Помогите с проблемой openvpn + obfsproxy

[alexbalkan]

Здраствуйте форумчане! Помогите разобраться с проблемой!
Имею удаленный сервер VPS с внешним IP, с openvpn + obfsproxy
openvpn в рабочем состоянии, но вот трафик не хочет идти через obfsproxy.
вот лог клиента openvpn

(Нажмите, чтобы показать/скрыть)

MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Need hold release from management interface, waiting...
MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
MANAGEMENT: CMD 'state on'
MANAGEMENT: CMD 'log all on'
MANAGEMENT: CMD 'hold off'
MANAGEMENT: CMD 'hold release'
Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[8192->100000] S=[8192->100000]
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]xx.xx.xx.xx:443
MANAGEMENT: >STATE:1476374203,WAIT,,,
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

Информация в студию:
openvpn server[/size]

(Нажмите, чтобы показать/скрыть)

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
tls-auth ta.key 0
cipher AES-256-CBC
server 10.60.70.0 255.255.255.0
daemon
ifconfig-pool-persist /etc/openvpn/tmp/ipp.txt
push "route 10.60.70.0 255.255.255.0"
keepalive 5 30
comp-lzo no
#user nobody
#group nobody
persist-key
persist-tun
status /etc/openvpn/log/openvpn-status.log
status /etc/openvpn/log/tcp-server-tcp.log
log /etc/openvpn/log/openvpn.log
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
verb 5
script-security 3

openvpn client

(Нажмите, чтобы показать/скрыть)

client
dev tun
proto udp
remote xx.xx.xx.xx 443
resolv-retry infinite
nobind
comp-lzo no
ca ca.crt
cert client.crt
key client.key
dh dh2048.pem
cipher AES-256-CBC
remote-cert-tls server
tls-client
tls-auth ta.key 1
ns-cert-type server
sndbuf 100000
rcvbuf 100000
keepalive 10 120
persist-key
persist-tun
verb 3
script-security 2

OBFSPROXY
obfsproxy obfs3 --dest=127.0.0.1:1194 server ip_server:443

Думая что вся проблема в правилах которые применил. Поправьте меня пожалуста.
iptables -A INPUT -i ens3 -m state --state NEW -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ens3 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.60.70.0/24 -o ens3 -j MASQUERADE
iptables -A OUTPUT -o tun0 -j ACCEPT

sockstat | grep 1194
root     openvpn              21550    udp4   *:1194                    *:*                       CLOSED

iptables -L -nv
Chain INPUT (policy ACCEPT 1545 packets, 111K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  ens3   *       0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:1194
    0     0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  tun0   ens3    0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  ens3   tun0    0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 1229 packets, 674K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0   

[fisher74]

proto udp

proto tcp

[alexbalkan]

Да верно. Только что это обнаружил ((((. За такое бить надо палкой)
Но все же не идет.

(Нажмите, чтобы показать/скрыть)

MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Need hold release from management interface, waiting...
MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
MANAGEMENT: CMD 'state on'
MANAGEMENT: CMD 'log all on'
MANAGEMENT: CMD 'hold off'
MANAGEMENT: CMD 'hold release'
Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[8192->100000] S=[8192->100000]
Attempting to establish TCP connection with [AF_INET]185.14.28.203:443 [nonblock]
MANAGEMENT: >STATE:1476382399,TCP_CONNECT,,,
TCP connection established with [AF_INET]185.14.28.203:443
TCPv4_CLIENT link local: [undef]
TCPv4_CLIENT link remote: [AF_INET]185.14.28.203:443
MANAGEMENT: >STATE:1476382400,WAIT,,,
WARNING: Bad encapsulated packet length from peer (59334), which must be > 0 and <= 1563 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Connection reset, restarting

SIGUSR1[soft,connection-reset] received, process restarting
MANAGEMENT: >STATE:1476382400,RECONNECTING,connection-reset,,
Restart pause, 5 second(s)
SIGTERM[hard,init_instance] received, process exiting
MANAGEMENT: >STATE:1476382403,EXITING,init_instance,,

лог openvpn c сервера

(Нажмите, чтобы показать/скрыть)

MULTI: multi_create_instance called
Re-using SSL/TLS context
LZO compression initialized
Control Channel MTU parms [ L:1560 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1560 D:1432 EF:60 EB:143 ET:0 EL:3 AF:3/1 ]
Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Local Options hash (VER=V4): '9915e4a2'
Expected Remote Options hash (VER=V4): '2f2c6498'
TCP connection established with [AF_INET]127.0.0.1:60534
TCPv4_SERVER link local: [undef]
TCPv4_SERVER link remote: [AF_INET]127.0.0.1:60534
127.0.0.1:60534 Connection reset, restarting

127.0.0.1:60534 SIGUSR1[soft,connection-reset] received, client-instance restarting
TCP/UDP: Closing socket

[fisher74]

WARNING: Bad encapsulated packet length from peer (59334), which must be > 0 and <= 1563 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

mtu?
Пользователь добавил сообщение 13 Октября 2016, 22:13:25:Кстати

push "route 10.60.70.0 255.255.255.0"

У клиента этот маршрут и так появится, а вот серверу он нужен, иначе не будет знать где искать своего же клиента.

[alexbalkan]

У клиента этот маршрут и так появится, а вот серверу он нужен, иначе не будет знать где искать своего же клиента.

Так вроде эта строчка в config сервера а не клиента. Или что-то я не прав?

[AnrDaemon]

Эта строчка в конфиге сервера, но ДЛЯ (push!) клиента.

[alexbalkan]

Вот такая петрушка с укропом
log c сервера

(Нажмите, чтобы показать/скрыть)

Thu Oct 13 23:50:10 2016 us=278616 Current Parameter Settings:
Thu Oct 13 23:50:10 2016 us=278709   config = '/etc/openvpn/server.conf'
Thu Oct 13 23:50:10 2016 us=278749   mode = 1
Thu Oct 13 23:50:10 2016 us=278766   persist_config = DISABLED
Thu Oct 13 23:50:10 2016 us=278776   persist_mode = 1
Thu Oct 13 23:50:10 2016 us=278786   show_ciphers = DISABLED
Thu Oct 13 23:50:10 2016 us=278802   show_digests = DISABLED
Thu Oct 13 23:50:10 2016 us=278820   show_engines = DISABLED
Thu Oct 13 23:50:10 2016 us=278838   genkey = DISABLED
Thu Oct 13 23:50:10 2016 us=278856   key_pass_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=278868   show_tls_ciphers = DISABLED
Thu Oct 13 23:50:10 2016 us=278878 Connection profiles [default]:
Thu Oct 13 23:50:10 2016 us=278888   proto = tcp-server
Thu Oct 13 23:50:10 2016 us=278898   local = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=278907   local_port = 1194
Thu Oct 13 23:50:10 2016 us=278917   remote = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=278927   remote_port = 1194
Thu Oct 13 23:50:10 2016 us=278940   remote_float = DISABLED
Thu Oct 13 23:50:10 2016 us=278950   bind_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=278959   bind_local = ENABLED
Thu Oct 13 23:50:10 2016 us=278968   connect_retry_seconds = 5
Thu Oct 13 23:50:10 2016 us=278978   connect_timeout = 10
Thu Oct 13 23:50:10 2016 us=278987   connect_retry_max = 0
Thu Oct 13 23:50:10 2016 us=278996   xormethod = 0
Thu Oct 13 23:50:10 2016 us=279005   xormask = ''
Thu Oct 13 23:50:10 2016 us=279015   xormasklen = 1
Thu Oct 13 23:50:10 2016 us=279024   socks_proxy_server = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279034   socks_proxy_port = 0
Thu Oct 13 23:50:10 2016 us=279052   socks_proxy_retry = DISABLED
Thu Oct 13 23:50:10 2016 us=279071   tun_mtu = 1500
Thu Oct 13 23:50:10 2016 us=279089   tun_mtu_defined = ENABLED
Thu Oct 13 23:50:10 2016 us=279109   link_mtu = 1500
Thu Oct 13 23:50:10 2016 us=279128   link_mtu_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=279147   tun_mtu_extra = 0
Thu Oct 13 23:50:10 2016 us=279166   tun_mtu_extra_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=279185   mtu_discover_type = -1
Thu Oct 13 23:50:10 2016 us=279204   fragment = 0
Thu Oct 13 23:50:10 2016 us=279224   mssfix = 1432
Thu Oct 13 23:50:10 2016 us=279245   explicit_exit_notification = 0
Thu Oct 13 23:50:10 2016 us=279264 Connection profiles END
Thu Oct 13 23:50:10 2016 us=279284   remote_random = DISABLED
Thu Oct 13 23:50:10 2016 us=279303   ipchange = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279322   dev = 'tun'
Thu Oct 13 23:50:10 2016 us=279341   dev_type = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279366   dev_node = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279388   lladdr = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279406   topology = 1
Thu Oct 13 23:50:10 2016 us=279426   tun_ipv6 = DISABLED
Thu Oct 13 23:50:10 2016 us=279445   ifconfig_local = '10.48.9.1'
Thu Oct 13 23:50:10 2016 us=279465   ifconfig_remote_netmask = '10.48.9.2'
Thu Oct 13 23:50:10 2016 us=279484   ifconfig_noexec = DISABLED
Thu Oct 13 23:50:10 2016 us=279503   ifconfig_nowarn = DISABLED
Thu Oct 13 23:50:10 2016 us=279520   ifconfig_ipv6_local = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279538   ifconfig_ipv6_netbits = 0
Thu Oct 13 23:50:10 2016 us=279555   ifconfig_ipv6_remote = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279574   shaper = 0
Thu Oct 13 23:50:10 2016 us=279589   mtu_test = 0
Thu Oct 13 23:50:10 2016 us=279605   mlock = DISABLED
Thu Oct 13 23:50:10 2016 us=279621   keepalive_ping = 5
Thu Oct 13 23:50:10 2016 us=279637   keepalive_timeout = 30
Thu Oct 13 23:50:10 2016 us=279652   inactivity_timeout = 0
Thu Oct 13 23:50:10 2016 us=279669   ping_send_timeout = 5
Thu Oct 13 23:50:10 2016 us=279685   ping_rec_timeout = 60
Thu Oct 13 23:50:10 2016 us=279702   ping_rec_timeout_action = 2
Thu Oct 13 23:50:10 2016 us=279732   ping_timer_remote = DISABLED
Thu Oct 13 23:50:10 2016 us=279754   remap_sigusr1 = 0
Thu Oct 13 23:50:10 2016 us=279775   persist_tun = ENABLED
Thu Oct 13 23:50:10 2016 us=279796   persist_local_ip = DISABLED
Thu Oct 13 23:50:10 2016 us=279816   persist_remote_ip = DISABLED
Thu Oct 13 23:50:10 2016 us=279846   persist_key = ENABLED
Thu Oct 13 23:50:10 2016 us=279866   passtos = DISABLED
Thu Oct 13 23:50:10 2016 us=279881   resolve_retry_seconds = 1000000000
Thu Oct 13 23:50:10 2016 us=279890   username = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279899   groupname = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279908   chroot_dir = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279917   cd_dir = '/etc/openvpn'
Thu Oct 13 23:50:10 2016 us=279927   writepid = '/run/openvpn/server.pid'
Thu Oct 13 23:50:10 2016 us=279936   up_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279945   down_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279954   down_pre = DISABLED
Thu Oct 13 23:50:10 2016 us=280002   up_restart = DISABLED
Thu Oct 13 23:50:10 2016 us=280015   up_delay = DISABLED
Thu Oct 13 23:50:10 2016 us=280024   daemon = ENABLED
Thu Oct 13 23:50:10 2016 us=280033   inetd = 0
Thu Oct 13 23:50:10 2016 us=280042   log = ENABLED
Thu Oct 13 23:50:10 2016 us=280052   suppress_timestamps = DISABLED
Thu Oct 13 23:50:10 2016 us=280061   nice = 0
Thu Oct 13 23:50:10 2016 us=280070   verbosity = 5
Thu Oct 13 23:50:10 2016 us=280079   mute = 0
Thu Oct 13 23:50:10 2016 us=280089   gremlin = 0
Thu Oct 13 23:50:10 2016 us=280098   status_file = '/etc/openvpn/log/tcp-server-tcp.log'
Thu Oct 13 23:50:10 2016 us=280108   status_file_version = 1
Thu Oct 13 23:50:10 2016 us=280117   status_file_update_freq = 10
Thu Oct 13 23:50:10 2016 us=280126   occ = ENABLED
Thu Oct 13 23:50:10 2016 us=280135   rcvbuf = 0
Thu Oct 13 23:50:10 2016 us=280144   sndbuf = 0
Thu Oct 13 23:50:10 2016 us=280153   mark = 0
Thu Oct 13 23:50:10 2016 us=280162   sockflags = 0
Thu Oct 13 23:50:10 2016 us=280171   fast_io = DISABLED
Thu Oct 13 23:50:10 2016 us=280180   lzo = 1
Thu Oct 13 23:50:10 2016 us=280190   route_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280199   route_default_gateway = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280208   route_default_metric = 0
Thu Oct 13 23:50:10 2016 us=280218   route_noexec = DISABLED
Thu Oct 13 23:50:10 2016 us=280227   route_delay = 0
Thu Oct 13 23:50:10 2016 us=280236   route_delay_window = 30
Thu Oct 13 23:50:10 2016 us=280245   route_delay_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=280255   route_nopull = DISABLED
Thu Oct 13 23:50:10 2016 us=280264   route_gateway_via_dhcp = DISABLED
Thu Oct 13 23:50:10 2016 us=280273   max_routes = 100
Thu Oct 13 23:50:10 2016 us=280283   allow_pull_fqdn = DISABLED
Thu Oct 13 23:50:10 2016 us=280293   route 10.48.9.0/255.255.255.0/nil/nil
Thu Oct 13 23:50:10 2016 us=280303   management_addr = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280312   management_port = 0
Thu Oct 13 23:50:10 2016 us=280321   management_user_pass = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280331   management_log_history_cache = 250
Thu Oct 13 23:50:10 2016 us=280340   management_echo_buffer_size = 100
Thu Oct 13 23:50:10 2016 us=280349   management_write_peer_info_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280359   management_client_user = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280368   management_client_group = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280377   management_flags = 0
Thu Oct 13 23:50:10 2016 us=280387   shared_secret_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280397   key_direction = 1
Thu Oct 13 23:50:10 2016 us=280406   ciphername_defined = ENABLED
Thu Oct 13 23:50:10 2016 us=280416   ciphername = 'AES-256-CBC'
Thu Oct 13 23:50:10 2016 us=280425   authname_defined = ENABLED
Thu Oct 13 23:50:10 2016 us=280434   authname = 'SHA1'
Thu Oct 13 23:50:10 2016 us=280443   prng_hash = 'SHA1'
Thu Oct 13 23:50:10 2016 us=280452   prng_nonce_secret_len = 16
Thu Oct 13 23:50:10 2016 us=280526   keysize = 0
Thu Oct 13 23:50:10 2016 us=280545   engine = DISABLED
Thu Oct 13 23:50:10 2016 us=280554   replay = ENABLED
Thu Oct 13 23:50:10 2016 us=280564   mute_replay_warnings = DISABLED
Thu Oct 13 23:50:10 2016 us=280573   replay_window = 64
Thu Oct 13 23:50:10 2016 us=280582   replay_time = 15
Thu Oct 13 23:50:10 2016 us=280600   packet_id_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280617   use_iv = ENABLED
Thu Oct 13 23:50:10 2016 us=280648   test_crypto = DISABLED
Thu Oct 13 23:50:10 2016 us=280670   tls_server = ENABLED
Thu Oct 13 23:50:10 2016 us=280689   tls_client = DISABLED
Thu Oct 13 23:50:10 2016 us=280705   key_method = 2
Thu Oct 13 23:50:10 2016 us=280715   ca_file = 'ca.crt'
Thu Oct 13 23:50:10 2016 us=280734   ca_path = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280745   dh_file = 'dh2048.pem'
Thu Oct 13 23:50:10 2016 us=280754   cert_file = 'server.crt'
Thu Oct 13 23:50:10 2016 us=280763   extra_certs_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280773   priv_key_file = 'server.key'
Thu Oct 13 23:50:10 2016 us=280783   pkcs12_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280792   cipher_list = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280801   tls_verify = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280811   tls_export_cert = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280820   verify_x509_type = 0
Thu Oct 13 23:50:10 2016 us=280829   verify_x509_name = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280838   crl_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280848   ns_cert_type = 0
Thu Oct 13 23:50:10 2016 us=280857   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280866   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280875   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280884   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280893   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280903   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280912   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280921   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280930   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280939   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280949   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280958   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280967   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280976   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280985   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=280994   remote_cert_ku = 0
Thu Oct 13 23:50:10 2016 us=281003   remote_cert_eku = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281012   ssl_flags = 0
Thu Oct 13 23:50:10 2016 us=281022   tls_timeout = 2
Thu Oct 13 23:50:10 2016 us=281031   renegotiate_bytes = 0
Thu Oct 13 23:50:10 2016 us=281040   renegotiate_packets = 0
Thu Oct 13 23:50:10 2016 us=281049   renegotiate_seconds = 3600
Thu Oct 13 23:50:10 2016 us=281058   handshake_window = 60
Thu Oct 13 23:50:10 2016 us=281067   transition_window = 3600
Thu Oct 13 23:50:10 2016 us=281077   single_session = DISABLED
Thu Oct 13 23:50:10 2016 us=281086   push_peer_info = DISABLED
Thu Oct 13 23:50:10 2016 us=281095   tls_exit = DISABLED
Thu Oct 13 23:50:10 2016 us=281104   tls_auth_file = 'ta.key'
Thu Oct 13 23:50:10 2016 us=281115   server_network = 10.48.9.0
Thu Oct 13 23:50:10 2016 us=281126   server_netmask = 255.255.255.0
Thu Oct 13 23:50:10 2016 us=281144   server_network_ipv6 = ::
Thu Oct 13 23:50:10 2016 us=281154   server_netbits_ipv6 = 0
Thu Oct 13 23:50:10 2016 us=281164   server_bridge_ip = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281174   server_bridge_netmask = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281184   server_bridge_pool_start = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281194   server_bridge_pool_end = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281204   push_entry = 'route 10.48.9.0 255.255.255.0'
Thu Oct 13 23:50:10 2016 us=281214   push_entry = 'redirect-gateway def1 bypass-dhcp'
Thu Oct 13 23:50:10 2016 us=281223   push_entry = 'dhcp-option DNS 8.8.8.8'
Thu Oct 13 23:50:10 2016 us=281232   push_entry = 'route 10.48.9.1'
Thu Oct 13 23:50:10 2016 us=281242   push_entry = 'topology net30'
Thu Oct 13 23:50:10 2016 us=281251   push_entry = 'ping 5'
Thu Oct 13 23:50:10 2016 us=281260   push_entry = 'ping-restart 30'
Thu Oct 13 23:50:10 2016 us=281269   ifconfig_pool_defined = ENABLED
Thu Oct 13 23:50:10 2016 us=281280   ifconfig_pool_start = 10.48.9.4
Thu Oct 13 23:50:10 2016 us=281290   ifconfig_pool_end = 10.48.9.251
Thu Oct 13 23:50:10 2016 us=281300   ifconfig_pool_netmask = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281309   ifconfig_pool_persist_filename = '/etc/openvpn/tmp/ipp.txt'
Thu Oct 13 23:50:10 2016 us=281326   ifconfig_pool_persist_refresh_freq = 600
Thu Oct 13 23:50:10 2016 us=281337   ifconfig_ipv6_pool_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=281347   ifconfig_ipv6_pool_base = ::
Thu Oct 13 23:50:10 2016 us=281356   ifconfig_ipv6_pool_netbits = 0
Thu Oct 13 23:50:10 2016 us=281365   n_bcast_buf = 256
Thu Oct 13 23:50:10 2016 us=281375   tcp_queue_limit = 64
Thu Oct 13 23:50:10 2016 us=281384   real_hash_size = 256
Thu Oct 13 23:50:10 2016 us=281394   virtual_hash_size = 256
Thu Oct 13 23:50:10 2016 us=281412   client_connect_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281430   learn_address_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281449   client_disconnect_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281468   client_config_dir = 'ccd'
Thu Oct 13 23:50:10 2016 us=281486   ccd_exclusive = DISABLED
Thu Oct 13 23:50:10 2016 us=281504   tmp_dir = '/tmp'
Thu Oct 13 23:50:10 2016 us=281519   push_ifconfig_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=281529   push_ifconfig_local = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281540   push_ifconfig_remote_netmask = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281549   push_ifconfig_ipv6_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=281560   push_ifconfig_ipv6_local = ::/0
Thu Oct 13 23:50:10 2016 us=281575   push_ifconfig_ipv6_remote = ::
Thu Oct 13 23:50:10 2016 us=281587   enable_c2c = DISABLED
Thu Oct 13 23:50:10 2016 us=281596   duplicate_cn = DISABLED
Thu Oct 13 23:50:10 2016 us=281607   cf_max = 0
Thu Oct 13 23:50:10 2016 us=281625   cf_per = 0
Thu Oct 13 23:50:10 2016 us=281645   max_clients = 1024
Thu Oct 13 23:50:10 2016 us=281663   max_routes_per_client = 256
Thu Oct 13 23:50:10 2016 us=281680   auth_user_pass_verify_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281692   auth_user_pass_verify_script_via_file = DISABLED
Thu Oct 13 23:50:10 2016 us=281701   port_share_host = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281710   port_share_port = 0
Thu Oct 13 23:50:10 2016 us=281743   client = DISABLED
Thu Oct 13 23:50:10 2016 us=281757   pull = DISABLED
Thu Oct 13 23:50:10 2016 us=281766   auth_user_pass_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281777 OpenVPN 2.3.12 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 12 2016
Thu Oct 13 23:50:10 2016 us=281800 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Thu Oct 13 23:50:10 2016 us=284205 Diffie-Hellman initialized with 2048 bit key
Thu Oct 13 23:50:10 2016 us=285981 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Oct 13 23:50:10 2016 us=286016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 13 23:50:10 2016 us=286031 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 13 23:50:10 2016 us=286053 TLS-Auth MTU parms [ L:1560 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Thu Oct 13 23:50:10 2016 us=286083 Socket Buffers: R=[87380->87380] S=[16384->16384]
Thu Oct 13 23:50:10 2016 us=286188 ROUTE_GATEWAY xxx.xx.28.1/255.255.252.0 IFACE=ens3 HWADDR=52:54:00:c0:3b:c5
Thu Oct 13 23:50:10 2016 us=287439 TUN/TAP device tun0 opened
Thu Oct 13 23:50:10 2016 us=287471 TUN/TAP TX queue length set to 100
Thu Oct 13 23:50:10 2016 us=287492 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Oct 13 23:50:10 2016 us=287520 /sbin/ifconfig tun0 10.48.9.1 pointopoint 10.48.9.2 mtu 1500
Thu Oct 13 23:50:10 2016 us=289099 /sbin/route add -net 10.48.9.0 netmask 255.255.255.0 gw 10.48.9.2
Thu Oct 13 23:50:10 2016 us=289972 Data Channel MTU parms [ L:1560 D:1432 EF:60 EB:143 ET:0 EL:3 AF:3/1 ]
Thu Oct 13 23:50:10 2016 us=290021 Listening for incoming TCP connection on [undef]
Thu Oct 13 23:50:10 2016 us=290063 TCPv4_SERVER link local (bound): [undef]
Thu Oct 13 23:50:10 2016 us=290085 TCPv4_SERVER link remote: [undef]
Thu Oct 13 23:50:10 2016 us=290108 MULTI: multi_init called, r=256 v=256
Thu Oct 13 23:50:10 2016 us=290144 IFCONFIG POOL: base=10.48.9.4 size=62, ipv6=0
Thu Oct 13 23:50:10 2016 us=290164 ifconfig_pool_read(), in='admin,10.48.9.4', TODO: IPv6
Thu Oct 13 23:50:10 2016 us=290189 succeeded -> ifconfig_pool_set()
Thu Oct 13 23:50:10 2016 us=290200 ifconfig_pool_read(), in='fuar,10.48.9.8', TODO: IPv6
Thu Oct 13 23:50:10 2016 us=290210 succeeded -> ifconfig_pool_set()
Thu Oct 13 23:50:10 2016 us=290219 ifconfig_pool_read(), in='ligo,10.48.9.12', TODO: IPv6
Thu Oct 13 23:50:10 2016 us=290228 succeeded -> ifconfig_pool_set()
Thu Oct 13 23:50:10 2016 us=290239 IFCONFIG POOL LIST
Thu Oct 13 23:50:10 2016 us=290249 admin,10.48.9.4
Thu Oct 13 23:50:10 2016 us=290295 MULTI: TCP INIT maxclients=1024 maxevents=1028
Thu Oct 13 23:50:10 2016 us=290323 Initialization Sequence Completed
Thu Oct 13 23:50:16 2016 us=917416 MULTI: multi_create_instance called
Thu Oct 13 23:50:16 2016 us=917472 Re-using SSL/TLS context
Thu Oct 13 23:50:16 2016 us=917522 LZO compression initialized
Thu Oct 13 23:50:16 2016 us=917630 Control Channel MTU parms [ L:1560 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Thu Oct 13 23:50:16 2016 us=917670 Data Channel MTU parms [ L:1560 D:1432 EF:60 EB:143 ET:0 EL:3 AF:3/1 ]
Thu Oct 13 23:50:16 2016 us=917702 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Oct 13 23:50:16 2016 us=917713 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Oct 13 23:50:16 2016 us=917733 Local Options hash (VER=V4): '9915e4a2'
Thu Oct 13 23:50:16 2016 us=917748 Expected Remote Options hash (VER=V4): '2f2c6498'
Thu Oct 13 23:50:16 2016 us=917780 TCP connection established with [AF_INET]127.0.0.1:60708
Thu Oct 13 23:50:16 2016 us=917794 TCPv4_SERVER link local: [undef]
Thu Oct 13 23:50:16 2016 us=917805 TCPv4_SERVER link remote: [AF_INET]127.0.0.1:60708
Thu Oct 13 23:50:17 2016 us=841868 127.0.0.1:60708 Connection reset, restarting

Thu Oct 13 23:50:17 2016 us=841931 127.0.0.1:60708 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Oct 13 23:50:17 2016 us=842027 TCP/UDP: Closing socket

это выхлоп 443 порта

(Нажмите, чтобы показать/скрыть)

23:35:31.912115 IP ip-228.pool-228.ms-dpc03.cpx.ru.17251 > abcdef.net.https: Flags , seq 3964491900, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:35:31.912224 IP abcdef.net.https > ip-228.pool-228.ms-dpc03.cpx.ru.17251: Flags [S.], seq 173196175, ack 3964491901, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
23:35:31.954529 IP ip-228.pool-228.ms-dpc03.cpx.ru.17251 > abcdef.net.https: Flags [.], ack 1, win 65535, length 0
23:35:31.963907 IP abcdef.net.https > ip-228.pool-228.ms-dpc03.cpx.ru.17251: Flags [P.], seq 1:2893, ack 1, win 229, length 2892
23:35:32.013608 IP ip-228.pool-228.ms-dpc03.cpx.ru.17251 > abcdef.net.https: Flags [.], ack 2893, win 65535, length 0
23:35:32.915020 IP ip-228.pool-228.ms-dpc03.cpx.ru.17251 > abcdef.net.https: Flags [R.], seq 1, ack 2893, win 0, length 0
23:35:37.955967 IP ip-228.pool-228.ms-dpc03.cpx.ru.27643 > abcdef.net.https: Flags , seq 3664854665, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:35:37.956046 IP abcdef.net.https > ip-228.pool-228.ms-dpc03.cpx.ru.27643: Flags [S.], seq 3654461060, ack 3664854666, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
23:35:37.998238 IP ip-228.pool-228.ms-dpc03.cpx.ru.27643 > abcdef.net.https: Flags [.], ack 1, win 65535, length 0
23:35:38.010450 IP abcdef.net.https > ip-228.pool-228.ms-dpc03.cpx.ru.27643: Flags [P.], seq 1:2131, ack 1, win 229, length 2130
23:35:38.053267 IP ip-228.pool-228.ms-dpc03.cpx.ru.27643 > abcdef.net.https: Flags [.], ack 2131, win 65535, length 0
23:35:38.958852 IP ip-228.pool-228.ms-dpc03.cpx.ru.27643 > abcdef.net.https: Flags [R.], seq 1, ack 2131, win 0, length 0
23:35:43.991390 IP ip-228.pool-228.ms-dpc03.cpx.ru.10926 > abcdef.net.https: Flags , seq 4050089391, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:35:43.991506 IP abcdef.net.https > ip-228.pool-228.ms-dpc03.cpx.ru.10926: Flags [S.], seq 1745602613, ack 4050089392, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
23:35:44.036447 IP ip-228.pool-228.ms-dpc03.cpx.ru.10926 > abcdef.net.https: Flags [.], ack 1, win 65535, length 0

это выхлоп 1194 порта

(Нажмите, чтобы показать/скрыть)

23:34:13.818821 IP localhost.60678 > localhost.openvpn: Flags , seq 99085980, win 43690, options [mss 65495,sackOK,TS val 31726933 ecr 0,nop,wscale 7], length 0
23:34:13.818845 IP localhost.openvpn > localhost.60678: Flags [S.], seq 2317335044, ack 99085981, win 43690, options [mss 65495,sackOK,TS val 31726933 ecr 31726933,nop,wscale 7], length 0
23:34:13.818861 IP localhost.60678 > localhost.openvpn: Flags [.], ack 1, win 342, options [nop,nop,TS val 31726933 ecr 31726933], length 0
23:34:14.781217 IP localhost.60678 > localhost.openvpn: Flags [F.], seq 1, ack 1, win 342, options [nop,nop,TS val 31727174 ecr 31726933], length 0
23:34:14.781574 IP localhost.openvpn > localhost.60678: Flags [F.], seq 1, ack 2, win 342, options [nop,nop,TS val 31727174 ecr 31727174], length 0
23:34:14.781602 IP localhost.60678 > localhost.openvpn: Flags [.], ack 2, win 342, options [nop,nop,TS val 31727174 ecr 31727174], length 0
23:34:19.888759 IP localhost.60680 > localhost.openvpn: Flags , seq 411593577, win 43690, options [mss 65495,sackOK,TS val 31728451 ecr 0,nop,wscale 7], length 0
23:34:19.888786 IP localhost.openvpn > localhost.60680: Flags [S.], seq 392839067, ack 411593578, win 43690, options [mss 65495,sackOK,TS val 31728451 ecr 31728451,nop,wscale 7], length 0
23:34:19.888814 IP localhost.60680 > localhost.openvpn: Flags [.], ack 1, win 342, options [nop,nop,TS val 31728451 ecr 31728451], length 0
23:34:20.848362 IP localhost.60680 > localhost.openvpn: Flags [F.], seq 1, ack 1, win 342, options [nop,nop,TS val 31728690 ecr 31728451], length 0
23:34:20.848538 IP localhost.openvpn > localhost.60680: Flags [.], ack 2, win 342, options [nop,nop,TS val 31728691 ecr 31728690], length 0
23:34:20.848993 IP localhost.openvpn > localhost.60680: Flags [F.], seq 1, ack 2, win 342, options [nop,nop,TS val 31728691 ecr 31728690], length 0
23:34:20.849029 IP localhost.60680 > localhost.openvpn: Flags [.], ack 2, win 342, options [nop,nop,TS val 31728691 ecr 31728691], length 0
23:34:25.952132 IP localhost.60682 > localhost.openvpn: Flags , seq 1096491333, win 43690, options [mss 65495,sackOK,TS val 31729966 ecr 0,nop,wscale 7], length 0
23:34:25.952151 IP localhost.openvpn > localhost.60682: Flags [S.], seq 482676487, ack 1096491334, win 43690, options [mss 65495,sackOK,TS val 31729966 ecr 31729966,nop,wscale 7], length 0
23:34:25.952167 IP localhost.60682 > localhost.openvpn: Flags [.], ack 1, win 342, options [nop,nop,TS val 31729966 ecr 31729966], length 0
23:34:26.910580 IP localhost.60682 > localhost.openvpn: Flags [F.], seq 1, ack 1, win 342, options [nop,nop,TS val 31730206 ecr 31729966], length 0
23:34:26.911006 IP localhost.openvpn > localhost.60682: Flags [F.], seq 1, ack 2, win 342, options [nop,nop,TS val 31730206 ecr 31730206], length 0
23:34:26.911036 IP localhost.60682 > localhost.openvpn: Flags [.], ack 2, win 342, options [nop,nop,TS val 31730206 ecr 31730206], length 0

Я не знаю как это сделать, через прокси пропустить трафик openvpn. Помогите пожалуста. Может для этого еще один внешний ip нужен???