ui]: UTF-8 byte order mark not detected
    2020.12.27 22:14:24 LOG5[ui]: FIPS mode disabled
    2020.12.27 22:14:24 LOG7[ui]: Compression disabled
    2020.12.27 22:14:24 LOG7[ui]: No PRNG seeding was required
    2020.12.27 22:14:24 LOG6[ui]: Initializing service [openvpn]
    2020.12.27 22:14:24 LOG7[ui]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
    2020.12.27 22:14:24 LOG7[ui]: TLSv1.3 ciphersuites: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
    2020.12.27 22:14:24 LOG7[ui]: TLS options: 0x02100004 (+0x00000000, -0x00000000)
    2020.12.27 22:14:24 LOG6[ui]: Loading certificate from file: /etc/stunnel/stunnel.pem
    2020.12.27 22:14:24 LOG6[ui]: Certificate loaded from file: /etc/stunnel/stunnel.pem
    2020.12.27 22:14:24 LOG6[ui]: Loading private key from file: /etc/stunnel/key.pem
    2020.12.27 22:14:24 LOG6[ui]: Private key loaded from file: /etc/stunnel/key.pem
    2020.12.27 22:14:24 LOG7[ui]: Private key check succeeded
    2020.12.27 22:14:24 LOG6[ui]: DH initialization not needed
    2020.12.27 22:14:24 LOG7[ui]: ECDH initialization
    2020.12.27 22:14:24 LOG7[ui]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384
    2020.12.27 22:14:24 LOG5[ui]: Configuration successful
    2020.12.27 22:14:24 LOG7[ui]: Binding service [openvpn]
    2020.12.27 22:14:24 LOG7[ui]: Listening file descriptor created (FD=9)
    2020.12.27 22:14:24 LOG7[ui]: Setting accept socket options (FD=9)
    2020.12.27 22:14:24 LOG7[ui]: Option SO_REUSEADDR set on accept socket
    2020.12.27 22:14:24 LOG6[ui]: Service [openvpn] (FD=9) bound to 104.131.22.85:443
    2020.12.27 22:14:24 LOG7[main]: Created pid file /var/run/stunnel4.pid
    2020.12.27 22:14:24 LOG7[cron]: Cron thread initialized
    2020.12.27 22:14:24 LOG6[cron]: Executing cron jobs
    2020.12.27 22:14:24 LOG6[cron]: Cron jobs completed in 0 seconds
    2020.12.27 22:14:24 LOG7[cron]: Waiting 86400 seconds
    2020.12.27 22:17:49 LOG7[main]: Found 1 ready file descriptor(s)
    2020.12.27 22:17:49 LOG7[main]: FD=4 events=0x2001 revents=0x0
    2020.12.27 22:17:49 LOG7[main]: FD=9 events=0x2001 revents=0x1
    2020.12.27 22:17:49 LOG7[main]: Service [openvpn] accepted (FD=3) from 37.215.48.74:42129
    2020.12.27 22:17:49 LOG7[0]: Service [openvpn] started
    2020.12.27 22:17:49 LOG7[0]: Setting local socket options (FD=3)
    2020.12.27 22:17:49 LOG7[0]: Option TCP_NODELAY set on local socket
    2020.12.27 22:17:49 LOG5[0]: Service [openvpn] accepted connection from 37.215.48.74:42129
    2020.12.27 22:17:49 LOG6[0]: Peer certificate not required
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): before SSL initialization
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): before SSL initialization
    2020.12.27 22:17:49 LOG7[0]: SNI: no virtual services defined
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS read client hello
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS write server hello
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS write change cipher spec
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): TLSv1.3 write encrypted extensions
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS write certificate
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): TLSv1.3 write server certificate verify
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS write finished
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): TLSv1.3 early data
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): TLSv1.3 early data
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS read finished
    2020.12.27 22:17:49 LOG7[0]: 1 server accept(s) requested
    2020.12.27 22:17:49 LOG7[0]: 1 server accept(s) succeeded
    2020.12.27 22:17:49 LOG7[0]: 0 server renegotiation(s) requested
    2020.12.27 22:17:49 LOG7[0]: 0 session reuse(s)
    2020.12.27 22:17:49 LOG7[0]: 0 internal session cache item(s)
    2020.12.27 22:17:49 LOG7[0]: 0 internal session cache fill-up(s)
    2020.12.27 22:17:49 LOG7[0]: 0 internal session cache miss(es)
    2020.12.27 22:17:49 LOG7[0]: 0 external session cache hit(s)
    2020.12.27 22:17:49 LOG7[0]: 0 expired session(s) retrieved
    2020.12.27 22:17:49 LOG7[0]: Generate session ticket callback
    2020.12.27 22:17:49 LOG7[0]: Deallocating application specific data for session connect address
    2020.12.27 22:17:49 LOG7[0]: New session callback
    2020.12.27 22:17:49 LOG6[0]: No peer certificate received
    2020.12.27 22:17:49 LOG6[0]: Session id: 59EC1FDB78EA57F76384956D7C95330BECDA935221ACACBFA0B8F9DC087445CC
    2020.12.27 22:17:49 LOG7[0]: TLS state (accept): SSLv3/TLS write session ticket
    2020.12.27 22:17:49 LOG7[0]: Deallocating application specific data for session connect address
    2020.12.27 22:17:49 LOG7[0]: Generate session ticket callback
    2020.12.27 22:17:49 LOG7[0]: Deallocating application specific data for session connect address
    2020.12.27 22:17:49 LOG7[0]: New session callback
    2020.12.27 22:17:49 LOG6[0]: No peer certificate received
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001,этими командами?systemctl status stunnel4.service sudo systemctl status openvpn
    openvpn.service - OpenVPN service
         Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
         Active: active (exited) since Thu 2020-12-24 12:32:21 UTC; 16s ago
        Process: 39834 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
       Main PID: 39834 (code=exited, status=0/SUCCESS)
    
    Dec 24 12:32:21 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Starting OpenVPN service...
    Dec 24 12:32:21 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Finished OpenVPN service.


    stunnel4.service - LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons)
         Loaded: loaded (/etc/init.d/stunnel4; generated)
         Active: active (running) since Thu 2020-12-24 12:36:01 UTC; 4s ago
           Docs: man:systemd-sysv-generator(8)
        Process: 39907 ExecStart=/etc/init.d/stunnel4 start (code=exited, status=0/SUCCESS)
          Tasks: 2 (limit: 1137)
         Memory: 1.8M
         CGroup: /system.slice/stunnel4.service
                 └─39933 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
    
    Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: Compiled with OpenSSL 1.1.1c  28 May 2019
    Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: Running  with OpenSSL 1.1.1f  31 Mar 2020
    Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
    Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf
    Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: UTF-8 byte order mark not detected
    Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: FIPS mode disabled
    Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG4[ui]: Insecure file permissions on /etc/stunnel/stunnel.pem
    Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel[39931]: LOG5[ui]: Configuration successful
    Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 stunnel4[39907]: Starting TLS tunnels: /etc/stunnel/stunnel.conf: started (no pid=pidfile specified!)
    Dec 24 12:36:01 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Started LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons).


    В обоих конфигах openvpn для файлов ключей нужны полные пути. Это опции:
    ca ca.crt
    cert server.crt
    key server.key
    dh dh.pem
    tls-crypt tc.key

    В клиенте не таких ключей
    ОБНОВИЛ КОММЕНТ ВЫШЕ
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    STUNNEL CLIENT
    
    cert = clientcert.pem
    key = clientkey.pem
    [openvpn]
    client = yes
    accept = 1194
    connect = 104.131.22.85:443
    cert = stunnel.pem
    
    <code>
    STUNNEL LOG CLIENT
    
    2020.12.24 00:46:52 LOG5[main]: stunnel 5.57 on x64-pc-mingw32-gnu platform
    2020.12.24 00:46:52 LOG5[main]: Compiled/running with OpenSSL 1.1.1h  22 Sep 2020
    2020.12.24 00:46:52 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
    2020.12.24 00:46:52 LOG5[main]: Reading configuration from file stunnel.conf
    2020.12.24 00:46:52 LOG5[main]: UTF-8 byte order mark detected
    2020.12.24 00:46:52 LOG4[main]: Service [openvpn] needs authentication to prevent MITM attacks
    2020.12.24 00:46:52 LOG5[main]: Configuration successful
    2020.12.24 00:47:06 LOG5[main]: Reading configuration from file stunnel.conf
    2020.12.24 00:47:06 LOG5[main]: UTF-8 byte order mark detected
    2020.12.24 00:47:06 LOG4[main]: Service [openvpn] needs authentication to prevent MITM attacks
    2020.12.24 00:47:06 LOG5[main]: Configuration successful
    2020.12.24 00:50:57 LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:1369
    2020.12.24 00:50:57 LOG5[0]: s_connect: connected 104.131.22.85:443
    2020.12.24 00:50:57 LOG5[0]: Service [openvpn] connected remote server from 192.168.100.2:1370
    2020.12.24 00:50:58 LOG3[0]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054)
    2020.12.24 00:50:58 LOG5[0]: Connection reset: 56 byte(s) sent to TLS, 0 byte(s) sent to socket
    2020.12.24 00:51:03 LOG5[1]: Service [openvpn] accepted connection from 127.0.0.1:1371
    2020.12.24 00:51:03 LOG5[1]: s_connect: connected 104.131.22.85:443
    2020.12.24 00:51:03 LOG5[1]: Service [openvpn] connected remote server from 192.168.100.2:1372
    2020.12.24 00:51:03 LOG3[1]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054)
    2020.12.24 00:51:03 LOG5[1]: Connection reset: 56 byte(s) sent to TLS, 0 byte(s) sent to socket
    2020.12.24 00:51:08 LOG5[2]: Service [openvpn] accepted connection from 127.0.0.1:1373
    2020.12.24 00:51:08 LOG5[2]: s_connect: connected 104.131.22.85:443
    2020.12.24 00:51:08 LOG5[2]: Service [openvpn] connected remote server from 192.168.100.2:1374
    2020.12.24 00:51:09 LOG3[2]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054)
    2020.12.24 00:51:09 LOG5[2]: Connection reset: 56 byte(s) sent to TLS, 0 byte(s) sent to socket</code>
    <code>
    
    STUNNEL SERVER
    
    
    cert = /etc/stunnel/cert.pem
    key = /etc/stunnel/key.pem
    [openvpn]
    accept = 104.131.22.85:443
    connect = 127.0.0.1:1194
    cert = /etc/stunnel/stunnel.pem
    
    
    
    </code>
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001, stunnel.pem где хранятся ответы на вопросы типо какая страна и тд ,с сервера надо на клиент перетаскивать?в конце на вопрос Unit NAme я ответил localhost.
    ВСЕ НЕ ВЛЕЗАЕТ В 1 коммент
    OPEN VPN CLIENT
    
    client
    dev tun
    proto tcp
    remote 127.0.0.1 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    remote-cert-tls server
    auth SHA512
    cipher AES-256-CBC
    ignore-unknown-option block-outside-dns
    block-outside-dns
    verb 3
    <ca>
    -----BEGIN CERTIFICATE-----

    OPEN VPN SERVER
    local 127.0.0.1
    port 1194
    proto tcp
    dev tun
    ca ca.crt /etc/openvpn/server
    cert server.crt /etc/openvpn/server
    key server.key /etc/openvpn/server
    dh dh.pem /etc/openvpn/server
    auth SHA512
    tls-crypt tc.key /etc/openvpn/server
    topology subnet
    server 10.8.0.0 255.255.255.0
    push "redirect-gateway def1 bypass-dhcp"
    ifconfig-pool-persist ipp.txt
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    keepalive 10 120
    cipher AES-256-CBC
    user nobody
    group nogroup
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    crl-verify crl.pem

    OPENPVN LOG CLIENT
    
    2020-12-24 00:50:57 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
    2020-12-24 00:50:57 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
    2020-12-24 00:50:57 Windows version 6.1 (Windows 7) 64bit
    2020-12-24 00:50:57 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
    Enter Management Password:
    2020-12-24 00:50:57 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    2020-12-24 00:50:57 Need hold release from management interface, waiting...
    2020-12-24 00:50:57 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    2020-12-24 00:50:57 MANAGEMENT: CMD 'state on'
    2020-12-24 00:50:57 MANAGEMENT: CMD 'log all on'
    2020-12-24 00:50:57 MANAGEMENT: CMD 'echo all on'
    2020-12-24 00:50:57 MANAGEMENT: CMD 'bytecount 5'
    2020-12-24 00:50:57 MANAGEMENT: CMD 'hold off'
    2020-12-24 00:50:57 MANAGEMENT: CMD 'hold release'
    2020-12-24 00:50:57 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
    2020-12-24 00:50:57 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-12-24 00:50:57 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
    2020-12-24 00:50:57 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-12-24 00:50:57 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
    2020-12-24 00:50:57 Socket Buffers: R=[8192->8192] S=[8192->8192]
    2020-12-24 00:50:57 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
    2020-12-24 00:50:57 MANAGEMENT: >STATE:1608763857,TCP_CONNECT,,,,,,
    2020-12-24 00:50:57 TCP connection established with [AF_INET]127.0.0.1:1194
    2020-12-24 00:50:57 TCP_CLIENT link local: (not bound)
    2020-12-24 00:50:57 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
    2020-12-24 00:50:57 MANAGEMENT: >STATE:1608763857,WAIT,,,,,,
    2020-12-24 00:50:58 Connection reset, restarting [-1]
    2020-12-24 00:50:58 SIGUSR1[soft,connection-reset] received, process restarting
    2020-12-24 00:50:58 MANAGEMENT: >STATE:1608763858,RECONNECTING,connection-reset,,,,,
    2020-12-24 00:50:58 Restart pause, 5 second(s)
    2020-12-24 00:51:03 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
    2020-12-24 00:51:03 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-12-24 00:51:03 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
    2020-12-24 00:51:03 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-12-24 00:51:03 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
    2020-12-24 00:51:03 Socket Buffers: R=[8192->8192] S=[8192->8192]
    2020-12-24 00:51:03 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
    2020-12-24 00:51:03 MANAGEMENT: >STATE:1608763863,TCP_CONNECT,,,,,,
    2020-12-24 00:51:03 TCP connection established with [AF_INET]127.0.0.1:1194
    2020-12-24 00:51:03 TCP_CLIENT link local: (not bound)
    2020-12-24 00:51:03 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
    2020-12-24 00:51:03 MANAGEMENT: >STATE:1608763863,WAIT,,,,,,
    2020-12-24 00:51:03 Connection reset, restarting [-1]
    2020-12-24 00:51:03 SIGUSR1[soft,connection-reset] received, process restarting
    2020-12-24 00:51:03 MANAGEMENT: >STATE:1608763863,RECONNECTING,connection-reset,,,,,
    2020-12-24 00:51:03 Restart pause, 5 second(s)
    2020-12-24 00:51:08 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
    2020-12-24 00:51:08 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-12-24 00:51:08 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
    2020-12-24 00:51:08 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-12-24 00:51:08 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
    2020-12-24 00:51:08 Socket Buffers: R=[8192->8192] S=[8192->8192]
    2020-12-24 00:51:08 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
    2020-12-24 00:51:08 MANAGEMENT: >STATE:1608763868,TCP_CONNECT,,,,,,
    2020-12-24 00:51:08 TCP connection established with [AF_INET]127.0.0.1:1194
    2020-12-24 00:51:08 TCP_CLIENT link local: (not bound)
    2020-12-24 00:51:08 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
    2020-12-24 00:51:08 MANAGEMENT: >STATE:1608763868,WAIT,,,,,,
    2020-12-24 00:51:09 Connection reset, restarting [-1]
    2020-12-24 00:51:09 SIGUSR1[soft,connection-reset] received, process restarting
    2020-12-24 00:51:09 MANAGEMENT: >STATE:1608763869,RECONNECTING,connection-reset,,,,,
    2020-12-24 00:51:09 Restart pause, 5 second(s)
    2020-12-24 00:51:13 SIGTERM[hard,init_instance] received, process exiting
    2020-12-24 00:51:13 MANAGEMENT: >STATE:1608763873,EXITING,init_instance,,,,,
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001, я же написал все сделано по вашим конфигам все работает и подключается,но потом отключается и снова подключается без доступа к сети,3 скрипта впн работают немного по разному. поэтому думаю надо пондять впн ручками вы написали что это просто,как перезагружать опен когда конфиг на сервере меняю?
    может поэтмооу всегда работает ,подхватывает старый,не может же быть таокго что все работает на сервер, при этом не работает на клиенте?5 раз If your server is NATed (e.g. LowEndSpirit), I need to know the external IP
    If that's not the case, just ignore this and leave the next field blank
    External IP:
    я ввожу 127 или пустым надо было оставить?????попробовал оставить путсым,в конфиге на серве нет ключей это норм?) должен ли работать на клиенте впн без стунела?
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    попробовал уже 3 разных метода взеде + - одно и тоже,может напишите мини мануал с опеном и стуннелом?
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001,
    If your server is NATed (e.g. LowEndSpirit), I need to know the external IP
    If that's not the case, just ignore this and leave the next field blank
    External IP:
    я ввожу 127 или пустым надо было оставить?????попробовал оставить путсым,в конфиге на серве нет ключей это норм?)

    если в конфигах все ок
    [openvpn]
    client = no
    accept = 104.236.32.200:443
    connect = 127.0.0.1:1194
    cert = /etc/stunnel/stunnel.pem


    [openvpn]
    client = yes
    accept = 127.0.0.1:1194
    connect = 104.236.32.200:443
    cert = stunnel.pem


    ТО ВОТ

    2020.12.23 02:03:28 LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:5667
    2020.12.23 02:03:28 LOG5[0]: s_connect: connected 104.236.32.200:443
    2020.12.23 02:03:28 LOG5[0]: Service [openvpn] connected remote server from 192.168.100.2:5668
    2020.12.23 02:03:54 LOG3[0]: SSL_write: Connection reset by peer (WSAECONNRESET) (10054)
    2020.12.23 02:03:54 LOG5[0]: Connection reset: 27088 byte(s) sent to TLS, 4004 byte(s) sent to socket
    2020.12.23 02:04:02 LOG5[1]: Service [openvpn] accepted connection from 127.0.0.1:5686
    2020.12.23 02:04:05 LOG3[1]: s_connect: connect 104.236.32.200:443: Software caused connection abort (WSAECONNABORTED) (10053)
    2020.12.23 02:04:05 LOG3[1]: No more addresses to connect
    2020.12.23 02:04:05 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

    2020-12-23 02:03:26 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
    2020-12-23 02:03:26 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
    2020-12-23 02:03:26 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
    2020-12-23 02:03:26 Windows version 6.1 (Windows 7) 64bit
    2020-12-23 02:03:26 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
    Enter Management Password:
    2020-12-23 02:03:26 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    2020-12-23 02:03:26 Need hold release from management interface, waiting...
    2020-12-23 02:03:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    2020-12-23 02:03:27 MANAGEMENT: CMD 'state on'
    2020-12-23 02:03:27 MANAGEMENT: CMD 'log all on'
    2020-12-23 02:03:27 MANAGEMENT: CMD 'echo all on'
    2020-12-23 02:03:27 MANAGEMENT: CMD 'bytecount 5'
    2020-12-23 02:03:27 MANAGEMENT: CMD 'hold off'
    2020-12-23 02:03:27 MANAGEMENT: CMD 'hold release'
    2020-12-23 02:03:27 MANAGEMENT: CMD 'proxy NONE  '
    2020-12-23 02:03:28 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    2020-12-23 02:03:28 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    2020-12-23 02:03:28 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
    2020-12-23 02:03:28 Socket Buffers: R=[8192->8192] S=[8192->8192]
    2020-12-23 02:03:28 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
    2020-12-23 02:03:28 MANAGEMENT: >STATE:1608681808,TCP_CONNECT,,,,,,
    2020-12-23 02:03:28 TCP connection established with [AF_INET]127.0.0.1:1194
    2020-12-23 02:03:28 TCP_CLIENT link local: (not bound)
    2020-12-23 02:03:28 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
    2020-12-23 02:03:28 MANAGEMENT: >STATE:1608681808,WAIT,,,,,,
    2020-12-23 02:03:28 MANAGEMENT: >STATE:1608681808,AUTH,,,,,,
    2020-12-23 02:03:28 TLS: Initial packet from [AF_INET]127.0.0.1:1194, sid=eea428a2 ab16462b
    2020-12-23 02:03:28 VERIFY KU OK
    2020-12-23 02:03:28 Validating certificate extended key usage
    2020-12-23 02:03:28 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    2020-12-23 02:03:28 VERIFY EKU OK
    2020-12-23 02:03:28 VERIFY OK: depth=0, CN=server
    2020-12-23 02:03:28 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
    2020-12-23 02:03:28 [server] Peer Connection Initiated with [AF_INET]127.0.0.1:1194
    2020-12-23 02:03:30 MANAGEMENT: >STATE:1608681810,GET_CONFIG,,,,,,
    2020-12-23 02:03:30 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    2020-12-23 02:03:30 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
    2020-12-23 02:03:30 OPTIONS IMPORT: timers and/or timeouts modified
    2020-12-23 02:03:30 OPTIONS IMPORT: --ifconfig/up options modified
    2020-12-23 02:03:30 OPTIONS IMPORT: route options modified
    2020-12-23 02:03:30 OPTIONS IMPORT: route-related options modified
    2020-12-23 02:03:30 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    2020-12-23 02:03:30 OPTIONS IMPORT: peer-id set
    2020-12-23 02:03:30 OPTIONS IMPORT: adjusting link_mtu to 1627
    2020-12-23 02:03:30 OPTIONS IMPORT: data channel crypto options modified
    2020-12-23 02:03:30 Data Channel: using negotiated cipher 'AES-256-GCM'
    2020-12-23 02:03:30 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    2020-12-23 02:03:30 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    2020-12-23 02:03:30 interactive service msg_channel=280
    2020-12-23 02:03:30 ROUTE_GATEWAY 192.168.100.1/255.255.255.0 I=15 HWADDR=00:24:1d:d4:fe:a9
    2020-12-23 02:03:30 open_tun
    2020-12-23 02:03:30 tap-windows6 device [OpenVPN TAP-Windows6] opened
    2020-12-23 02:03:30 TAP-Windows Driver Version 9.24 
    2020-12-23 02:03:30 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
    2020-12-23 02:03:30 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {189A30FA-7E70-4EB6-9B6F-0D2223246E28} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
    2020-12-23 02:03:30 Successful ARP Flush on interface [25] {189A30FA-7E70-4EB6-9B6F-0D2223246E28}
    2020-12-23 02:03:30 MANAGEMENT: >STATE:1608681810,ASSIGN_IP,,10.8.0.2,,,,
    2020-12-23 02:03:30 IPv4 MTU set to 1500 on interface 25 using service
    2020-12-23 02:03:30 Blocking outside dns using service succeeded.
    2020-12-23 02:03:35 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
    2020-12-23 02:03:35 C:\Windows\system32\route.exe ADD 127.0.0.1 MASK 255.255.255.255 192.168.100.1
    2020-12-23 02:03:35 Route addition via service succeeded
    2020-12-23 02:03:35 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
    2020-12-23 02:03:35 Route addition via service succeeded
    2020-12-23 02:03:35 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
    2020-12-23 02:03:35 Route addition via service succeeded
    2020-12-23 02:03:35 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    2020-12-23 02:03:35 Initialization Sequence Completed
    2020-12-23 02:03:35 MANAGEMENT: >STATE:1608681815,CONNECTED,SUCCESS,10.8.0.2,127.0.0.1,1194,127.0.0.1,5667
    2020-12-23 02:03:54 Connection reset, restarting [-1]
    2020-12-23 02:03:54 Unblocking outside dns using service succeeded.
    2020-12-23 02:03:54 SIGUSR1[soft,connection-reset] received, process restarting
    2020-12-23 02:03:54 MANAGEMENT: >STATE:1608681834,RECONNECTING,connection-reset,,,,,
    2020-12-23 02:03:54 Restart pause, 5 second(s)
    2020-12-23 02:04:02 MANAGEMENT: CMD 'proxy NONE  '
    2020-12-23 02:04:02 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    2020-12-23 02:04:02 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
    2020-12-23 02:04:02 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
    2020-12-23 02:04:02 Socket Buffers: R=[8192->8192] S=[8192->8192]
    2020-12-23 02:04:02 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
    2020-12-23 02:04:02 MANAGEMENT: >STATE:1608681842,TCP_CONNECT,,,,,,
    2020-12-23 02:04:02 TCP connection established with [AF_INET]127.0.0.1:1194
    2020-12-23 02:04:02 TCP_CLIENT link local: (not bound)
    2020-12-23 02:04:02 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
    2020-12-23 02:04:02 MANAGEMENT: >STATE:1608681842,WAIT,,,,,,
    2020-12-23 02:04:05 C:\Windows\system32\route.exe DELETE 127.0.0.1 MASK 255.255.255.255 192.168.100.1
    2020-12-23 02:04:05 Route deletion via service succeeded
    2020-12-23 02:04:05 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.1
    2020-12-23 02:04:05 Route deletion via service succeeded
    2020-12-23 02:04:05 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.1
    2020-12-23 02:04:05 Route deletion via service succeeded
    2020-12-23 02:04:05 Closing TUN/TAP interface
    2020-12-23 02:04:05 TAP: DHCP address released
    2020-12-23 02:04:05 Unblocking outside dns using service succeeded.
    2020-12-23 02:04:05 SIGTERM[hard,] received, process exiting
    2020-12-23 02:04:05 MANAGEMENT: >STATE:1608681845,EXITING,SIGTERM,,,,,

    давайте свой мануал про который говорили попробую по нему
    Успех подлючилось и не отключается вставил строку с рутом в клиент а не на сервер,но без доступа к интернету
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    может все таки в тг?на 15 минут)мне кажется вы на ответы тут больше времени тратите
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    sudo service stunnel4 start после этой команды ничего не просиходит это норма?
    client
    dev tun
    proto tcp
    sndbuf 0
    rcvbuf 0
    remote 127.0.0.1 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    remote-cert-tls server
    auth SHA512
    cipher AES-256-CBC
    comp-lzo
    setenv opt block-outside-dns
    key-direction 1
    verb 3
    <ca>
    -----BEGIN CERTIFICATE-----


    [openvpn]
    client = yes
    accept = 1194
    connect = server_ip:443
    cert = /etc/stunnel/stunnel.pem


    все норм?
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001,
    Не сложно. У него есть шаблонный конфиг для сервера и клиента с коментариями для наиболее употребимых опций. Как правило туда достаточно 2-3 изменения внести (не считая файлов ключей) и все работает.

    в каком мануале это?я видео только 10500 страничные
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001,
    root@ubuntu-s-1vcpu-1gb-nyc3-01:~# sudo systemctl status openvpn
    ● openvpn.service - OpenVPN service
         Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor prese>
         Active: inactive (dead)
    lines 1-3/3 (END)...skipping...
    ● openvpn.service - OpenVPN service
         Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
         Active: inactive (dead)

    может его перезагруджать надо как сутунеел? sudo service stunnel4 restart
    ЗАРАБОТАЛ но вывод 2-ой?
    root@ubuntu-s-1vcpu-1gb-nyc3-01:~# sudo systemctl status openvpn
    ● openvpn.service - OpenVPN service
         Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor prese>
         Active: active (exited) since Tue 2020-12-22 15:18:34 UTC; 4s ago
        Process: 35001 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
       Main PID: 35001 (code=exited, status=0/SUCCESS)
    
    Dec 22 15:18:34 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Starting OpenVPN service>
    Dec 22 15:18:34 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Finished OpenVPN service.
    lines 1-8/8 (END)...skipping...
    ● openvpn.service - OpenVPN service
         Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
         Active: active (exited) since Tue 2020-12-22 15:18:34 UTC; 4s ago
        Process: 35001 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
       Main PID: 35001 (code=exited, status=0/SUCCESS)
    
    Dec 22 15:18:34 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Starting OpenVPN service...
    Dec 22 15:18:34 ubuntu-s-1vcpu-1gb-nyc3-01 systemd[1]: Finished OpenVPN service.
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001,
    Пора уже конфиги вручную редактировать. Не нужны скрипты, вы же не знаете что конкретно они делают, может помимо конфига openvpn он еще что-то делает.
    в плане?в рчную опен поднимать сложно, я пробовал ,не фурычит на половине,мануала,а кофниги да я в ручную меняю
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001,
    If your server is NATed (e.g. LowEndSpirit), I need to know the external IP
    If that's not the case, just ignore this and leave the next field blank
    External IP:
    я ввожу 127?????
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    Установил он работает?
    root@ubuntu-s-1vcpu-1gb-nyc3-01:~# sudo systemctl status openvpn
    ● openvpn.service - OpenVPN service
         Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor prese>
         Active: inactive (dead)
    lines 1-3/3 (END)...skipping...
    ● openvpn.service - OpenVPN service
         Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
         Active: inactive (dead)


    КОНФИГ СЕРВЕРА
    port 1194
    proto tcp
    dev tun
    sndbuf 0
    rcvbuf 0
    ca ca.crt
    cert server.crt
    key server.key
    dh dh.pem
    auth SHA512
    tls-auth ta.key 0
    topology subnet
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "redirect-gateway def1 bypass-dhcp"
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    keepalive 10 120
    cipher AES-256-CBC
    comp-lzo
    user nobody
    group nogroup
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    crl-verify crl.pem
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    при установке впн вот такой вопрос
    If your server is NATed (e.g. LowEndSpirit), I need to know the external IP
    If that's not the case, just ignore this and leave the next field blank
    External IP:
    я ввожу 127
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001, там похожая программа SSL Socks
  • Установка stunnel какой порт использовать?

    @dminster94 Автор вопроса
    res2001, ок ,но он скорей всего не будет работать,сейчас проверил на андроиде не работает(