Добрый день!
Подскажите плиз, В общем ситуация такая, есть:
- домашний комп windows 7 (192.168.1.110) за роутером (nat). Роутер 192.168.1.1
- сервер в европе (ubuntu 16.10)
- под vpn выделил 10.0.0.0/24
настроил OpenVPN, сервер на Ubuntu 16.10, клиент на windows 7. Методом проб и ошибок удалось поднять интерфейсы (не хотели подниматься пока Ubuntu полностью не перезагрузил), настроить маршрутизацию и NAT.
Есть 2 проблемы на клиенте на windows 7:
- соединения рвутся каждые N секунд
- во время соединения трассировка ходит через туннель, но ничего кроме трассировки не работает.
Конфиги и выводы:
server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.0.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.255.255.0" ; и без нее пробовал
client-config-dir ccd
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-clientkeepalive 10 180
tls-auth ta.key 0 ; и без нее пробовал
key-direction 0 ; и без нее пробовал
cipher AES-128-CBC ; и без нее пробовал
auth SHA256 ; и без нее пробовал
;comp-lzo ; и с ней пробовал
max-clients 30
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 4
mute 20 ; и без нее пробовал
client.conf
client
dev tun
proto udp
remote IP_SERVERA 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert ronaldopc2.crt
key ronaldopc2.key
remote-cert-tls server
tls-auth ta.key 1
key-direction 1
cipher AES-128-CBC
auth SHA256
;comp-lzo
verb 3
;mute 20
net.ipv4.ip_forward = 1ifconfig на Ubuntu сервере, интересующие нас интерфейсы:eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet WHITE_IP netmask 255.255.224.0 broadcast WHITE_IP.255
inet6 fe80::7c09:5eff:fef8:b550 prefixlen 64 scopeid 0x20<link>
ether 7e:09:5e:f8:b5:50 txqueuelen 1000 (Ethernet)
RX packets 47887 bytes 21173724 (21.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 45001 bytes 17113669 (17.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.255 destination 10.0.0.2
inet6 fe80::8312:9a3a:11ac:4db6 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 1411 bytes 492946 (492.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1992 bytes 1463170 (1.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ip rdefault via 128.199.32.1 dev eth0 onlink
10.0.0.0/24 via 10.0.0.2 dev tun0
10.0.0.2 dev tun0 proto kernel scope link src 10.0.0.1
10.18.0.0/16 dev eth0 proto kernel scope link src 10.18.0.5
10.133.0.0/16 dev eth1 proto kernel scope link src 10.133.22.108
WHITE_NETWORK/19 dev eth0 proto kernel scope link src WHITE_IP
sudo iptables-save# Generated by iptables-save v1.6.0 on Fri Dec 16 20:56:47 2016
*nat
:PREROUTING ACCEPT [2261:268854]
:INPUT ACCEPT [810:48228]
:OUTPUT ACCEPT [1633:73095]
:POSTROUTING ACCEPT [1634:73155]
-A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Dec 16 20:56:47 2016
# Generated by iptables-save v1.6.0 on Fri Dec 16 20:56:47 2016
*filter
:INPUT DROP [795:68377]
:FORWARD ACCEPT [2:80]
:OUTPUT ACCEPT [36:2784]
:ufw-after-forward - [0:0]
:ufw-after-input - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-before-input - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-output - [0:0]
:ufw-logging-allow - [0:0]
:ufw-logging-deny - [0:0]
:ufw-not-local - [0:0]
:ufw-reject-forward - [0:0]
:ufw-reject-input - [0:0]
:ufw-reject-output - [0:0]
:ufw-skip-to-policy-forward - [0:0]
:ufw-skip-to-policy-input - [0:0]
:ufw-skip-to-policy-output - [0:0]
:ufw-track-forward - [0:0]
:ufw-track-input - [0:0]
:ufw-track-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-user-input - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-output - [0:0]
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j ACCEPT
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-forward -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-forward -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 1194 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 1194 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 5901 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 5902 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 5903 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 5904 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -m comment --comment "\'dapp_OpenSSH\'" -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
COMMIT
iptables -nvL -t natiptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 2465 packets, 307K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 862 packets, 51338 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1633 packets, 73095 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1634 packets, 73155 bytes)
pkts bytes target prot opt in out source destination
1060 307K MASQUERADE all -- * eth0 10.0.0.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * eth0 10.0.0.0/24 0.0.0.0/0
route print на Windows 7 (до подключения)IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.110 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
.... дальше идет куча служебных маршрутов
===================================================================
остоянные маршруты:
Сетевой адрес Маска Адрес шлюза Метрика
194.54.83.238 255.255.255.255 127.0.0.2 1
как трассировка ходит до ya.ru до подключения:Трассировка маршрута к ya.ru [213.180.193.3]
с максимальным числом прыжков 30:
1 <1 мс <1 мс <1 мс 192.168.1.1
2 <1 мс <1 мс <1 мс 92.50.189.54
3 1 ms 1 ms 1 ms 10.1.241.3
4 1 ms <1 мс <1 мс 10.1.65.5
5 1 ms 1 ms 1 ms 10.1.65.65
6 22 ms 22 ms 22 ms 145.255.24.190
7 22 ms 22 ms 22 ms 195.208.210.21
8 30 ms 31 ms 31 ms 87.250.239.65
9 30 ms 30 ms 31 ms 87.250.239.130
10 29 ms 30 ms 30 ms 213.180.193.3
Трассировка завершена.
После подключения к vpn:
ipconfig
поднимается vpn интерфейс, почему то без шлюза и без dns?
Ethernet adapter Подключение по локальной сети 4:
DNS-суффикс подключения . . . . . :
Локальный IPv6-адрес канала . . . : fe80::8c1c:8921:6d16:fac0%14
IPv4-адрес. . . . . . . . . . . . : 10.0.0.6
Маска подсети . . . . . . . . . . : 255.255.255.252
Основной шлюз. . . . . . . . . :
route print на Windows 7 (после подключения)IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.110 10
10.0.0.4 255.255.255.252 On-link 10.0.0.6 276
10.0.0.6 255.255.255.255 On-link 10.0.0.6 276
10.0.0.7 255.255.255.255 On-link 10.0.0.6 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.110 266
192.168.1.110 255.255.255.255 On-link 192.168.1.110 266
192.168.1.255 255.255.255.255 On-link 192.168.1.110 266
===================================================================
остоянные маршруты:
Сетевой адрес Маска Адрес шлюза Метрика
194.54.83.238 255.255.255.255 127.0.0.2 1
как трассировка ходит до ya.ru после подключения:Трассировка маршрута к ya.ru [213.180.204.3]
с максимальным числом прыжков 30:
1 68 ms 68 ms 68 ms 10.0.0.1
2 91 ms 68 ms 69 ms 128.199.32.253
3 69 ms 68 ms 68 ms 138.197.250.80
4 69 ms 69 ms 74 ms 80.249.211.200
5 98 ms 97 ms 97 ms 213.180.213.95
6 118 ms 115 ms 116 ms 213.180.213.125
7 114 ms 114 ms 114 ms 87.250.239.124
8 114 ms 114 ms 114 ms 213.180.204.3
Трассировка завершена.
10.0.0.1 это vpn адрес сервера VPN ubuntu
логи с openvpn сервера tail -f /var/log/openvpn/openvpn.log
Fri Dec 16 21:02:45 2016 us=608126 145.255.8.130:64627 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Dec 16 21:02:45 2016 us=677096 145.255.8.130:64627 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Dec 16 21:02:45 2016 us=677241 145.255.8.130:64627 [ronaldopc2] Peer Connection Initiated with [AF_INET]145.255.8.130:64627
Fri Dec 16 21:02:45 2016 us=677329 ronaldopc2/145.255.8.130:64627 MULTI_sva: pool returned IPv4=10.0.0.6, IPv6=(Not enabled)
Fri Dec 16 21:02:45 2016 us=677413 ronaldopc2/145.255.8.130:64627 MULTI: Learn: 10.0.0.6 -> ronaldopc2/145.255.8.130:64627
Fri Dec 16 21:02:45 2016 us=677444 ronaldopc2/145.255.8.130:64627 MULTI: primary virtual IP for ronaldopc2/145.255.8.130:64627: 10.0.0.6
Fri Dec 16 21:02:47 2016 us=794871 ronaldopc2/145.255.8.130:64627 PUSH: Received control message: 'PUSH_REQUEST'
Fri Dec 16 21:02:47 2016 us=794947 ronaldopc2/145.255.8.130:64627 send_push_reply(): safe_cap=940
Fri Dec 16 21:02:47 2016 us=794976 ronaldopc2/145.255.8.130:64627 SENT CONTROL [ronaldopc2]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.0.0.0 255.255.255.0,topology net30,ping 10,ping-restart 180,ifconfig 10.0.0.6 10.0.0.5' (status=1)
Fri Dec 16 21:02:48 2016 us=224914 ronaldopc2/145.255.8.130:64627 MULTI: bad source address from client [::], packet dropped
Логи с openvpn клиента (коннект и дисконнект):Sat Dec 17 02:02:41 2016 OpenVPN 2.3.14 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 7 2016
Sat Dec 17 02:02:41 2016 Windows version 6.1 (Windows 7) 64bit
Sat Dec 17 02:02:41 2016 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Enter Management Password:
Sat Dec 17 02:02:41 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Dec 17 02:02:41 2016 Need hold release from management interface, waiting...
Sat Dec 17 02:02:41 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Dec 17 02:02:41 2016 MANAGEMENT: CMD 'state on'
Sat Dec 17 02:02:41 2016 MANAGEMENT: CMD 'log all on'
Sat Dec 17 02:02:41 2016 MANAGEMENT: CMD 'hold off'
Sat Dec 17 02:02:41 2016 MANAGEMENT: CMD 'hold release'
Sat Dec 17 02:02:42 2016 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Dec 17 02:02:42 2016 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Dec 17 02:02:42 2016 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Dec 17 02:02:42 2016 Socket Buffers: R=[8192->8192] S=[64512->64512]
Sat Dec 17 02:02:42 2016 MANAGEMENT: >STATE:1481922162,RESOLVE,,,
Sat Dec 17 02:02:42 2016 UDPv4 link local: [undef]
Sat Dec 17 02:02:42 2016 UDPv4 link remote: [AF_INET]128.199.32.42:1194
Sat Dec 17 02:02:42 2016 MANAGEMENT: >STATE:1481922162,WAIT,,,
Sat Dec 17 02:02:42 2016 MANAGEMENT: >STATE:1481922162,AUTH,,,
Sat Dec 17 02:02:42 2016 TLS: Initial packet from [AF_INET]128.199.32.42:1194, sid=25e0cb91 795f0432
Sat Dec 17 02:02:42 2016 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=RanaldaCorp, OU=RanaldaCorp, CN=ranalda.com, name=RanaldaRSA, emailAddress=ronaldofifa@gmail.com
Sat Dec 17 02:02:42 2016 Validating certificate key usage
Sat Dec 17 02:02:42 2016 ++ Certificate has key usage 00a0, expects 00a0
Sat Dec 17 02:02:42 2016 VERIFY KU OK
Sat Dec 17 02:02:42 2016 Validating certificate extended key usage
Sat Dec 17 02:02:42 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 17 02:02:42 2016 VERIFY EKU OK
Sat Dec 17 02:02:42 2016 VERIFY OK: depth=0, C=US, ST=CALIFORNIA, L=SanFrancisco, O=RanaldaCorp, OU=RanaldaCorp, CN=ranalda.com, name=RanaldaRSA, emailAddress=ronaldofifa@gmail.com
Sat Dec 17 02:02:42 2016 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 17 02:02:42 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Dec 17 02:02:42 2016 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 17 02:02:42 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Dec 17 02:02:42 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Dec 17 02:02:42 2016 [ranalda.com] Peer Connection Initiated with [AF_INET]128.199.32.42:1194
Sat Dec 17 02:02:43 2016 MANAGEMENT: >STATE:1481922163,GET_CONFIG,,,
Sat Dec 17 02:02:44 2016 SENT CONTROL [ranalda.com]: 'PUSH_REQUEST' (status=1)
Sat Dec 17 02:02:44 2016 PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.0.0.0 255.255.255.0,topology net30,ping 10,ping-restart 180,ifconfig 10.0.0.6 10.0.0.5'
Sat Dec 17 02:02:44 2016 OPTIONS IMPORT: timers and/or timeouts modified
Sat Dec 17 02:02:44 2016 OPTIONS IMPORT: --ifconfig/up options modified
Sat Dec 17 02:02:44 2016 OPTIONS IMPORT: route options modified
Sat Dec 17 02:02:44 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Dec 17 02:02:44 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=11 HWADDR=50:46:5d:09:18:5b
Sat Dec 17 02:02:44 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Dec 17 02:02:44 2016 MANAGEMENT: >STATE:1481922164,ASSIGN_IP,,10.0.0.6,
Sat Dec 17 02:02:44 2016 open_tun, tt->ipv6=0
Sat Dec 17 02:02:44 2016 TAP-WIN32 device [Подключение по локальной сети 4] opened: \\.\Global\{CA26C3B6-AF8C-489B-AC06-77C6F22188D8}.tap
Sat Dec 17 02:02:44 2016 TAP-Windows Driver Version 9.21
Sat Dec 17 02:02:44 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.6/255.255.255.252 on interface {CA26C3B6-AF8C-489B-AC06-77C6F22188D8} [DHCP-serv: 10.0.0.5, lease-time: 31536000]
Sat Dec 17 02:02:44 2016 Successful ARP Flush on interface [14] {CA26C3B6-AF8C-489B-AC06-77C6F22188D8}
Sat Dec 17 02:02:49 2016 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Sat Dec 17 02:02:49 2016 Route: Waiting for TUN/TAP interface to come up...
Sat Dec 17 02:02:54 2016 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Sat Dec 17 02:02:54 2016 C:\Windows\system32\route.exe ADD 128.199.32.42 MASK 255.255.255.255 192.168.1.1
Sat Dec 17 02:02:54 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Sat Dec 17 02:02:54 2016 Route addition via IPAPI succeeded [adaptive]
Sat Dec 17 02:02:54 2016 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.0.0.5
Sat Dec 17 02:02:54 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sat Dec 17 02:02:54 2016 Route addition via IPAPI succeeded [adaptive]
Sat Dec 17 02:02:54 2016 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.0.0.5
Sat Dec 17 02:02:54 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sat Dec 17 02:02:54 2016 Route addition via IPAPI succeeded [adaptive]
Sat Dec 17 02:02:54 2016 MANAGEMENT: >STATE:1481922174,ADD_ROUTES,,,
Sat Dec 17 02:02:54 2016 C:\Windows\system32\route.exe ADD 10.0.0.0 MASK 255.255.255.0 10.0.0.5
Sat Dec 17 02:02:54 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sat Dec 17 02:02:54 2016 Route addition via IPAPI succeeded [adaptive]
Sat Dec 17 02:02:54 2016 C:\Windows\system32\route.exe ADD 10.0.0.0 MASK 255.255.255.0 10.0.0.5
Sat Dec 17 02:02:54 2016 ROUTE: route addition failed using CreateIpForwardEntry: Этот объект уже существует. [status=5010 if_index=14]
Sat Dec 17 02:02:54 2016 Route addition via IPAPI failed [adaptive]
Sat Dec 17 02:02:54 2016 Route addition fallback to route.exe
Sat Dec 17 02:02:54 2016 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Sat Dec 17 02:02:54 2016 Initialization Sequence Completed
Sat Dec 17 02:02:54 2016 MANAGEMENT: >STATE:1481922174,CONNECTED,SUCCESS,10.0.0.6,128.199.32.42
Sat Dec 17 02:09:16 2016 MANAGEMENT: Client disconnected
Sat Dec 17 02:09:16 2016 ERROR: received strange incoming packet with an address length of 2 -- we only accept address lengths of 0.
Sat Dec 17 02:09:16 2016 Exiting due to fatal error
Sat Dec 17 02:09:16 2016 C:\Windows\system32\route.exe DELETE 10.0.0.0 MASK 255.255.255.0 10.0.0.5
Sat Dec 17 02:09:16 2016 Route deletion via IPAPI succeeded [adaptive]
Sat Dec 17 02:09:16 2016 C:\Windows\system32\route.exe DELETE 10.0.0.0 MASK 255.255.255.0 10.0.0.5
Sat Dec 17 02:09:16 2016 ROUTE: route deletion failed using DeleteIpForwardEntry: Элемент не найден.
Sat Dec 17 02:09:16 2016 Route deletion via IPAPI failed [adaptive]
Sat Dec 17 02:09:16 2016 Route deletion fallback to route.exe
Sat Dec 17 02:09:16 2016 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Sat Dec 17 02:09:16 2016 C:\Windows\system32\route.exe DELETE 128.199.32.42 MASK 255.255.255.255 192.168.1.1
Sat Dec 17 02:09:16 2016 Route deletion via IPAPI succeeded [adaptive]
Sat Dec 17 02:09:16 2016 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.0.0.5
Sat Dec 17 02:09:16 2016 Route deletion via IPAPI succeeded [adaptive]
Sat Dec 17 02:09:16 2016 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.0.0.5
Sat Dec 17 02:09:16 2016 Route deletion via IPAPI succeeded [adaptive]
Sat Dec 17 02:09:16 2016 Closing TUN/TAP interface
В итоге получается, что, клиент подключается, ip получает из vpn сети пинги ходят от клиента к серверу и от сервера к клиенту.
Пинги ходят в Интернет, трассировка идет в туннель, но, например сайты не открываются и никакие новые соединения не устанавливаются через туннель. Может кто подсказать, куда еще копать?
Так же клиент дисконнектится постоянно
браузеры сбрасывают соединения, пишут: Похоже, что вы в другой сети