OpenVPN нет интернета и пинга внутри тунеля

Автор whezzyeasy, 07 апреля 2016, 20:59:41

« назад - далее »

0 Пользователи и 1 гость просматривают эту тему.

Печать
Вниз Страницы1
Действия пользователя

whezzyeasy

07 апреля 2016, 20:59:41
Такая беда:
Есть сервер с настроенным openvpn. Сервер и клиент на Debian.
Конфиг server.conf:
Код Выделить
~$ cat /etc/openvpn/server.conf
port 57322
proto udp
dev tap
user openvpn
group openvpn
persist-key
persist-tun
tls-server
tls-timeout 120
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
tls-auth /etc/openvpn/keys/ta.key 0
#server-bridge 192.168.5.1 255.255.255.0 192.168.5.2 192.168.5.4
server 192.168.5.0 255.255.255.0
ifconfig 192.168.5.1 255.255.255.0
#client-to-client
max-clients 2
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
#route 192.168.5.1 255.255.255.0
#comp-lzo
keepalive 10 120
#mute 20
ifconfig tap0 сервера:
Код Выделить
~$ sudo ifconfig tap0
tap0   Link encap:Ethernet  HWaddr mac-address 
  inet addr:192.168.5.1  Bcast:192.168.5.255  Mask:255.255.255.0
  inet6 addr: ipv6 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:396 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:100
  RX bytes:0 (0.0 B)  TX bytes:16848 (16.4 KiB)

Конфиг клиента client.conf:
Код Выделить
/etc/openvpn$ cat client.conf
client
dev tap
proto udp
remote ИП 57322
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert "/etc/openvpn/keys/me.crt"
key /etc/openvpn/keys/me.key
tls-auth /etc/openvpn/keys/ta.key 1
ns-cert-type server
#comp-lzo
клиентом конекчусь нормально, без ошибок, но пинг до сервера openvpn не идет:
Код Выделить
$ ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1) 56(84) bytes of data.
From 192.168.5.2 icmp_seq=1 Destination Host Unreachable
From 192.168.5.2 icmp_seq=3 Destination Host Unreachable
From 192.168.5.2 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.5.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4014ms
pipe 2

маршруты на клиенте до коннекта с openvpn сервером:
Код Выделить
netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags   MSS Window  irtt Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0   0 ppp0
ип шлюза провайдера 0.0.0.0 255.255.255.255 UH 0 0   0 ppp0
172.16.55.0 0.0.0.0 255.255.255.0   U 0 0   0 vmnet8
172.16.176.0 0.0.0.0 255.255.255.0   U 0 0   0 vmnet1
после коннекта к openvpn:
Код Выделить
$ netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags   MSS Window  irtt Iface
0.0.0.0 192.168.5.1 128.0.0.0    UG 0 0   0 tap0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0   0 ppp0
ип шлюза провайдера 0.0.0.0 255.255.255.255 UH 0 0   0 ppp0
128.0.0.0    192.168.5.1 128.0.0.0    UG 0 0   0 tap0
172.16.55.0 0.0.0.0 255.255.255.0   U 0 0   0 vmnet8
172.16.176.0 0.0.0.0 255.255.255.0   U 0 0   0 vmnet1
192.168.5.0 0.0.0.0 255.255.255.0   U 0 0   0 tap0
Код Выделить
$ sudo ifconfig tap0
tap0   Link encap:Ethernet  HWaddr mac-address 
  inet addr:192.168.5.2  Bcast:192.168.5.255  Mask:255.255.255.0
  inet6 addr: ipv6 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:536 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:100
  RX bytes:0 (0.0 B)  TX bytes:30930 (30.2 KiB)

если я пропишу нормальную маску то пинг повляется до ДНС:
Код Выделить
$ sudo route del -net 0/0 netmask 128.0.0.0 gw 192.168.5.1
$ sudo route add -net 0/0 netmask 255.255.255.0 gw 192.168.5.1
$ netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags   MSS Window  irtt Iface
0.0.0.0 192.168.5.1 255.255.255.0   UG 0 0   0 tap0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0   0 ppp0
ип шлюза провайдера 0.0.0.0 255.255.255.255 UH 0 0   0 ppp0
128.0.0.0    192.168.5.1 128.0.0.0    UG 0 0   0 tap0
172.16.55.0 0.0.0.0 255.255.255.0   U 0 0   0 vmnet8
172.16.176.0 0.0.0.0 255.255.255.0   U 0 0   0 vmnet1
192.168.5.0 0.0.0.0 255.255.255.0   U 0 0   0 tap0
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=56 time=119 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=56 time=138 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 119.142/128.903/138.664/9.761 ms
пинг вроде разрешен но до 192.168.5.1 также - нету:
Код Выделить
$ ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1) 56(84) bytes of data.
From 192.168.5.2 icmp_seq=1 Destination Host Unreachable
From 192.168.5.2 icmp_seq=2 Destination Host Unreachable
From 192.168.5.2 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.5.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4022ms
pipe 3
меня очень смущает маска! Я пробовал добавить маршрут route add -net 0/0 netmask 255.255.255.0 gw 192.168.5.1 - но пинга до сервера с openvpn(192.168.5.1) не ходило
+ После коннекта я не могу открыть ни один сайт, интернета нету. Форвардинг включен
Код Выделить
$ cat /etc/sysctl.conf |grep forward
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.conf.all.forwarding=1

endru

#1
08 апреля 2016, 05:32:16
зачем нужен этот VPN? ты хочешь чтобы клиент выходил в интернет через VPN?

yoric

#2
08 апреля 2016, 08:58:01
И вот это что за:
Код Выделить
remote ИП 57322

endru

#3
08 апреля 2016, 09:46:18
yoric, настройки клиента. ИП - ip сервера к которому подключаются и порт. ТС скрыл адрес по соображениям безопасности.

whezzyeasy

#4
08 апреля 2016, 10:37:41 Последнее редактирование: 10 апреля 2016, 08:16:49 от whezzyeasy
Цитата: endru от 08 апреля 2016, 05:32:16зачем нужен этот VPN? ты хочешь чтобы клиент выходил в интернет через VPN?
Да, кстати, вот еще с сервера:
Код Выделить
$ sudo iptables -t nat -nvL
debug1: channel 25: forcing write
Chain PREROUTING (policy ACCEPT 6037K packets, 586M bytes)
pkts bytes target     prot opt in     out     source               destination       

Chain INPUT (policy ACCEPT 5864K packets, 573M bytes)
pkts bytes target     prot opt in     out     source               destination       

Chain OUTPUT (policy ACCEPT 106 packets, 8957 bytes)
pkts bytes target     prot opt in     out     source               destination       

Chain POSTROUTING (policy ACCEPT 106 packets, 8957 bytes)
pkts bytes target     prot opt in     out     source               destination       
    0     0 SNAT       all  --  *      eth0    192.168.5.0/24       0.0.0.0/0            to:IPсервераOpenVPN

ihammers

#5
09 апреля 2016, 06:01:32
Цитата: whezzyeasy от 07 апреля 2016, 20:59:41net.ipv4.ip_forward=1
После включения форвардинга обновляли ли конфиги ядра (sysctl или перезагрузка системы)? Использовали ли какие-нибудь инструкции для настройки сервера и клиента? Настраивали ли какие-нибудь правила iptables?
Debian GNU/Linux Bookworm, LXQt/OpenBox: AMD Ryzen 5 5600G / 64Gb RAM
_______________________________
Debian GNU/Linux Bookworm, без графики: AMD Phenon X4 / 16Gb RAM
_______________________________
Debian GNU/Linux Bookworm, LXQt/OpenBox: Acer Aspire One 722 AMD C60 / 8Gb RAM / ATI HD6290

whezzyeasy

#6
09 апреля 2016, 09:37:04 Последнее редактирование: 10 апреля 2016, 08:17:58 от whezzyeasy
Цитата: ihammers от 09 апреля 2016, 06:01:32После включения форвардинга обновляли ли конфиги ядра (sysctl или перезагрузка системы)? Использовали ли какие-нибудь инструкции для настройки сервера и клиента? Настраивали ли какие-нибудь правила iptables?
После включения форвардинга - закрепил коммандой sysctl -p, не перезагружал еще. Использовал инструкции: http://debian-help.ru/articles/ustanovka-nastroika-openvpn-servera-debian-6/ и https://habrahabr.ru/post/67238/. Правила iptables настраивал, но потом очистил и вбил только одно правило:
Код Выделить
$ sudo iptables -t nat -nvL
debug1: channel 25: forcing write
Chain PREROUTING (policy ACCEPT 6037K packets, 586M bytes)
pkts bytes target     prot opt in     out     source               destination       

Chain INPUT (policy ACCEPT 5864K packets, 573M bytes)
pkts bytes target     prot opt in     out     source               destination       

Chain OUTPUT (policy ACCEPT 106 packets, 8957 bytes)
pkts bytes target     prot opt in     out     source               destination       

Chain POSTROUTING (policy ACCEPT 106 packets, 8957 bytes)
pkts bytes target     prot opt in     out     source               destination       
    0     0 SNAT       all  --  *      eth0    192.168.5.0/24       0.0.0.0/0            to:IPсервераOpenVPN
Cообщение объединено 10 апреля 2016, 04:57:11

дождались логов.
Что делаю? рестартую на клиенте openvpn - смотрю route; смотрю ifconfig; пробую пинговать 192.168.5.5/ya.ru/google.com - пинга нет(ip адрес ya.ru/google.com не виден при пинге, днс не пингуются); смотрю лог;
Если сделаю на клиенте sudo route del -net 0/0 netmask 128.0.0.0 gw 192.168.5.5 = при пинге ип адреса ya.ru/google.com вижу. днс сервер пингуется. Больше ничего не пингуется.

Сейчас на сервере такой конфиг:
Открыть содержимое (спойлер)

Код Выделить
$ sudo cat server.conf
port 443
proto tcp
dev tun
#user openvpn
#group openvpn
persist-key
persist-tun
tls-server
tls-timeout 120
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
tls-auth /etc/openvpn/keys/ta.key 0
#server-bridge 192.168.5.1 255.255.255.0 192.168.5.2 192.168.5.4
server 192.168.5.0 255.255.255.0
client-to-client
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
comp-lzo
#keepalive 10 120
log-append /etc/openvpn/openvpn.log
verb 4

[свернуть]
ifconfig tun0 сервера:
Открыть содержимое (спойлер)
Код Выделить
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:192.168.5.1  P-t-P:192.168.5.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
[свернуть]

route -n:
Открыть содержимое (спойлер)
Код Выделить
$ sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         XXX.XXX.136.1    0.0.0.0         UG    0      0        0 eth0
XXX.XXX.136.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.5.0     192.168.5.2     255.255.255.0   UG    0      0        0 tun0
192.168.5.2     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
[свернуть]

лог сервера openvpn.log:
Открыть содержимое (спойлер)
Код Выделить
$ sudo cat openvpn.log
Sun Apr 10 01:41:04 2016 us=188018 Current Parameter Settings:
Sun Apr 10 01:41:04 2016 us=188159   config = '/etc/openvpn/server.conf'
Sun Apr 10 01:41:04 2016 us=188179   mode = 1
Sun Apr 10 01:41:04 2016 us=188194   persist_config = DISABLED
Sun Apr 10 01:41:04 2016 us=188210   persist_mode = 1
Sun Apr 10 01:41:04 2016 us=188225   show_ciphers = DISABLED
Sun Apr 10 01:41:04 2016 us=188241   show_digests = DISABLED
Sun Apr 10 01:41:04 2016 us=188256   show_engines = DISABLED
Sun Apr 10 01:41:04 2016 us=188271   genkey = DISABLED
Sun Apr 10 01:41:04 2016 us=188285   key_pass_file = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=188301   show_tls_ciphers = DISABLED
Sun Apr 10 01:41:04 2016 us=188316 Connection profiles [default]:
Sun Apr 10 01:41:04 2016 us=188333   proto = tcp-server
Sun Apr 10 01:41:04 2016 us=188347   local = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=188360   local_port = 443
Sun Apr 10 01:41:04 2016 us=188374   remote = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=188388   remote_port = 443
Sun Apr 10 01:41:04 2016 us=188403   remote_float = DISABLED
Sun Apr 10 01:41:04 2016 us=188418   bind_defined = DISABLED
Sun Apr 10 01:41:04 2016 us=188433   bind_local = ENABLED
Sun Apr 10 01:41:04 2016 us=188448   connect_retry_seconds = 5
Sun Apr 10 01:41:04 2016 us=188463   connect_timeout = 10
Sun Apr 10 01:41:04 2016 us=188478   connect_retry_max = 0
Sun Apr 10 01:41:04 2016 us=188494   socks_proxy_server = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=188510   socks_proxy_port = 0
Sun Apr 10 01:41:04 2016 us=188524   socks_proxy_retry = DISABLED
Sun Apr 10 01:41:04 2016 us=188538 Connection profiles END
Sun Apr 10 01:41:04 2016 us=188553   remote_random = DISABLED
Sun Apr 10 01:41:04 2016 us=188569   ipchange = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=188584   dev = 'tun'
Sun Apr 10 01:41:04 2016 us=188599   dev_type = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=188613   dev_node = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=188630   lladdr = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=188646   topology = 1
Sun Apr 10 01:41:04 2016 us=188661   tun_ipv6 = DISABLED
Sun Apr 10 01:41:04 2016 us=188676   ifconfig_local = '192.168.5.1'
Sun Apr 10 01:41:04 2016 us=188692   ifconfig_remote_netmask = '192.168.5.2'
Sun Apr 10 01:41:04 2016 us=188706   ifconfig_noexec = DISABLED
Sun Apr 10 01:41:04 2016 us=188720   ifconfig_nowarn = DISABLED
Sun Apr 10 01:41:04 2016 us=188734   ifconfig_ipv6_local = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=188749   ifconfig_ipv6_netbits = 0
Sun Apr 10 01:41:04 2016 us=188764   ifconfig_ipv6_remote = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=188779   shaper = 0
Sun Apr 10 01:41:04 2016 us=188803   tun_mtu = 1500
Sun Apr 10 01:41:04 2016 us=188820   tun_mtu_defined = ENABLED
Sun Apr 10 01:41:04 2016 us=188835   link_mtu = 1500
Sun Apr 10 01:41:04 2016 us=188850   link_mtu_defined = DISABLED
Sun Apr 10 01:41:04 2016 us=188865   tun_mtu_extra = 0
Sun Apr 10 01:41:04 2016 us=188879   tun_mtu_extra_defined = DISABLED
Sun Apr 10 01:41:04 2016 us=188894   fragment = 0
Sun Apr 10 01:41:04 2016 us=188909   mtu_discover_type = -1
Sun Apr 10 01:41:04 2016 us=188923   mtu_test = 0
Sun Apr 10 01:41:04 2016 us=188936   mlock = DISABLED
Sun Apr 10 01:41:04 2016 us=188950   keepalive_ping = 0
Sun Apr 10 01:41:04 2016 us=188965   keepalive_timeout = 0
Sun Apr 10 01:41:04 2016 us=188988   inactivity_timeout = 0
Sun Apr 10 01:41:04 2016 us=189005   ping_send_timeout = 0
Sun Apr 10 01:41:04 2016 us=189020   ping_rec_timeout = 0
Sun Apr 10 01:41:04 2016 us=189034   ping_rec_timeout_action = 0
Sun Apr 10 01:41:04 2016 us=189048   ping_timer_remote = DISABLED
Sun Apr 10 01:41:04 2016 us=189063   remap_sigusr1 = 0
Sun Apr 10 01:41:04 2016 us=189078   explicit_exit_notification = 0
Sun Apr 10 01:41:04 2016 us=189093   persist_tun = ENABLED
Sun Apr 10 01:41:04 2016 us=189108   persist_local_ip = DISABLED
Sun Apr 10 01:41:04 2016 us=189123   persist_remote_ip = DISABLED
Sun Apr 10 01:41:04 2016 us=189139   persist_key = ENABLED
Sun Apr 10 01:41:04 2016 us=189154   mssfix = 1450
Sun Apr 10 01:41:04 2016 us=189170   passtos = DISABLED
Sun Apr 10 01:41:04 2016 us=189186   resolve_retry_seconds = 1000000000
Sun Apr 10 01:41:04 2016 us=189211   username = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189227   groupname = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189242   chroot_dir = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189257   cd_dir = '/etc/openvpn'
Sun Apr 10 01:41:04 2016 us=189272   writepid = '/var/run/openvpn.server.pid'
Sun Apr 10 01:41:04 2016 us=189285   up_script = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189299   down_script = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189314   down_pre = DISABLED
Sun Apr 10 01:41:04 2016 us=189328   up_restart = DISABLED
Sun Apr 10 01:41:04 2016 us=189342   up_delay = DISABLED
Sun Apr 10 01:41:04 2016 us=189356   daemon = ENABLED
Sun Apr 10 01:41:04 2016 us=189371   inetd = 0
Sun Apr 10 01:41:04 2016 us=189385   log = ENABLED
Sun Apr 10 01:41:04 2016 us=189399   suppress_timestamps = DISABLED
Sun Apr 10 01:41:04 2016 us=189415   nice = 0
Sun Apr 10 01:41:04 2016 us=189430   verbosity = 4
Sun Apr 10 01:41:04 2016 us=189445   mute = 0
Sun Apr 10 01:41:04 2016 us=189461   gremlin = 0
Sun Apr 10 01:41:04 2016 us=189476   status_file = '/var/run/openvpn.server.status'
Sun Apr 10 01:41:04 2016 us=189491   status_file_version = 1
Sun Apr 10 01:41:04 2016 us=189506   status_file_update_freq = 10
Sun Apr 10 01:41:04 2016 us=189520   occ = ENABLED
Sun Apr 10 01:41:04 2016 us=189535   rcvbuf = 65536
Sun Apr 10 01:41:04 2016 us=189550   sndbuf = 65536
Sun Apr 10 01:41:04 2016 us=189564   sockflags = 0
Sun Apr 10 01:41:04 2016 us=189578   fast_io = DISABLED
Sun Apr 10 01:41:04 2016 us=189593   lzo = 7
Sun Apr 10 01:41:04 2016 us=189608   route_script = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189624   route_default_gateway = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189640   route_default_metric = 0
Sun Apr 10 01:41:04 2016 us=189655   route_noexec = DISABLED
Sun Apr 10 01:41:04 2016 us=189670   route_delay = 0
Sun Apr 10 01:41:04 2016 us=189687   route_delay_window = 30
Sun Apr 10 01:41:04 2016 us=189702   route_delay_defined = DISABLED
Sun Apr 10 01:41:04 2016 us=189718   route_nopull = DISABLED
Sun Apr 10 01:41:04 2016 us=189733   route_gateway_via_dhcp = DISABLED
Sun Apr 10 01:41:04 2016 us=189748   max_routes = 100
Sun Apr 10 01:41:04 2016 us=189763   allow_pull_fqdn = DISABLED
Sun Apr 10 01:41:04 2016 us=189780   route 192.168.5.0/255.255.255.0/nil/nil
Sun Apr 10 01:41:04 2016 us=189796   management_addr = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189811   management_port = 0
Sun Apr 10 01:41:04 2016 us=189827   management_user_pass = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189843   management_log_history_cache = 250
Sun Apr 10 01:41:04 2016 us=189858   management_echo_buffer_size = 100
Sun Apr 10 01:41:04 2016 us=189874   management_write_peer_info_file = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189889   management_client_user = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189905   management_client_group = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189922   management_flags = 0
Sun Apr 10 01:41:04 2016 us=189937   shared_secret_file = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=189953   key_direction = 1
Sun Apr 10 01:41:04 2016 us=189967   ciphername_defined = ENABLED
Sun Apr 10 01:41:04 2016 us=189982   ciphername = 'BF-CBC'
Sun Apr 10 01:41:04 2016 us=189998   authname_defined = ENABLED
Sun Apr 10 01:41:04 2016 us=190013   authname = 'SHA1'
Sun Apr 10 01:41:04 2016 us=190029   prng_hash = 'SHA1'
Sun Apr 10 01:41:04 2016 us=190044   prng_nonce_secret_len = 16
Sun Apr 10 01:41:04 2016 us=190059   keysize = 0
Sun Apr 10 01:41:04 2016 us=190075   engine = DISABLED
Sun Apr 10 01:41:04 2016 us=190091   replay = ENABLED
Sun Apr 10 01:41:04 2016 us=190106   mute_replay_warnings = DISABLED
Sun Apr 10 01:41:04 2016 us=190122   replay_window = 64
Sun Apr 10 01:41:04 2016 us=190137   replay_time = 15
Sun Apr 10 01:41:04 2016 us=190152   packet_id_file = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=190167   use_iv = ENABLED
Sun Apr 10 01:41:04 2016 us=190182   test_crypto = DISABLED
Sun Apr 10 01:41:04 2016 us=190198   tls_server = ENABLED
Sun Apr 10 01:41:04 2016 us=190213   tls_client = DISABLED
Sun Apr 10 01:41:04 2016 us=190230   key_method = 2
Sun Apr 10 01:41:04 2016 us=190258   ca_file = '/etc/openvpn/keys/ca.crt'
Sun Apr 10 01:41:04 2016 us=190275   ca_path = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=190290   dh_file = '/etc/openvpn/keys/dh1024.pem'
Sun Apr 10 01:41:04 2016 us=190306   cert_file = '/etc/openvpn/keys/server.crt'
Sun Apr 10 01:41:04 2016 us=190323   priv_key_file = '/etc/openvpn/keys/server.key'
Sun Apr 10 01:41:04 2016 us=190340   pkcs12_file = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=190355   cipher_list = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=190370   tls_verify = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=190385   tls_export_cert = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=190400   tls_remote = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=190415   crl_file = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=190431   ns_cert_type = 0
Sun Apr 10 01:41:04 2016 us=190446   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190460   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190475   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190490   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190505   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190520   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190535   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190549   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190563   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190577   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190592   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190607   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190622   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190636   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190651   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190666   remote_cert_ku[i] = 0
Sun Apr 10 01:41:04 2016 us=190681   remote_cert_eku = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=190696   tls_timeout = 120
Sun Apr 10 01:41:04 2016 us=190712   renegotiate_bytes = 0
Sun Apr 10 01:41:04 2016 us=190727   renegotiate_packets = 0
Sun Apr 10 01:41:04 2016 us=190743   renegotiate_seconds = 3600
Sun Apr 10 01:41:04 2016 us=190758   handshake_window = 60
Sun Apr 10 01:41:04 2016 us=190774   transition_window = 3600
Sun Apr 10 01:41:04 2016 us=190788   single_session = DISABLED
Sun Apr 10 01:41:04 2016 us=190803   push_peer_info = DISABLED
Sun Apr 10 01:41:04 2016 us=190817   tls_exit = DISABLED
Sun Apr 10 01:41:04 2016 us=190832   tls_auth_file = '/etc/openvpn/keys/ta.key'
Sun Apr 10 01:41:04 2016 us=190847   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=190862   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=190877   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=190891   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=190906   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=190921   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=190936   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=190951   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=190965   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=190980   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=190995   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=191010   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=191025   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=191039   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=191054   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=191069   pkcs11_protected_authentication = DISABLED
Sun Apr 10 01:41:04 2016 us=191086   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191100   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191116   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191131   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191146   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191160   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191186   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191201   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191216   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191231   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191246   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191262   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191277   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191292   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191307   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191322   pkcs11_private_mode = 00000000
Sun Apr 10 01:41:04 2016 us=191337   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191352   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191367   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191417   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191433   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191447   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191462   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191476   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191491   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191506   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191521   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191536   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191552   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191572   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191587   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191602   pkcs11_cert_private = DISABLED
Sun Apr 10 01:41:04 2016 us=191618   pkcs11_pin_cache_period = -1
Sun Apr 10 01:41:04 2016 us=191633   pkcs11_id = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=191649   pkcs11_id_management = DISABLED
Sun Apr 10 01:41:04 2016 us=191678   server_network = 192.168.5.0
Sun Apr 10 01:41:04 2016 us=191698   server_netmask = 255.255.255.0
Sun Apr 10 01:41:04 2016 us=191728   server_network_ipv6 = ::
Sun Apr 10 01:41:04 2016 us=191747   server_netbits_ipv6 = 0
Sun Apr 10 01:41:04 2016 us=191765   server_bridge_ip = 0.0.0.0
Sun Apr 10 01:41:04 2016 us=191782   server_bridge_netmask = 0.0.0.0
Sun Apr 10 01:41:04 2016 us=191800   server_bridge_pool_start = 0.0.0.0
Sun Apr 10 01:41:04 2016 us=191817   server_bridge_pool_end = 0.0.0.0
Sun Apr 10 01:41:04 2016 us=191833   push_entry = 'dhcp-option DNS 8.8.8.8'
Sun Apr 10 01:41:04 2016 us=191850   push_entry = 'redirect-gateway def1'
Sun Apr 10 01:41:04 2016 us=191865   push_entry = 'route 192.168.5.0 255.255.255.0'
Sun Apr 10 01:41:04 2016 us=191880   push_entry = 'topology net30'
Sun Apr 10 01:41:04 2016 us=191896   ifconfig_pool_defined = ENABLED
Sun Apr 10 01:41:04 2016 us=191912   ifconfig_pool_start = 192.168.5.4
Sun Apr 10 01:41:04 2016 us=191930   ifconfig_pool_end = 192.168.5.251
Sun Apr 10 01:41:04 2016 us=191948   ifconfig_pool_netmask = 0.0.0.0
Sun Apr 10 01:41:04 2016 us=191963   ifconfig_pool_persist_filename = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=191979   ifconfig_pool_persist_refresh_freq = 600
Sun Apr 10 01:41:04 2016 us=191993   ifconfig_ipv6_pool_defined = DISABLED
Sun Apr 10 01:41:04 2016 us=192009   ifconfig_ipv6_pool_base = ::
Sun Apr 10 01:41:04 2016 us=192025   ifconfig_ipv6_pool_netbits = 0
Sun Apr 10 01:41:04 2016 us=192040   n_bcast_buf = 256
Sun Apr 10 01:41:04 2016 us=192055   tcp_queue_limit = 64
Sun Apr 10 01:41:04 2016 us=192070   real_hash_size = 256
Sun Apr 10 01:41:04 2016 us=192086   virtual_hash_size = 256
Sun Apr 10 01:41:04 2016 us=192101   client_connect_script = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=192116   learn_address_script = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=192132   client_disconnect_script = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=192147   client_config_dir = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=192162   ccd_exclusive = DISABLED
Sun Apr 10 01:41:04 2016 us=192177   tmp_dir = '/tmp'
Sun Apr 10 01:41:04 2016 us=192205   push_ifconfig_defined = DISABLED
Sun Apr 10 01:41:04 2016 us=192223   push_ifconfig_local = 0.0.0.0
Sun Apr 10 01:41:04 2016 us=192241   push_ifconfig_remote_netmask = 0.0.0.0
Sun Apr 10 01:41:04 2016 us=192256   push_ifconfig_ipv6_defined = DISABLED
Sun Apr 10 01:41:04 2016 us=192273   push_ifconfig_ipv6_local = ::/0
Sun Apr 10 01:41:04 2016 us=192289   push_ifconfig_ipv6_remote = ::
Sun Apr 10 01:41:04 2016 us=192305   enable_c2c = ENABLED
Sun Apr 10 01:41:04 2016 us=192320   duplicate_cn = DISABLED
Sun Apr 10 01:41:04 2016 us=192335   cf_max = 0
Sun Apr 10 01:41:04 2016 us=192350   cf_per = 0
Sun Apr 10 01:41:04 2016 us=192365   max_clients = 1024
Sun Apr 10 01:41:04 2016 us=192385   max_routes_per_client = 256
Sun Apr 10 01:41:04 2016 us=192401   auth_user_pass_verify_script = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=192416   auth_user_pass_verify_script_via_file = DISABLED
Sun Apr 10 01:41:04 2016 us=192433   ssl_flags = 0
Sun Apr 10 01:41:04 2016 us=192451   port_share_host = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=192465   port_share_port = 0
Sun Apr 10 01:41:04 2016 us=192480   client = DISABLED
Sun Apr 10 01:41:04 2016 us=192496   pull = DISABLED
Sun Apr 10 01:41:04 2016 us=192511   auth_user_pass_file = '[UNDEF]'
Sun Apr 10 01:41:04 2016 us=192536 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec  1 2014
Sun Apr 10 01:41:04 2016 us=192750 WARNING: --keepalive option is missing from server config
Sun Apr 10 01:41:04 2016 us=192872 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Apr 10 01:41:04 2016 us=199067 Diffie-Hellman initialized with 1024 bit key
Sun Apr 10 01:41:04 2016 us=200645 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Sun Apr 10 01:41:04 2016 us=200692 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 10 01:41:04 2016 us=200711 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 10 01:41:04 2016 us=200737 TLS-Auth MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Apr 10 01:41:04 2016 us=200800 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Apr 10 01:41:04 2016 us=200983 ROUTE default_gateway=131.72.136.1
Sun Apr 10 01:41:04 2016 us=201603 TUN/TAP device tun0 opened
Sun Apr 10 01:41:04 2016 us=201631 TUN/TAP TX queue length set to 100
Sun Apr 10 01:41:04 2016 us=201652 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Apr 10 01:41:04 2016 us=201687 /sbin/ifconfig tun0 192.168.5.1 pointopoint 192.168.5.2 mtu 1500
Sun Apr 10 01:41:04 2016 us=203964 /sbin/route add -net 192.168.5.0 netmask 255.255.255.0 gw 192.168.5.2
Sun Apr 10 01:41:04 2016 us=205681 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 10 01:41:04 2016 us=206804 Listening for incoming TCP connection on [undef]
Sun Apr 10 01:41:04 2016 us=206914 TCPv4_SERVER link local (bound): [undef]
Sun Apr 10 01:41:04 2016 us=206934 TCPv4_SERVER link remote: [undef]
Sun Apr 10 01:41:04 2016 us=206960 MULTI: multi_init called, r=256 v=256
Sun Apr 10 01:41:04 2016 us=207139 IFCONFIG POOL: base=192.168.5.4 size=62, ipv6=0
Sun Apr 10 01:41:04 2016 us=207196 MULTI: TCP INIT maxclients=1024 maxevents=1028
Sun Apr 10 01:41:04 2016 us=207254 Initialization Sequence Completed
Sun Apr 10 01:41:53 2016 us=309119 MULTI: multi_create_instance called
Sun Apr 10 01:41:53 2016 us=309231 Re-using SSL/TLS context
Sun Apr 10 01:41:53 2016 us=309328 LZO compression initialized
Sun Apr 10 01:41:53 2016 us=309723 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Apr 10 01:41:53 2016 us=309774 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 10 01:41:53 2016 us=309905 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Sun Apr 10 01:41:53 2016 us=309944 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sun Apr 10 01:41:53 2016 us=310022 Local Options hash (VER=V4): 'bd577cd1'
Sun Apr 10 01:41:53 2016 us=310047 Expected Remote Options hash (VER=V4): 'ee93268d'
Sun Apr 10 01:41:53 2016 us=310090 TCP connection established with [AF_INET]IP_КЛИЕНТА:22963
Sun Apr 10 01:41:53 2016 us=310112 TCPv4_SERVER link local: [undef]
Sun Apr 10 01:41:53 2016 us=310129 TCPv4_SERVER link remote: [AF_INET]IP_КЛИЕНТА:22963
Sun Apr 10 01:41:54 2016 us=64950 IP_КЛИЕНТА:22963 TLS: Initial packet from [AF_INET]IP_КЛИЕНТА:22963, sid=5f5ede87 4e75b95b
Sun Apr 10 01:42:01 2016 us=217822 IP_КЛИЕНТА:22963 VERIFY OK: depth=1, /C=RU/ST=Moskowskaya/L=Moskow/O=myFilial/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
Sun Apr 10 01:42:01 2016 us=218063 IP_КЛИЕНТА:22963 VERIFY OK: depth=0, /C=RU/ST=Moskowskaya/L=Moskow/O=myFilial/OU=changeme/CN=me/name=changeme/emailAddress=mail@host.domain
Sun Apr 10 01:42:02 2016 us=137317 IP_КЛИЕНТА:22963 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Apr 10 01:42:02 2016 us=137368 IP_КЛИЕНТА:22963 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 10 01:42:02 2016 us=137434 IP_КЛИЕНТА:22963 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Apr 10 01:42:02 2016 us=137456 IP_КЛИЕНТА:22963 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 10 01:42:02 2016 us=697210 IP_КЛИЕНТА:22963 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Apr 10 01:42:02 2016 us=697268 IP_КЛИЕНТА:22963 [me] Peer Connection Initiated with [AF_INET]IP_КЛИЕНТА:22963
Sun Apr 10 01:42:02 2016 us=697327 me/IP_КЛИЕНТА:22963 MULTI_sva: pool returned IPv4=192.168.5.6, IPv6=1cba:7eb7:a49e:9abf:f8a1:9abf:303e:6cb8
Sun Apr 10 01:42:02 2016 us=697381 me/IP_КЛИЕНТА:22963 MULTI: Learn: 192.168.5.6 -> me/IP_КЛИЕНТА:22963
Sun Apr 10 01:42:02 2016 us=697398 me/IP_КЛИЕНТА:22963 MULTI: primary virtual IP for me/IP_КЛИЕНТА:22963: 192.168.5.6
Sun Apr 10 01:42:04 2016 us=507453 me/IP_КЛИЕНТА:22963 PUSH: Received control message: 'PUSH_REQUEST'
Sun Apr 10 01:42:04 2016 us=507483 me/IP_КЛИЕНТА:22963 send_push_reply(): safe_cap=960
Sun Apr 10 01:42:04 2016 us=507522 me/IP_КЛИЕНТА:22963 SENT CONTROL [me]: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway def1,route 192.168.5.0 255.255.255.0,topology net30,ifconfig 192.168.5.6 192.168.5.5' (status=1)
Sun Apr 10 01:49:19 2016 us=234738 me/IP_КЛИЕНТА:22963 Connection reset, restarting [-1]
Sun Apr 10 01:49:19 2016 us=234792 me/IP_КЛИЕНТА:22963 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sun Apr 10 01:49:19 2016 us=235007 TCP/UDP: Closing socket
[свернуть]

Теперь клиент.

Конфиг:
Открыть содержимое (спойлер)
Код Выделить
$ sudo cat client.conf
client
dev tun
proto tcp
remote XXX.XXX.XXX.243 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert "/etc/openvpn/keys/me.crt"
key /etc/openvpn/keys/me.key
tls-auth /etc/openvpn/keys/ta.key 1
ns-cert-type server
comp-lzo
log openvpn.log
verb 4
[свернуть]

ifconfig tun0 клиента:
Открыть содержимое (спойлер)
Код Выделить
$ sudo ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
          inet addr:192.168.5.6  P-t-P:192.168.5.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:119 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:48775 (47.6 KiB)
[свернуть]

route -n клиента:
Открыть содержимое (спойлер)
Код Выделить
$ sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.5.5     128.0.0.0       UG    0      0        0 tun0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
XXX.XXX.XXX.64     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
128.0.0.0       192.168.5.5     128.0.0.0       UG    0      0        0 tun0
172.16.55.0     0.0.0.0         255.255.255.0   U     0      0        0 vmnet8
172.16.176.0    0.0.0.0         255.255.255.0   U     0      0        0 vmnet1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.5.0     192.168.5.5     255.255.255.0   UG    0      0        0 tun0
192.168.5.5     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
[свернуть]

openvpn.log клиента:
Открыть содержимое (спойлер)
Код Выделить
$ sudo cat openvpn.log
Sun Apr 10 07:40:05 2016 us=983981 Current Parameter Settings:
Sun Apr 10 07:40:05 2016 us=984105   config = '/etc/openvpn/client.conf'
Sun Apr 10 07:40:05 2016 us=984125   mode = 0
Sun Apr 10 07:40:05 2016 us=984156   persist_config = DISABLED
Sun Apr 10 07:40:05 2016 us=984185   persist_mode = 1
Sun Apr 10 07:40:05 2016 us=984213   show_ciphers = DISABLED
Sun Apr 10 07:40:05 2016 us=984240   show_digests = DISABLED
Sun Apr 10 07:40:05 2016 us=984267   show_engines = DISABLED
Sun Apr 10 07:40:05 2016 us=984293   genkey = DISABLED
Sun Apr 10 07:40:05 2016 us=984321   key_pass_file = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=984349   show_tls_ciphers = DISABLED
Sun Apr 10 07:40:05 2016 us=984380 Connection profiles [default]:
Sun Apr 10 07:40:05 2016 us=984408   proto = tcp-client
Sun Apr 10 07:40:05 2016 us=984437   local = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=984465   local_port = 0
Sun Apr 10 07:40:05 2016 us=984492   remote = 'IP_СЕРВЕРА'
Sun Apr 10 07:40:05 2016 us=984520   remote_port = 443
Sun Apr 10 07:40:05 2016 us=984546   remote_float = DISABLED
Sun Apr 10 07:40:05 2016 us=984572   bind_defined = DISABLED
Sun Apr 10 07:40:05 2016 us=984599   bind_local = DISABLED
Sun Apr 10 07:40:05 2016 us=984625   connect_retry_seconds = 5
Sun Apr 10 07:40:05 2016 us=984652   connect_timeout = 10
Sun Apr 10 07:40:05 2016 us=984678   connect_retry_max = 0
Sun Apr 10 07:40:05 2016 us=984704   socks_proxy_server = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=984731   socks_proxy_port = 0
Sun Apr 10 07:40:05 2016 us=984757   socks_proxy_retry = DISABLED
Sun Apr 10 07:40:05 2016 us=984783   tun_mtu = 1500
Sun Apr 10 07:40:05 2016 us=984809   tun_mtu_defined = ENABLED
Sun Apr 10 07:40:05 2016 us=984835   link_mtu = 1500
Sun Apr 10 07:40:05 2016 us=984861   link_mtu_defined = DISABLED
Sun Apr 10 07:40:05 2016 us=984887   tun_mtu_extra = 0
Sun Apr 10 07:40:05 2016 us=984913   tun_mtu_extra_defined = DISABLED
Sun Apr 10 07:40:05 2016 us=984942   mtu_discover_type = -1
Sun Apr 10 07:40:05 2016 us=984968   fragment = 0
Sun Apr 10 07:40:05 2016 us=984995   mssfix = 1450
Sun Apr 10 07:40:05 2016 us=985021   explicit_exit_notification = 0
Sun Apr 10 07:40:05 2016 us=985047 Connection profiles END
Sun Apr 10 07:40:05 2016 us=985073   remote_random = DISABLED
Sun Apr 10 07:40:05 2016 us=985099   ipchange = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=985126   dev = 'tun'
Sun Apr 10 07:40:05 2016 us=985153   dev_type = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=985179   dev_node = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=985205   lladdr = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=985236   topology = 1
Sun Apr 10 07:40:05 2016 us=985263   tun_ipv6 = DISABLED
Sun Apr 10 07:40:05 2016 us=985290   ifconfig_local = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=985317   ifconfig_remote_netmask = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=985348   ifconfig_noexec = DISABLED
Sun Apr 10 07:40:05 2016 us=985375   ifconfig_nowarn = DISABLED
Sun Apr 10 07:40:05 2016 us=985401   ifconfig_ipv6_local = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=985428   ifconfig_ipv6_netbits = 0
Sun Apr 10 07:40:05 2016 us=985455   ifconfig_ipv6_remote = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=985482   shaper = 0
Sun Apr 10 07:40:05 2016 us=985508   mtu_test = 0
Sun Apr 10 07:40:05 2016 us=985534   mlock = DISABLED
Sun Apr 10 07:40:05 2016 us=985561   keepalive_ping = 0
Sun Apr 10 07:40:05 2016 us=985587   keepalive_timeout = 0
Sun Apr 10 07:40:05 2016 us=985614   inactivity_timeout = 0
Sun Apr 10 07:40:05 2016 us=985640   ping_send_timeout = 0
Sun Apr 10 07:40:05 2016 us=985667   ping_rec_timeout = 0
Sun Apr 10 07:40:05 2016 us=985693   ping_rec_timeout_action = 0
Sun Apr 10 07:40:05 2016 us=985719   ping_timer_remote = DISABLED
Sun Apr 10 07:40:05 2016 us=985746   remap_sigusr1 = 0
Sun Apr 10 07:40:05 2016 us=985772   persist_tun = ENABLED
Sun Apr 10 07:40:05 2016 us=985798   persist_local_ip = DISABLED
Sun Apr 10 07:40:05 2016 us=985824   persist_remote_ip = DISABLED
Sun Apr 10 07:40:05 2016 us=985851   persist_key = ENABLED
Sun Apr 10 07:40:05 2016 us=985878   passtos = DISABLED
Sun Apr 10 07:40:05 2016 us=985904   resolve_retry_seconds = 1000000000
Sun Apr 10 07:40:05 2016 us=985944   username = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=985972   groupname = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=985998   chroot_dir = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=986025   cd_dir = '/etc/openvpn'
Sun Apr 10 07:40:05 2016 us=986051   writepid = '/run/openvpn/client.pid'
Sun Apr 10 07:40:05 2016 us=986078   up_script = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=986104   down_script = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=986131   down_pre = DISABLED
Sun Apr 10 07:40:05 2016 us=986157   up_restart = DISABLED
Sun Apr 10 07:40:05 2016 us=986183   up_delay = DISABLED
Sun Apr 10 07:40:05 2016 us=986209   daemon = ENABLED
Sun Apr 10 07:40:05 2016 us=986236   inetd = 0
Sun Apr 10 07:40:05 2016 us=986262   log = ENABLED
Sun Apr 10 07:40:05 2016 us=986288   suppress_timestamps = DISABLED
Sun Apr 10 07:40:05 2016 us=986315   nice = 0
Sun Apr 10 07:40:05 2016 us=986341   verbosity = 4
Sun Apr 10 07:40:05 2016 us=986367   mute = 0
Sun Apr 10 07:40:05 2016 us=986393   gremlin = 0
Sun Apr 10 07:40:05 2016 us=986420   status_file = '/run/openvpn/client.status'
Sun Apr 10 07:40:05 2016 us=986446   status_file_version = 1
Sun Apr 10 07:40:05 2016 us=986472   status_file_update_freq = 10
Sun Apr 10 07:40:05 2016 us=986498   occ = ENABLED
Sun Apr 10 07:40:05 2016 us=986524   rcvbuf = 65536
Sun Apr 10 07:40:05 2016 us=986549   sndbuf = 65536
Sun Apr 10 07:40:05 2016 us=986575   mark = 0
Sun Apr 10 07:40:05 2016 us=986600   sockflags = 0
Sun Apr 10 07:40:05 2016 us=986626   fast_io = DISABLED
Sun Apr 10 07:40:05 2016 us=986652   lzo = 7
Sun Apr 10 07:40:05 2016 us=986678   route_script = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=986704   route_default_gateway = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=986731   route_default_metric = 0
Sun Apr 10 07:40:05 2016 us=986758   route_noexec = DISABLED
Sun Apr 10 07:40:05 2016 us=986785   route_delay = 0
Sun Apr 10 07:40:05 2016 us=986811   route_delay_window = 30
Sun Apr 10 07:40:05 2016 us=986838   route_delay_defined = DISABLED
Sun Apr 10 07:40:05 2016 us=986865   route_nopull = DISABLED
Sun Apr 10 07:40:05 2016 us=986893   route_gateway_via_dhcp = DISABLED
Sun Apr 10 07:40:05 2016 us=986921   max_routes = 100
Sun Apr 10 07:40:05 2016 us=986949   allow_pull_fqdn = DISABLED
Sun Apr 10 07:40:05 2016 us=986976   management_addr = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=987003   management_port = 0
Sun Apr 10 07:40:05 2016 us=987029   management_user_pass = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=987057   management_log_history_cache = 250
Sun Apr 10 07:40:05 2016 us=987084   management_echo_buffer_size = 100
Sun Apr 10 07:40:05 2016 us=987111   management_write_peer_info_file = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=987138   management_client_user = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=987165   management_client_group = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=987192   management_flags = 0
Sun Apr 10 07:40:05 2016 us=987218   shared_secret_file = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=987246   key_direction = 2
Sun Apr 10 07:40:05 2016 us=987272   ciphername_defined = ENABLED
Sun Apr 10 07:40:05 2016 us=987299   ciphername = 'BF-CBC'
Sun Apr 10 07:40:05 2016 us=987326   authname_defined = ENABLED
Sun Apr 10 07:40:05 2016 us=987353   authname = 'SHA1'
Sun Apr 10 07:40:05 2016 us=987380   prng_hash = 'SHA1'
Sun Apr 10 07:40:05 2016 us=987407   prng_nonce_secret_len = 16
Sun Apr 10 07:40:05 2016 us=987433   keysize = 0
Sun Apr 10 07:40:05 2016 us=987459   engine = DISABLED
Sun Apr 10 07:40:05 2016 us=987487   replay = ENABLED
Sun Apr 10 07:40:05 2016 us=987513   mute_replay_warnings = DISABLED
Sun Apr 10 07:40:05 2016 us=987540   replay_window = 64
Sun Apr 10 07:40:05 2016 us=987567   replay_time = 15
Sun Apr 10 07:40:05 2016 us=987594   packet_id_file = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=987621   use_iv = ENABLED
Sun Apr 10 07:40:05 2016 us=987647   test_crypto = DISABLED
Sun Apr 10 07:40:05 2016 us=987675   tls_server = DISABLED
Sun Apr 10 07:40:05 2016 us=987702   tls_client = ENABLED
Sun Apr 10 07:40:05 2016 us=987729   key_method = 2
Sun Apr 10 07:40:05 2016 us=987755   ca_file = '/etc/openvpn/keys/ca.crt'
Sun Apr 10 07:40:05 2016 us=987794   ca_path = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=987822   dh_file = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=987900   cert_file = '/etc/openvpn/keys/me.crt'
Sun Apr 10 07:40:05 2016 us=987929   priv_key_file = '/etc/openvpn/keys/me.key'
Sun Apr 10 07:40:05 2016 us=987956   pkcs12_file = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=987983   cipher_list = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=988010   tls_verify = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=988037   tls_export_cert = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=988064   verify_x509_type = 0
Sun Apr 10 07:40:05 2016 us=988091   verify_x509_name = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=988118   crl_file = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=988145   ns_cert_type = 1
Sun Apr 10 07:40:05 2016 us=988171   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988198   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988225   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988251   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988277   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988303   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988330   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988356   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988383   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988409   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988435   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988461   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988487   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988513   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988539   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988565   remote_cert_ku[i] = 0
Sun Apr 10 07:40:05 2016 us=988591   remote_cert_eku = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=988618   ssl_flags = 0
Sun Apr 10 07:40:05 2016 us=988644   tls_timeout = 2
Sun Apr 10 07:40:05 2016 us=988671   renegotiate_bytes = 0
Sun Apr 10 07:40:05 2016 us=988698   renegotiate_packets = 0
Sun Apr 10 07:40:05 2016 us=988725   renegotiate_seconds = 3600
Sun Apr 10 07:40:05 2016 us=988752   handshake_window = 60
Sun Apr 10 07:40:05 2016 us=988778   transition_window = 3600
Sun Apr 10 07:40:05 2016 us=988805   single_session = DISABLED
Sun Apr 10 07:40:05 2016 us=988832   push_peer_info = DISABLED
Sun Apr 10 07:40:05 2016 us=988866   tls_exit = DISABLED
Sun Apr 10 07:40:05 2016 us=988893   tls_auth_file = '/etc/openvpn/keys/ta.key'
Sun Apr 10 07:40:05 2016 us=988920   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=988947   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=988974   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989006   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989020   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989051   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989069   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989084   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989098   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989111   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989124   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989137   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989151   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989164   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989177   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989202   pkcs11_protected_authentication = DISABLED
Sun Apr 10 07:40:05 2016 us=989230   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989257   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989283   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989310   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989336   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989376   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989404   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989431   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989457   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989484   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989510   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989537   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989563   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989590   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989616   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989650   pkcs11_private_mode = 00000000
Sun Apr 10 07:40:05 2016 us=989678   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989704   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989731   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989757   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989783   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989809   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989835   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989861   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989887   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989913   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989939   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989965   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=989991   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=990017   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=990044   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=990070   pkcs11_cert_private = DISABLED
Sun Apr 10 07:40:05 2016 us=990097   pkcs11_pin_cache_period = -1
Sun Apr 10 07:40:05 2016 us=990123   pkcs11_id = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=990150   pkcs11_id_management = DISABLED
Sun Apr 10 07:40:05 2016 us=990205   server_network = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=990237   server_netmask = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=990278   server_network_ipv6 = ::
Sun Apr 10 07:40:05 2016 us=990307   server_netbits_ipv6 = 0
Sun Apr 10 07:40:05 2016 us=990337   server_bridge_ip = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=990366   server_bridge_netmask = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=990395   server_bridge_pool_start = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=990442   server_bridge_pool_end = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=990470   ifconfig_pool_defined = DISABLED
Sun Apr 10 07:40:05 2016 us=990500   ifconfig_pool_start = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=990530   ifconfig_pool_end = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=990559   ifconfig_pool_netmask = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=990586   ifconfig_pool_persist_filename = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=990613   ifconfig_pool_persist_refresh_freq = 600
Sun Apr 10 07:40:05 2016 us=990640   ifconfig_ipv6_pool_defined = DISABLED
Sun Apr 10 07:40:05 2016 us=990670   ifconfig_ipv6_pool_base = ::
Sun Apr 10 07:40:05 2016 us=990696   ifconfig_ipv6_pool_netbits = 0
Sun Apr 10 07:40:05 2016 us=990722   n_bcast_buf = 256
Sun Apr 10 07:40:05 2016 us=990749   tcp_queue_limit = 64
Sun Apr 10 07:40:05 2016 us=990777   real_hash_size = 256
Sun Apr 10 07:40:05 2016 us=990803   virtual_hash_size = 256
Sun Apr 10 07:40:05 2016 us=990830   client_connect_script = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=990857   learn_address_script = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=990884   client_disconnect_script = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=990911   client_config_dir = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=990937   ccd_exclusive = DISABLED
Sun Apr 10 07:40:05 2016 us=990964   tmp_dir = '/tmp'
Sun Apr 10 07:40:05 2016 us=990990   push_ifconfig_defined = DISABLED
Sun Apr 10 07:40:05 2016 us=991020   push_ifconfig_local = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=991049   push_ifconfig_remote_netmask = 0.0.0.0
Sun Apr 10 07:40:05 2016 us=991076   push_ifconfig_ipv6_defined = DISABLED
Sun Apr 10 07:40:05 2016 us=991115   push_ifconfig_ipv6_local = ::/0
Sun Apr 10 07:40:05 2016 us=991145   push_ifconfig_ipv6_remote = ::
Sun Apr 10 07:40:05 2016 us=991172   enable_c2c = DISABLED
Sun Apr 10 07:40:05 2016 us=991199   duplicate_cn = DISABLED
Sun Apr 10 07:40:05 2016 us=991226   cf_max = 0
Sun Apr 10 07:40:05 2016 us=991253   cf_per = 0
Sun Apr 10 07:40:05 2016 us=991280   max_clients = 1024
Sun Apr 10 07:40:05 2016 us=991307   max_routes_per_client = 256
Sun Apr 10 07:40:05 2016 us=991334   auth_user_pass_verify_script = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=991367   auth_user_pass_verify_script_via_file = DISABLED
Sun Apr 10 07:40:05 2016 us=991395   port_share_host = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=991422   port_share_port = 0
Sun Apr 10 07:40:05 2016 us=991448   client = ENABLED
Sun Apr 10 07:40:05 2016 us=991474   pull = ENABLED
Sun Apr 10 07:40:05 2016 us=991501   auth_user_pass_file = '[UNDEF]'
Sun Apr 10 07:40:05 2016 us=991532 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 19 2015
Sun Apr 10 07:40:05 2016 us=991584 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Sun Apr 10 07:40:05 2016 us=993072 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Sun Apr 10 07:40:05 2016 us=993109 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 10 07:40:05 2016 us=993128 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 10 07:40:05 2016 us=993158 LZO compression initialized
Sun Apr 10 07:40:05 2016 us=993252 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Apr 10 07:40:05 2016 us=993302 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Apr 10 07:40:05 2016 us=993335 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 10 07:40:05 2016 us=993363 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sun Apr 10 07:40:05 2016 us=993377 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Sun Apr 10 07:40:05 2016 us=993409 Local Options hash (VER=V4): 'ee93268d'
Sun Apr 10 07:40:05 2016 us=993432 Expected Remote Options hash (VER=V4): 'bd577cd1'
Sun Apr 10 07:40:05 2016 us=994410 Attempting to establish TCP connection with [AF_INET]IP_СЕРВЕРА:443 [nonblock]
Sun Apr 10 07:40:15 2016 us=995618 TCP: connect to [AF_INET]IP_СЕРВЕРА:443 failed, will try again in 5 seconds: Connection timed out
Sun Apr 10 07:40:30 2016 us=996932 TCP: connect to [AF_INET]IP_СЕРВЕРА:443 failed, will try again in 5 seconds: Connection timed out
Sun Apr 10 07:40:36 2016 us=997342 TCP connection established with [AF_INET]IP_СЕРВЕРА:443
Sun Apr 10 07:40:36 2016 us=997450 TCPv4_CLIENT link local: [undef]
Sun Apr 10 07:40:36 2016 us=997490 TCPv4_CLIENT link remote: [AF_INET]IP_СЕРВЕРА:443
Sun Apr 10 07:40:37 2016 us=336355 TLS: Initial packet from [AF_INET]IP_СЕРВЕРА:443, sid=27ac25f2 4a135b4b
Sun Apr 10 07:40:41 2016 us=40476 VERIFY OK: depth=1, C=RU, ST=Moskowskaya, L=Moskow, O=myFilial, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Sun Apr 10 07:40:41 2016 us=41283 VERIFY OK: nsCertType=SERVER
Sun Apr 10 07:40:41 2016 us=41335 VERIFY OK: depth=0, C=RU, ST=Moskowskaya, L=Moskow, O=myFilial, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
Sun Apr 10 07:40:45 2016 us=508698 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Apr 10 07:40:45 2016 us=508815 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 10 07:40:45 2016 us=509007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Apr 10 07:40:45 2016 us=509044 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 10 07:40:45 2016 us=509211 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Apr 10 07:40:45 2016 us=509288 [server] Peer Connection Initiated with [AF_INET]IP_СЕРВЕРА:443
Sun Apr 10 07:40:47 2016 us=559747 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Apr 10 07:40:47 2016 us=858055 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway def1,route 192.168.5.0 255.255.255.0,topology net30,ifconfig 192.168.5.6 192.168.5.5'
Sun Apr 10 07:40:47 2016 us=858325 OPTIONS IMPORT: --ifconfig/up options modified
Sun Apr 10 07:40:47 2016 us=858366 OPTIONS IMPORT: route options modified
Sun Apr 10 07:40:47 2016 us=858395 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Apr 10 07:40:47 2016 us=858738 ROUTE_GATEWAY ON_LINK IFACE=ppp0 HWADDR=00:00:00:00:00:00
Sun Apr 10 07:40:47 2016 us=861255 TUN/TAP device tun0 opened
Sun Apr 10 07:40:47 2016 us=861343 TUN/TAP TX queue length set to 100
Sun Apr 10 07:40:47 2016 us=861390 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Apr 10 07:40:47 2016 us=861473 /sbin/ip link set dev tun0 up mtu 1500
Sun Apr 10 07:40:47 2016 us=864459 /sbin/ip addr add dev tun0 local 192.168.5.6 peer 192.168.5.5
Sun Apr 10 07:40:47 2016 us=867247 /sbin/ip route add IP_СЕРВЕРА/32 via 0.0.0.0
RTNETLINK answers: No such device
Sun Apr 10 07:40:47 2016 us=876068 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Apr 10 07:40:47 2016 us=876206 /sbin/ip route add 0.0.0.0/1 via 192.168.5.5
Sun Apr 10 07:40:47 2016 us=878764 /sbin/ip route add 128.0.0.0/1 via 192.168.5.5
Sun Apr 10 07:40:47 2016 us=881074 /sbin/ip route add 192.168.5.0/24 via 192.168.5.5
Sun Apr 10 07:40:47 2016 us=883222 Initialization Sequence Completed
Sun Apr 10 07:47:09 2016 us=226436 event_wait : Interrupted system call (code=4)
Sun Apr 10 07:47:09 2016 us=226809 TCP/UDP: Closing socket
Sun Apr 10 07:47:09 2016 us=226906 /sbin/ip route del 192.168.5.0/24
Sun Apr 10 07:47:09 2016 us=228704 /sbin/ip route del IP_СЕРВЕРА/32
RTNETLINK answers: No such process
Sun Apr 10 07:47:09 2016 us=229727 [b]ERROR: Linux route delete command failed: external program exited with error status: 2[/b]
Sun Apr 10 07:47:09 2016 us=229798 /sbin/ip route del 0.0.0.0/1
RTNETLINK answers: No such process
Sun Apr 10 07:47:09 2016 us=230686 [b]ERROR: Linux route delete command failed: external program exited with error status: 2[/b]
Sun Apr 10 07:47:09 2016 us=230753 /sbin/ip route del 128.0.0.0/1
Sun Apr 10 07:47:09 2016 us=232221 Closing TUN/TAP interface
Sun Apr 10 07:47:09 2016 us=232305 /sbin/ip addr del dev tun0 local 192.168.5.6 peer 192.168.5.5
Sun Apr 10 07:47:10 2016 us=528017 SIGTERM[hard,] received, process exiting
[свернуть]

вот выхлоп пинга после sudo route del -net 0/0 netmask 128.0.0.0 gw 192.168.5.5:
Открыть содержимое (спойлер)
Код Выделить
$ ping ya.ru
PING ya.ru (213.180.204.3) 56(84) bytes of data.
^C
--- ya.ru ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms

$ ping google.com
PING google.com (173.194.32.163) 56(84) bytes of data.
^C
--- google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1007ms

$ ping 192.168.5.5
PING 192.168.5.5 (192.168.5.5) 56(84) bytes of data.
^C
--- 192.168.5.5 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=46 time=277 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=46 time=350 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 277.538/313.880/350.222/36.342 ms
[свернуть]

ihammers

#7
14 апреля 2016, 05:18:05
Проверяйте через tcpdump на стороне сервера и клиента хождение icmp-пакетов.

А так по идее должно работать.
Debian GNU/Linux Bookworm, LXQt/OpenBox: AMD Ryzen 5 5600G / 64Gb RAM
_______________________________
Debian GNU/Linux Bookworm, без графики: AMD Phenon X4 / 16Gb RAM
_______________________________
Debian GNU/Linux Bookworm, LXQt/OpenBox: Acer Aspire One 722 AMD C60 / 8Gb RAM / ATI HD6290
Печать
Вверх Страницы1
Действия пользователя