나는 다음과 같은 설정을 원합니다 :
OpenVPN 클라이언트 <==> Stunnel 클라이언트 <==> 인터넷 <==> Stunnel 서버 <==> OpenVPN 서버
(OpenVPN 클라이언트는 Stunnel 클라이언트하고만 통신합니다.)
기본적으로 Stunnel을 통해 OpenVPN 연결을 터널링하고 싶습니다. 나는 두 개의 우분투 머신과 두 개의 GL-INET VPN 라우터를 가지고 있습니다.
문제: stunnel 및 OpenVPN 클라이언트와 서버의 구성을 설정한 후 OpenVPN 클라이언트의 패킷이 stunnel 서버에 도달할 수 없는 것 같습니다. Stunnel 클라이언트(Ubuntu 시스템에서 실행)에서 연결 거부(111) 오류가 발생합니다.
다음은 다양한 엔드포인트에 대한 세부정보입니다.
OpenVPN 클라이언트: GL-Inet OpenVPN 라우터, Bell 메인 라우터에 연결된 LAN
Stunnel 클라이언트: Ubuntu, Bell 메인 라우터에 연결된 LAN
Stunnel 서버: Ubuntu, LAN이 기본 Wi-Fi 라우터에 연결됨
OpenVPN 서버: Ubuntu, LAN이 기본 Wi-Fi 라우터에 연결됨
이제 OpenVPN 클라이언트에서 연결을 시작하면 UBUNTU 클라이언트에서 다음 오류가 발생합니다: 2023.11.04 21:42:19 LOG3[366]: s_connect: connect 142.198.10.52:443: Connection failed (111)
이 문제를 해결하고 Stunnel 서버와 OpenVPN에 연결하려면 어떻게 해야 합니까?
========================================
구성:
OpenVPN 클라이언트:
client
dev tun
proto tcp
remote 192.168.8.229 2222
resolv-retry infinite
nobind
persist-key
persist-tun
auth SHA256
cipher AES-256-GCM
nice 0
mute 5
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIDCzCCAfOgAwIBAgIUQrgdPuYAe1NsB5pLVpHmJv35mUswDQYJKoZIhvcNAQEF
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIICtTCCAZ0CFG2ihbYNKpQ9vcnoU8/F+yuYalEPMA0GCSqGSIb3DQEBBQUAMBUx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDhutA0gHv08iEn
-----END PRIVATE KEY-----
</key>
클라이언트 STUNNEL 구성:
pid = /var/run/stunnel4/stunnel.pid
output = /var/log/stunnel4/stunnel.log
setuid = stunnel4
setgid = stunnel4
# https://www.stunnel.org/faq.html
socket = r:TCP_NODELAY=1
socket = l:TCP_NODELAY=1
debug = 7
#[yahoo_imaps-client]
#client = yes
#accept = 127.0.0.1:143
#connect = imap.mail.yahoo.com:993
# This requires ca-certificates package
#CApath = /etc/ssl/certs/
#verifyChain = yes
#checkHost = imap.mail.yahoo.com
[ssh_tls-server]
client = yes
accept = 2222
connect = 142.198.10.52:443
PSKsecrets = /etc/stunnel/psk1.txt
클라이언트 연결 로그:
2023.11.04 21:42:19 LOG7[main]: FD=4 events=0x2001 revents=0x0
2023.11.04 21:42:19 LOG7[main]: FD=9 events=0x2001 revents=0x1
2023.11.04 21:42:19 LOG7[main]: Service [ssh_tls-server] accepted (FD=3) from 192.168.8.1:37032
2023.11.04 21:42:19 LOG7[366]: Service [ssh_tls-server] started
2023.11.04 21:42:19 LOG7[366]: Setting local socket options (FD=3)
2023.11.04 21:42:19 LOG7[366]: Option TCP_NODELAY set on local socket
2023.11.04 21:42:19 LOG5[366]: Service [ssh_tls-server] accepted connection from 192.168.8.1:37032
2023.11.04 21:42:19 LOG6[366]: s_connect: connecting 142.198.10.52:443
2023.11.04 21:42:19 LOG7[366]: s_connect: s_poll_wait 142.198.10.52:443: waiting 10 seconds
2023.11.04 21:42:19 LOG7[366]: FD=6 events=0x2001 revents=0x0
2023.11.04 21:42:19 LOG7[366]: FD=11 events=0x2005 revents=0x0
2023.11.04 21:42:19 LOG3[366]: s_connect: connect 142.198.10.52:443: Connection refused (111)
2023.11.04 21:42:19 LOG3[366]: No more addresses to connect
2023.11.04 21:42:19 LOG5[366]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2023.11.04 21:42:19 LOG7[366]: Local descriptor (FD=3) closed
2023.11.04 21:42:19 LOG7[366]: Service [ssh_tls-server] finished (0 left)
서버 오픈VPN:
client
dev tun
proto tcp
remote 142.198.10.52 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth SHA256
cipher AES-256-GCM
nice 0
mute 5
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIDCzCCAfOgAwIBAgIUQrgdPuYAe1NsB5pLVpHmJv35mUswDQYJKoZIhvcNAQEF
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIICtTCCAZ0CFG2ihbYNKpQ9vcnoU8/F+yuYalEPMA0GCSqGSIb3DQEBBQUAMBUx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDhutA0gHv08iEn
-----END PRIVATE KEY-----
</key>
서버 Ubuntu Stunnel:
pid = /var/run/stunnel4/stunnel.pid
output = /var/log/stunnel4/stunnel.log
setuid = stunnel4
setgid = stunnel4
# https://www.stunnel.org/faq.html
socket = r:TCP_NODELAY=1
socket = l:TCP_NODELAY=1
debug = 7
#[yahoo_imaps-client]
#client = yes
#accept = 127.0.0.1:143
#connect = imap.mail.yahoo.com:993
# This requires ca-certificates package
#CApath = /etc/ssl/certs/
#verifyChain = yes
#checkHost = imap.mail.yahoo.com
[openvpn]
client = no
cert = /etc/stunnel/stunnel.pem
accept = 192.168.2.167:9999
connect = 192.168.2.75:1194
ciphers = PSK
PSKsecrets = /etc/stunnel/psk1.txt
서버 초기화 로그(연결이 초기화되면 아무 일도 일어나지 않음):
서버 초기화 로그
2023.11.04 17:31:57 LOG7[main]: Found 1 ready file descriptor(s)
2023.11.04 17:31:57 LOG7[main]: FD=4 events=0x2001 revents=0x0
2023.11.04 17:31:57 LOG7[main]: FD=9 events=0x2001 revents=0x1
2023.11.04 17:31:57 LOG7[main]: Service [openvpn] accepted (FD=3) from 172.104.242.173:40259
2023.11.04 17:31:57 LOG7[0]: Service [openvpn] started
2023.11.04 17:31:57 LOG7[0]: Setting local socket options (FD=3)
2023.11.04 17:31:57 LOG7[0]: Option TCP_NODELAY set on local socket
2023.11.04 17:31:57 LOG5[0]: Service [openvpn] accepted connection from 172.104.242.173:40259
2023.11.04 17:31:57 LOG6[0]: Peer certificate not required
2023.11.04 17:31:57 LOG7[0]: TLS state (accept): before SSL initialization
2023.11.04 17:36:57 LOG6[0]: ssl_start: s_poll_wait: TIMEOUTbusy exceeded: sending reset
2023.11.04 17:36:57 LOG7[0]: FD=6 events=0x2001 revents=0x0
2023.11.04 17:36:57 LOG7[0]: FD=3 events=0x2001 revents=0x0
2023.11.04 17:36:57 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2023.11.04 17:36:57 LOG7[0]: Local descriptor (FD=3) closed
2023.11.04 17:36:57 LOG7[0]: Service [openvpn] finished (0 left)