проблема с OpenVPN

[buben4ik]

Такая ситуация: на машине(192.168.1.42) установлен OpenVPN,вот его конфиг :

Код: [Выделить]

dev tun0
proto udp
ifconfig 10.1.0.1 10.1.0.2
push "route add -net 10.0.1.0 netmask 255.255.255.0 gw 192.168.1.1"
secret static.key
port 1112
user nobody
;group nobody
comp-lzo
ping 15
verb 3
потом запускаю /etc/init.d/openvpn start все работает,в нет стате идет листинг 1112 UDP порта openvpn'ом.

На клиенте(winXp) использую утилиту openvpn-gui.
соответственно в конфиге проги лежит ключ secret.key
Вот конфиг клиента :

Код: [Выделить]

dev tun0
proto udp
remote 81.201.80.97 1112
ifconfig 10.1.0.2 10.1.0.1
route add 10.1.0.0 255.255.255.0
secret static.key
comp-lzo
ping 15
verb 4
Потом в проге жму коннект и вот что выдает :

(Нажмите, чтобы показать/скрыть)

Thu Sep 03 07:45:04 2009 us=52497 Current Parameter Settings:
Thu Sep 03 07:45:04 2009 us=52578   config = 'client.ovpn'
Thu Sep 03 07:45:04 2009 us=52599   mode = 0
Thu Sep 03 07:45:04 2009 us=53075   show_ciphers = DISABLED
Thu Sep 03 07:45:04 2009 us=53115   show_digests = DISABLED
Thu Sep 03 07:45:04 2009 us=53146   show_engines = DISABLED
Thu Sep 03 07:45:04 2009 us=53168   genkey = DISABLED
Thu Sep 03 07:45:04 2009 us=53187   key_pass_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=53208   show_tls_ciphers = DISABLED
Thu Sep 03 07:45:04 2009 us=53228   proto = 0
Thu Sep 03 07:45:04 2009 us=53245   local = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=53263   remote_list[0] = {'81.201.80.97', 1112}
Thu Sep 03 07:45:04 2009 us=53284   remote_random = DISABLED
Thu Sep 03 07:45:04 2009 us=53303   local_port = 1194
Thu Sep 03 07:45:04 2009 us=53604   remote_port = 1194
Thu Sep 03 07:45:04 2009 us=53618   remote_float = DISABLED
Thu Sep 03 07:45:04 2009 us=53630   ipchange = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=53642   bind_local = ENABLED
Thu Sep 03 07:45:04 2009 us=53653   dev = 'tun0'
Thu Sep 03 07:45:04 2009 us=53741   dev_type = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=53770   dev_node = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=53788   tun_ipv6 = DISABLED
Thu Sep 03 07:45:04 2009 us=53804   ifconfig_local = '10.1.0.2'
Thu Sep 03 07:45:04 2009 us=53819   ifconfig_remote_netmask = '10.1.0.1'
Thu Sep 03 07:45:04 2009 us=53836   ifconfig_noexec = DISABLED
Thu Sep 03 07:45:04 2009 us=54640   ifconfig_nowarn = DISABLED
Thu Sep 03 07:45:04 2009 us=54666   shaper = 0
Thu Sep 03 07:45:04 2009 us=54678   tun_mtu = 1500
Thu Sep 03 07:45:04 2009 us=54689   tun_mtu_defined = ENABLED
Thu Sep 03 07:45:04 2009 us=54701   link_mtu = 1500
Thu Sep 03 07:45:04 2009 us=54712   link_mtu_defined = DISABLED
Thu Sep 03 07:45:04 2009 us=54801   tun_mtu_extra = 0
Thu Sep 03 07:45:04 2009 us=54824   tun_mtu_extra_defined = DISABLED
Thu Sep 03 07:45:04 2009 us=54841   fragment = 0
Thu Sep 03 07:45:04 2009 us=54855   mtu_discover_type = -1
Thu Sep 03 07:45:04 2009 us=54871   mtu_test = 0
Thu Sep 03 07:45:04 2009 us=54887   mlock = DISABLED
Thu Sep 03 07:45:04 2009 us=54953   keepalive_ping = 0
Thu Sep 03 07:45:04 2009 us=54972   keepalive_timeout = 0
Thu Sep 03 07:45:04 2009 us=54988   inactivity_timeout = 0
Thu Sep 03 07:45:04 2009 us=55002   ping_send_timeout = 15
Thu Sep 03 07:45:04 2009 us=55017   ping_rec_timeout = 0
Thu Sep 03 07:45:04 2009 us=55031   ping_rec_timeout_action = 0
Thu Sep 03 07:45:04 2009 us=55045   ping_timer_remote = DISABLED
Thu Sep 03 07:45:04 2009 us=55059   remap_sigusr1 = 0
Thu Sep 03 07:45:04 2009 us=55073   explicit_exit_notification = 0
Thu Sep 03 07:45:04 2009 us=55088   persist_tun = DISABLED
Thu Sep 03 07:45:04 2009 us=55102   persist_local_ip = DISABLED
Thu Sep 03 07:45:04 2009 us=55116   persist_remote_ip = DISABLED
Thu Sep 03 07:45:04 2009 us=55130   persist_key = DISABLED
Thu Sep 03 07:45:04 2009 us=55144   mssfix = 1450
Thu Sep 03 07:45:04 2009 us=55160   resolve_retry_seconds = 1000000000
Thu Sep 03 07:45:04 2009 us=55201   connect_retry_seconds = 5
Thu Sep 03 07:45:04 2009 us=55233   username = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=55254   groupname = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=55271   chroot_dir = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=55392   cd_dir = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=55417   writepid = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=55637   up_script = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=55669   down_script = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=55688   down_pre = DISABLED
Thu Sep 03 07:45:04 2009 us=55705   up_restart = DISABLED
Thu Sep 03 07:45:04 2009 us=56025   up_delay = DISABLED
Thu Sep 03 07:45:04 2009 us=56044   daemon = DISABLED
Thu Sep 03 07:45:04 2009 us=56059   inetd = 0
Thu Sep 03 07:45:04 2009 us=56075   log = DISABLED
Thu Sep 03 07:45:04 2009 us=56371   suppress_timestamps = DISABLED
Thu Sep 03 07:45:04 2009 us=56474   nice = 0
Thu Sep 03 07:45:04 2009 us=56493   verbosity = 4
Thu Sep 03 07:45:04 2009 us=56529   mute = 0
Thu Sep 03 07:45:04 2009 us=67049   gremlin = 0
Thu Sep 03 07:45:04 2009 us=67109   status_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=67130   status_file_version = 1
Thu Sep 03 07:45:04 2009 us=67149   status_file_update_freq = 60
Thu Sep 03 07:45:04 2009 us=67198   occ = ENABLED
Thu Sep 03 07:45:04 2009 us=67315   rcvbuf = 0
Thu Sep 03 07:45:04 2009 us=67374   sndbuf = 0
Thu Sep 03 07:45:04 2009 us=67394   socks_proxy_server = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=67445   socks_proxy_port = 0
Thu Sep 03 07:45:04 2009 us=67854   socks_proxy_retry = DISABLED
Thu Sep 03 07:45:04 2009 us=67876   fast_io = DISABLED
Thu Sep 03 07:45:04 2009 us=67895   comp_lzo = ENABLED
Thu Sep 03 07:45:04 2009 us=67991   comp_lzo_adaptive = ENABLED
Thu Sep 03 07:45:04 2009 us=68023   route_script = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=68042   route_default_gateway = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=68063   route_noexec = DISABLED
Thu Sep 03 07:45:04 2009 us=68081   route_delay = 0
Thu Sep 03 07:45:04 2009 us=68100   route_delay_window = 30
Thu Sep 03 07:45:04 2009 us=88092   route_delay_defined = ENABLED
Thu Sep 03 07:45:04 2009 us=88162   route add/10.1.0.0/255.255.255.0/nil
Thu Sep 03 07:45:04 2009 us=88182   management_addr = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=88204   management_port = 0
Thu Sep 03 07:45:04 2009 us=88223   management_user_pass = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=88242   management_log_history_cache = 250
Thu Sep 03 07:45:04 2009 us=88262   management_echo_buffer_size = 100
Thu Sep 03 07:45:04 2009 us=88282   management_query_passwords = DISABLED
Thu Sep 03 07:45:04 2009 us=88300   management_hold = DISABLED
Thu Sep 03 07:45:04 2009 us=88319   shared_secret_file = 'static.key'
Thu Sep 03 07:45:04 2009 us=88338   key_direction = 0
Thu Sep 03 07:45:04 2009 us=88357   ciphername_defined = ENABLED
Thu Sep 03 07:45:04 2009 us=88376   ciphername = 'BF-CBC'
Thu Sep 03 07:45:04 2009 us=88394   authname_defined = ENABLED
Thu Sep 03 07:45:04 2009 us=88413   authname = 'SHA1'
Thu Sep 03 07:45:04 2009 us=112761   keysize = 0
Thu Sep 03 07:45:04 2009 us=112798   engine = DISABLED
Thu Sep 03 07:45:04 2009 us=112821   replay = ENABLED
Thu Sep 03 07:45:04 2009 us=112840   mute_replay_warnings = DISABLED
Thu Sep 03 07:45:04 2009 us=112858   replay_window = 64
Thu Sep 03 07:45:04 2009 us=112901   replay_time = 15
Thu Sep 03 07:45:04 2009 us=112921   packet_id_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=112950   use_iv = ENABLED
Thu Sep 03 07:45:04 2009 us=112970   test_crypto = DISABLED
Thu Sep 03 07:45:04 2009 us=112988   tls_server = DISABLED
Thu Sep 03 07:45:04 2009 us=113006   tls_client = DISABLED
Thu Sep 03 07:45:04 2009 us=113024   key_method = 2
Thu Sep 03 07:45:04 2009 us=113041   ca_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=113061   dh_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=113079   cert_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=113099   priv_key_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=113117   pkcs12_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=137393   cryptoapi_cert = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=137422   cipher_list = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=137441   tls_verify = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=137461   tls_remote = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=137480   crl_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=137497   ns_cert_type = 0
Thu Sep 03 07:45:04 2009 us=137515   tls_timeout = 2
Thu Sep 03 07:45:04 2009 us=137533   renegotiate_bytes = 0
Thu Sep 03 07:45:04 2009 us=137551   renegotiate_packets = 0
Thu Sep 03 07:45:04 2009 us=137570   renegotiate_seconds = 3600
Thu Sep 03 07:45:04 2009 us=137588   handshake_window = 60
Thu Sep 03 07:45:04 2009 us=137606   transition_window = 3600
Thu Sep 03 07:45:04 2009 us=137623   single_session = DISABLED
Thu Sep 03 07:45:04 2009 us=137640   tls_exit = DISABLED
Thu Sep 03 07:45:04 2009 us=137658   tls_auth_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=137696   server_network = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=137718   server_netmask = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=175241   server_bridge_ip = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=175283   server_bridge_netmask = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=175307   server_bridge_pool_start = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=175331   server_bridge_pool_end = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=175366   ifconfig_pool_defined = DISABLED
Thu Sep 03 07:45:04 2009 us=175396   ifconfig_pool_start = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=175417   ifconfig_pool_end = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=175439   ifconfig_pool_netmask = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=175460   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=175479   ifconfig_pool_persist_refresh_freq = 600
Thu Sep 03 07:45:04 2009 us=175496   ifconfig_pool_linear = DISABLED
Thu Sep 03 07:45:04 2009 us=175516   n_bcast_buf = 256
Thu Sep 03 07:45:04 2009 us=175533   tcp_queue_limit = 64
Thu Sep 03 07:45:04 2009 us=175550   real_hash_size = 256
Thu Sep 03 07:45:04 2009 us=210586   virtual_hash_size = 256
Thu Sep 03 07:45:04 2009 us=210620   client_connect_script = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=210642   learn_address_script = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=210662   client_disconnect_script = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=210682   client_config_dir = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=210700   ccd_exclusive = DISABLED
Thu Sep 03 07:45:04 2009 us=210718   tmp_dir = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=210737   push_ifconfig_defined = DISABLED
Thu Sep 03 07:45:04 2009 us=210771   push_ifconfig_local = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=210797   push_ifconfig_remote_netmask = 0.0.0.0
Thu Sep 03 07:45:04 2009 us=210818   enable_c2c = DISABLED
Thu Sep 03 07:45:04 2009 us=210836   duplicate_cn = DISABLED
Thu Sep 03 07:45:04 2009 us=210863   cf_max = 0
Thu Sep 03 07:45:04 2009 us=210897   cf_per = 0
Thu Sep 03 07:45:04 2009 us=210917   max_clients = 1024
Thu Sep 03 07:45:04 2009 us=210937   max_routes_per_client = 256
Thu Sep 03 07:45:04 2009 us=228559   client_cert_not_required = DISABLED
Thu Sep 03 07:45:04 2009 us=228597   username_as_common_name = DISABLED
Thu Sep 03 07:45:04 2009 us=228620   auth_user_pass_verify_script = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=228643   auth_user_pass_verify_script_via_file = DISABLED
Thu Sep 03 07:45:04 2009 us=228670   client = DISABLED
Thu Sep 03 07:45:04 2009 us=228702   pull = DISABLED
Thu Sep 03 07:45:04 2009 us=228720   auth_user_pass_file = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=228741   show_net_up = DISABLED
Thu Sep 03 07:45:04 2009 us=228756   route_method = 0
Thu Sep 03 07:45:04 2009 us=228772   ip_win32_defined = DISABLED
Thu Sep 03 07:45:04 2009 us=228812   ip_win32_type = 3
Thu Sep 03 07:45:04 2009 us=228848   dhcp_masq_offset = 0
Thu Sep 03 07:45:04 2009 us=228868   dhcp_lease_time = 31536000
Thu Sep 03 07:45:04 2009 us=228888   tap_sleep = 0
Thu Sep 03 07:45:04 2009 us=228906   dhcp_options = DISABLED
Thu Sep 03 07:45:04 2009 us=249565   dhcp_renew = DISABLED
Thu Sep 03 07:45:04 2009 us=249602   dhcp_pre_release = DISABLED
Thu Sep 03 07:45:04 2009 us=249624   dhcp_release = DISABLED
Thu Sep 03 07:45:04 2009 us=249642   domain = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=249661   netbios_scope = '[UNDEF]'
Thu Sep 03 07:45:04 2009 us=249687   netbios_node_type = 0
Thu Sep 03 07:45:04 2009 us=249720   disable_nbt = DISABLED
Thu Sep 03 07:45:04 2009 us=249766 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Thu Sep 03 07:45:04 2009 us=249973 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Sep 03 07:45:04 2009 us=250004 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Sep 03 07:45:04 2009 us=250915 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Sep 03 07:45:04 2009 us=250975 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 03 07:45:04 2009 us=270248 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Sep 03 07:45:04 2009 us=270312 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 03 07:45:04 2009 us=270363 LZO compression initialized
Thu Sep 03 07:45:06 2009 us=578078 RESOLVE: Cannot resolve host address: add: [HOST_NOT_FOUND] The specified host is unknown.
Thu Sep 03 07:45:06 2009 us=578116 OpenVPN ROUTE: failed to parse/resolve route for host/network: add
Thu Sep 03 07:45:06 2009 us=588962 TAP-WIN32 device [Подключение по локальной сети 2] opened: .Global{81D0D605-00FC-4EF9-B529-9C4A5F20EEF3}.tap
Thu Sep 03 07:45:06 2009 us=589018 TAP-Win32 Driver Version 8.4
Thu Sep 03 07:45:06 2009 us=589045 TAP-Win32 MTU=1500
Thu Sep 03 07:45:06 2009 us=589168 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.1.0.2/255.255.255.252 on interface {81D0D605-00FC-4EF9-B529-9C4A5F20EEF3} [DHCP-serv: 10.1.0.1, lease-time: 31536000]
Thu Sep 03 07:45:06 2009 us=595427 Successful ARP Flush on interface [3] {81D0D605-00FC-4EF9-B529-9C4A5F20EEF3}
Thu Sep 03 07:45:06 2009 us=616419 Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Sep 03 07:45:06 2009 us=616520 Local Options String: 'V4,dev-type tun,link-mtu 1545,tun-mtu 1500,proto UDPv4,ifconfig 10.1.0.1 10.1.0.2,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Sep 03 07:45:06 2009 us=616553 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1545,tun-mtu 1500,proto UDPv4,ifconfig 10.1.0.2 10.1.0.1,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Sep 03 07:45:06 2009 us=616608 Local Options hash (VER=V4): 'cc1583e3'
Thu Sep 03 07:45:06 2009 us=616641 Expected Remote Options hash (VER=V4): '2b90ef6a'
Thu Sep 03 07:45:06 2009 us=616755 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Sep 03 07:45:06 2009 us=617062 UDPv4 link local (bound): [undef]:1194
Thu Sep 03 07:45:06 2009 us=617093 UDPv4 link remote: 81.201.80.97:1112

иконка проги становится желтой.Вот немогу найти ошибку или чего то пропустил в конфигах,может кто-то более опытным глазом приметит

Пользователь решил продолжить мысль [time]Thu Sep  3 07:14:21 2009[/time]:пробелма частично решена,клиент уже подклчюается к ВПН севреру,надо было добавить строки в iptables

iptables -A INPUT -p udp --dport 1112 -j ACCEPT
        iptables -A INPUT -i tun0 -j ACCEPT
        iptables -A FORWARD -i tun0 -j ACCEPT
        iptables -A FORWARD -o tun0 -j ACCEPT
Пользователь решил продолжить мысль [time]Thu Sep  3 12:05:25 2009[/time]:в чем может быть проблема если подключение происходит,но трафик не идет?т.к в tracert нет адреса сервера.

[buben4ik]

Немного изменились конфиги,проблема в том что клиент коннектится к серверу,пингует сервер,машины из сети сервера не пингуются,но зайдя через браузер например на myip.ru выдает айпи клиента через его провайдер,тоесть инет трафик не идет через впн.и сервер впн не является шлюзом  в своей сети.я прошу помощи,потому что уже просто незнаю куда копать и что ковырять.
Сервер

Код: [Выделить]

dev tun
server 10.1.0.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "route-gateway 10.1.0.1"
push "redirect-gateway defl"
tls-server
ca ca.crt
cert haloser.crt
key haloser.key
dh dh1024.pem
proto udp
port 1112
client-to-client
comp-lzo
keepalive 10 120
verb 4