openvpn nastaveni

[Jaroslav Votruba]

mam pred sebou otevreno asi 10 ruznych howtos na rozbehani openvpn. 
nicmene vsechny maji jedno spolecne, jsou v nich chyby. Potrebuji to 
nastavit pro roadwariors. Postupoval jsem takto:

natahnul jsem tap modul
pomoci openssl jsem vytvoril certifikaty a hodil je do slozky k openvpn

config
################################
#co je jaka sit

#external ip: 1.2.3.4(192.168.0.5)
#internal ip: 10.0.0.1
#internal network: 10.0.0.0/24
#VPN pool: 10.0.1.0/24
#DNS server: 10.0.0.2

###############################


local 192.168.0.5                       #venkovni sit
port 1194                       #port na kterem posloucha
proto udp                       #protokol UPD (muzete zamenit za TCP)
dev tap0                       #virtualni zarizeni-muze jich byt vice s 
ruznymi konfiguraky

#klice
ca /usr/local/etc/openvpn/vpn-ca.pem
cert /usr/local/etc/openvpn/servercert.pem
key /usr/local/etc/openvpn/serverkey.pem
dh /usr/local/etc/openvpn/dh1024.pem


server 10.0.1.0 255.255.255.0             #rozsah pridelovanych adres
ifconfig-pool-persist ipp.txt              # Zajisti aby VPN klienti 
dostavali porad stejnou VPN ip adresu
push "route 10.0.0.0 255.255.255.0"
push "dhcp-option DNS 10.0.0.2"
keepalive 10 120                          # pingy pro udrzeni NAT 
spojeni(kazdych 10sec,po 120sec bez odezvy ukonci spojeni)
#duplicate-cn                    #soucasne prihlaseni vice klientu se 
stejnym certifikatem
#pokud je ifconfig-pool-persist ipp.txt musi toto bzt zakomentovane
cipher AES-256-CBC            #sifrovaci metoda
auth SHA1                     #autentifikacni metoda
comp-lzo                        #pouziti komprimace
user nobody                         #uzivatel pod kterym to pobezi
group nobody                        #skupina pod kterou to pobezi
persist-key
persist-tun

#logovani
verb 3                          #nastaveni vypisu v logach rozsah 1-11
status /var/log/openvpn.status 10       #kam OpenVPN pravidelne uklada 
svuj stav
mute 20

QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ

po spusteni
test63# openvpn --config /usr/local/etc/openvpn/openvpn.conf
Tue Dec 18 11:31:21 2007 OpenVPN 2.0.6 i386-portbld-freebsd6.3 [SSL] 
[LZO] built on Dec 11 2007
Tue Dec 18 11:31:21 2007 Diffie-Hellman initialized with 1024 bit key
Tue Dec 18 11:31:21 2007 TLS-Auth MTU parms [ L:1590 D:138 EF:38 EB:0 
ET:0 EL:0 ]
Tue Dec 18 11:31:21 2007 TUN/TAP device /dev/tap0 opened
Tue Dec 18 11:31:21 2007 /sbin/ifconfig tap0 10.0.1.1 netmask 
255.255.255.0 mtu 1500 up
Tue Dec 18 11:31:21 2007 Data Channel MTU parms [ L:1590 D:1450 EF:58 
EB:135 ET:32 EL:0 AF:3/1 ]
Tue Dec 18 11:31:21 2007 GID set to nobody
Tue Dec 18 11:31:21 2007 UID set to nobody
Tue Dec 18 11:31:21 2007 UDPv4 link local (bound): 192.168.0.5:1194
Tue Dec 18 11:31:21 2007 UDPv4 link remote: [undef]
Tue Dec 18 11:31:21 2007 MULTI: multi_init called, r=256 v=256
Tue Dec 18 11:31:21 2007 IFCONFIG POOL: base=10.0.1.2 size=253
Tue Dec 18 11:31:21 2007 IFCONFIG POOL LIST
Tue Dec 18 11:31:21 2007 Initialization Sequence Completed

QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ

tady se to zastavi a blokuje to commandlajnu
pokud to stopnu ctrl +C

^CTue Dec 18 11:38:56 2007 event_wait : Interrupted system call (code=4)
Tue Dec 18 11:38:56 2007 TCP/UDP: Closing socket
Tue Dec 18 11:38:56 2007 Closing TUN/TAP interface
Tue Dec 18 11:38:56 2007 SIGINT[hard,] received, process exiting
test63#

QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ


prosím o radu co dělám špatně,případně jak se dostat zase do 
coomandlajny bez toho,abych musel proces ukoncovat-Je to normalní? Pokud 
se podivam primo na konzoli,tak ifconfig tap0 vidí s IP 10.0.1.1

mohl by mi nekdo vysvetlit v configu co znamenaji ty volby,ktere nemam 
popsane(krome klicu),pripadne jsem neuvedl nejakou sikovnou volbu,ktera 
by tam mela byt .

dekuji