dan disetujui, berikut ini adalah skema rancangan jaringan yang akan dibangun.
Gambar 4.1 ..... pengecekan pada ipconfig masing-masing komputer client dan.
BAB 4 PERANCANGAN DAN EVALUASI
4.1
Perancangan Jaringan VPN
Berdasarkan permasalahan yang dihadapi PT. Sandang Makmur Anugrah, maka usulan pemecahan masalah dengan menggunakan VPN diajukan dan disetujui, berikut ini adalah skema rancangan jaringan yang akan dibangun.
Gambar 4.1 - Rancangan Jaringan VPN Dari Gambar tersebut dapat dilihat bahwa secara garis besar terdapat terdapat 4 buah jaringan dalam kantor PT. Sandang Makmur Anugrah. Keempatnya terhubung dengan sebuah router dan router tersebut terkoneksi internet melalui sebuah modem ADSL. Dengan topologi ini, maka client dapat terhubung ke dalam kantor melalui internet yang mekanismenya diatur oleh sebuah VPN Server.
59
60
Gambar 4.2 – Diagram Use Case Jaringan VPN 4.2
Hardware dan Software yang digunakan Berikut ini hardware dan software yang kami gunakan dalam perancangan jaringan VPN pada PT. Sandang Makmur Anugrah. Hardware: Spesifikasi server : Processor
Intel Pentium 4 3.0 GHz
Harddisk
40 GB
Memory
2 GB
LAN card
D-Link 10/100 DFE-528 TX
Operating System
Ubuntu Server 9.10
61
Spesifikasi Client 1 yang digunakan untuk pengetesan : Brand
Acer Aspire 4530
Processor
AMD Turion TL – 58 1.9 GHz x 2
Harddisk
80 GB
Memory
2 GB
LAN card
Nvidia network adapter
Operating System
Windows 7
Spesifikasi Client 2 yang digunakan untuk pengetesan : Brand
-
Processor
AMD Phenom x4 3.0 GHz
Harddisk
500 GB
Memory
4 GB
LAN card
Onboard
Operating System
Windows 7
Software : •
Ubuntu Server 9.10
•
Windows 7
•
OpenVPN v2.1
•
Ddclient
•
WireShark
62
4.3
Instalasi OpenVPN Berikut
ini
dijelaskan
langkah-langkah
yang
dilakukan
dalam
penginstallan software openVPN pada server (OS Ubuntu Server 9.10) dan pada client (OS Windows 7) 4.3.1 Instalasi OpenVPN pada server 1. Instal openVPN pada server. root@vpn:/# apt-get install openvpn
2. Setelah instalasi dilakukan, copy konfigurasi awal dan script ke folder /etc/openvpn yang nantinya dibutuhkan dalam konfigurasi. root@vpn:/#cp –Rf /usr/share/doc/openvpn/examples/easy-rsa/* /etc/openvpn/ root@vpn:/#cp- Rf /usr/share/doc/openvpn/examples/sampleconfig-files /etc/openvpn/
3. Setelah file konfigurasi ter-copy maka proses instalasi pada server selesai, dan tinggal melakukan konfigurasi pada openVPN. 4.3.2 Instalasi OpenVPN pada client 1. Download software openVPN versi GUI untuk OS windows di http://www.openvpn.net/release/openvpn-2.1_rc20-install.exe. 2. Jalankan software openVPN yang telah didownload dan lakukan penginstalan software sampai selesai.
63
Gambar 4.3- Proses Instalasi Selesai 3. Setelah terinstal, buka network and sharing center pada control panel. Akan terlihat network adapter baru dengan definisi TAP32. Rename interface tersebut menjadi openVPN. Nanti nama ini akan didefinisikan dalam file client.ovpn 4. Setelah selesai, tahap berikutnya adalah melakukan konfigurasi pada openVPN yang akan di jelaskan pada bagian berikutnya.
4.4
Konfigurasi openVPN Setelah dilakukan instalasi openVPN pada server dan client, maka tahap selanjutnya adalah melakukan konfigurasi yang dibutuhkan agar VPN dapat bekerja.
64
4.4.1 Konfigurasi pada Server 1. Masuk ke folder openvpn yang terletak di /etc/openvpn/2.0/ root@vpn:/#cd /etc/openvpn/2.0/
2. Lakukan konfigurasi pada file vars, isi dari file vars berguna sebagai data dasar dalam pembuatan sertifikat digital. Sesuaikan konfigurasi sesuai lingkungan server. root@vpn:/etc/openvpn/2.0#vim vars
Akan terbuka isi dari file vars, berikut file vars yang telah dikonfigurasi: export EASY_RSA="`pwd`" export OPENSSL="openssl" export PKCS11TOOL="pkcs11-tool" export GREP="grep" export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` export KEY_DIR="$EASY_RSA/keys" echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR export PKCS11_MODULE_PATH="dummy" export PKCS11_PIN="dummy" export KEY_SIZE=1024 export CA_EXPIRE=3650 export KEY_EXPIRE=3650 export KEY_COUNTRY="ID" export KEY_PROVINCE="DKI" export KEY_CITY="Jakarta" export KEY_ORG="sandangmakmuranugrah" export KEY_EMAIL="
[email protected]"
65
3. Membuat certificate authority (CA) root@vpn:/etc/openvpn/2.0#source ./vars root@vpn:/etc/openvpn/2.0#./clean-all root@vpn:/etc/openvpn/2.0#./build-ca
Dalam proses build-ca, aka nada beberapa pertanyaan yang jawabannya sudah kita set dalam file vars sebagai jawaban default. Bila jawaban masih sama dengan jawaban default, maka cukup melanjutkan dengan menekan enter saja. Setelah proses pembuatan CA selesai, cek hasilnya pada folder keys, bila terdapat file ca.crt, ca.key, index.txt dan serial, maka pembuatan certificate authority telah berhasil. 4. Membuat certificate key untuk server root@vpn:/etc/openvpn/2.0#./build-key-server server
Biasanya akan ditanya ulang untuk mengisi konfigurasi yang telah kita buat pada file vars tadi (seperti pada pembuatan CA). Bila jawaban masih sesuai dengan jawaban default, maka cukup melanjutkan dengan menekan enter saja. Akan muncul pertanyaan untuk password. Masukkan password sesuai yang diinginkan.
66
Terakhir akan muncul pertanyaan konfirmasi untuk membuat file certificate key server ini, lanjutkan dengan menjawab “y”. 5. Membuat certificate key untuk client Untuk client, dibuat 2 key awal, pertama untuk manager, kedua untuk director. Berikut adalah proses pembuatan client key untuk manager. root@vpn:/etc/openvpn/2.0#./build-key manager
Berikutnya akan muncul pertanyaan-pertanyaan seperti pada saat membuat certificate-key untuk server. Lakukan aksi yang sama dalam pembuatan key pada client ini. 6. Membuat Deffie-Helman parameter root@vpn:/etc/openvpn/2.0#./build-dh
7. Membuat ta.key sebagai shared secret key yang digunakan untuk memperketat sistem proteksi VPN. root@vpn:/etc/openvpn/2.0#openvpn –genkey –secret
8. Konfigurasi server.conf sebagai file konfigurasi utama openVPN.
67
Terlebih dahulu, copy file server.conf dari folder /sample-configfiles ke folder utama openvpn. root@vpn:/etc/openvpn/2.0#cp /sample-config-files/server.conf server.conf Berikutnya lakukan konfigurasi pada file server.conf tadi. Dibawah ini adalah hasil dari konfigurasi file server.conf. 1|port 1194 2|proto udp 3|dev tun 4|ca keys/ca.crt 5|cert keys/server.crt 6|key keys/server.key # This file should be kept secret 7|dh keys/dh1024.pem 8|server 10.10.10.0 255.255.255.0 9|ifconfig-pool-persist ipp.txt 10|push "route 192.168.2.0 255.255.255.0" 11|push "route 192.168.3.0 255.255.255.0" 12|push "route 192.168.4.0 255.255.255.0" 13|push "route 192.168.5.0 255.255.255.0" 14|client-to-client 15|keepalive 10 120 16|tls-auth ta.key 0 # This file is secret 17|cipher AES-128-CBC # AES 18|comp-lzo 19|user nobody 20|group nogroup 21|persist-key 22|persist-tun 23|status openvpn-status.log 24|verb 3
Penjelasan: •
Baris 1 : Port yang digunakan untuk koneksi VPN adalah port 1194. Karena port 1194 merupakan official port OpenVPN yang di-assign oleh IANA.
68
•
Baris 2 : Protokol internet yang digunakan udp, karena paket udp lebih kecil dibanding tcp, sehingga diharapkan proses pertukaran data semakin cepat. Meskipun tidak menutup kemungkinan tcp akan lebih cepat dalam beberapa kasus tertentu.
Gambar 4.4 – Perbandingan Paket TCP & UDP (sumber: http://www.skullbox.net/tcpudp.php, akses: 09-02-2010)
69
•
Baris 3 : Virtual device yang digunakan adalah tun, karena tun lebih sesuai untuk proses routing. (pilihan lain adalah tap, tap baik untuk bridging, namun kita tidak lebih banyak melakukan routing)
•
Baris 4-7 : Letak dari certificate key yang telah dibuat
•
Baris 8 : Sistem pengalamatan dari client maupun server di tetapkan berada dalam subnet 10.10.10.0/24
•
Baris 9 : Sistem akan mencatat log dari client yang telah terkoneksi sebelumnya dan disimpan di file ipp.txt. Selanjutnya, apabila client yang sama melakukan koneksi kembali, maka akan mendapatkan ip yang sama seperti sebelumnya.
•
Baris 10-13 : Sistem akan melakukan push route ke masing-masing client, sehingga client dapat berhubungan dengan subnet-subnet yang berada dibelakang VPN server.
•
Baris 14 : Client yang aktif dapat melihat dan berhubungan dengan client lain yang sedang aktif juga.
•
Baris 15 : Server dan client akan saling mengecek status masing-masing dengan mengirimkan ping setiap 10 detik. Apabila selama 120 detik tidak mendapatkan reply, maka status salah satu dianggap down.
70
•
Baris 16 : Menggunakan ta.key sebagai shared secret key untuk memperketat koneksi, juga menunjukkan dimana letak key tersebut. Untuk sisi server, parameter yang digunakan adalah “0”.
•
Baris 17 : Cipher chryptography yang digunakan adalah AES-128-CBC
•
Baris 18 : Enable sistem kompresi data pada koneksi VPN
•
Baris 19-20 : Downgrade privilages setelah initialisasi untuk mencegah gagal akses.
•
Baris 21-22 : Menghindari pengaksesan resource tertentu pada saat setelah restart, dimana resource tersebut seharusnya tidak lagi dapat diakses (pada saat downgrade privilages resource dapat diakses, namun setelah restart harusnya downgrade privilages tidak berlaku, sehingga resource kembali tidak dapat diakses).
•
Baris 23 : Mencatat status server meliputi current connection, truncated dan rewritten connection setiap menit ke dalam file openvpn-status.log
•
Baris 24 : Setting verbosity
71
4.4.1.1
Memasang ddclient pada server Ddclient adalah software dari dyndns yang berfungsi untuk meng-update alamat ip server setiap ada perubahan (koneksi server menggunakan speedy, dimana ip yang diberikan dynamic / tidak tetap). Hal ini berguna agar client yang ingin terkoneksi ke server tidak perlu repot mencari tahu ip server yang sedang aktif saat itu. Langkah pemasangan : 1. Register pada situs www.dyndns.org untuk mendapatkan dns service secara gratis. 2. Install ddclient pada server. root@vpn:/#apt-get install ddclient
3. Konfigurasi file ddclient.conf pada /etc/ root@vpn:/#vim /etc/ddclient.conf
Lakukan konfigurasi sebagai berikut: # Configuration file for ddclient generated by debconf # # /etc/ddclient.conf daemon=60 cache=/tmp/ddclient.cache pid=/var/run/ddclient.pid
72 protocol=dyndns2 use=web, web=checkip.dyndns.com, web-skip='IP Address' server=members.dyndns.org login=solidcroc password='123456' custom=yes sandangvpn.dyndns.org
Baris login dan password diisi sesuai data register kita pada website www.dyndns.org. Sandangvpn.dyndns.org merupakan nama domain yang telah didaftarkan melalui dyndns untuk ip server. 4. Restart daemon ddclient root@vpn:/#./etc/init.d/ddclient restart
4.4.2
Konfigurasi pada client 1. Mengambil key yang dibutuhkan client yang telah dibuat server, kemudian meletakkan file-file key tersebut ke folder config pada direktori openvpn. Key-key tersebut antara lain: •
ca.crt
•
[nama_client].crt
•
[nama_client.key
•
ta.key
73
Pada pembahasan ini, client yang di dokumentasikan adalah director. 2. Mengambil sampel client.conf dari server (pada direktori /etc/openvpn/2.0/sample-config-files)
dan
meletakkannya
folder config pada direktori openvpn.
Gambar 4.5 – Hasil Peletakkan Key dan Config Client 3. Rename file client.conf menjadi client.ovpn 4. Lakukan konfigurasi pada client.ovpn menggunakan wordpad Berikut ini hasil konfigurasi pada client.ovpn 1|client 2|dev tun 3|dev-node openVPN 4|proto udp 5|remote sandangvpn.dyndns.org 1194 6|resolv-retry infinite 7|nobind 8|persist-key 9|persist-tun 10|ca ca.crt 11|cert director.crt 12|key director.key 13|tls-auth ta.key 1
di
74 14|cipher AES-128-CBC 15|comp-lzo 16|verb 3
Penjelasan: •
Baris 1 : Definisi machine (sebagai client)
•
Baris 2 : Device yang digunakan tun, sesuai yang di konfigurasi di server
•
Baris 3 : Network adapter yang digunakan untuk koneksi vpn adalah network adapter dengan nama openVPN
•
Baris 4 : Protokol yang digunakan udp, sesuai yang di konfigurasi di server
•
Baris 5 : Koneksi dilakukan dengan menghubungi server VPN dengan alamat sandangvpn.dyndns.org
•
Baris 6 : Terus menghubungi server sampai mendapatkan reply
•
Baris 7 : Client tidak melakukan bind ke local port tertentu
•
Baris 8-9 : Mengembalikkan status awal ketika restart dilakukan
•
Baris 10-12 : Letak certificate key untuk client
75
•
Baris 13 : Mengaktifkan tls-auth dengan menunjukkan letak ta.key dan mengeset parameter menjadi “1” (berarti sebagai client)
•
Baris 14 : Mengaktifkan chryptography cipher sesuai dengan konfigurasi di sisi server
•
Baris 15 : Mengaktifkan kompresi paket sesuai dengan konfigurasi di sisi server
•
4.5
Baris 16 : Setting verbosity
Proses Koneksi Server – Client Setelah instalasi dan konfigurasi openVPN, berikutnya akan dijalankan daemon openVPN pada sisi server dan client. 4.5.1
Running pada Server Berikut ini langkah-langkah pengoperasian openvpn pada server: 1. Pada console, jalankan server dengan perintah: root@vpn:/#openvpn –config /etc/openvpn/2.0/server.conf
2. Setelah menjalankan command itu, server akan bekerja, berikut ini gambar server yang ready to serve. Tue Dec 1 22:55:28 2009 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009 Tue Dec 1 22:55:28 2009 NOTE: OpenVPN 2.1 requires '--script-
76 security 2' or higher to call user-defined scripts or executables Tue Dec 1 22:55:28 2009 Diffie-Hellman initialized with 1024 bit key Tue Dec 1 22:55:28 2009 /usr/bin/openssl-vulnkey -q -b 1024 -m Tue Dec 1 22:55:28 2009 TLS-Auth MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Dec 1 22:55:28 2009 ROUTE default_gateway=192.168.2.1 Tue Dec 1 22:55:28 2009 TUN/TAP device tun0 opened Tue Dec 1 22:55:28 2009 TUN/TAP TX queue length set to 100 Tue Dec 1 22:55:28 2009 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500 Tue Dec 1 22:55:28 2009 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2 Tue Dec 1 22:55:28 2009 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Tue Dec 1 22:55:28 2009 GID set to nogroup Tue Dec 1 22:55:28 2009 UID set to nobody Tue Dec 1 22:55:28 2009 Socket Buffers: R=[114688->131072] S=[114688->131072] Tue Dec 1 22:55:28 2009 UDPv4 link local (bound): [undef]:1194 Tue Dec 1 22:55:28 2009 UDPv4 link remote: [undef] Tue Dec 1 22:55:28 2009 MULTI: multi_init called, r=256 v=256 Tue Dec 1 22:55:28 2009 IFCONFIG POOL: base=10.10.10.4 size=62 Tue Dec 1 22:55:28 2009 IFCONFIG POOL LIST Tue Dec 1 22:55:28 2009 director,10.10.10.4 Tue Dec 1 22:55:28 2009 manager,10.10.10.8 Tue Dec 1 22:55:28 2009 Initialization Sequence Completed
Gambar 4.6 – Ready to Serve 3. Selanjutnya bila ada client yang request untuk terhubung ke server, maka tampilan pada layar akan seperti berikut:
Tue Dec 1 23:00:36 2009 MULTI: multi_create_instance called Tue Dec 1 23:00:36 2009 125.160.141.35:64519 Re-using SSL/TLS context Tue Dec 1 23:00:36 2009 125.160.141.35:64519 LZO compression initialized Tue Dec 1 23:00:36 2009 125.160.141.35:64519 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Dec 1 23:00:36 2009 125.160.141.35:64519 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Tue Dec 1 23:00:36 2009 125.160.141.35:64519 Local Options hash (VER=V4): 691e95c7' Tue Dec 1 23:00:36 2009 125.160.141.35:64519 Expected Remote Options hash VER=V4): '66096c33' Tue Dec 1 23:00:36 2009 125.160.141.35:64519 TLS: Initial packet from 25.160.141.35:64519, sid=ed5ed011 1795fe85 Tue Dec 1 23:00:36 2009 125.160.141.35:64519 VERIFY OK: depth=1, C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_S rver/
[email protected] Tue Dec 1 23:00:36 2009 125.160.141.35:64519 VERIFY OK: depth=0,
77 C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Dir ktur_Sandang_Makmur_Anugrah/
[email protected] Tue Dec 1 23:00:36 2009 125.160.141.35:64519 Data Channel Encrypt: Cipher 'AES-128CBC' initialized with 128 bit key Tue Dec 1 23:00:36 2009 125.160.141.35:64519 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Dec 1 23:00:36 2009 125.160.141.35:64519 [director] Peer Connection Initiated with 25.160.141.35:64519 Tue Dec 1 23:00:36 2009 director/125.160.141.35:64519 MULTI: Learn: 10.10.10.6 -> irector/125.160.141.35:64519 Tue Dec 1 23:00:36 2009 director/125.160.141.35:64519 MULTI: primary virtual IP for irector/125.160.141.35:64519: 10.10.10.6 Tue Dec 1 23:00:38 2009 director/125.160.141.35:64519 PUSH: Received control message: 'PUSH_REQUEST' Tue Dec 1 23:00:38 2009 director/125.160.141.35:64519 SENT CONTROL [director]: PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology et30,ping 10,ping-restart 120,ifconfig 10.10.10.6 10.10.10.5' (status=1)
Gambar 4.7 – Connection Accepted 4.5.2
Running pada Client Berikut ini langkah-langkah pengoperasian openvpn pada client: 1. Setelah instalasi openVPN pada client, akan muncul desktop icon baru. Doubleclick icon tersebut.
Gambar 4.8 – Shortcut icon openVPN GUI 2. Maka pada toolbar di sudut kanan bawah pada desktop akan muncul menu openvpn
78
Gambar 4.9 – openVPN toolbar 3. Klik kanan icon tersebut, akan muncul jendela baru, kemudian pilih connect.
Gambar 4.10 – Jendela menu openVPN 4. Client akan mencoba menghubungi server, dan jika server merespon, hasilnya akan sebagai berikut:
79
Gambar 4.11 – Connection Succeed 5. Selanjutnya client telah terkoneksi dengan vpn server dan mendapatkan ip address tambahan, yang di-assign oleh vpn server.
4.5.3
Penambahan jalur routing pada router, dan server Saat ini, antara client dan server, dan antara client dan client sudah saling terhubung dan dapat bertukar data. Namun client masih belum dapat terhubung ke jaringan intranet PT. Sandang Makmur Anugrah via VPN server. Hal ini disebabkan karena belum ada nya pendefinisian rute baik pada jaringan intranet, maupun pada server. Langkah selanjutnya adalah penambahan static route pada router dengan definisi: Route add 10.10.10.0 mask 255.255.255.0 192.168.2.2
80
•
10.10.10.0 adalah subnet jaringan yang dibentuk oleh openVPN, antara lain mencakup VPN server dan para client
•
255.255.255.0 adalah subnet mask dari subnet vpn
• 192.168.2.2 adalah ip private yang di assign router kepada vpn server
Dengan command ini, maka semua subnet dibawah router akan mengetahui jalan menuju client yaitu via VPN server 192.168.2.2. Selanjutnya akan dilakukan NAT Proxiying pada server, tujuannya adalah agar semua paket client yang menuju intranet di tulis ulang source ip address nya, agar paket tersebut dikenal berasal dari VPN server. Dalam NAT ini akan digunakan masquerade karena gateway dari VPN server bersifat dynamic (untuk static biasanya digunakan snat). Berikut command pada VPN server: root@vpn:/#echo 1 > /proc/sys/net/ipv4/ip_forward root@vpn:/#iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o tun0 -j MASQUERADE
Setelah selesai, maka jaringan intranet server dan para client dapat saling berhubungan.
81
4.6
Evaluasi 4.6.1
Skenario Uji Kelayakan Untuk uji kelayakan server openVPN yang dibuat belum ditemukan standar yang baku. Karena itu disusun skenario uji kelayakan berdasarkan kebutuhan user terhadap server. Diantaranya: 1. Uji Konektivitas Uji ini dilakukan karena kebutuhan user untuk melakukan koneksi pada server, sehingga dapat melakukan pertukaran data. 2. Uji Transfer Data Uji ini dilakukan untuk mengetahui apakah transfer data melalui server sudah dapat memenuhi kebutuhan user. 3. Uji Stabilitas Uji ini perlu dilakukan karena server akan digunakan dalam jangka waktu 24/7, sehingga perlu adanya pengujian stabilitas server. 4. Uji Keamanan Uji ini dilakukan karena merupakan salah satu tujuan dari pembuatan jaringan VPN ini.
82
4.6.2
Uji Kelayakan Uji kelayakan ini dilakukan untuk mengevaluasi kinerja dari VPN yang telah dibuat. Pengujian ini dibagi menjadi beberapa bagian. Antara lain: 4.6.2.1 Uji konektivitas Pengujian konektivitas dapat dilakukan dengan melakukan pengecekan pada ipconfig masing-masing komputer client dan server, routing table, pengukuran latency antara komputerkomputer client dan juga antara server dan client. 1. IPCONFIG Client
Ethernet adapter openVPN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V9 Physical Address. . . . . . . . . : 00-FF-9D-2F-1E-97 P Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes a IP Address. . . . . . . . . . . . : 10.10.10.10 Subnet Mask . . . . . . . . . . . : 255.255.255.252 dDefault Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.10.10.9 a Pada ipconfig client ini dapat terlihat bahwa komputer client yang terdapat pada bagian mobile telah menerima ip private baru yang telah disediakan oleh
83
openVPN untuk masuk ke dalam jaringan VPN sehingga dapat tersambung dengan LAN secara virtual melalui fasilitas internet. Server eth0
Link encap:Ethernet HWaddr 00:0b:6a:d3:20:dd inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::20b:6aff:fed3:20dd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1735 errors:0 dropped:0 overruns:0 frame:0 TX packets:1609 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1061518 (1.0 MB) TX bytes:1065637 (1.0 MB) Interrupt:17 Base address:0xcc00
lo
Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:480 (480.0 B) TX bytes:480 (480.0 B) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-0000-00-00-00-00 inet addr:10.10.10.1 P-t-P:10.10.10.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:786 errors:0 dropped:0 overruns:0 frame:0 TX packets:547 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:899172 (899.1 KB) TX bytes:36532 (36.5 KB)
Pada server dapat dilihat bahwa server memiliki ip 10.10.10.1 pada interface tun0 sebagai IP-nya yang diberikan oleh openVPN untuk menjadi server pada VPN.
84
Sedangkan eth0 adalah interface yang digunakan oleh server untuk koneksi internet. 2. Routing Table Client Active Routes: Network Destination Netmask 0.0.0.0 0.0.0.0 10.10.10.0 255.255.255.0 10.10.10.8 255.255.255.252 10.10.10.10 255.255.255.255 10.255.255.255 255.255.255.255 95.55.66.155 255.255.255.255 118.137.72.0 255.255.255.0 118.137.72.15 255.255.255.255 118.255.255.255 255.255.255.255 127.0.0.0 255.0.0.0 192.168.2.0 255.255.255.0 224.0.0.0 240.0.0.0 224.0.0.0 240.0.0.0 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 Default Gateway: 118.137.72.1
Gateway 118.137.72.1 10.10.10.9 10.10.10.10 127.0.0.1 10.10.10.10 118.137.72.1 118.137.72.15 127.0.0.1 118.137.72.15 127.0.0.1 10.10.10.9 10.10.10.10 118.137.72.15 10.10.10.10 10.10.10.10 118.137.72.15
Interface 118.137.72.15 10.10.10.10 10.10.10.10 127.0.0.1 10.10.10.10 118.137.72.15 118.137.72.15 127.0.0.1 118.137.72.15 127.0.0.1 10.10.10.10 10.10.10.10 118.137.72.15 10.0.0.4 10.10.10.10 118.137.72.15
Metric 30 1 30 30 30 30 30 30 30 1 1 30 30 1 1 1
Dari hasil route ini dapat terlihat bahwa komputer client(mobile) dengan IP 10.10.10.10 yang diberikan oleh openVPN telah mempunyai route dengan jaringan komputer client(LAN) yang memiliki subnet 192.168.2.0. Sedangkan 118.137.72.15 merupakan IP public yang dimiliki oleh komputer mobile yang digunakan untuk
85
tersambung ke internet. Sedangkan 10.10.10.8 adalah ip client lain yang mobile yang juga terhubung dalam VPN. Server Kernel IP routing table Destination Gateway Genmask 10.10.10.2 0.0.0.0 255.255.255.255 192.168.2.0 0.0.0.0 255.255.255.0 10.10.10.0 10.10.10.2 255.255.255.0 0.0.0.0 192.168.2.1 0.0.0.0
Flags UH U UG UG
MSS Window irtt Iface 0 0 0 tun0 0 0 0 eth0 0 0 0 tun0 0 0 0 eth0
Pada netstat server ini dapat terlihat bahwa server sudah memiliki route ke jaringan lan dengan subnet 192.168.2.0 dan juga sudah memiliki route ke subnet 10.10.10.0 yang merupakan subnet dari VPN. 3. PING Client to Client C:\Documents and Settings\12d12>ping 192.168.2.3 Pinging 192.168.2.3 with 32 bytes of data: Reply from 192.168.2.3: bytes=32 time=75ms TTL=127 Reply from 192.168.2.3: bytes=32 time=74ms TTL=127 Reply from 192.168.2.3: bytes=32 time=74ms TTL=127 Reply from 192.168.2.3: bytes=32 time=75ms TTL=127 Ping statistics for 192.168.2.3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 74ms, Maximum = 75ms, Average = 74ms
86
Hasil diatas merupakan hasil pengecekan dengan menggunakan program ping antara 2 komputer client yang masing-masingnya berada pada lan (192.168.2.3) dan yang satunya lagi berada pada bagian mobile (10.10.10.10), yang terhubung dalam VPN. Dengan menggunakan program ping ini dapat terlihat bahwa koneksi antara 2 komputer client tersebut sudah tersambung melalui VPNserver. Client to Server C:\Documents and Settings\12d12>ping 10.10.10.1 Pinging 10.10.10.1 with 32 bytes of data: Reply from 10.10.10.1: bytes=32 time=49ms TTL=64 Reply from 10.10.10.1: bytes=32 time=38ms TTL=64 Reply from 10.10.10.1: bytes=32 time=36ms TTL=64 Reply from 10.10.10.1: bytes=32 time=43ms TTL=64 Ping statistics for 10.10.10.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 36ms, Maximum = 49ms, Average = 41ms
Hasil diatas merupakan hasil pengecekan dengan menggunakan program ping antara komputer client dengan komputer server yang masing-masingnya memiliki IP 10.10.10.1(server) dan (10.10.10.10),
pada bagian client mobile
yang terhubung dalam VPN. Dengan
menggunakan program ping ini dapat terlihat bahwa
87
koneksi antara komputer client dengan komputer server telah terhubung. 4.6.2.2 Uji transfer data rate client to client
Gambar 4.12 Transfer Rate
Pengujian ini ditujukan untuk mengetahui bandwitdth yang dimiliki oleh VPN. Pada gambar ini terlihat sedang dilakukan pengiriman sebuah data yang besarnya 8.94 MB dan memiliki ETA total kurang lebih sebesar 6 menit dengan speed kurang lebih 23kbps dan ini cukup sesuai dengan kecepatan upload internet server sebesar kurang lebih 25kbps dengan demikian kecepatan dari VPN tidak mempengaruhi secara internal, tetapi bergantung pada kecepatan internet dari ISP.
4.6.2.3 Uji stabilitas server Dalam pengujian ini dilakukan dengan menyalakan server selama hari kerja, dan di lakukan koneksi pada server oleh client
88
untuk kemudian dicatat event-event yang terjadi selama enam hari kerja (pengujian di lakukan pada hari kerja karena pada saat inilah client nantinya akan mengakses server). Berikut ini disertakan hasil log dari server yang kami nyalakan selama enam hari kerja. Mon Feb 8 20:10:23 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009 Mon Feb 8 20:10:23 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mon Feb 8 20:10:23 2010 Diffie-Hellman initialized with 1024 bit key Mon Feb 8 20:10:23 2010 /usr/bin/openssl-vulnkey -q -b 1024 -m Mon Feb 8 20:10:24 2010 TLS-Auth MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 8 20:10:24 2010 ROUTE: default_gateway=UNDEF Mon Feb 8 20:10:24 2010 TUN/TAP device tun0 opened Mon Feb 8 20:10:24 2010 TUN/TAP TX queue length set to 100 Mon Feb 8 20:10:24 2010 /sbin/ifconfig tun0 10.10.10.1 pointopoint 10.10.10.2 mtu 1500 Mon Feb 8 20:10:24 2010 /sbin/route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.2 Mon Feb 8 20:10:24 2010 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 8 20:10:24 2010 GID set to nogroup Mon Feb 8 20:10:24 2010 UID set to nobody Mon Feb 8 20:10:24 2010 Socket Buffers: R=[114688->131072] S=[114688->131072] Mon Feb 8 20:10:24 2010 UDPv4 link local (bound): [undef]:1194 Mon Feb 8 20:10:24 2010 UDPv4 link remote: [undef] Mon Feb 8 20:10:24 2010 MULTI: multi_init called, r=256 v=256 Mon Feb 8 20:10:24 2010 IFCONFIG POOL: base=10.10.10.4 size=62 Mon Feb 8 20:10:24 2010 IFCONFIG POOL LIST Mon Feb 8 20:10:24 2010 manager,10.10.10.4 Mon Feb 8 20:10:24 2010 director,10.10.10.8 Mon Feb 8 20:10:24 2010 Initialization Sequence Completed Mon Feb 8 20:15:51 2010 MULTI: multi_create_instance called Mon Feb 8 20:15:51 2010 125.165.70.51:49977 Re-using SSL/TLS context Mon Feb 8 20:15:51 2010 125.165.70.51:49977 LZO compression initialized Mon Feb 8 20:15:51 2010 125.165.70.51:49977 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 8 20:15:51 2010 125.165.70.51:49977 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 8 20:15:51 2010 125.165.70.51:49977 Local Options hash (VER=V4): '691e95c7' Mon Feb 8 20:15:51 2010 125.165.70.51:49977 Expected Remote Options hash (VER=V4): '66096c33' Mon Feb 8 20:15:51 2010 125.165.70.51:49977 TLS: Initial packet from 125.165.70.51:49977, sid=dd556100 7def058f Mon Feb 8 20:15:51 2010 125.165.70.51:49977 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected]
89 Mon Feb 8 20:15:51 2010 125.165.70.51:49977 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Direktur_Sand ang_Makmur_Anugrah/
[email protected] Mon Feb 8 20:15:51 2010 125.165.70.51:49977 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Mon Feb 8 20:15:51 2010 125.165.70.51:49977 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Feb 8 20:15:51 2010 125.165.70.51:49977 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Mon Feb 8 20:15:51 2010 125.165.70.51:49977 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Feb 8 20:15:51 2010 125.165.70.51:49977 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHERSA-AES256-SHA, 1024 bit RSA Mon Feb 8 20:15:51 2010 125.165.70.51:49977 [director] Peer Connection Initiated with 125.165.70.51:49977 Mon Feb 8 20:15:51 2010 director/125.165.70.51:49977 MULTI: Learn: 10.10.10.10 -> director/125.165.70.51:49977 Mon Feb 8 20:15:51 2010 director/125.165.70.51:49977 MULTI: primary virtual IP for director/125.165.70.51:49977: 10.10.10.10 Mon Feb 8 20:15:53 2010 director/125.165.70.51:49977 PUSH: Received control message: 'PUSH_REQUEST' Mon Feb 8 20:15:53 2010 director/125.165.70.51:49977 SENT CONTROL [director]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Mon Feb 8 20:23:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:23:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:23:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:23:46 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:23:56 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:24:06 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:24:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:24:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:24:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:24:47 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:25:00 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Mon Feb 8 20:25:08 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:25:17 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:25:28 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:25:38 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:25:48 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:25:58 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 20:27:02 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Mon Feb 8 20:27:06 2010 director/125.165.70.51:49977 [director] Inactivity timeout (--ping-restart), restarting Mon Feb 8 20:27:06 2010 director/125.165.70.51:49977 SIGUSR1[soft,ping-restart] received, clientinstance restarting Mon Feb 8 20:30:28 2010 MULTI: multi_create_instance called Mon Feb 8 20:30:28 2010 125.160.153.196:49153 Re-using SSL/TLS context Mon Feb 8 20:30:28 2010 125.160.153.196:49153 LZO compression initialized Mon Feb 8 20:30:28 2010 125.160.153.196:49153 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 8 20:30:28 2010 125.160.153.196:49153 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 8 20:30:28 2010 125.160.153.196:49153 Local Options hash (VER=V4): '691e95c7'
90 Mon Feb 8 20:30:28 2010 125.160.153.196:49153 Expected Remote Options hash (VER=V4): '66096c33' Mon Feb 8 20:30:28 2010 125.160.153.196:49153 TLS: Initial packet from 125.160.153.196:49153, sid=f394e708 7930e277 Mon Feb 8 20:30:28 2010 125.160.153.196:49153 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Mon Feb 8 20:30:28 2010 125.160.153.196:49153 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Direktur_Sand ang_Makmur_Anugrah/
[email protected] Mon Feb 8 20:30:28 2010 125.160.153.196:49153 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Mon Feb 8 20:30:28 2010 125.160.153.196:49153 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Feb 8 20:30:28 2010 125.160.153.196:49153 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Mon Feb 8 20:30:28 2010 125.160.153.196:49153 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Feb 8 20:30:28 2010 125.160.153.196:49153 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Feb 8 20:30:28 2010 125.160.153.196:49153 [director] Peer Connection Initiated with 125.160.153.196:49153 Mon Feb 8 20:30:28 2010 director/125.160.153.196:49153 MULTI: Learn: 10.10.10.10 -> director/125.160.153.196:49153 Mon Feb 8 20:30:28 2010 director/125.160.153.196:49153 MULTI: primary virtual IP for director/125.160.153.196:49153: 10.10.10.10 Mon Feb 8 20:30:30 2010 director/125.160.153.196:49153 PUSH: Received control message: 'PUSH_REQUEST' Mon Feb 8 20:30:30 2010 director/125.160.153.196:49153 SENT CONTROL [director]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Mon Feb 8 23:14:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:14:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:14:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:14:46 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:14:56 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:15:06 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:15:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:15:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:15:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:15:47 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:16:00 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Mon Feb 8 23:16:08 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:16:17 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:16:28 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:16:38 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:16:48 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:16:58 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Mon Feb 8 23:17:02 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Mon Feb 8 23:17:06 2010 director/125.165.70.51:49977 [director] Inactivity timeout (--ping-restart), restarting Mon Feb 8 23:17:06 2010 director/125.165.70.51:49977 SIGUSR1[soft,ping-restart] received, clientinstance restarting Tue Feb 9 05:14:51 2010 MULTI: multi_create_instance called
91 Tue Feb 9 05:14:51 2010 125.165.70.51:49977 Re-using SSL/TLS context Tue Feb 9 05:14:51 2010 125.165.70.51:49977 LZO compression initialized Tue Feb 9 05:14:51 2010 125.165.70.51:49977 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Feb 9 05:14:51 2010 125.165.70.51:49977 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Tue Feb 9 05:14:51 2010 125.165.70.51:49977 Local Options hash (VER=V4): '691e95c7' Tue Feb 9 05:14:51 2010 125.165.70.51:49977 Expected Remote Options hash (VER=V4): '66096c33' Tue Feb 9 05:14:51 2010 125.165.70.51:49977 TLS: Initial packet from 125.165.70.51:49977, sid=dd556100 7def058f Tue Feb 9 05:14:51 2010 125.165.70.51:49977 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Tue Feb 9 05:14:51 2010 125.165.70.51:49977 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Direktur_Sand ang_Makmur_Anugrah/
[email protected] Tue Feb 9 05:14:51 2010 125.165.70.51:49977 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Tue Feb 9 05:14:51 2010 125.165.70.51:49977 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 9 05:14:51 2010 125.165.70.51:49977 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Tue Feb 9 05:14:51 2010 125.165.70.51:49977 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 9 05:14:51 2010 125.165.70.51:49977 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHERSA-AES256-SHA, 1024 bit RSA Tue Feb 9 05:14:51 2010 125.165.70.51:49977 [director] Peer Connection Initiated with 125.165.70.51:49977 Tue Feb 9 05:14:51 2010 director/125.165.70.51:49977 MULTI: Learn: 10.10.10.10 -> director/125.165.70.51:49977 Tue Feb 9 05:14:51 2010 director/125.165.70.51:49977 MULTI: primary virtual IP for director/125.165.70.51:49977: 10.10.10.10 Tue Feb 9 05:15:21 2010 director/125.165.70.51:49977 PUSH: Received control message: 'PUSH_REQUEST' Tue Feb 9 05:15:21 2010 director/125.165.70.51:49977 SENT CONTROL [director]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Tue Feb 9 09:12:01 2010 MULTI: multi_create_instance called Tue Feb 9 09:12:01 2010 125.165.70.51:49977 Re-using SSL/TLS context Tue Feb 9 09:12:01 2010 125.165.70.51:49977 LZO compression initialized Tue Feb 9 09:12:01 2010 125.165.70.51:49977 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Feb 9 09:12:01 2010 125.165.70.51:49977 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Tue Feb 9 09:12:01 2010 125.165.70.51:49977 Local Options hash (VER=V4): '691e95c7' Tue Feb 9 09:12:01 2010 125.165.70.51:49977 Expected Remote Options hash (VER=V4): '66096c33' Tue Feb 9 09:12:01 2010 125.165.70.51:49977 TLS: Initial packet from 118.231.12.42:49977, sid=dd556100 7def058f Tue Feb 9 09:12:01 2010 125.165.70.51:49977 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Tue Feb 9 09:12:01 2010 125.165.70.51:49977 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Manager_Sand ang_Makmur_Anugrah/
[email protected]
92 Tue Feb 9 09:12:01 2010 125.165.70.51:49977 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Tue Feb 9 09:12:01 2010 125.165.70.51:49977 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 9 09:12:01 2010 125.165.70.51:49977 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Tue Feb 9 09:12:01 2010 125.165.70.51:49977 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 9 09:12:01 2010 125.165.70.51:49977 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHERSA-AES256-SHA, 1024 bit RSA Tue Feb 9 09:12:01 2010 125.165.70.51:49977 [director] Peer Connection Initiated with 118.231.12.42:49977 Tue Feb 9 09:12:01 2010 manager/125.165.70.51:64201 MULTI: Learn: 10.10.10.6 -> director/118.231.12.42:49977 Tue Feb 9 09:12:01 2010 manager/125.165.70.51:64201 MULTI: primary virtual IP for director/118.231.12.42:49977: 10.10.10.6 Tue Feb 9 09:12:02 2010 manager/125.165.70.51:64201 PUSH: Received control message: 'PUSH_REQUEST' Tue Feb 9 09:12:02 2010 manager/125.165.70.51:64201 SENT CONTROL [manager]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Tue Feb 9 09:30:30 2010 manager/125.160.70.51:64201 [manager] Inactivity timeout (--ping-restart), restarting Tue Feb 9 09:30:30 2010 manager/125.160.70.51:64201 SIGUSR1[soft,ping-restart] received, clientinstance restarting Tue Feb 9 10:29:30 2010 director/125.160.146.128:49977 [director] Inactivity timeout (--ping-restart), restarting Tue Feb 9 10:29:30 2010 director/125.160.146.128:49977 SIGUSR1[soft,ping-restart] received, clientinstance restarting Tue Feb 9 12:12:10 2010 MULTI: multi_create_instance called Tue Feb 9 12:12:10 2010 125.165.70.51:49577 Re-using SSL/TLS context Tue Feb 9 12:12:10 2010 125.165.70.51:49577 LZO compression initialized Tue Feb 9 12:12:10 2010 125.165.70.51:49577 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Feb 9 12:12:10 2010 125.165.70.51:49577 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Tue Feb 9 12:12:10 2010 125.165.70.51:49577 Local Options hash (VER=V4): '691e95c7' Tue Feb 9 12:12:10 2010 125.165.70.51:49577 Expected Remote Options hash (VER=V4): '66096c33' Tue Feb 9 12:12:10 2010 125.165.70.51:49577 TLS: Initial packet from 125.165.70.51:49577, sid=dd556100 7def058f Tue Feb 9 12:12:10 2010 125.165.70.51:49577 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Tue Feb 9 12:12:10 2010 125.165.70.51:49577 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Direktur_Sand ang_Makmur_Anugrah/
[email protected] Tue Feb 9 12:12:10 2010 125.165.70.51:49577 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Tue Feb 9 12:12:10 2010 125.165.70.51:49577 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 9 12:12:10 2010 125.165.70.51:49577 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Tue Feb 9 12:12:10 2010 125.165.70.51:49577 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
93 Tue Feb 9 12:12:10 2010 125.165.70.51:49577 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHERSA-AES256-SHA, 1024 bit RSA Tue Feb 9 12:12:10 2010 125.165.70.51:49577 [director] Peer Connection Initiated with 125.165.70.51:49577 Tue Feb 9 12:12:10 2010 director/125.165.70.51:49577 MULTI: Learn: 10.10.10.10 -> director/125.165.70.51:49577 Tue Feb 9 12:12:10 2010 director/125.165.70.51:49577 MULTI: primary virtual IP for director/125.165.70.51:49577: 10.10.10.10 Tue Feb 9 12:12:11 2010 director/125.165.70.51:49577 PUSH: Received control message: 'PUSH_REQUEST' Tue Feb 9 12:12:11 2010 director/125.165.70.51:49577 SENT CONTROL [director]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Tue Feb 9 13:12:01 2010 MULTI: multi_create_instance called Tue Feb 9 13:12:01 2010 125.165.70.51:58414 Re-using SSL/TLS context Tue Feb 9 13:12:01 2010 125.165.70.51:58414 LZO compression initialized Tue Feb 9 13:12:01 2010 125.165.70.51:58414 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Feb 9 13:12:01 2010 125.165.70.51:58414 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Tue Feb 9 13:12:01 2010 125.165.70.51:58414 Local Options hash (VER=V4): '691e95c7' Tue Feb 9 13:12:01 2010 125.165.70.51:58414 Expected Remote Options hash (VER=V4): '66096c33' Tue Feb 9 13:12:01 2010 125.165.70.51:58414 TLS: Initial packet from 118.231.12.42:58414, sid=dd556100 7def058f Tue Feb 9 13:12:01 2010 125.165.70.51:58414 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Tue Feb 9 13:12:01 2010 125.165.70.51:58414 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Manager_Sand ang_Makmur_Anugrah/
[email protected] Tue Feb 9 13:12:01 2010 125.165.70.51:58414 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Tue Feb 9 13:12:01 2010 125.165.70.51:58414 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 9 13:12:01 2010 125.165.70.51:58414 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Tue Feb 9 13:12:01 2010 125.165.70.51:58414 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Feb 9 13:12:01 2010 125.165.70.51:58414 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHERSA-AES256-SHA, 1024 bit RSA Tue Feb 9 13:12:01 2010 125.165.70.51:58414 [director] Peer Connection Initiated with 118.231.12.42:58414 Tue Feb 9 13:12:01 2010 manager/125.165.70.51:58414 MULTI: Learn: 10.10.10.6 -> director/118.231.12.42:58414 Tue Feb 9 13:12:01 2010 manager/125.165.70.51:58414 MULTI: primary virtual IP for director/118.231.12.42:58414: 10.10.10.6 Tue Feb 9 13:12:02 2010 manager/125.165.70.51:58414 PUSH: Received control message: 'PUSH_REQUEST' Tue Feb 9 13:12:02 2010 manager/125.165.70.51:58414 SENT CONTROL [manager]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Tue Feb 9 23:55:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:55:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:55:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101)
94 Tue Feb 9 23:55:46 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:55:56 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:56:06 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:56:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:56:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:56:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:56:47 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:57:00 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Tue Feb 9 23:57:08 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:57:17 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:57:28 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:57:38 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:57:48 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:57:58 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Tue Feb 9 23:58:02 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Tue Feb 9 23:58:06 2010 director/125.160.146.128:49577 [director] Inactivity timeout (--ping-restart), restarting Tue Feb 9 23:58:06 2010 director/125.160.146.128:49577 SIGUSR1[soft,ping-restart] received, clientinstance restarting Tue Feb 9 23:58:06 2010 2010 manager/125.160.146.128:58414 [manager] Inactivity timeout (--pingrestart), restarting Tue Feb 9 23:58:06 2010 2010 manager/125.160.146.128:58414 SIGUSR1[soft,ping-restart] received, client-instance restarting Wed Feb 10 08:41:10 2010 MULTI: multi_create_instance called Wed Feb 10 08:41:10 2010 125.160.41.54:65414 Re-using SSL/TLS context Wed Feb 10 08:41:10 2010 125.160.41.54:65414 LZO compression initialized Wed Feb 10 08:41:10 2010 125.160.41.54:65414 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Feb 10 08:41:10 2010 125.160.41.54:65414 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Wed Feb 10 08:41:10 2010 125.160.41.54:65414 Local Options hash (VER=V4): '691e95c7' Wed Feb 10 08:41:10 2010 125.160.41.54:65414 Expected Remote Options hash (VER=V4): '66096c33' Wed Feb 10 08:41:10 2010 125.160.41.54:65414 TLS: Initial packet from 125.160.41.54:65414, sid=dd556100 7def058f Wed Feb 10 08:41:10 2010 125.160.41.54:65414 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Wed Feb 10 08:41:10 2010 125.160.41.54:65414 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Direktur_Sand ang_Makmur_Anugrah/
[email protected] Wed Feb 10 08:41:10 2010 125.160.41.54:65414 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Wed Feb 10 08:41:10 2010 125.160.41.54:65414 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 10 08:41:10 2010 125.160.41.54:65414 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Wed Feb 10 08:41:10 2010 125.160.41.54:65414 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 10 08:41:10 2010 125.160.41.54:65414 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Feb 10 08:41:10 2010 125.160.41.54:65414 [director] Peer Connection Initiated with 125.160.41.54:65414 Wed Feb 10 08:41:10 2010 director/125.160.41.54:65414 MULTI: Learn: 10.10.10.10 ->
95 director/125.160.41.54:65414 Wed Feb 10 08:41:10 2010 director/125.160.41.54:65414 MULTI: primary virtual IP for director/125.160.41.54:65414: 10.10.10.10 Wed Feb 10 08:41:11 2010 director/125.160.41.54:65414 PUSH: Received control message: 'PUSH_REQUEST' Wed Feb 10 08:41:11 2010 director/125.160.41.54:65414 SENT CONTROL [director]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Wed Feb 10 08:46:01 2010 MULTI: multi_create_instance called Wed Feb 10 08:46:01 2010 125.160.41.54:58852 Re-using SSL/TLS context Wed Feb 10 08:46:01 2010 125.160.41.54:58852 LZO compression initialized Wed Feb 10 08:46:01 2010 125.160.41.54:58852 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Feb 10 08:46:01 2010 125.160.41.54:58852 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Wed Feb 10 08:46:01 2010 125.160.41.54:58852 Local Options hash (VER=V4): '691e95c7' Wed Feb 10 08:46:01 2010 125.160.41.54:58852 Expected Remote Options hash (VER=V4): '66096c33' Wed Feb 10 08:46:01 2010 125.160.41.54:58852 TLS: Initial packet from 118.231.12.42:58414, sid=dd556100 7def058f Wed Feb 10 08:46:01 2010 125.160.41.54:58852 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Wed Feb 10 08:46:01 2010 125.160.41.54:58852 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Manager_Sand ang_Makmur_Anugrah/
[email protected] Wed Feb 10 08:46:01 2010 125.160.41.54:58852 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Wed Feb 10 08:46:01 2010 125.160.41.54:58852 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 10 08:46:01 2010 125.160.41.54:58852 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Wed Feb 10 08:46:01 2010 125.160.41.54:58852 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 10 08:46:01 2010 125.160.41.54:58852 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Feb 10 08:46:01 2010 125.160.41.54:58852 [director] Peer Connection Initiated with 118.231.12.42:58414 Wed Feb 10 08:46:01 2010 manager/125.160.41.54:58852 MULTI: Learn: 10.10.10.6 -> director/118.231.12.42:58414 Wed Feb 10 08:46:01 2010 manager/125.160.41.54:58852 MULTI: primary virtual IP for director/118.231.12.42:58414: 10.10.10.6 Wed Feb 10 08:46:02 2010 manager/125.160.41.54:58852 PUSH: Received control message: 'PUSH_REQUEST' Wed Feb 10 08:46:02 2010 manager/125.160.41.54:58852 SENT CONTROL [manager]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Wed Feb 10 12:55:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:55:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:55:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:55:46 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:55:56 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:56:06 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:56:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101)
96 Wed Feb 10 12:56:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:56:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:56:47 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:57:00 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Wed Feb 10 12:57:08 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:57:17 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:57:28 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:57:38 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:57:48 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:57:58 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Wed Feb 10 12:58:02 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Wed Feb 10 12:58:06 2010 director/125.160.41.54:65414 [director] Inactivity timeout (--ping-restart), restarting Wed Feb 10 12:58:06 2010 director/125.160.41.54:65414 SIGUSR1[soft,ping-restart] received, clientinstance restarting Wed Feb 10 12:58:06 2010 2010 manager/125.160.41.54:58852 [manager] Inactivity timeout (--pingrestart), restarting Wed Feb 10 12:58:06 2010 2010 manager/125.160.41.54:58852 SIGUSR1[soft,ping-restart] received, client-instance restarting Wed Feb 10 13:03:10 2010 MULTI: multi_create_instance called Wed Feb 10 13:03:10 2010 125.115.12.45:45651 Re-using SSL/TLS context Wed Feb 10 13:03:10 2010 125.115.12.45:45651 LZO compression initialized Wed Feb 10 13:03:10 2010 125.115.12.45:45651 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Feb 10 13:03:10 2010 125.115.12.45:45651 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Wed Feb 10 13:03:10 2010 125.115.12.45:45651 Local Options hash (VER=V4): '691e95c7' Wed Feb 10 13:03:10 2010 125.115.12.45:45651 Expected Remote Options hash (VER=V4): '66096c33' Wed Feb 10 13:03:10 2010 125.115.12.45:45651 TLS: Initial packet from 125.115.12.45:45651, sid=dd556100 7def058f Wed Feb 10 13:03:10 2010 125.115.12.45:45651 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Wed Feb 10 13:03:10 2010 125.115.12.45:45651 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Direktur_Sand ang_Makmur_Anugrah/
[email protected] Wed Feb 10 13:03:10 2010 125.115.12.45:45651 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Wed Feb 10 13:03:10 2010 125.115.12.45:45651 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 10 13:03:10 2010 125.115.12.45:45651 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Wed Feb 10 13:03:10 2010 125.115.12.45:45651 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 10 13:03:10 2010 125.115.12.45:45651 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Feb 10 13:03:10 2010 125.115.12.45:45651 [director] Peer Connection Initiated with 125.115.12.45:45651 Wed Feb 10 13:03:10 2010 director/125.115.12.45:45651 MULTI: Learn: 10.10.10.10 -> director/125.115.12.45:45651 Wed Feb 10 13:03:10 2010 director/125.115.12.45:45651 MULTI: primary virtual IP for director/125.115.12.45:45651: 10.10.10.10 Wed Feb 10 13:03:11 2010 director/125.115.12.45:45651 PUSH: Received control message:
97 'PUSH_REQUEST' Wed Feb 10 13:03:11 2010 director/125.115.12.45:45651 SENT CONTROL [director]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Wed Feb 10 13:05:01 2010 MULTI: multi_create_instance called Wed Feb 10 13:05:01 2010 125.160.41.54:58852 Re-using SSL/TLS context Wed Feb 10 13:05:01 2010 125.160.41.54:58852 LZO compression initialized Wed Feb 10 13:05:01 2010 125.160.41.54:58852 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Feb 10 13:05:01 2010 125.160.41.54:58852 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Wed Feb 10 13:05:01 2010 125.160.41.54:58852 Local Options hash (VER=V4): '691e95c7' Wed Feb 10 13:05:01 2010 125.160.41.54:58852 Expected Remote Options hash (VER=V4): '66096c33' Wed Feb 10 13:05:01 2010 125.160.41.54:58852 TLS: Initial packet from 118.231.12.42:58414, sid=dd556100 7def058f Wed Feb 10 13:05:01 2010 125.160.41.54:58852 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Wed Feb 10 13:05:01 2010 125.160.41.54:58852 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Manager_Sand ang_Makmur_Anugrah/
[email protected] Wed Feb 10 13:05:01 2010 125.160.41.54:58852 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Wed Feb 10 13:05:01 2010 125.160.41.54:58852 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 10 13:05:01 2010 125.160.41.54:58852 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Wed Feb 10 13:05:01 2010 125.160.41.54:58852 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 10 13:05:01 2010 125.160.41.54:58852 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Feb 10 13:05:01 2010 125.160.41.54:58852 [director] Peer Connection Initiated with 118.231.12.42:58414 Wed Feb 10 13:05:01 2010 manager/125.160.41.54:58852 MULTI: Learn: 10.10.10.6 -> director/118.231.12.42:58414 Wed Feb 10 13:05:01 2010 manager/125.160.41.54:58852 MULTI: primary virtual IP for director/118.231.12.42:58414: 10.10.10.6 Wed Feb 10 13:05:02 2010 manager/125.160.41.54:58852 PUSH: Received control message: 'PUSH_REQUEST' Wed Feb 10 13:05:02 2010 manager/125.160.41.54:58852 SENT CONTROL [manager]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Thu Feb 11 01:58:06 2010 director/125.115.12.45:45651 [director] Inactivity timeout (--ping-restart), restarting Thu Feb 11 01:58:06 2010 director/125.115.12.45:45651 SIGUSR1[soft,ping-restart] received, clientinstance restarting Thu Feb 11 03:32:01 2010 2010 manager/125.160.41.54:58852 [manager] Inactivity timeout (--pingrestart), restarting Thu Feb 11 03:32:01 2010 2010 manager/125.160.41.54:58852 SIGUSR1[soft,ping-restart] received, client-instance restarting Thu Feb 11 07:12:01 2010 MULTI: multi_create_instance called Thu Feb 11 07:12:01 2010 125.115.12.45:66564 Re-using SSL/TLS context Thu Feb 11 07:12:01 2010 125.115.12.45:66564 LZO compression initialized
98 Thu Feb 11 07:12:01 2010 125.115.12.45:66564 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Feb 11 07:12:01 2010 125.115.12.45:66564 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Thu Feb 11 07:12:01 2010 125.115.12.45:66564 Local Options hash (VER=V4): '691e95c7' Thu Feb 11 07:12:01 2010 125.115.12.45:66564 Expected Remote Options hash (VER=V4): '66096c33' Thu Feb 11 07:12:01 2010 125.115.12.45:66564 TLS: Initial packet from 125.115.12.45:66564, sid=dd556100 7def058f Thu Feb 11 07:12:01 2010 125.115.12.45:66564 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Thu Feb 11 07:12:01 2010 125.115.12.45:66564 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Direktur_Sand ang_Makmur_Anugrah/
[email protected] Thu Feb 11 07:12:01 2010 125.115.12.45:66564 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Thu Feb 11 07:12:01 2010 125.115.12.45:66564 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 11 07:12:01 2010 125.115.12.45:66564 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Thu Feb 11 07:12:01 2010 125.115.12.45:66564 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 11 07:12:01 2010 125.115.12.45:66564 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHERSA-AES256-SHA, 1024 bit RSA Thu Feb 11 07:12:01 2010 125.115.12.45:66564 [director] Peer Connection Initiated with 125.115.12.45:66564 Thu Feb 11 07:12:01 2010 director/125.115.12.45:66564 MULTI: Learn: 10.10.10.10 -> director/125.115.12.45:66564 Thu Feb 11 07:12:01 2010 director/125.115.12.45:66564 MULTI: primary virtual IP for director/125.115.12.45:66564: 10.10.10.10 Thu Feb 11 07:12:02 2010 director/125.115.12.45:66564 PUSH: Received control message: 'PUSH_REQUEST' Thu Feb 11 07:12:02 2010 director/125.115.12.45:66564 SENT CONTROL [director]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Thu Feb 11 07:13:31 2010 MULTI: multi_create_instance called Thu Feb 11 07:13:31 2010 125.115.12.45:14545 Re-using SSL/TLS context Thu Feb 11 07:13:31 2010 125.115.12.45:14545 LZO compression initialized Thu Feb 11 07:13:31 2010 125.115.12.45:14545 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Feb 11 07:13:31 2010 125.115.12.45:14545 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Thu Feb 11 07:13:31 2010 125.115.12.45:14545 Local Options hash (VER=V4): '691e95c7' Thu Feb 11 07:13:31 2010 125.115.12.45:14545 Expected Remote Options hash (VER=V4): '66096c33' Thu Feb 11 07:13:31 2010 125.115.12.45:14545 TLS: Initial packet from 118.231.12.42:58414, sid=dd556100 7def058f Thu Feb 11 07:13:31 2010 125.115.12.45:14545 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Thu Feb 11 07:13:31 2010 125.115.12.45:14545 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Manager_Sand ang_Makmur_Anugrah/
[email protected]
99 Thu Feb 11 07:13:31 2010 125.115.12.45:14545 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Thu Feb 11 07:13:31 2010 125.115.12.45:14545 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 11 07:13:31 2010 125.115.12.45:14545 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Thu Feb 11 07:13:31 2010 125.115.12.45:14545 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 11 07:13:31 2010 125.115.12.45:14545 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHERSA-AES256-SHA, 1024 bit RSA Thu Feb 11 07:13:31 2010 125.115.12.45:14545 [director] Peer Connection Initiated with 118.231.12.42:58414 Thu Feb 11 07:13:31 2010 manager/125.115.12.45:14545 MULTI: Learn: 10.10.10.6 -> director/118.231.12.42:58414 Thu Feb 11 07:13:31 2010 manager/125.115.12.45:14545 MULTI: primary virtual IP for director/118.231.12.42:58414: 10.10.10.6 Thu Feb 11 07:13:33 2010 manager/125.115.12.45:14545 PUSH: Received control message: 'PUSH_REQUEST' Thu Feb 11 07:13:33 2010 manager/125.115.12.45:14545 SENT CONTROL [manager]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Thu Feb 11 18:44:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:44:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:44:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:44:46 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:44:56 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:45:06 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:45:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:45:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:45:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:45:47 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:47:00 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Thu Feb 11 18:47:08 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:47:17 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:47:28 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:47:38 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:47:48 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:47:58 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Thu Feb 11 18:48:02 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Thu Feb 11 18:48:06 2010 director/125.115.12.45:66564 [director] Inactivity timeout (--ping-restart), restarting Thu Feb 11 18:48:06 2010 director/125.115.12.45:66564 SIGUSR1[soft,ping-restart] received, clientinstance restarting Thu Feb 11 18:48:06 2010 2010 manager/125.115.12.45:14545 [manager] Inactivity timeout (--pingrestart), restarting Thu Feb 11 18:48:06 2010 2010 manager/125.115.12.45:14545 SIGUSR1[soft,ping-restart] received, client-instance restarting Thu Feb 11 18:54:11 2010 MULTI: multi_create_instance called Thu Feb 11 18:54:11 2010 125.234.41.211:56441 Re-using SSL/TLS context Thu Feb 11 18:54:11 2010 125.234.41.211:56441 LZO compression initialized Thu Feb 11 18:54:11 2010 125.234.41.211:56441 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Feb 11 18:54:11 2010 125.234.41.211:56441 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
100 Thu Feb 11 18:54:11 2010 125.234.41.211:56441 Local Options hash (VER=V4): '691e95c7' Thu Feb 11 18:54:11 2010 125.234.41.211:56441 Expected Remote Options hash (VER=V4): '66096c33' Thu Feb 11 18:54:11 2010 125.234.41.211:56441 TLS: Initial packet from 125.234.41.211:56441, sid=dd556100 7def058f Thu Feb 11 18:54:11 2010 125.234.41.211:56441 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Thu Feb 11 18:54:11 2010 125.234.41.211:56441 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Direktur_Sand ang_Makmur_Anugrah/
[email protected] Thu Feb 11 18:54:11 2010 125.234.41.211:56441 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Thu Feb 11 18:54:11 2010 125.234.41.211:56441 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 11 18:54:11 2010 125.234.41.211:56441 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Thu Feb 11 18:54:11 2010 125.234.41.211:56441 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 11 18:54:11 2010 125.234.41.211:56441 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 11 18:54:11 2010 125.234.41.211:56441 [director] Peer Connection Initiated with 125.234.41.211:56441 Thu Feb 11 18:54:11 2010 director/125.234.41.211:56441 MULTI: Learn: 10.10.10.10 -> director/125.234.41.211:56441 Thu Feb 11 18:54:11 2010 director/125.234.41.211:56441 MULTI: primary virtual IP for director/125.234.41.211:56441: 10.10.10.10 Thu Feb 11 18:54:12 2010 director/125.234.41.211:56441 PUSH: Received control message: 'PUSH_REQUEST' Thu Feb 11 18:54:12 2010 director/125.234.41.211:56441 SENT CONTROL [director]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Thu Feb 11 18:55:56 2010 MULTI: multi_create_instance called Thu Feb 11 18:55:56 2010 125.234.41.211:65214 Re-using SSL/TLS context Thu Feb 11 18:55:56 2010 125.234.41.211:65214 LZO compression initialized Thu Feb 11 18:55:56 2010 125.234.41.211:65214 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Feb 11 18:55:56 2010 125.234.41.211:65214 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Thu Feb 11 18:55:56 2010 125.234.41.211:65214 Local Options hash (VER=V4): '691e95c7' Thu Feb 11 18:55:56 2010 125.234.41.211:65214 Expected Remote Options hash (VER=V4): '66096c33' Thu Feb 11 18:55:56 2010 125.234.41.211:65214 TLS: Initial packet from 118.231.12.42:58414, sid=dd556100 7def058f Thu Feb 11 18:55:56 2010 125.234.41.211:65214 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Thu Feb 11 18:55:56 2010 125.234.41.211:65214 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Manager_Sand ang_Makmur_Anugrah/
[email protected] Thu Feb 11 18:55:56 2010 125.234.41.211:65214 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Thu Feb 11 18:55:56 2010 125.234.41.211:65214 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
101 Thu Feb 11 18:55:56 2010 125.234.41.211:65214 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Thu Feb 11 18:55:56 2010 125.234.41.211:65214 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 11 18:55:56 2010 125.234.41.211:65214 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Feb 11 18:55:56 2010 125.234.41.211:65214 [director] Peer Connection Initiated with 118.231.12.42:58414 Thu Feb 11 18:55:56 2010 manager/125.234.41.211:65214 MULTI: Learn: 10.10.10.6 -> director/118.231.12.42:58414 Thu Feb 11 18:55:56 2010 manager/125.234.41.211:65214 MULTI: primary virtual IP for director/118.231.12.42:58414: 10.10.10.6 Thu Feb 11 18:55:58 2010 manager/125.234.41.211:65214 PUSH: Received control message: 'PUSH_REQUEST' Thu Feb 11 18:55:58 2010 manager/125.234.41.211:65214 SENT CONTROL [manager]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Fri Feb 12 15:32:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:32:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:32:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:32:46 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:32:56 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:33:06 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:33:16 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:33:26 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:33:36 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:33:47 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:34:00 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Fri Feb 12 15:34:08 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:34:17 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:34:28 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:34:38 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:34:48 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:34:58 2010 read UDPv4 [ENETUNREACH]: Network is unreachable (code=101) Fri Feb 12 15:35:02 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Fri Feb 12 15:35:06 2010 director/125.234.41.211:66564 [director] Inactivity timeout (--ping-restart), restarting Fri Feb 12 15:35:06 2010 director/125.234.41.211:66564 SIGUSR1[soft,ping-restart] received, clientinstance restarting Fri Feb 12 15:35:06 2010 2010 manager/125.234.41.211:14545 [manager] Inactivity timeout (--pingrestart), restarting Fri Feb 12 15:35:06 2010 2010 manager/125.234.41.211:14545 SIGUSR1[soft,ping-restart] received, client-instance restarting Sat Feb 13 08:33:33 2010 MULTI: multi_create_instance called Sat Feb 13 08:33:33 2010 125.234.41.211:66566 Re-using SSL/TLS context Sat Feb 13 08:33:33 2010 125.234.41.211:66566 LZO compression initialized Sat Feb 13 08:33:33 2010 125.234.41.211:66566 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Feb 13 08:33:33 2010 125.234.41.211:66566 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Sat Feb 13 08:33:33 2010 125.234.41.211:66566 Local Options hash (VER=V4): '691e95c7' Sat Feb 13 08:33:33 2010 125.234.41.211:66566 Expected Remote Options hash (VER=V4): '66096c33' Sat Feb 13 08:33:33 2010 125.234.41.211:66566 TLS: Initial packet from 125.234.41.211:66566,
102 sid=dd556100 7def058f Sat Feb 13 08:33:33 2010 125.234.41.211:66566 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Sat Feb 13 08:33:33 2010 125.234.41.211:66566 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Direktur_Sand ang_Makmur_Anugrah/
[email protected] Sat Feb 13 08:33:33 2010 125.234.41.211:66566 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Sat Feb 13 08:33:33 2010 125.234.41.211:66566 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Feb 13 08:33:33 2010 125.234.41.211:66566 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Sat Feb 13 08:33:33 2010 125.234.41.211:66566 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Feb 13 08:33:33 2010 125.234.41.211:66566 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHERSA-AES256-SHA, 1024 bit RSA Sat Feb 13 08:33:33 2010 125.234.41.211:66566 [director] Peer Connection Initiated with 125.234.41.211:66566 Sat Feb 13 08:33:33 2010 director/125.234.41.211:66566 MULTI: Learn: 10.10.10.10 -> director/125.234.41.211:66566 Sat Feb 13 08:33:33 2010 director/125.234.41.211:66566 MULTI: primary virtual IP for director/125.234.41.211:66566: 10.10.10.10 Sat Feb 13 08:33:34 2010 director/125.234.41.211:66566 PUSH: Received control message: 'PUSH_REQUEST' Sat Feb 13 08:33:34 2010 director/125.234.41.211:66566 SENT CONTROL [director]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Sat Feb 13 08:35:51 2010 MULTI: multi_create_instance called Sat Feb 13 08:35:51 2010 125.234.41.211:54441 Re-using SSL/TLS context Sat Feb 13 08:35:51 2010 125.234.41.211:54441 LZO compression initialized Sat Feb 13 08:35:51 2010 125.234.41.211:54441 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Feb 13 08:35:51 2010 125.234.41.211:54441 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Sat Feb 13 08:35:51 2010 125.234.41.211:54441 Local Options hash (VER=V4): '691e95c7' Sat Feb 13 08:35:51 2010 125.234.41.211:54441 Expected Remote Options hash (VER=V4): '66096c33' Sat Feb 13 08:35:51 2010 125.234.41.211:54441 TLS: Initial packet from 118.231.12.42:58414, sid=dd556100 7def058f Sat Feb 13 08:35:51 2010 125.234.41.211:54441 VERIFY OK: depth=1, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=finance/CN=vpn/name=VPN_Server/email
[email protected] Sat Feb 13 08:35:51 2010 125.234.41.211:54441 VERIFY OK: depth=0, /C=ID/ST=DKI/L=Jakarta/O=sandangmakmuranugrah/OU=director/CN=director/name=Manager_Sand ang_Makmur_Anugrah/
[email protected] Sat Feb 13 08:35:51 2010 125.234.41.211:54441 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Sat Feb 13 08:35:51 2010 125.234.41.211:54441 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Feb 13 08:35:51 2010 125.234.41.211:54441 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Sat Feb 13 08:35:51 2010 125.234.41.211:54441 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
103 Sat Feb 13 08:35:51 2010 125.234.41.211:54441 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHERSA-AES256-SHA, 1024 bit RSA Sat Feb 13 08:35:51 2010 125.234.41.211:54441 [director] Peer Connection Initiated with 118.231.12.42:58414 Sat Feb 13 08:35:51 2010 manager/125.234.41.211:54441 MULTI: Learn: 10.10.10.6 -> director/118.231.12.42:58414 Sat Feb 13 08:35:51 2010 manager/125.234.41.211:54441 MULTI: primary virtual IP for director/118.231.12.42:58414: 10.10.10.6 Sat Feb 13 08:35:51 2010 manager/125.234.41.211:54441 PUSH: Received control message: 'PUSH_REQUEST' Sat Feb 13 08:35:51 2010 manager/125.234.41.211:54441 SENT CONTROL [manager]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route 10.10.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.10 10.10.10.9' (status=1) Sat Feb 13 22:15:27 2010 event_wait : Interrupted system call (code=4) Sat Feb 13 22:15:27 2010 TCP/UDP: Closing socket Sat Feb 13 22:15:27 2010 /sbin/route del -net 10.10.10.0 netmask 255.255.255.0 SIOCDELRT: Operation not permitted Sat Feb 13 22:15:27 2010 ERROR: Linux route delete command failed: external program exited with error status: 7 Sat Feb 13 22:15:27 2010 Closing TUN/TAP interface Sat Feb 13 22:15:27 2010 /sbin/ifconfig tun0 0.0.0.0 SIOCSIFADDR: Permission denied SIOCSIFFLAGS: Permission denied Sat Feb 13 22:15:27 2010 Linux ip addr del failed: external program exited with error status: 255 Sat Feb 13 22:15:27 2010 SIGTERM[hard,] received, process exiting
Dari hasil data log server diatas, terlihat client mengalami gagal koneksi terhadap server (terputus) sebanyak enam kali pada saat pengetesan, yaitu pada: •
Mon Feb 8 20:27 - Mon Feb 8 20:30 = 3 menit
•
Mon Feb 8 23:17 - Tue Feb 9 05:14 = 357 menit
•
Tue Feb 9 23:58 - Wed Feb 10 08:41 = 519 menit
•
Wed Feb 10 12:58 - Wed Feb 10 13:03 = 5 menit
•
Thu Feb 11 18:48 - Thu Feb 11 19:54 = 66 menit
•
Fri Feb 12 15:35 - Sat Feb 13 08:33 = 1028 menit
Total down dalam enam hari kerja = 1978 menit
104
Persentase up selama 6 hari kerja = 77,1 % Pada setiap waktu putus tersebut, kesemua nya disebabkan oleh koneksi internet speedy yang mengalami down sementara, dan begitu koneksi kembali di dapat, client akan langsung dapat terhubung dengan server kembali.
4.6.2.4 Uji keamanan Dikarenakan VPN adalah jaringan yang melalui jaringan public(internet), maka keamanan merupakan salah satu pengujian yang
penting
dilakukan
untuk
melihat
apakah
dengan
menggunakan VPN ini keamanan pengiriman paket data dapat sampai ke tujuan dengan aman. 4.6.2.4.1 Privasi Untuk pengujian untuk melihat tidak adanya data leak, maka akan digunakan program wireshark sebagai sniffer untuk mengeceknya. Dengan membandingkan antara pengiriminan data tanpa VPN dengan digunakannya VPN
105
Gambar 4.13 – Wireshark test 4.6.2.4.2 Reliability (Kehandalan) Untuk
mengatasi
reliability
openVPN
menyediakan protocol TCP yang mengatur pengiriman paket dengan penomoran per-paket sehingga saat dikirim diketahui terjadinya packet loss maka paket yang hilang tersebut dikirimkan kembali. 4.6.2.4.3 Integrity (Keutuhan) Untuk menjaga keutuhan data pada sehingga tidak terjadi
modifikasi
oleh
pihak-pihak
yang
tidak
bertanggung jawab pada saat pengiriman paket, maka
106
openVPN
menyediakan
certificate
yang
dimana
didalamnya terdapat file dh.key yang digunakan untuk menjalakan algoritma Diffie-Herman, yang merupakan suatu mekanisme yang memungkinkan client dan server saling bertukar data dengan aman melalui jalur nonencrypted.
Hasil
operasinya
terdapat
pada
file
dh1024.pem. 4.6.2.4.4 Availability (Ketersediaan) Untuk
ketersediaan
data
pada
penggunaan
openVPN akan sangat bergantung pada internet. Karena dalam pengaplikasian openVPN ini digunakan internet sebagai jaringan publik yang menghubungkan jaringan LAN dengan Mobile. Sehingga selama koneksi internet tersedia
maka
akan
tersedia
pula
data-data
yang
dibutuhkan.
4.6.3 Manfaat yang dirasakan dengan implementasi openVPN 1. Dapat mengatasi masalah mobilitas direktur dan manager yang tinggi sehinga tetap dapat mengawasi kinerja perusahaan. 2. Data yang diperlukan direktur dan manager saat berada diluar perusahaan dapat dengan cepat didapat.
