Всем привет! После подключения к openvpn на vps нет соединения с интернетом.Подскажите пожалуйста в чем проблема?
конфиг сервера
port 1194
proto udp
dev tun
ca ca.crt
cert ServerV4.crt
key ServerV4.key
dh dh2048.pem
tls-auth ta.key 0
cipher AES-256-CBC
server 10.0.0.0 255.255.255.0
keepalive 10 120
persist-key
persist-tun
client-config-dir ccd
status ServerV4-status.log
log /var/log/ServerV4.log
comp-lzo
verb 3
sndbuf 0
rcvbuf 0
push "redirect-gateway def1"
push "dhcp-options DNS 8.8.8.8"
конфиг клиента
client
dev tun
proto udp
remote 185.224.133.253 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user1.crt
key user1.key
tls-auth ta.key 1
cipher AES-256-CBC
ns-cert-type server
comp-lzo
log /var/log/user1.log
verb 3
sndbuf 0
rcvbuf 0
логи с сервера после подключения
Wed Feb 7 13:59:10 2018 event_wait : Interrupted system call (code=4)
Wed Feb 7 13:59:10 2018 /sbin/ip route del 10.0.0.0/24
Wed Feb 7 13:59:10 2018 Closing TUN/TAP interface
Wed Feb 7 13:59:10 2018 /sbin/ip addr del dev tun0 local 10.0.0.1 peer 10.0.0.2
Wed Feb 7 13:59:10 2018 SIGTERM[hard,] received, process exiting
tail: /var/log/ServerV4.log: file truncated
Wed Feb 7 13:59:10 2018 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Wed Feb 7 13:59:10 2018 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Wed Feb 7 13:59:10 2018 Diffie-Hellman initialized with 2048 bit key
Wed Feb 7 13:59:10 2018 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Wed Feb 7 13:59:10 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 7 13:59:10 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 7 13:59:10 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Feb 7 13:59:10 2018 ROUTE_GATEWAY 185.224.133.1/255.255.255.0 IFACE=ens3 HWADDR=52:39:00:e3:9e:cb
Wed Feb 7 13:59:10 2018 TUN/TAP device tun0 opened
Wed Feb 7 13:59:10 2018 TUN/TAP TX queue length set to 100
Wed Feb 7 13:59:10 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Feb 7 13:59:10 2018 /sbin/ip link set dev tun0 up mtu 1500
Wed Feb 7 13:59:10 2018 /sbin/ip addr add dev tun0 local 10.0.0.1 peer 10.0.0.2
Wed Feb 7 13:59:10 2018 /sbin/ip route add 10.0.0.0/24 via 10.0.0.2
Wed Feb 7 13:59:10 2018 UDPv4 link local (bound): [undef]
Wed Feb 7 13:59:10 2018 UDPv4 link remote: [undef]
Wed Feb 7 13:59:10 2018 MULTI: multi_init called, r=256 v=256
Wed Feb 7 13:59:10 2018 IFCONFIG POOL: base=10.0.0.4 size=62, ipv6=0
Wed Feb 7 13:59:10 2018 Initialization Sequence Completed
Wed Feb 7 14:00:29 2018 93.185.28.218:9304 TLS: Initial packet from [AF_INET]93.185.28.218:9304, sid=661d936d cc8caed6
Wed Feb 7 14:00:30 2018 93.185.28.218:9304 VERIFY OK: depth=1, C=RU, ST=LO, L=Saint-Petersburg, O=IGI, OU=MyOrganizationalUnit, CN=IGI CA, name=EasyRSA, emailAddress=igi@myhost.com
Wed Feb 7 14:00:30 2018 93.185.28.218:9304 VERIFY OK: depth=0, C=RU, ST=LO, L=Saint-Petersburg, O=IGI, OU=MyOrganizationalUnit, CN=user1, name=EasyRSA, emailAddress=igi@myhost.com
Wed Feb 7 14:00:30 2018 93.185.28.218:9304 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Feb 7 14:00:30 2018 93.185.28.218:9304 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 7 14:00:30 2018 93.185.28.218:9304 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Feb 7 14:00:30 2018 93.185.28.218:9304 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 7 14:00:30 2018 93.185.28.218:9304 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Feb 7 14:00:30 2018 93.185.28.218:9304 [user1] Peer Connection Initiated with [AF_INET]93.185.28.218:9304
Wed Feb 7 14:00:30 2018 user1/93.185.28.218:9304 MULTI_sva: pool returned IPv4=10.0.0.6, IPv6=(Not enabled)
Wed Feb 7 14:00:30 2018 user1/93.185.28.218:9304 MULTI: Learn: 10.0.0.6 -> user1/93.185.28.218:9304
Wed Feb 7 14:00:30 2018 user1/93.185.28.218:9304 MULTI: primary virtual IP for user1/93.185.28.218:9304: 10.0.0.6
Wed Feb 7 14:00:31 2018 user1/93.185.28.218:9304 PUSH: Received control message: 'PUSH_REQUEST'
Wed Feb 7 14:00:31 2018 user1/93.185.28.218:9304 send_push_reply(): safe_cap=940
Wed Feb 7 14:00:31 2018 user1/93.185.28.218:9304 SENT CONTROL [user1]: 'PUSH_REPLY,redirect-gateway def1,dhcp-options DNS 8.8.8.8,route 10.0.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.6 10.0.0.5' (status=1)
ip a ip r с клиента
root@kali:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 20:89:84:5a:01:93 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 2c:d0:5a:3f:89:f4 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.42/24 brd 192.168.0.255 scope global dynamic noprefixroute wlan0
valid_lft 83956sec preferred_lft 83956sec
inet6 fe80::2ed0:5aff:fe3f:89f4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
root@kali:~# ip r
default via 192.168.0.1 dev wlan0 proto dhcp metric 600
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.42 metric 600
ip a ip r с сервера
root@vm235307:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:39:00:e3:9e:cb brd ff:ff:ff:ff:ff:ff
inet 185.224.133.253/24 brd 185.224.133.255 scope global ens3
valid_lft forever preferred_lft forever
inet6 fe80::5039:ff:fee3:9ecb/64 scope link
valid_lft forever preferred_lft forever
8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.0.0.1 peer 10.0.0.2/32 scope global tun0
valid_lft forever preferred_lft forever
root@vm235307:~# ip r
default via 185.224.133.1 dev ens3 onlink
10.0.0.0/24 via 10.0.0.2 dev tun0
10.0.0.2 dev tun0 proto kernel scope link src 10.0.0.1
185.224.133.0/24 dev ens3 proto kernel scope link src 185.224.133.253