{"id":1703,"date":"2020-02-17T11:14:42","date_gmt":"2020-02-17T10:14:42","guid":{"rendered":"http:\/\/clark.tipistrani.it\/?p=1703"},"modified":"2020-02-17T11:14:42","modified_gmt":"2020-02-17T10:14:42","slug":"accesso-a-samba-tramite-openvpn-su-ipad-2-2-2","status":"publish","type":"post","link":"http:\/\/clark.tipistrani.it\/?p=1703","title":{"rendered":"Configurazione OpenVPN su Android 7.0 con tls-auth"},"content":{"rendered":"

Avendo cambiato il server Openvpn, rigenerato chiavi e certificati e aggiunto l’auth -tls ho dovuto riscrivere anche i client per android che come la volta precedente sono con estensione .ovpn<\/p>\n

Si tratta ora di creare il file .ovpn che contiene come per apple\u00a0 sia le istruzioni relative alla connessione al server Openvpn che i certificati ca.crt, android01.crt e androi01.key\u00a0 racchiusi tra tag in questo modo:<\/p>\n

client
\ndev tun
\nproto tcp
\nremote xxx.xxx.xxx.xxx 775
\nremote yyy.yyy.yyy.yyy 775<\/p>\n

resolv-retry infinite
\nnobind
\npersist-key
\npersist-tun
\nmute-replay-warnings
\nremote-cert-tls server
\ncipher AES-256-CBC
\nauth SHA256
\ncompress lz4-v2
\nverb 3
\nkey-direction 1
\n<ca>
\n—–BEGIN CERTIFICATE—–
\nMIIDVTCCAr6gAwIBAgIJAJIIm5Kj+g2yMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
\nBAYTAklUMQswCQYDVQQIEwJNSTEOMAwGA1UEBxMFTWlsYW4xEzARBgNVBAoTClpp
\nbmNvbWV0YWwxFjAUBgNVBAMTDVppbmNvbWV0YWwgQ0ExIjAgBgkqhkiG9w0BCQEW
\nE3N1cHBvcnRAZHluYW1pY2EuaXQwHhcNMTAwNDAyMTIxMTM1WhcNMjAwMzMwMTIx
\nMTM1WjB7MQswCQYDVQQGEwJJVDELMAkGA1UECBMCTUkxDjAMBgNVBAcTBU1pbGFu
\nMRMwEQYDVQQKEwpaaW5jb21ldGFsMRYwFAYDVQQDEw1aaW5jb21ldGFsIENBMSIw
\nIAYJKoZIhvcNAQkBFhNzdXBwb3J0QGR5bmFtaWNhLml0MIGfMA0GCSqGSIb3DQEB
\nAQUAA4GNADCBiQKBgQCyVVR5XjbvF9KZpzc4OuqJkiI25+kdf8cgllS1+GHcorhQ
\n—–END CERTIFICATE—–
\n<\/ca>
\n<cert>
\n—–BEGIN CERTIFICATE—–
\nMIIDtTCCAx6gAwIBAgIBFDANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJJVDEL
\nMAkGA1UECBMCTUkxDjAMBgNVBAcTBU1pbGFuMRMwEQYDVQQKEwpaaW5jb21ldGFs
\nMRYwFAYDVQQDEw1aaW5jb21ldGFsIENBMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0
\nQGR5bmFtaWNhLml0MB4XDTE1MDkyNDA2NTc0NloXDTI1MDkyMTA2NTc0NlowgZIx
\nCzAJBgNVBAYTAklUMQswCQYDVQQIEwJNSTEOMAwGA1UEBxMFTWlsYW4xEzARBgNV
\nBAoTClppbmNvbWV0YWwxHDAaBgNVBAsUE1N5c3RlbSAmIE5ldHdvcmtpbmcxDzAN
\nBgNVBAMTBmlwYWQwMTEiMCAGCSqGSIb3DQEJARYTc3VwcG9ydEBkeW5hbWljYS5p
\ncUQRn5xIhO4sraeLfRvUZgBOVkLlZOX3qj7jsx0FhJ\/R7LEJw09wJjE=
\n—–END CERTIFICATE—–
\n<\/cert>
\n<key>
\n—–BEGIN PRIVATE KEY—–
\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANqSCOiPCxxsqS9U
\nytCHBuXwtNb34zpyH\/biM8zrLZml9jiLmaFiQVN\/0H5mcar4X0ii5\/gXbU8nLFlv
\nsjvldBhwz7QlBrQoimg6SOgqWSiq1owMHkXSCqI7ZmtyEXgh7taGbS0SzUyeBOsZ
\nDhQbOUJCzFbTq\/1ywYUHu9fj\/8oNAgMBAAECgYEAghxuyynj3l7c8\/0Q4sOOmrEI
\n—–END PRIVATE KEY—–
\n<\/key><\/p>\n

<tls-auth>
\n—–BEGIN OpenVPN Static key V1—–
\n9fb1d5631195e587cdafc1e6c9133053
\n7aa9dafd570eaff6adf2f47a03c40755
\nd8601e321224968e24633a422d08b07e
\nd6c163f998fd0593cb5f060abc03d4a9
\nbf8f812d76423d7ba35655349d4da461
\n4d4dc6a82f886e69436ec650afca5e81
\nef731864613c231af03f4c0fd86fe3ba
\n14e155dd866eb440879dc8b62e959f5c
\n7649ac21828513ea63c08dbbe73a3542
\n769dd5c81787a19511d181595b607265
\n48a5782ae2860b5df19c0bf1a7c21119
\n6192561a16cb1778d1911f949d73a467
\na41c9f2ede078ea859d896d47552a094
\nbe52f94bb26c30d0469db1a88a8c7753
\n0e305c79d5f9f277006d3d6000fac1d1
\n—–END OpenVPN Static key V1—–
\n<\/tls-auth><\/p>\n

e sul server nella directory ccd creo il file android01 che contiene:<\/p>\n

ifconfig-push 172.27.1.50 172.27.1.51
\npush “route 192.168.2.0 255.255.255.0”
\npush “dhcp-option DOMAIN myfirm.local”
\npush “dhcp-option DNS 192.168.2.224”
\npush “dhcp-option DNS 192.168.3.227”<\/p>\n

 <\/p>\n

Un restart al server OpenVPN per fargli digerire le modifiche e di nuovo spediamo usando la mail spediamo il file android01.ovpn al tablet una volta arrivata la mail si scarica l’allegato si apre\u00a0 OpenVPN Connect e si sceglie OVPN Profile per importarlo, una volta fatto si fa scorrere il tastino che appare e dopo pochi secondi si e’ bellamente connessi.<\/p>\n

Mi 31<\/div>\n","protected":false},"excerpt":{"rendered":"

Avendo cambiato il server Openvpn, rigenerato chiavi e certificati e aggiunto l’auth -tls ho dovuto riscrivere anche i client per android che come la volta precedente sono con estensione .ovpn Si tratta ora di creare il file .ovpn che contiene come per apple\u00a0 sia le istruzioni relative alla connessione al server Openvpn che i certificati […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,14,6],"tags":[125,78,62,126],"class_list":["post-1703","post","type-post","status-publish","format-standard","hentry","category-linux","category-networking","category-work","tag-android","tag-openvpn","tag-tcp","tag-tun"],"_links":{"self":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/1703","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1703"}],"version-history":[{"count":1,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/1703\/revisions"}],"predecessor-version":[{"id":1704,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/1703\/revisions\/1704"}],"wp:attachment":[{"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1703"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}