回答編集履歴

参考情報追記

2018/04/29 02:03

投稿

tkmtmkt

スコア1800

test CHANGED Viewed

@@ -65,3 +65,123 @@
 10.8.0.2、10.8.0.5 は仮想ネットワークのネットワークアドレスとして設定されているようで、OpenVPNが設定するデフォルト値のようです。
+**【参考】**
+VPNが正常に接続できてる状態のログです。
+#### VPNサーバ側ログ（CentOS 7）
+```sh
+$ grep vpn /var/log/messages | tail -n 20 | sed -r 's/(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/***.***.***.***/g' | sed -r 's/www[0-9]{5}[a-z]{2}/********/g'
+Apr 29 08:42:53 ******** openvpn: Sun Apr 29 08:42:53 2018 client/***.***.***.***:34457 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
+Apr 29 08:42:53 ******** openvpn: Sun Apr 29 08:42:53 2018 client/***.***.***.***:34457 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
+Apr 29 08:42:53 ******** openvpn: Sun Apr 29 08:42:53 2018 client/***.***.***.***:34457 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384,
+4096 bit RSA
+Apr 29 09:42:53 ******** openvpn: Sun Apr 29 09:42:53 2018 client/***.***.***.***:34457 TLS: soft reset sec=0 bytes=37202/0 pkts=708/0
+Apr 29 09:42:54 ******** openvpn: Sun Apr 29 09:42:54 2018 client/***.***.***.***:34457 VERIFY OK: depth=1, CN=********.sakura.ne.jp
+Apr 29 09:42:54 ******** openvpn: Sun Apr 29 09:42:54 2018 client/***.***.***.***:34457 VERIFY OK: depth=0, CN=client
+Apr 29 09:42:54 ******** openvpn: Sun Apr 29 09:42:54 2018 client/***.***.***.***:34457 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
+Apr 29 09:42:54 ******** openvpn: Sun Apr 29 09:42:54 2018 client/***.***.***.***:34457 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
+Apr 29 09:42:54 ******** openvpn: Sun Apr 29 09:42:54 2018 client/***.***.***.***:34457 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
+Apr 29 09:42:54 ******** openvpn: Sun Apr 29 09:42:54 2018 client/***.***.***.***:34457 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
+Apr 29 09:42:54 ******** openvpn: Sun Apr 29 09:42:54 2018 client/***.***.***.***:34457 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384,
+4096 bit RSA
+Apr 29 10:32:52 ******** yum[26376]: Updated: openvpn-2.4.5-1.el7.x86_64
+Apr 29 10:42:54 ******** openvpn: Sun Apr 29 10:42:54 2018 client/***.***.***.***:34457 TLS: soft reset sec=0 bytes=37097/0 pkts=706/0
+Apr 29 10:42:54 ******** openvpn: Sun Apr 29 10:42:54 2018 client/***.***.***.***:34457 VERIFY OK: depth=1, CN=********.sakura.ne.jp
+Apr 29 10:42:54 ******** openvpn: Sun Apr 29 10:42:54 2018 client/***.***.***.***:34457 VERIFY OK: depth=0, CN=client
+Apr 29 10:42:54 ******** openvpn: Sun Apr 29 10:42:54 2018 client/***.***.***.***:34457 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
+Apr 29 10:42:54 ******** openvpn: Sun Apr 29 10:42:54 2018 client/***.***.***.***:34457 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
+Apr 29 10:42:54 ******** openvpn: Sun Apr 29 10:42:54 2018 client/***.***.***.***:34457 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
+Apr 29 10:42:54 ******** openvpn: Sun Apr 29 10:42:54 2018 client/***.***.***.***:34457 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
+Apr 29 10:42:54 ******** openvpn: Sun Apr 29 10:42:54 2018 client/***.***.***.***:34457 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384,
+4096 bit RSA
+```
+#### VPNクライアント側ログ（Ubuntu 16.04）
+```sh
+$ grep vpn /var/log/syslog | tail -n 20 | sed -r 's/(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/***.***.***.***/g' | sed -r 's/www[0-9]{5}[a-z]{2}/********/g'
+Apr 29 09:42:54 brix ovpn-client[1150]: VERIFY OK: nsCertType=SERVER
+Apr 29 09:42:54 brix ovpn-client[1150]: VERIFY OK: depth=0, CN=server
+Apr 29 09:42:54 brix ovpn-client[1150]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
+Apr 29 09:42:54 brix ovpn-client[1150]: WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
+Apr 29 09:42:54 brix ovpn-client[1150]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
+Apr 29 09:42:54 brix ovpn-client[1150]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
+Apr 29 09:42:54 brix ovpn-client[1150]: WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
+Apr 29 09:42:54 brix ovpn-client[1150]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
+Apr 29 09:42:54 brix ovpn-client[1150]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
+Apr 29 10:42:53 brix ovpn-client[1150]: TLS: tls_process: killed expiring key
+Apr 29 10:42:54 brix ovpn-client[1150]: VERIFY OK: depth=1, CN=********.sakura.ne.jp
+Apr 29 10:42:54 brix ovpn-client[1150]: VERIFY OK: nsCertType=SERVER
+Apr 29 10:42:54 brix ovpn-client[1150]: VERIFY OK: depth=0, CN=server
+Apr 29 10:42:54 brix ovpn-client[1150]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
+Apr 29 10:42:54 brix ovpn-client[1150]: WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
+Apr 29 10:42:54 brix ovpn-client[1150]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
+Apr 29 10:42:54 brix ovpn-client[1150]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
+Apr 29 10:42:54 brix ovpn-client[1150]: WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
+Apr 29 10:42:54 brix ovpn-client[1150]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
+Apr 29 10:42:54 brix ovpn-client[1150]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
+```

追記

2018/04/29 02:03

投稿

tkmtmkt

スコア1800

test CHANGED Viewed

@@ -8,18 +8,60 @@
 ```
-+----------------+    +----------------+
++----------------+    +-----------------+
-|  192.168.0.yyy |----| 192.168.5.yyy  |
+|  192.168.0.yyy |----| 192.168.5.yyy   |
-|                |    |                |
+|                |    |                 |
-|  +----------+  |    |  +---------+   |
+|  +----------+  |    |  +----------+   |
-|  | 10.8.0.2 |----------| 10.8.0.5|   |
+|  | 10.8.0.1 |----------| 10.8.0.6 |   |
-|  +----------+  |    |  +---------+   |
+|  +----------+  |    |  +----------+   |
-+----------------+    +----------------+
++----------------+    +-----------------+
 ```
+ルーティング情報はそれぞれ以下の通り。（`proto kernel`はカーネルが自動生成するルート）
+```sh
+# VPNサーバ
+$ ip route
+default via 192.168.0.1 dev eth0 proto static metric 100
+10.8.0.0/24 via 10.8.0.2 dev tun0
+10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
+192.168.0.0/23 dev eth0 proto kernel scope link src 192.168.0.yyy metric 100
+```
+```shoute
+# VPNクライアント
+$ ip r
+default via 192.168.5.1 dev eth0 onlink
+10.8.0.1 via 10.8.0.5 dev tun0
+10.8.0.5 dev tun0  proto kernel  scope link  src 10.8.0.6
+192.168.5.0/24 dev eth0  proto kernel  scope link  src 192.168.5.yyy
+```
+10.8.0.2、10.8.0.5 は仮想ネットワークのネットワークアドレスとして設定されているようで、OpenVPNが設定するデフォルト値のようです。