|
Raspberry Pi B+をOpenVPNクライアントにしてLAN to LANにしてみた(5)
やっと最終ステップです
7. クライアント側マシンでのOpenVPN自動起動設定
いよいよ最終段階。先ずはOpenVPNクライアントから接続テストをしてみます。Raspberry Piにrootでログインして、
# /usr/sbin/openvpn /etc/openvpn/client.conf
Sat Jan 10 10:48:33 2015 OpenVPN 2.2.1 arm-linux-gnueabihf [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 1 2014
Sat Jan 10 10:48:33 2015 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Jan 10 10:48:33 2015 LZO compression initialized
Sat Jan 10 10:48:33 2015 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jan 10 10:48:33 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sat Jan 10 10:48:33 2015 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jan 10 10:48:33 2015 Local Options hash (VER=V4): '41690919'
Sat Jan 10 10:48:33 2015 Expected Remote Options hash (VER=V4): '530fdded'
Sat Jan 10 10:48:33 2015 UDPv4 link local: [undef]
Sat Jan 10 10:48:33 2015 UDPv4 link remote: [AF_INET]153.194.150.127:1194
Sat Jan 10 10:48:33 2015 TLS: Initial packet from [AF_INET]153.194.150.127:1194, sid=61815d5b 0ab44fbf
Sat Jan 10 10:48:34 2015 VERIFY OK: depth=1, /C=JP/ST=Shizuoka/L=Makinohara/O=Private/CN=MyServer/emailAddress=hoge@xxx.ne.jp
Sat Jan 10 10:48:34 2015 VERIFY OK: nsCertType=SERVER
Sat Jan 10 10:48:34 2015 VERIFY OK: depth=0, /C=JP/ST=Shizuoka/L=Makinohara/O=Private/CN=server/emailAddress=hoge@xxx.ne.jp
Sat Jan 10 10:48:34 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 10 10:48:34 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 10 10:48:34 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 10 10:48:34 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 10 10:48:34 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jan 10 10:48:34 2015 [server] Peer Connection Initiated with [AF_INET]153.194.150.127:1194
Sat Jan 10 10:48:36 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jan 10 10:48:36 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat Jan 10 10:48:36 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan 10 10:48:36 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jan 10 10:48:36 2015 OPTIONS IMPORT: route options modified
Sat Jan 10 10:48:36 2015 ROUTE default_gateway=192.168.0.1
Sat Jan 10 10:48:36 2015 TUN/TAP device tun0 opened
Sat Jan 10 10:48:36 2015 TUN/TAP TX queue length set to 100
Sat Jan 10 10:48:36 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jan 10 10:48:36 2015 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Sat Jan 10 10:48:36 2015 /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.8.0.5
Sat Jan 10 10:48:36 2015 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Sat Jan 10 10:48:36 2015 Initialization Sequence Completed
|
と言う具合に、最後に "Initialization Sequence Completed" と出れば多分大丈夫。何かエラーメッセージが出る場合は、設定ファイル等に誤りが無いか確認します。
OpenVPNサーバとの接続が成功したら、pingが通るか確認します。もう一つ別に Raspberry Piにログインして、先ずはOpenVPNサーバへpingを投げてみます。
$ ping -c5 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=29.5 ms
64 bytes from 10.8.0.1: icmp_req=2 ttl=64 time=28.6 ms
64 bytes from 10.8.0.1: icmp_req=3 ttl=64 time=28.3 ms
64 bytes from 10.8.0.1: icmp_req=4 ttl=64 time=31.1 ms
64 bytes from 10.8.0.1: icmp_req=5 ttl=64 time=28.6 ms
--- 10.8.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 28.329/29.271/31.159/1.035 ms
|
OpenVPNサーバとは無事にpingが通っているようです。次は、自宅(OpenVPNサーバ)側LANに繋がっている装置(PCやNAS)にpingが通るか試してみました。
$ ping -c5 192.168.1.nnn
PING 192.168.1.nnn (192.168.1.nnn) 56(84) bytes of data.
64 bytes from 192.168.1.nnn: icmp_req=1 ttl=62 time=30.3 ms
64 bytes from 192.168.1.nnn: icmp_req=2 ttl=63 time=28.0 ms
64 bytes from 192.168.1.nnn: icmp_req=3 ttl=63 time=27.8 ms
64 bytes from 192.168.1.nnn: icmp_req=4 ttl=63 time=27.9 ms
64 bytes from 192.168.1.nnn: icmp_req=5 ttl=63 time=27.8 ms
--- 192.168.1.nnn ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 27.853/28.397/30.327/0.972 ms
|
こちらも大丈夫な様子。次は自宅(OpenVPNサーバ)側LANに繋がっているPCにログインして、そこから新居(OpenVPNクライアント)側LANに繋がっているPCに向かってpingを投げてみます。
$ ssh root@192.168.1.nnn
The authenticity of host 'ReadyNAS (192.168.1.nnn)' can't be established.
ECDSA key fingerprint is 01:12:23:34:45:56:67:78:89:9a:ab:bc:cd:de:ef:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ReadyNAS,192.168.1.nnn' (ECDSA) to the list of known hosts.
root@ReadyNAS's password:
Welcome to ReadyNASOS 6.2.2
Last login: Sun Jan 4 17:28:06 2015 from 192.168.0.xxx
root@ReadyNAS:~# ping -c5 192.168.0.xxx
PING 192.168.0.xxx (192.168.0.xxx): 56 data bytes
64 bytes from 192.168.0.xxx: seq=0 ttl=62 time=30.422 ms
64 bytes from 192.168.0.xxx: seq=1 ttl=62 time=29.488 ms
64 bytes from 192.168.0.xxx: seq=2 ttl=62 time=29.414 ms
64 bytes from 192.168.0.xxx: seq=3 ttl=62 time=29.354 ms
64 bytes from 192.168.0.xxx: seq=4 ttl=62 time=29.947 ms
--- 192.168.0.xxx ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 29.354/29.725/30.422 ms
|
これも大丈夫なようですね。互いのLAN間でpingが通ることが確認できましたので、これで接続テスト完了。最初に動かした OpenVPNクライアントを^Cを叩いて止めて、デーモンとして自動起動するようにしましょう。
^C
Sat Jan 10 11:22:13 2015 event_wait : Interrupted system call (code=4)
Sat Jan 10 11:22:13 2015 TCP/UDP: Closing socket
Sat Jan 10 11:22:13 2015 /sbin/route del -net 10.8.0.1 netmask 255.255.255.255
Sat Jan 10 11:22:13 2015 /sbin/route del -net 192.168.1.0 netmask 255.255.255.0
Sat Jan 10 11:22:13 2015 Closing TUN/TAP interface
Sat Jan 10 11:22:13 2015 /sbin/ifconfig tun0 0.0.0.0
Sat Jan 10 11:22:13 2015 SIGINT[hard,] received, process exiting
# chkconfig openvpn on
# chkcofig --list openvpn
openvpn 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# /etc/init.d/openvpn start
Starting virtual private network daemon: client.
|
以上でOpenVPNでLAN to LANの環境ができました。この環境ができてしまうと、これが実に快適。単にTunnelblickを起動しなくても済むようになっただけなのですが、この一手間が無くなっただけで快適に感じるとは結構意外でした。
|
