Система Ubuntu Server 12.04 TLS, виртуализация Windows Azure. Установил и настроил OpenVPN по этому руководству
http://habrahabr.ru/post/153855/ Все работало нормально, подключался, IP внешн. выдавался от сервера. И на свою голову решил убедиться, что удачность подключения не зависит от строк в конфигурационном файле OpenVPN (server.conf). Там есть 2 строчки: push "dhcp-option DNS 8.8.8.8" и push "dhcp-option DNS 8.8.4.4", я их закомментил, сохранил файл и перезагрузил openvpn и саму машину(reboot), после чего не смогу подключиться к серверу, после возвращения этих 2 строк в первобытное состояние и перезагрузку ничего не изменилось. Не могу подключиться к серверу. Подскажите советом в чем может быть дело?
Конечно, вот содержимое /etc/openvpn/server.conf
local ip_сервера
port 1194
proto udp
dev tun
ca ca.crt
cert servervpn_azure.crt
key servervpn_azure.key
dh 1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth ta.key 0
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 5 - была 3
mute 20
~$ sudo service openvpn restart
* Stopping virtual private network daemon(s)...
* No VPN is running.
* Starting virtual private network daemon(s)...
* Autostarting VPN 'server'
:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 10.8.0.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
:~$ sudo cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# Source interfaces
# Please check /etc/network/interfaces.d before changing this file
# as interfaces may have been defined in /etc/network/interfaces.d
# NOTE: the primary ethernet device is defined in
# /etc/network/interfaces.d/eth0
# See LP: #1262951
source /etc/network/interfaces.d/*.cfg
(прочел в статьях, что при включенном VPN сервере должен создаться еще один интерфейс tun0, который отсутствует отсутствует)
:~$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:15:5d:57:15:2c
inet addr:100.88.148.73 Bcast:100.88.149.255 Mask:255.255.254.0
inet6 addr: fe80::215:5dff:fe57:152c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:359 errors:0 dropped:0 overruns:0 frame:0
TX packets:520 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:46756 (46.7 KB) TX bytes:79815 (79.8 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 100.88.148.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 100.88.148.1 0.0.0.0 UG 100 0 0 eth0
100.88.148.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
cat /proc/sys/net/ipv4/ip_forward =1 стоит
:~$ arp -n -i eth0
Address HWtype HWaddress Flags Mask Iface
100.88.148.1 ether 54:7f:ee:86:79:7c C eth0
100.88.148.120 ether 00:8c:fa:11:74:a6 C eth0
Далее log-и:
1. клиента
Thu Feb 27 02:07:01 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Enter Management Password:
Thu Feb 27 02:07:01 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Feb 27 02:07:01 2014 Need hold release from management interface, waiting...
Thu Feb 27 02:07:01 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Feb 27 02:07:01 2014 MANAGEMENT: CMD 'state on'
Thu Feb 27 02:07:01 2014 MANAGEMENT: CMD 'log all on'
Thu Feb 27 02:07:01 2014 MANAGEMENT: CMD 'hold off'
Thu Feb 27 02:07:01 2014 MANAGEMENT: CMD 'hold release'
Thu Feb 27 02:07:05 2014 MANAGEMENT: CMD 'password [...]'
Thu Feb 27 02:07:05 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Feb 27 02:07:05 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Feb 27 02:07:05 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 27 02:07:05 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 27 02:07:05 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Feb 27 02:07:05 2014 UDPv4 link local (bound): [undef]
Thu Feb 27 02:07:05 2014 UDPv4 link remote: [AF_INET]*.*.*.*:1194 <-(*.*.*.* это внешний_ip_сервера)
Thu Feb 27 02:07:05 2014 MANAGEMENT: >STATE:1393452425,WAIT,,,
Thu Feb 27 02:08:05 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Feb 27 02:08:05 2014 TLS Error: TLS handshake failed
Thu Feb 27 02:08:05 2014 SIGUSR1[soft,tls-error] received, process restarting
Thu Feb 27 02:08:05 2014 MANAGEMENT: >STATE:1393452485,RECONNECTING,tls-error,,
Thu Feb 27 02:08:05 2014 Restart pause, 2 second(s)