Участник с: 18 февраля 2018
|
Здравствуйте! делаю на vps-ке себе vpn сервер. Раньше все на ура получалось, но сейчас что-то застопорилось :((( Сервер - debian9 x86 Клиент - arch самый свежий.
Конфиг сервера
local xxx.xxx.xxx.xxx
port 1194
proto udp4
dev tun
ca keys/ca.crt
cert keys/vpnserver.crt
key keys/vpnserver.key
dh keys/dh.pem
tls-auth keys/ta.key 0
topology subnet
server 172.16.10.0 255.255.255.0
route 172.16.10.0 255.255.255.0
push "dhcp-option DNS 172.16.10.1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
max-clients 32
client-to-client
persist-key
persist-tun
#status /var/log/openvpn/openvpn-status.log
#log-append /var/log/openvpn/openvpn.log
verb 3
mute 20
#daemon
mode server
tls-server
comp-lzo
Конфиг клиента
tls-client
dev tun
proto udp4
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
persist-key
persist-tun
ca /etc/openvpn/client/keys/ca.crt
cert /etc/openvpn/client/keys/home.crt
key /etc/openvpn/client/keys/home.key
tls-auth /etc/openvpn/client/keys/ta.key 1
dh keys/dh.pem
#remote-cert-tls server
cipher AES-128-CBC
comp-lzo
verb 3
#log-append /var/log/openvpn/openvpn_client.log
#status /var/log/openvpn/status_client.log
Лог сервера
user@vps52263:/etc/openvpn/server$ Wed Jan 9 12:21:39 2019 OpenVPN 2.4.0 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Wed Jan 9 12:21:39 2019 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Wed Jan 9 12:21:39 2019 Diffie-Hellman initialized with 2048 bit key
Wed Jan 9 12:21:39 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan 9 12:21:39 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan 9 12:21:39 2019 ROUTE_GATEWAY xxx.xxx.xxx.xxx/255.255.255.224 IFACE=eth0 HWADDR=00:16:3c:b3:9e:18
Wed Jan 9 12:21:39 2019 TUN/TAP device tun0 opened
Wed Jan 9 12:21:39 2019 TUN/TAP TX queue length set to 100
Wed Jan 9 12:21:39 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jan 9 12:21:39 2019 /sbin/ip link set dev tun0 up mtu 1500
Wed Jan 9 12:21:39 2019 /sbin/ip addr add dev tun0 172.16.10.1/24 broadcast 172.16.10.255
Wed Jan 9 12:21:39 2019 /sbin/ip route add 172.16.10.0/24 via 172.16.10.2
RTNETLINK answers: File exists
Wed Jan 9 12:21:39 2019 ERROR: Linux route add command failed: external program exited with error status: 2
Wed Jan 9 12:21:39 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Jan 9 12:21:39 2019 UDPv4 link local (bound): [AF_INET][undef]:1488
Wed Jan 9 12:21:39 2019 UDPv4 link remote: [AF_UNSPEC]
Wed Jan 9 12:21:39 2019 MULTI: multi_init called, r=256 v=256
Wed Jan 9 12:21:39 2019 IFCONFIG POOL: base=172.16.10.2 size=252, ipv6=0
Wed Jan 9 12:21:39 2019 IFCONFIG POOL LIST
Wed Jan 9 12:21:39 2019 Initialization Sequence Completed
Wed Jan 9 12:21:57 2019 46.158.141.90:1194 TLS: Initial packet from [AF_INET]46.158.141.90:1194, sid=2e855b64 09ac4522
Wed Jan 9 12:21:57 2019 46.158.141.90:1194 VERIFY OK: depth=1, CN=Easy-RSA CA
Wed Jan 9 12:21:57 2019 46.158.141.90:1194 VERIFY OK: depth=0, CN=home
Wed Jan 9 12:21:58 2019 46.158.141.90:1194 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
Wed Jan 9 12:21:58 2019 46.158.141.90:1194 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-128-CBC'
Wed Jan 9 12:21:58 2019 46.158.141.90:1194 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Jan 9 12:21:58 2019 46.158.141.90:1194 [home] Peer Connection Initiated with [AF_INET]46.158.141.90:1194
Wed Jan 9 12:21:58 2019 home/46.158.141.90:1194 MULTI_sva: pool returned IPv4=172.16.10.2, IPv6=(Not enabled)
Wed Jan 9 12:21:58 2019 home/46.158.141.90:1194 MULTI: Learn: 172.16.10.2 -> home/46.158.141.90:1194
Wed Jan 9 12:21:58 2019 home/46.158.141.90:1194 MULTI: primary virtual IP for home/46.158.141.90:1194: 172.16.10.2
Лог клиента
Wed Jan 9 20:34:26 2019 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
Wed Jan 9 20:34:26 2019 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Wed Jan 9 20:34:26 2019 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Wed Jan 9 20:34:26 2019 library versions: OpenSSL 1.1.1a 20 Nov 2018, LZO 2.10
Wed Jan 9 20:34:26 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jan 9 20:34:26 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan 9 20:34:26 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan 9 20:34:26 2019 TUN/TAP device tun0 opened
Wed Jan 9 20:34:26 2019 TUN/TAP TX queue length set to 100
Wed Jan 9 20:34:26 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.141.25.133:1488
Wed Jan 9 20:34:26 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Jan 9 20:34:26 2019 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Jan 9 20:34:26 2019 UDPv4 link remote: [AF_INET]185.141.25.133:1488
Wed Jan 9 20:34:26 2019 TLS: Initial packet from [AF_INET]185.141.25.133:1488, sid=038ea26c e19f0b00
Wed Jan 9 20:34:27 2019 VERIFY OK: depth=1, CN=Easy-RSA CA
Wed Jan 9 20:34:27 2019 VERIFY OK: depth=0, CN=vpnserver
Wed Jan 9 20:34:27 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Wed Jan 9 20:34:27 2019 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Wed Jan 9 20:34:27 2019 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Jan 9 20:34:27 2019 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan 9 20:34:27 2019 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Jan 9 20:34:27 2019 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan 9 20:34:27 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Jan 9 20:34:27 2019 [vpnserver] Peer Connection Initiated with [AF_INET]185.141.25.133:1488
Wed Jan 9 20:34:28 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jan 9 20:34:28 2019 Initialization Sequence Completed
^CWed Jan 9 20:37:46 2019 event_wait : Interrupted system call (code=4)
Wed Jan 9 20:37:46 2019 Closing TUN/TAP interface
Wed Jan 9 20:37:46 2019 SIGINT[hard,] received, process exiting
Клиент даже не получает команду на присвоение IP, tun0 появляется, но в статусе DOWN. На Windows 10 все срабатывает, ip присваивается.
|