OpenVPN мд двумя Ubuntu

[jimmy1]

Добрый день. Помогите пожалуйста поднять впн между VPN сервером на базе openVPN OS Ubuntu и OpenVPN клиентом на OS Ubuntu 10.04 amd64

Описание задачи: имеется удаленный сервер с ОС ubuntu на который установлен openvpn

Код: [Выделить]

apt-get install openvpn

сгенерировал ключи и сертификаты ( srver.crt. | server.key | clietnt.crt | clietn.key | ca.crt | ca.key | dh1024.pem | ta.key )
приписал серверу конфиг /etc/openvpn/server.conf , его листинг приведен ниже:

Код: [Выделить]

port 1200
proto tcp
dev tun
local xxx.xxx.xxx.xxx ( IP_АДРЕС_ВДС )
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
push "route-gateway 10.8.0.1"
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option WINS 10.8.0.1"
keepalive 10 300
tun-mtu 1500
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
mssfix 1450
status /etc/openvpn/openvpn-status.log
log /etc/openvpn/openvpn.log

в iptables сервера было добавлено правило:

Код: [Выделить]

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to-source xxx.xxx.xxx.xxx (внешний IP_АДРЕС vds)

локальная машина имеет выход в сеть через ADSL модем , ip динамический
На локальной машине установлена Ubuntu 10.04 на ней установлен openvpn

Код: [Выделить]

apt-get install openvpn

с сервера перенесены необходимые файлы ключей ( clietnt.crt | clietn.key | ca.crt | ta.key )
конфиг клиента /etc/openvpn/client.conf

Код: [Выделить]

client
port 1200
dev tun
proto tcp
remote xxx.xxx.xxx.xxx ( IP_АДРЕС_ВДС )
resolv-retry infinite
nobind
pull
route-delay 2
persist-key
persist-tun
mute-replay-warnings
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client.crt
key /etc/openvpn/keys/client.key
ping 15
ping-restart 45
ping-timer-rem
comp-lzo
ns-cert-type server
cipher BF-CBC
tun-mtu 1500
verb 4
log /etc/openvpn/openvpn.log

При запуске на сервере
/etc/init.d/openvpn start

сервер стартует, старт openvpn клиент также удается произвести, но при прослушивании интерфейса tun0 в wireshark (на клиенте) там тишина
ifconfig на клиенте выводит что tun0 создается

Код: [Выделить]

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

но трафик через tun0 не идет, а при прослушивании интерфейса ррр0 в вайршарке попадаются только единичные пакеты такого типа:

Код: [Выделить]

7 9.780304 ххх.ххх.ххх.ххх(ип сервера) yyy.yyy.yyy.yyy (мой ип выданный провайдером) TCP scol > 51324 [PSH, ACK] Seq=56 Ack=56 Win=96 Len=55 TSV=157179262 TSER=10468453
84 81.977830 yyy.yyy.yyy.yyy (мой ип выданный провайдером) ххх.ххх.ххх.ххх(ип сервера) TCP 51324 > scol [ACK] Seq=441 Ack=496 Win=146 Len=0 TSV=10476225 TSER=157197310

Помогите плиз разобраться с настройкой vpn-туннеля так как у самого вариантов нет, перепробовал все что мог.

[fisher74]

Мне кажется

Код: [Выделить]

push "route-gateway 10.8.0.1"c

Код: [Выделить]

dev tunнесовместимо.
Могу ошибаться.
Посмотрите таблицу маршрутизации на клиенте

[jimmy1]

Код: [Выделить]

сейчас попробую без
[code]
push route

таблицу маршрутизации просмотреть это

Код: [Выделить]

iptables -L
?
ссори в линуксах новичек))


в конфиге сервера закоментировал строку

Код: [Выделить]

# push "route-gateway 10.8.0.1"
рестартанул опенвпн на сервер.
ситуация не изменилась

по нстройкам таблиц маршрутизации

Код: [Выделить]

netstat -n -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.8.0.5        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
10.8.0.1        10.8.0.5        255.255.255.255 UGH       0 0          0 tun0
195.5.5.200     0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
172.16.65.0     0.0.0.0         255.255.255.0   U         0 0          0 vmnet8
192.168.9.0     0.0.0.0         255.255.255.0   U         0 0          0 vmnet1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 ppp0
0.0.0.0         195.5.5.200     0.0.0.0         UG        0 0          0 ppp0
[/code]

[fisher74]

Код: [Выделить]

route -n

[jimmy1]

Код: [Выделить]

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
195.5.5.200     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
172.16.65.0     0.0.0.0         255.255.255.0   U     0      0        0 vmnet8
192.168.9.0     0.0.0.0         255.255.255.0   U     0      0        0 vmnet1
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 ppp0
0.0.0.0         195.5.5.200     0.0.0.0         UG    0      0        0 ppp0


[fisher74]

А в логах-то что?

P.S. Заведи под спойлер

[jimmy1]

сейчас добавлю клиентский лог
Пользователь решил продолжить мысль 25 Ноября 2010, 22:36:26:лог с клиента

(Нажмите, чтобы показать/скрыть)

Thu Nov 25 20:34:50 2010 us=242968 Current Parameter Settings:
Thu Nov 25 20:34:50 2010 us=243179   config = '/etc/openvpn/client.conf'
Thu Nov 25 20:34:50 2010 us=243204   mode = 0
Thu Nov 25 20:34:50 2010 us=243225   persist_config = DISABLED
Thu Nov 25 20:34:50 2010 us=243245   persist_mode = 1
Thu Nov 25 20:34:50 2010 us=243266   show_ciphers = DISABLED
Thu Nov 25 20:34:50 2010 us=243288   show_digests = DISABLED
Thu Nov 25 20:34:50 2010 us=243308   show_engines = DISABLED
Thu Nov 25 20:34:50 2010 us=243341   genkey = DISABLED
Thu Nov 25 20:34:50 2010 us=243361   key_pass_file = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=243381   show_tls_ciphers = DISABLED
Thu Nov 25 20:34:50 2010 us=243401 Connection profiles [default]:
Thu Nov 25 20:34:50 2010 us=243422   proto = tcp-client
Thu Nov 25 20:34:50 2010 us=243442   local = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=243462   local_port = 0
Thu Nov 25 20:34:50 2010 us=243481   remote = 'YYY.YYY.YYY.YYY (SERVER_IP)'
Thu Nov 25 20:34:50 2010 us=243501   remote_port = 1200
Thu Nov 25 20:34:50 2010 us=243522   remote_float = DISABLED
Thu Nov 25 20:34:50 2010 us=243542   bind_defined = DISABLED
Thu Nov 25 20:34:50 2010 us=243562   bind_local = DISABLED
Thu Nov 25 20:34:50 2010 us=243582   connect_retry_seconds = 5
Thu Nov 25 20:34:50 2010 us=243602   connect_timeout = 10
Thu Nov 25 20:34:50 2010 us=243621   connect_retry_max = 0
Thu Nov 25 20:34:50 2010 us=243640   socks_proxy_server = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=243660   socks_proxy_port = 0
Thu Nov 25 20:34:50 2010 us=243679   socks_proxy_retry = DISABLED
Thu Nov 25 20:34:50 2010 us=243704 Connection profiles END
Thu Nov 25 20:34:50 2010 us=243725   remote_random = DISABLED
Thu Nov 25 20:34:50 2010 us=243744   ipchange = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=243763   dev = 'tun'
Thu Nov 25 20:34:50 2010 us=243782   dev_type = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=243801   dev_node = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=243819   lladdr = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=243839   topology = 1
Thu Nov 25 20:34:50 2010 us=243859   tun_ipv6 = DISABLED
Thu Nov 25 20:34:50 2010 us=243879   ifconfig_local = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=243906   ifconfig_remote_netmask = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=243925   ifconfig_noexec = DISABLED
Thu Nov 25 20:34:50 2010 us=243952   ifconfig_nowarn = DISABLED
Thu Nov 25 20:34:50 2010 us=243971   shaper = 0
Thu Nov 25 20:34:50 2010 us=243991   tun_mtu = 1500
Thu Nov 25 20:34:50 2010 us=244010   tun_mtu_defined = ENABLED
Thu Nov 25 20:34:50 2010 us=244030   link_mtu = 1500
Thu Nov 25 20:34:50 2010 us=244050   link_mtu_defined = DISABLED
Thu Nov 25 20:34:50 2010 us=244070   tun_mtu_extra = 0
Thu Nov 25 20:34:50 2010 us=244457   tun_mtu_extra_defined = DISABLED
Thu Nov 25 20:34:50 2010 us=244501   fragment = 0
Thu Nov 25 20:34:50 2010 us=244522   mtu_discover_type = -1
Thu Nov 25 20:34:50 2010 us=244542   mtu_test = 0
Thu Nov 25 20:34:50 2010 us=244562   mlock = DISABLED
Thu Nov 25 20:34:50 2010 us=244581   keepalive_ping = 0
Thu Nov 25 20:34:50 2010 us=244600   keepalive_timeout = 0
Thu Nov 25 20:34:50 2010 us=244619   inactivity_timeout = 0
Thu Nov 25 20:34:50 2010 us=244638   ping_send_timeout = 15
Thu Nov 25 20:34:50 2010 us=244657   ping_rec_timeout = 45
Thu Nov 25 20:34:50 2010 us=244676   ping_rec_timeout_action = 2
Thu Nov 25 20:34:50 2010 us=244696   ping_timer_remote = ENABLED
Thu Nov 25 20:34:50 2010 us=244715   remap_sigusr1 = 0
Thu Nov 25 20:34:50 2010 us=244734   explicit_exit_notification = 0
Thu Nov 25 20:34:50 2010 us=244753   persist_tun = ENABLED
Thu Nov 25 20:34:50 2010 us=244772   persist_local_ip = DISABLED
Thu Nov 25 20:34:50 2010 us=244792   persist_remote_ip = DISABLED
Thu Nov 25 20:34:50 2010 us=244811   persist_key = ENABLED
Thu Nov 25 20:34:50 2010 us=244831   mssfix = 1450
Thu Nov 25 20:34:50 2010 us=244850   passtos = DISABLED
Thu Nov 25 20:34:50 2010 us=244869   resolve_retry_seconds = 1000000000
Thu Nov 25 20:34:50 2010 us=244888   username = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=244908   groupname = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=244926   chroot_dir = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=244965   cd_dir = '/etc/openvpn'
Thu Nov 25 20:34:50 2010 us=244986   writepid = '/var/run/openvpn.client.pid'
Thu Nov 25 20:34:50 2010 us=245006   up_script = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=245025   down_script = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=245044   down_pre = DISABLED
Thu Nov 25 20:34:50 2010 us=245063   up_restart = DISABLED
Thu Nov 25 20:34:50 2010 us=245081   up_delay = DISABLED
Thu Nov 25 20:34:50 2010 us=245100   daemon = ENABLED
Thu Nov 25 20:34:50 2010 us=245119   inetd = 0
Thu Nov 25 20:34:50 2010 us=245138   log = ENABLED
Thu Nov 25 20:34:50 2010 us=245157   suppress_timestamps = DISABLED
Thu Nov 25 20:34:50 2010 us=245176   nice = 0
Thu Nov 25 20:34:50 2010 us=245196   verbosity = 4
Thu Nov 25 20:34:50 2010 us=245215   mute = 0
Thu Nov 25 20:34:50 2010 us=245234   gremlin = 0
Thu Nov 25 20:34:50 2010 us=245253   status_file = '/var/run/openvpn.client.status'
Thu Nov 25 20:34:50 2010 us=245273   status_file_version = 1
Thu Nov 25 20:34:50 2010 us=245291   status_file_update_freq = 10
Thu Nov 25 20:34:50 2010 us=245310   occ = ENABLED
Thu Nov 25 20:34:50 2010 us=245329   rcvbuf = 65536
Thu Nov 25 20:34:50 2010 us=245348   sndbuf = 65536
Thu Nov 25 20:34:50 2010 us=245367   sockflags = 0
Thu Nov 25 20:34:50 2010 us=245385   fast_io = DISABLED
Thu Nov 25 20:34:50 2010 us=245404   lzo = 7
Thu Nov 25 20:34:50 2010 us=245423   route_script = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=245442   route_default_gateway = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=245461   route_default_metric = 0
Thu Nov 25 20:34:50 2010 us=245479   route_noexec = DISABLED
Thu Nov 25 20:34:50 2010 us=245498   route_delay = 2
Thu Nov 25 20:34:50 2010 us=245517   route_delay_window = 30
Thu Nov 25 20:34:50 2010 us=245536   route_delay_defined = ENABLED
Thu Nov 25 20:34:50 2010 us=245555   route_nopull = DISABLED
Thu Nov 25 20:34:50 2010 us=245574   route_gateway_via_dhcp = DISABLED
Thu Nov 25 20:34:50 2010 us=245594   max_routes = 100
Thu Nov 25 20:34:50 2010 us=245613   allow_pull_fqdn = DISABLED
Thu Nov 25 20:34:50 2010 us=245632   management_addr = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=245652   management_port = 0
Thu Nov 25 20:34:50 2010 us=245672   management_user_pass = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=245692   management_log_history_cache = 250
Thu Nov 25 20:34:50 2010 us=245712   management_echo_buffer_size = 100
Thu Nov 25 20:34:50 2010 us=245732   management_write_peer_info_file = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=245752   management_client_user = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=245771   management_client_group = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=245790   management_flags = 0
Thu Nov 25 20:34:50 2010 us=245810   shared_secret_file = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=245829   key_direction = 0
Thu Nov 25 20:34:50 2010 us=245848   ciphername_defined = ENABLED
Thu Nov 25 20:34:50 2010 us=245867   ciphername = 'BF-CBC'
Thu Nov 25 20:34:50 2010 us=245886   authname_defined = ENABLED
Thu Nov 25 20:34:50 2010 us=245906   authname = 'SHA1'
Thu Nov 25 20:34:50 2010 us=245925   prng_hash = 'SHA1'
Thu Nov 25 20:34:50 2010 us=245944   prng_nonce_secret_len = 16
Thu Nov 25 20:34:50 2010 us=245963   keysize = 0
Thu Nov 25 20:34:50 2010 us=245982   engine = DISABLED
Thu Nov 25 20:34:50 2010 us=246001   replay = ENABLED
Thu Nov 25 20:34:50 2010 us=246020   mute_replay_warnings = ENABLED
Thu Nov 25 20:34:50 2010 us=246040   replay_window = 64
Thu Nov 25 20:34:50 2010 us=246059   replay_time = 15
Thu Nov 25 20:34:50 2010 us=246078   packet_id_file = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=246097   use_iv = ENABLED
Thu Nov 25 20:34:50 2010 us=246116   test_crypto = DISABLED
Thu Nov 25 20:34:50 2010 us=246135   tls_server = DISABLED
Thu Nov 25 20:34:50 2010 us=246154   tls_client = ENABLED
Thu Nov 25 20:34:50 2010 us=246174   key_method = 2
Thu Nov 25 20:34:50 2010 us=246193   ca_file = '/etc/openvpn/keys/ca.crt'
Thu Nov 25 20:34:50 2010 us=246213   ca_path = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=246232   dh_file = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=246252   cert_file = '/etc/openvpn/keys/client.crt'
Thu Nov 25 20:34:50 2010 us=246285   priv_key_file = '/etc/openvpn/keys/client.key'
Thu Nov 25 20:34:50 2010 us=246306   pkcs12_file = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=246325   cipher_list = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=246345   tls_verify = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=246364   tls_remote = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=246383   crl_file = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=246402   ns_cert_type = 64
Thu Nov 25 20:34:50 2010 us=246422   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246441   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246460   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246479   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246498   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246517   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246535   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246554   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246573   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246592   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246611   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246630   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246649   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246668   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246686   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246705   remote_cert_ku = 0
Thu Nov 25 20:34:50 2010 us=246724   remote_cert_eku = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=246743   tls_timeout = 2
Thu Nov 25 20:34:50 2010 us=246762   renegotiate_bytes = 0
Thu Nov 25 20:34:50 2010 us=246782   renegotiate_packets = 0
Thu Nov 25 20:34:50 2010 us=246801   renegotiate_seconds = 3600
Thu Nov 25 20:34:50 2010 us=246820   handshake_window = 60
Thu Nov 25 20:34:50 2010 us=246838   transition_window = 3600
Thu Nov 25 20:34:50 2010 us=246857   single_session = DISABLED
Thu Nov 25 20:34:50 2010 us=246876   tls_exit = DISABLED
Thu Nov 25 20:34:50 2010 us=246895   tls_auth_file = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=246914   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=246934   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=246953   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=246972   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=246992   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247011   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247030   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247049   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247069   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247088   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247107   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247127   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247146   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247165   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247184   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247204   pkcs11_protected_authentication = DISABLED
Thu Nov 25 20:34:50 2010 us=247224   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247243   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247263   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247282   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247301   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247320   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247340   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247360   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247379   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247399   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247418   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247437   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247470   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247491   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247511   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247530   pkcs11_private_mode = 00000000
Thu Nov 25 20:34:50 2010 us=247559   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247582   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247602   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247621   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247640   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247659   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247678   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247697   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247716   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247734   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247753   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247772   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247791   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247810   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247829   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247848   pkcs11_cert_private = DISABLED
Thu Nov 25 20:34:50 2010 us=247867   pkcs11_pin_cache_period = -1
Thu Nov 25 20:34:50 2010 us=247886   pkcs11_id = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=247905   pkcs11_id_management = DISABLED
Thu Nov 25 20:34:50 2010 us=247950   server_network = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=247975   server_netmask = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=247997   server_bridge_ip = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=248019   server_bridge_netmask = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=248047   server_bridge_pool_start = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=248070   server_bridge_pool_end = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=248090   ifconfig_pool_defined = DISABLED
Thu Nov 25 20:34:50 2010 us=248112   ifconfig_pool_start = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=248133   ifconfig_pool_end = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=248154   ifconfig_pool_netmask = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=248174   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=248193   ifconfig_pool_persist_refresh_freq = 600
Thu Nov 25 20:34:50 2010 us=248212   n_bcast_buf = 256
Thu Nov 25 20:34:50 2010 us=248231   tcp_queue_limit = 64
Thu Nov 25 20:34:50 2010 us=248250   real_hash_size = 256
Thu Nov 25 20:34:50 2010 us=248269   virtual_hash_size = 256
Thu Nov 25 20:34:50 2010 us=248288   client_connect_script = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=248307   learn_address_script = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=248326   client_disconnect_script = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=248345   client_config_dir = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=248364   ccd_exclusive = DISABLED
Thu Nov 25 20:34:50 2010 us=248382   tmp_dir = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=248401   push_ifconfig_defined = DISABLED
Thu Nov 25 20:34:50 2010 us=248422   push_ifconfig_local = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=248443   push_ifconfig_remote_netmask = 0.0.0.0
Thu Nov 25 20:34:50 2010 us=248462   enable_c2c = DISABLED
Thu Nov 25 20:34:50 2010 us=248481   duplicate_cn = DISABLED
Thu Nov 25 20:34:50 2010 us=248500   cf_max = 0
Thu Nov 25 20:34:50 2010 us=248519   cf_per = 0
Thu Nov 25 20:34:50 2010 us=248538   max_clients = 1024
Thu Nov 25 20:34:50 2010 us=248556   max_routes_per_client = 256
Thu Nov 25 20:34:50 2010 us=248575   auth_user_pass_verify_script = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=248595   auth_user_pass_verify_script_via_file = DISABLED
Thu Nov 25 20:34:50 2010 us=248614   ssl_flags = 0
Thu Nov 25 20:34:50 2010 us=248632   port_share_host = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=248651   port_share_port = 0
Thu Nov 25 20:34:50 2010 us=248670   client = ENABLED
Thu Nov 25 20:34:50 2010 us=248689   pull = ENABLED
Thu Nov 25 20:34:50 2010 us=248709   auth_user_pass_file = '[UNDEF]'
Thu Nov 25 20:34:50 2010 us=248735 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Thu Nov 25 20:34:50 2010 us=248924 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Nov 25 20:34:50 2010 us=284533 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Thu Nov 25 20:34:50 2010 us=990615 LZO compression initialized
Thu Nov 25 20:34:50 2010 us=990743 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 25 20:34:50 2010 us=990828 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Nov 25 20:34:50 2010 us=990858 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Nov 25 20:34:50 2010 us=990869 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Nov 25 20:34:50 2010 us=990897 Local Options hash (VER=V4): '69109d17'
Thu Nov 25 20:34:50 2010 us=990914 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Nov 25 20:34:50 2010 us=991343 Attempting to establish TCP connection with [AF_INET]YYY.YYY.YYY.YYY (SERVER_IP):1200 [nonblock]
Thu Nov 25 20:34:51 2010 us=991680 TCP connection established with [AF_INET]YYY.YYY.YYY.YYY (SERVER_IP):1200
Thu Nov 25 20:34:51 2010 us=991752 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Nov 25 20:34:51 2010 us=991786 TCPv4_CLIENT link local: [undef]
Thu Nov 25 20:34:51 2010 us=991810 TCPv4_CLIENT link remote: [AF_INET]YYY.YYY.YYY.YYY (SERVER_IP):1200
Thu Nov 25 20:34:52 2010 us=293002 TLS: Initial packet from [AF_INET]YYY.YYY.YYY.YYY (SERVER_IP):1200, sid=e6df1aad 6d286171
Thu Nov 25 20:34:56 2010 us=492020 VERIFY OK: depth=1, /C=UA/ST=NA/L=KYIV/O=NA/CN=NA_CA/emailAddress=admin@default.vpn
Thu Nov 25 20:34:56 2010 us=492409 VERIFY OK: nsCertType=SERVER
Thu Nov 25 20:34:56 2010 us=492438 VERIFY OK: depth=0, /C=UA/ST=NA/L=KYIV/O=NA/CN=server/emailAddress=admin@default.vpn
Thu Nov 25 20:35:06 2010 us=548833 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 25 20:35:06 2010 us=548905 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 25 20:35:06 2010 us=549022 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 25 20:35:06 2010 us=549045 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 25 20:35:06 2010 us=549170 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 25 20:35:06 2010 us=549221 [server] Peer Connection Initiated with [AF_INET]YYY.YYY.YYY.YYY (SERVER_IP):1200
Thu Nov 25 20:35:08 2010 us=852987 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Nov 25 20:35:10 2010 us=61756 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0 10.8.0.1,dhcp-option DNS 10.8.0.1,dhcp-option WINS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 300,ifconfig 10.8.0.6 10.8.0.5'
Thu Nov 25 20:35:10 2010 us=61985 OPTIONS IMPORT: timers and/or timeouts modified
Thu Nov 25 20:35:10 2010 us=62018 OPTIONS IMPORT: --ifconfig/up options modified
Thu Nov 25 20:35:10 2010 us=62037 OPTIONS IMPORT: route options modified
Thu Nov 25 20:35:10 2010 us=62055 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Nov 25 20:35:10 2010 us=62367 ROUTE default_gateway=195.5.5.200
Thu Nov 25 20:35:10 2010 us=67686 TUN/TAP device tun0 opened
Thu Nov 25 20:35:10 2010 us=67777 TUN/TAP TX queue length set to 100
Thu Nov 25 20:35:10 2010 us=67838 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Thu Nov 25 20:35:12 2010 us=809411 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.1
SIOCADDRT: No such process
Thu Nov 25 20:35:12 2010 us=844319 ERROR: Linux route add command failed: external program exited with error status: 7
Thu Nov 25 20:35:12 2010 us=844547 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Thu Nov 25 20:35:12 2010 us=847890 Initialization Sequence Completed

[fisher74]

В конфиге сервера не хватат

Код: [Выделить]

route 10.8.0.0 255.255.255.0Без неё сервер не знает где клиентская сеть

[jimmy1]

а разве эта команда

Код: [Выделить]

server 10.8.0.0 255.255.255.0
не включает в себя  и route ?

насчет таблиц маршрутизации на клиент, они в порядке?

[fisher74]

Нет, не включает

У клиента не отработала комманда

Код: [Выделить]

push "route 10.8.0.0 255.255.255.0"Если Вы её онечно не удалили вместе с route-gateway

[jimmy1]

только что добавил строку

Код: [Выделить]

route 10.8.0.0 255.255.255.0
в конфиг сервера и рестартанул впн-сервер

после рестартанул клента.
слушаю вайршарком tun0 - по прежнему тишина.

[fisher74]

Код: [Выделить]

route -nНа обоих машинах покажите, плжст

[jimmy1]

route -n  на сервере:

Код: [Выделить]

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.0.2.1       0.0.0.0         255.255.255.255 UH    0      0        0 venet0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
0.0.0.0         192.0.2.1       0.0.0.0         UG    100    0        0 venet0

Пользователь решил продолжить мысль 25 Ноября 2010, 23:52:52:так сейчас выглядит route на клиенте:

Код: [Выделить]

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
195.5.5.200     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
172.16.65.0     0.0.0.0         255.255.255.0   U     0      0        0 vmnet8
10.8.0.0        10.8.0.5        255.255.255.0   UG    0      0        0 tun0
192.168.9.0     0.0.0.0         255.255.255.0   U     0      0        0 vmnet1
0.0.0.0         195.5.5.200     0.0.0.0         UG    0      0        0 ppp0



[fisher74]

Код: [Выделить]

route-delay 2уберите у клиента

[jimmy1]

закоментировал указанную строку в конфиге клиента и рестартанул опенвпн
текущий вывод route -n на клиенте:

Код: [Выделить]

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
195.5.5.200     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
172.16.65.0     0.0.0.0         255.255.255.0   U     0      0        0 vmnet8
10.8.0.0        10.8.0.5        255.255.255.0   UG    0      0        0 tun0
192.168.9.0     0.0.0.0         255.255.255.0   U     0      0        0 vmnet1
0.0.0.0         195.5.5.200     0.0.0.0         UG    0      0        0 ppp0

ps может необходим лог сервера?