Настроил OVPN на VPS.Подключение к VPN есть, но при этом не один сайт не грузится.
конфиг сервера
port 1194
proto udp
dev tun
ca ca.crt
cert ServerV4.crt
key ServerV4.key
dh dh2048.pem
tls-auth ta.key 0
cipher AES-256-CBC
server 10.0.0.0 255.255.255.0
keepalive 10 120
persist-key
persist-tun
client-config-dir ccd
status ServerV4-status.log
log /var/log/ServerV4.log
comp-lzo
verb 4
sndbuf 0
rcvbuf 0
push "redirect-gateway def1"
push "dhcp-options DNS 8.8.8.8"
конфиг клиента
client
dev tun
proto udp
remote 188.225.86.21 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user1.crt
key user1.key
tls-auth ta.key 1
cipher AES-256-CBC
ns-cert-type server
comp-lzo
log /var/log/user1.log
verb 3
sndbuf 0
rcvbuf 0
лог сервеар после подключения
Sun Dec 10 00:32:15 2017 us=591887 MULTI: multi_create_instance called
Sun Dec 10 00:32:15 2017 us=592072 93.185.19.126:12452 Re-using SSL/TLS context
Sun Dec 10 00:32:15 2017 us=592152 93.185.19.126:12452 LZO compression initialized
Sun Dec 10 00:32:15 2017 us=592461 93.185.19.126:12452 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Sun Dec 10 00:32:15 2017 us=592483 93.185.19.126:12452 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
Sun Dec 10 00:32:15 2017 us=592528 93.185.19.126:12452 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,com$
Sun Dec 10 00:32:15 2017 us=592547 93.185.19.126:12452 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto$
Sun Dec 10 00:32:15 2017 us=592592 93.185.19.126:12452 Local Options hash (VER=V4): '162b04de'
Sun Dec 10 00:32:15 2017 us=592609 93.185.19.126:12452 Expected Remote Options hash (VER=V4): '9e7066d2'
Sun Dec 10 00:32:15 2017 us=592677 93.185.19.126:12452 TLS: Initial packet from [AF_INET]93.185.19.126:12452, sid=72fb7b09 65184370
Sun Dec 10 00:32:15 2017 us=810256 93.185.19.126:12452 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizatio$
Sun Dec 10 00:32:15 2017 us=810634 93.185.19.126:12452 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizatio$
Sun Dec 10 00:32:15 2017 us=911201 93.185.19.126:12452 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Dec 10 00:32:15 2017 us=911328 93.185.19.126:12452 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 10 00:32:15 2017 us=911356 93.185.19.126:12452 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Dec 10 00:32:15 2017 us=911378 93.185.19.126:12452 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 10 00:32:15 2017 us=982826 93.185.19.126:12452 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit $
Sun Dec 10 00:32:15 2017 us=982992 93.185.19.126:12452 [user1] Peer Connection Initiated with [AF_INET]93.185.19.126:12452
Sun Dec 10 00:32:15 2017 us=993765 user1/93.185.19.126:12452 MULTI_sva: pool returned IPv4=10.0.0.6, IPv6=(Not enabled)
Sun Dec 10 00:32:15 2017 us=993932 user1/93.185.19.126:12452 MULTI: Learn: 10.0.0.6 -> user1/93.185.19.126:12452
Sun Dec 10 00:32:15 2017 us=993960 user1/93.185.19.126:12452 MULTI: primary virtual IP for user1/93.185.19.126:12452: 10.0.0.6
Sun Dec 10 00:32:17 2017 us=106462 user1/93.185.19.126:12452 PUSH: Received control message: 'PUSH_REQUEST'
Sun Dec 10 00:32:17 2017 us=114716 user1/93.185.19.126:12452 send_push_reply(): safe_cap=940
Sun Dec 10 00:32:17 2017 us=114830 user1/93.185.19.126:12452 SENT CONTROL [user1]: 'PUSH_REPLY,redirect-gateway def1,dhcp-options DNS 8.$
Sun Dec 10 00:32:18 2017 us=319710 user1/93.185.19.126:12452 MULTI: bad source address from client [192.168.0.42], packet dropped
Sun Dec 10 00:32:18 2017 us=320035 user1/93.185.19.126:12452 MULTI: bad source address from client [192.168.0.42], packet dropped
Sun Dec 10 00:32:18 2017 us=320315 user1/93.185.19.126:12452 MULTI: bad source address from client [192.168.0.42], packet dropped
Sun Dec 10 00:32:18 2017 us=320376 user1/93.185.19.126:12452 MULTI: bad source address from client [192.168.0.42], packet dropped
Sun Dec 10 00:32:18 2017 us=474072 user1/93.185.19.126:12452 MULTI: bad source address from client [192.168.0.42], packet dropped
Sun Dec 10 00:32:18 2017 us=474248 user1/93.185.19.126:12452 MULTI: bad source address from client [192.168.0.42], packet dropped
Sun Dec 10 00:32:18 2017 us=477993 user1/93.185.19.126:12452 MULTI: bad source address from client [192.168.0.42], packet dropped
Sun Dec 10 00:32:18 2017 us=650584 user1/93.185.19.126:12452 MULTI: bad source address from client [192.168.0.42], packet dropped
Sun Dec 10 00:34:59 2017 us=643663 user1/93.185.19.126:12452 PID_ERR replay-window backtrack occurred [108] [SSL-0] [1111111112222222222$
Sun Dec 10 00:34:59 2017 us=643770 user1/93.185.19.126:12452 PID_ERR large diff [108] [SSL-0] [11111111122222222222222222222222222222223$
Sun Dec 10 00:34:59 2017 us=643785 user1/93.185.19.126:12452 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3050$
Sun Dec 10 00:36:34 2017 us=990236 user1/93.185.19.126:12452 MULTI: bad source address from client [192.168.0.42], packet dropped
лог клиента после подключения
GNU nano 2.7.4 Файл: user1.log
Sun Dec 10 03:32:15 2017 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Sun Dec 10 03:32:15 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Sun Dec 10 03:32:15 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 10 03:32:15 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 10 03:32:15 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]188.225.86.21:1194
Sun Dec 10 03:32:15 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Dec 10 03:32:15 2017 UDP link local: (not bound)
Sun Dec 10 03:32:15 2017 UDP link remote: [AF_INET]188.225.86.21:1194
Sun Dec 10 03:32:15 2017 TLS: Initial packet from [AF_INET]188.225.86.21:1194, sid=8d22d23b ad81e46e
Sun Dec 10 03:32:15 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, $
Sun Dec 10 03:32:15 2017 VERIFY OK: nsCertType=SERVER
Sun Dec 10 03:32:15 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=ServerV4, name=EasyRSA, emailAd$
Sun Dec 10 03:32:15 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Dec 10 03:32:15 2017 [ServerV4] Peer Connection Initiated with [AF_INET]188.225.86.21:1194
Sun Dec 10 03:32:17 2017 SENT CONTROL [ServerV4]: 'PUSH_REQUEST' (status=1)
Sun Dec 10 03:32:17 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-options DNS 8.8.8.8,route 10.0.0.1,topology net30,pin$
Sun Dec 10 03:32:17 2017 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:2: dhcp-options (2.4.0)
Sun Dec 10 03:32:17 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sun Dec 10 03:32:17 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sun Dec 10 03:32:17 2017 OPTIONS IMPORT: route options modified
Sun Dec 10 03:32:17 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Dec 10 03:32:17 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 10 03:32:17 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Dec 10 03:32:17 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 10 03:32:17 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp3s0 HWADDR=2c:d0:5a:3f:89:f4
Sun Dec 10 03:32:17 2017 TUN/TAP device tun0 opened
Sun Dec 10 03:32:17 2017 TUN/TAP TX queue length set to 100
Sun Dec 10 03:32:17 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Dec 10 03:32:17 2017 /sbin/ip link set dev tun0 up mtu 1500
Sun Dec 10 03:32:17 2017 /sbin/ip addr add dev tun0 local 10.0.0.6 peer 10.0.0.5
Sun Dec 10 03:32:17 2017 /sbin/ip route add 188.225.86.21/32 via 192.168.0.1
Sun Dec 10 03:32:17 2017 /sbin/ip route add 0.0.0.0/1 via 10.0.0.5
iptables save
# Generated by iptables-save v1.6.0 on Sun Dec 10 00:49:00 2017
*nat
:PREROUTING ACCEPT [3429781:4575918694]
:INPUT ACCEPT [3055:277396]
:OUTPUT ACCEPT [12:896]
:POSTROUTING ACCEPT [12:896]
-A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Dec 10 00:49:00 2017