两个路由器之间Openvirtual**无法连上

davi***

服务器端为tomato系统 非双wan版
配置文件如下

1. # Automatically generated configuration
   
2. daemon
   
3. server-bridge
   
4. proto udp
   
5. port 6570
   
6. dev tap21
   
7. cipher BF-CBC
   
8. comp-lzo adaptive
   
9. keepalive 15 60
   
10. verb 3
    
11. client-config-dir ccd
    
12. client-to-client
    
13. tls-auth static.key 0
    
14. ca ca.crt
    
15. dh dh.pem
    
16. cert server.crt
    
17. key server.key
    
18. status-version 2
    
19. status status
    
20. 
    
21. # Custom Configuration
    
22. script-security 2
    
23. push "redirect-gateway"
    
24. duplicate-cn
    
25. keepalive 10 120
    

复制代码

客户端是HG255D刷Openwrt
配置文件如下

1. ##############################################
   
2. # Sample client-side Openvirtual** 2.0 config file #
   
3. # for connecting to multi-client server.     #
   
4. #                                            #
   
5. # This configuration can be used by multiple #
   
6. # clients, however each client should have   #
   
7. # its own cert and key files.                #
   
8. #                                            #
   
9. # On Windows, you might want to rename this  #
   
10. # file so it has a .ovirtual** extension           #
    
11. ##############################################
    
12. 
    
13. # Specify that we are a client and that we
    
14. # will be pulling certain config file directives
    
15. # from the server.
    
16. client
    
17. 
    
18. # Use the same setting as you are using on
    
19. # the server.
    
20. # On most systems, the virtual** will not function
    
21. # unless you partially or fully disable
    
22. # the firewall for the TUN/TAP interface.
    
23. dev tap
    
24. ;dev tun
    
25. 
    
26. # Windows needs the TAP-Win32 adapter name
    
27. # from the Network Connections panel
    
28. # if you have more than one.  On XP SP2,
    
29. # you may need to disable the firewall
    
30. # for the TAP adapter.
    
31. ;dev-node MyTap
    
32. 
    
33. # Are we connecting to a TCP or
    
34. # UDP server?  Use the same setting as
    
35. # on the server.
    
36. ;proto udp
    
37. proto udp
    
38. 
    
39. # The hostname/IP and port of the server.
    
40. # You can have multiple remote entries
    
41. # to load balance between the servers.
    
42. remote   
    
43. 
    
44. # Choose a random host from the remote
    
45. # list for load-balancing.  Otherwise
    
46. # try hosts in the order specified.
    
47. ;remote-random
    
48. 
    
49. # Keep trying indefinitely to resolve the
    
50. # host name of the Openvirtual** server.  Very useful
    
51. # on machines which are not permanently connected
    
52. # to the internet such as laptops.
    
53. resolv-retry infinite
    
54. 
    
55. # Most clients don't need to bind to
    
56. # a specific local port number.
    
57. nobind
    
58. 
    
59. # Downgrade privileges after initialization (non-Windows only)
    
60. ;user nobody
    
61. ;group nobody
    
62. 
    
63. # Try to preserve some state across restarts.
    
64. ;persist-key
    
65. ;persist-tun
    
66. 
    
67. # If you are connecting through an
    
68. # HTTP proxy to reach the actual Openvirtual**
    
69. # server, put the proxy server/IP and
    
70. # port number here.  See the man page
    
71. # if your proxy server requires
    
72. # authentication.
    
73. ;http-proxy-retry # retry on connection failures
    
74. ;http-proxy 192.168.36.254 8080 authfile.txt
    
75. 
    
76. # Wireless networks often produce a lot
    
77. # of duplicate packets.  Set this flag
    
78. # to silence duplicate packet warnings.
    
79. mute-replay-warnings
    
80. 
    
81. # SSL/TLS parms.
    
82. # See the server config file for more
    
83. # description.  It's best to use
    
84. # a separate .crt/.key file pair
    
85. # for each client.  A single ca
    
86. # file can be used for all clients.
    
87. ca ca.crt
    
88. cert client.crt
    
89. key client.key
    
90. 
    
91. # Verify server certificate by checking
    
92. # that the certicate has the nsCertType
    
93. # field set to "server".  This is an
    
94. # important precaution to protect against
    
95. # a potential attack discussed here:
    
96. #  http://openvirtual**.net/howto.html#mitm
    
97. #
    
98. # To use this feature, you will need to generate
    
99. # your server certificates with the nsCertType
    
100. # field set to "server".  The build-key-server
     
101. # script in the easy-rsa folder will do this.
     
102. ns-cert-type server
     
103. 
     
104. # If a tls-auth key is used on the server
     
105. # then every client must also have the key.
     
106. tls-auth ta.key 1
     
107. 
     
108. ;remote-cert-tls server
     
109. 
     
110. 
     
111. # Select a cryptographic cipher.
     
112. # If the cipher option is used on the server
     
113. # then you must also specify it here.
     
114. ;cipher x
     
115. 
     
116. # Enable compression on the virtual** link.
     
117. # Don't enable this unless it is also
     
118. # enabled in the server config file.
     
119. comp-lzo
     
120. 
     
121. # Set log file verbosity.
     
122. verb 3
     
123. 
     
124. # Silence repeating messages
     
125. ;mute 20
     

复制代码

在终端里运行后的结果如下

1. root@HG255D:/etc/openvirtual**# openvirtual** Client.conf
   
2. Sat Oct 20 17:49:29 2012 Openvirtual** 2.1.4 mipsel-openwrt-linux [SSL] [LZO2] [EPOLL] built on Oct 19 2012
   
3. Sat Oct 20 17:49:29 2012 NOTE: Openvirtual** 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
   
4. Sat Oct 20 17:49:29 2012 WARNING: file 'client.key' is group or others accessible
   
5. Sat Oct 20 17:49:29 2012 WARNING: file 'ta.key' is group or others accessible
   
6. Sat Oct 20 17:49:29 2012 Control Channel Authentication: using 'ta.key' as a Openvirtual** static key file
   
7. Sat Oct 20 17:49:29 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
   
8. Sat Oct 20 17:49:29 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
   
9. Sat Oct 20 17:49:29 2012 LZO compression initialized
   
10. Sat Oct 20 17:49:29 2012 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
    
11. Sat Oct 20 17:49:29 2012 Socket Buffers: R=[112640->131072] S=[112640->131072]
    
12. Sat Oct 20 17:49:39 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
    
13. Sat Oct 20 17:49:39 2012 UDPv4 link local: [undef]
    
14. Sat Oct 20 17:49:39 2012 UDPv4 link remote: 60.166.181.48:6570
    
15. Sat Oct 20 17:49:39 2012 TLS: Initial packet from 60.166.181.48:6570, sid=a5be874a 18c5d10b
    
16. Sat Oct 20 17:49:39 2012 VERIFY OK: depth=1, /C=CN/ST=Guangdong/L=Guangzhou/O=salem/OU=salem/CN=salem/emailAddress=salemsu@21cn.com
    
17. Sat Oct 20 17:49:39 2012 VERIFY OK: nsCertType=SERVER
    
18. Sat Oct 20 17:49:39 2012 VERIFY OK: depth=0, /C=CN/ST=Guangdong/O=salem/OU=salem/CN=salem/emailAddress=salemsu@21cn.com
    
19. Sat Oct 20 17:49:40 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    
20. Sat Oct 20 17:49:40 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    
21. Sat Oct 20 17:49:40 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    
22. Sat Oct 20 17:49:40 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    
23. Sat Oct 20 17:49:40 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    
24. Sat Oct 20 17:49:40 2012 [salem] Peer Connection Initiated with 60.166.181.48:6570
    
25. Sat Oct 20 17:49:43 2012 SENT CONTROL [salem]: 'PUSH_REQUEST' (status=1)
    
26. Sat Oct 20 17:49:43 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,route-gateway dhcp,ping 10,ping-restart 120'
    
27. Sat Oct 20 17:49:43 2012 OPTIONS IMPORT: timers and/or timeouts modified
    
28. Sat Oct 20 17:49:43 2012 OPTIONS IMPORT: route options modified
    
29. Sat Oct 20 17:49:43 2012 OPTIONS IMPORT: route-related options modified
    
30. Sat Oct 20 17:49:43 2012 TUN/TAP device tap0 opened
    
31. Sat Oct 20 17:49:43 2012 TUN/TAP TX queue length set to 100
    
32. Sat Oct 20 17:49:43 2012 NOTE: unable to redirect default gateway -- virtual** gateway parameter (--route-gateway or --ifconfig) is missing
    
33. Sat Oct 20 17:49:43 2012 Initialization Sequence Completed
    

复制代码

运行后无效果,ip地址不变
openwrt对我这种新手来说真是太复杂了.
电脑上装的Openvirtual** GUI使用这个配置文件就能成功.求高手指点
服务器端是WR-500U刷tomato,设置如下

nsx***

先在路由上 ping www.baidu.com ，如果能访问 就是防火墙
防火墙开下
iptables -I INPUT -i tap -j ACCEPT
iptables -I FORWARD -o tap -j ACCEPT
iptables -t nat -I POSTROUTING  -o tap -j MASQUERADE

davi***

nsxuan 发表于 2012-10-20 21:37
先在路由上 ping www.baidu.com ，如果能访问 就是防火墙
防火墙开下
iptables -I INPUT -i tap -j ACCEP ...

感谢帮助!在putty中输入了三个命令 再次运行,openvirtual**输出日志还是那样,我把tomato服务器端的配置文件帖到了一楼.就是推送网关失败,真麻烦

davi***

nsxuan 发表于 2012-10-20 21:37
先在路由上 ping www.baidu.com ，如果能访问 就是防火墙
防火墙开下
iptables -I INPUT -i tap -j ACCEP ...

感谢你 之前服务器端是tap,我重新配置成了tun.成功连接,根据你的命令稍微修改后成功翻墙