Каскадный режим | Линейный режим

Don · 12.08.2010 0:23

Мой провайдер создает в городе локальную сеть 10.0.0.0
каждому абоненту дает по 4 айпишника, к одному из этих айпишников можно купить реальный айпи адрес. В локальной сети есть dchub, вход на который с интернета запрещен. А с локальной сети разрешен. Моя задача - создать VPN туннель для человека, который находится в другом городе и хочет иметь доступ к ресурсам нашей локальной сети (dchub и пара локальных сайтов).

Я сам работаю с компа в локальной сети на 10.1.90.174
сервер с белым адресом стоит на 10.1.90.175. На сервере gentoolinux и OpenVPN. Серверный конфиг:
mode server
tls-server
proto tcp-server
dev tap
port 5555
daemon
tls-auth /etc/openvpn/vpnet/keys/ta.key 0
ca /etc/openvpn/vpnet/keys/ca.crt
cert /etc/openvpn/vpnet/keys/vpsrv.crt
key /etc/openvpn/vpnet/keys/vpsrv.key
dh /etc/openvpn/vpnet/keys/dh1024.pem
ifconfig 192.168.0.1 255.255.255.0
ifconfig-pool 192.168.0.2 192.168.0.128
push "redirect-gateway local def1"
push "route-gateway 192.168.0.1"
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.0.1 255.255.255.0"
push "redirect-gateway"
duplicate-cn
verb 5
#cipher DES-EDE3-CBC
cipher none
persist-key
log-append /var/log/openvpn.log
push "dhcp-option DNS 94.232.8.200"
push "dhcp-option DNS 94.232.8.201"
persist-tun
comp-lzo
#tun-mtu 1300
#mssfix 1272

Пользовательский конфиг:

tls-client
proto tcp-client
remote 10.1.90.175
dev tap
port 5555
cd C:\\OpenVPN\\config\\vpnet\\client-keys
pull
tls-auth C:\\OpenVPN\\config\\vpnet\\client-keys\\ta.key 1
ca C:\\OpenVPN\\config\\vpnet\\client-keys\\ca.crt
cert C:\\OpenVPN\\config\\vpnet\\client-keys\\vpclient.crt
key C:\\OpenVPN\\config\\vpnet\\client-keys\\vpclient.key
#cipher DES-EDE3-CBC
cipher none
verb 3
#route-method exe
route-delay 3
comp-lzo
#tun-mtu 1300
#mssfix 1272

Пользователь сидит на GPRS модеме 3G каком-то от мегафона. Ему при подключении провайдер дает адреса типа: айпи 10.242.211.79, маска 255.255.255.255, шлюз 10.242.211.79. Ну а в инет выходит под одним из белых адресов провайдера.

У меня и у этого друга компы с виндой ХР сп3. У меня VPN нормально работает, нормально коннектится, в инет выхожу под белым адресом привязаным к серверу с OpenVPN. На dc-хабе определяется внутренний айпи машинки ссервером OpenVPN (10.1.90.175). В общем у меня все работает так, как хотелось бы, чтоб у него работало. НО у него не пашет.

Серверный лог:

Thu Aug 12 01:12:10 2010 OpenVPN 2.1.0 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on May 8 2010
Thu Aug 12 01:12:10 2010 WARNING: --keepalive option is missing from server config
Thu Aug 12 01:12:10 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 12 01:12:10 2010 Diffie-Hellman initialized with 1024 bit key
Thu Aug 12 01:12:10 2010 ******* WARNING *******: null cipher specified, no encryption will be used
Thu Aug 12 01:12:10 2010 Control Channel Authentication: using '/etc/openvpn/vpnet/keys/ta.key' as a OpenVPN static key file
Thu Aug 12 01:12:10 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:12:10 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:12:10 2010 TLS-Auth MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Thu Aug 12 01:12:10 2010 TUN/TAP device tap0 opened
Thu Aug 12 01:12:10 2010 TUN/TAP TX queue length set to 100
Thu Aug 12 01:12:10 2010 /sbin/ifconfig tap0 192.168.0.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.0.255
Thu Aug 12 01:12:10 2010 Data Channel MTU parms [ L:1560 D:1450 EF:28 EB:135 ET:32 EL:0 AF:14/28 ]
Thu Aug 12 01:12:10 2010 GID set to openvpn
Thu Aug 12 01:12:10 2010 UID set to openvpn
Thu Aug 12 01:12:10 2010 Listening for incoming TCP connection on [undef]:5555
Thu Aug 12 01:12:10 2010 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Aug 12 01:12:10 2010 TCPv4_SERVER link local (bound): [undef]:5555
Thu Aug 12 01:12:10 2010 TCPv4_SERVER link remote: [undef]
Thu Aug 12 01:12:10 2010 MULTI: multi_init called, r=256 v=256
Thu Aug 12 01:12:10 2010 IFCONFIG POOL: base=192.168.0.2 size=127
Thu Aug 12 01:12:10 2010 MULTI: TCP INIT maxclients=1024 maxevents=1028
Thu Aug 12 01:12:10 2010 Initialization Sequence Completed
Thu Aug 12 01:12:40 2010 MULTI: multi_create_instance called
Thu Aug 12 01:12:40 2010 Re-using SSL/TLS context
Thu Aug 12 01:12:40 2010 LZO compression initialized
Thu Aug 12 01:12:40 2010 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Thu Aug 12 01:12:40 2010 Data Channel MTU parms [ L:1560 D:1450 EF:28 EB:135 ET:32 EL:0 AF:14/28 ]
Thu Aug 12 01:12:40 2010 Local Options hash (VER=V4): '1f9380b8'
Thu Aug 12 01:12:40 2010 Expected Remote Options hash (VER=V4): 'c96a3b2c'
Thu Aug 12 01:12:40 2010 TCP connection established with 83.149.28.234:27184
Thu Aug 12 01:12:40 2010 Socket Buffers: R=[131072->131072] S=[131072->131072]
Thu Aug 12 01:12:40 2010 TCPv4_SERVER link local: [undef]
Thu Aug 12 01:12:40 2010 TCPv4_SERVER link remote: 83.149.28.234:27184
Thu Aug 12 01:12:40 2010 83.149.28.234:27184 TLS: Initial packet from 83.149.28.234:27184, sid=104d5946 21fa5fbe
Thu Aug 12 01:12:50 2010 83.149.28.234:27184 VERIFY OK: depth=1, /C=RU/ST=XX/L=Town/O=Companyname/CN=Companyname_CA/emailAddress=test@mail.ru
Thu Aug 12 01:12:50 2010 83.149.28.234:27184 VERIFY OK: depth=0, /C=RU/ST=XX/L=Town/O=Companyname/CN=vpclient/emailAddress=test@mail.ru
Thu Aug 12 01:12:56 2010 83.149.28.234:27184 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:12:56 2010 83.149.28.234:27184 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:12:56 2010 83.149.28.234:27184 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 12 01:12:56 2010 83.149.28.234:27184 [vpclient] Peer Connection Initiated with 83.149.28.234:27184
Thu Aug 12 01:12:58 2010 vpclient/83.149.28.234:27184 PUSH: Received control message: 'PUSH_REQUEST'
Thu Aug 12 01:12:58 2010 vpclient/83.149.28.234:27184 SENT CONTROL [vpclient]: 'PUSH_REPLY,redirect-gateway local def1,route-gateway 192.168.0.1,route 192.16$
Thu Aug 12 01:13:01 2010 vpclient/83.149.28.234:27184 MULTI: Learn: 00:ff:04:7e:ad:4a -> vpclient/83.149.28.234:27184
Thu Aug 12 01:14:19 2010 MULTI: multi_create_instance called
Thu Aug 12 01:14:19 2010 Re-using SSL/TLS context
Thu Aug 12 01:14:19 2010 LZO compression initialized
Thu Aug 12 01:14:19 2010 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Thu Aug 12 01:14:19 2010 Data Channel MTU parms [ L:1560 D:1450 EF:28 EB:135 ET:32 EL:0 AF:14/28 ]
Thu Aug 12 01:14:19 2010 Local Options hash (VER=V4): '1f9380b8'
Thu Aug 12 01:14:19 2010 Expected Remote Options hash (VER=V4): 'c96a3b2c'
Thu Aug 12 01:14:19 2010 TCP connection established with 83.149.28.234:13324
Thu Aug 12 01:14:19 2010 Socket Buffers: R=[131072->131072] S=[131072->131072]
Thu Aug 12 01:14:19 2010 TCPv4_SERVER link local: [undef]
Thu Aug 12 01:14:19 2010 TCPv4_SERVER link remote: 83.149.28.234:13324
Thu Aug 12 01:14:19 2010 83.149.28.234:13324 TLS: Initial packet from 83.149.28.234:13324, sid=cc824c81 8344772f
Thu Aug 12 01:14:25 2010 83.149.28.234:13324 VERIFY OK: depth=1, /C=RU/ST=XX/L=Town/O=Companyname/CN=Companyname_CA/emailAddress=test@mail.ru
Thu Aug 12 01:14:25 2010 83.149.28.234:13324 VERIFY OK: depth=0, /C=RU/ST=XX/L=Town/O=Companyname/CN=vpclient/emailAddress=test@mail.ru
Thu Aug 12 01:14:27 2010 83.149.28.234:13324 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:14:27 2010 83.149.28.234:13324 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:14:27 2010 83.149.28.234:13324 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 12 01:14:27 2010 83.149.28.234:13324 [vpclient] Peer Connection Initiated with 83.149.28.234:13324
Thu Aug 12 01:14:30 2010 vpclient/83.149.28.234:13324 PUSH: Received control message: 'PUSH_REQUEST'
Thu Aug 12 01:14:30 2010 vpclient/83.149.28.234:13324 SENT CONTROL [vpclient]: 'PUSH_REPLY,redirect-gateway local def1,route-gateway 192.168.0.1,route 192.16$
Thu Aug 12 01:14:31 2010 vpclient/83.149.28.234:13324 MULTI: Learn: 00:ff:04:7e:ad:4a -> vpclient/83.149.28.234:13324
Thu Aug 12 01:15:13 2010 MULTI: multi_create_instance called
Thu Aug 12 01:15:13 2010 Re-using SSL/TLS context
Thu Aug 12 01:15:13 2010 LZO compression initialized

Клиентский лог:

Thu Aug 12 01:11:52 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Thu Aug 12 01:11:52 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Aug 12 01:11:52 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 12 01:11:52 2010 ******* WARNING *******: null cipher specified, no encryption will be used
Thu Aug 12 01:11:52 2010 Control Channel Authentication: using 'C:\OpenVPN\config\vpnet\client-keys\ta.key' as a OpenVPN static key file
Thu Aug 12 01:11:52 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:11:52 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:11:52 2010 LZO compression initialized
Thu Aug 12 01:11:52 2010 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Thu Aug 12 01:11:52 2010 Data Channel MTU parms [ L:1560 D:1450 EF:28 EB:135 ET:32 EL:0 AF:14/28 ]
Thu Aug 12 01:11:52 2010 Local Options hash (VER=V4): 'c96a3b2c'
Thu Aug 12 01:11:52 2010 Expected Remote Options hash (VER=V4): '1f9380b8'
Thu Aug 12 01:11:52 2010 Attempting to establish TCP connection with 109.95.225.54:5555
Thu Aug 12 01:11:52 2010 TCP connection established with 109.95.225.54:5555
Thu Aug 12 01:11:52 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 12 01:11:52 2010 TCPv4_CLIENT link local: [undef]
Thu Aug 12 01:11:52 2010 TCPv4_CLIENT link remote: 109.95.225.54:5555
Thu Aug 12 01:11:53 2010 TLS: Initial packet from 109.95.225.54:5555, sid=6ab06ed5 35ffde77
Thu Aug 12 01:11:57 2010 VERIFY OK: depth=1, /C=RU/ST=XX/L=Town/O=Companyname/CN=Companyname_CA/emailAddress=test@mail.ru
Thu Aug 12 01:11:57 2010 VERIFY OK: depth=0, /C=RU/ST=XX/L=Town/O=Companyname/CN=vpsrv/emailAddress=test@mail.ru
Thu Aug 12 01:12:08 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:12:08 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:12:08 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 12 01:12:08 2010 [vpsrv] Peer Connection Initiated with 109.95.225.54:5555
Thu Aug 12 01:12:10 2010 SENT CONTROL [vpsrv]: 'PUSH_REQUEST' (status=1)
Thu Aug 12 01:12:11 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway local def1,route-gateway 192.168.0.1,route 192.168.0.0 255.255.255.0,route 192.168.0.1 255.255.255.0,redirect-gateway,dhcp-option DNS 94.232.8.200,dhcp-option DNS 94.232.8.201,ifconfig 192.168.0.2 255.255.255.0'
Thu Aug 12 01:12:11 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 12 01:12:11 2010 OPTIONS IMPORT: route options modified
Thu Aug 12 01:12:11 2010 OPTIONS IMPORT: route-related options modified
Thu Aug 12 01:12:11 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 12 01:12:11 2010 ROUTE default_gateway=10.242.211.79
Thu Aug 12 01:12:11 2010 TAP-WIN32 device [Подключение по локальной сети 3] opened: \\.\Global\{047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B}.tap
Thu Aug 12 01:12:11 2010 TAP-Win32 Driver Version 9.6
Thu Aug 12 01:12:11 2010 TAP-Win32 MTU=1500
Thu Aug 12 01:12:11 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.0.2/255.255.255.0 on interface {047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B} [DHCP-serv: 192.168.0.0, lease-time: 31536000]
Thu Aug 12 01:12:11 2010 Successful ARP Flush on interface [4] {047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B}
Thu Aug 12 01:12:13 2010 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Thu Aug 12 01:12:13 2010 Route: Waiting for TUN/TAP interface to come up...
Thu Aug 12 01:12:15 2010 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Thu Aug 12 01:12:15 2010 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:12:15 2010 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:12:15 2010 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:12:15 2010 C:\WINDOWS\system32\route.exe ADD 192.168.0.1 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:12:15 2010 Initialization Sequence Completed
Thu Aug 12 01:13:26 2010 write TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054)
Thu Aug 12 01:13:26 2010 Connection reset, restarting [-1]
Thu Aug 12 01:13:26 2010 TCP/UDP: Closing socket
Thu Aug 12 01:13:26 2010 C:\WINDOWS\system32\route.exe DELETE 192.168.0.1 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:13:26 2010 C:\WINDOWS\system32\route.exe DELETE 192.168.0.0 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:13:26 2010 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:13:26 2010 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:13:26 2010 Closing TUN/TAP interface
Thu Aug 12 01:13:26 2010 SIGUSR1[soft,connection-reset] received, process restarting
Thu Aug 12 01:13:26 2010 Restart pause, 5 second(s)
Thu Aug 12 01:13:31 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn. net/howto.html#mitm for more info.
Thu Aug 12 01:13:31 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 12 01:13:31 2010 ******* WARNING *******: null cipher specified, no encryption will be used
Thu Aug 12 01:13:31 2010 Control Channel Authentication: using 'C:\OpenVPN\config\vpnet\client-keys\ta.key' as a OpenVPN static key file
Thu Aug 12 01:13:31 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:13:31 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:13:31 2010 LZO compression initialized
Thu Aug 12 01:13:31 2010 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Thu Aug 12 01:13:31 2010 Data Channel MTU parms [ L:1560 D:1450 EF:28 EB:135 ET:32 EL:0 AF:14/28 ]
Thu Aug 12 01:13:31 2010 Local Options hash (VER=V4): 'c96a3b2c'
Thu Aug 12 01:13:31 2010 Expected Remote Options hash (VER=V4): '1f9380b8'
Thu Aug 12 01:13:31 2010 Attempting to establish TCP connection with 109.95.225.54:5555
Thu Aug 12 01:13:32 2010 TCP connection established with 109.95.225.54:5555
Thu Aug 12 01:13:32 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 12 01:13:32 2010 TCPv4_CLIENT link local: [undef]
Thu Aug 12 01:13:32 2010 TCPv4_CLIENT link remote: 109.95.225.54:5555
Thu Aug 12 01:13:32 2010 TLS: Initial packet from 109.95.225.54:5555, sid=ed0f4c28 bef601df
Thu Aug 12 01:13:34 2010 VERIFY OK: depth=1, /C=RU/ST=XX/L=Town/O=Companyname/CN=Companyname_CA/emailAddress=test@mail.ru
Thu Aug 12 01:13:34 2010 VERIFY OK: depth=0, /C=RU/ST=XX/L=Town/O=Companyname/CN=vpsrv/emailAddress=test@mail.ru
Thu Aug 12 01:13:39 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:13:39 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:13:39 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 12 01:13:39 2010 [vpsrv] Peer Connection Initiated with 109.95.225.54:5555
Thu Aug 12 01:13:42 2010 SENT CONTROL [vpsrv]: 'PUSH_REQUEST' (status=1)
Thu Aug 12 01:13:42 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway local def1,route-gateway 192.168.0.1,route 192.168.0.0 255.255.255.0,route 192.168.0.1 255.255.255.0,redirect-gateway,dhcp-option DNS 94.232.8.200,dhcp-option DNS 94.232.8.201,ifconfig 192.168.0.3 255.255.255.0'
Thu Aug 12 01:13:42 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 12 01:13:42 2010 OPTIONS IMPORT: r
oute options modified
Thu Aug 12 01:13:42 2010 OPTIONS IMPORT: route-related options modified
Thu Aug 12 01:13:42 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 12 01:13:42 2010 ROUTE default_gateway=10.242.211.79
Thu Aug 12 01:13:42 2010 TAP-WIN32 device [Подключение по локальной сети 3] opened: \\.\Global\{047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B}.tap
Thu Aug 12 01:13:42 2010 TAP-Win32 Driver Version 9.6
Thu Aug 12 01:13:42 2010 TAP-Win32 MTU=1500
Thu Aug 12 01:13:42 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.0.3/255.255.255.0 on interface {047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B} [DHCP-serv: 192.168.0.0, lease-time: 31536000]
Thu Aug 12 01:13:42 2010 Successful ARP Flush on interface [4] {047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B}
Thu Aug 12 01:13:44 2010 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Thu Aug 12 01:13:44 2010 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:13:44 2010 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:13:44 2010 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:13:44 2010 C:\WINDOWS\system32\route.exe ADD 192.168.0.1 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:13:44 2010 Initialization Sequence Completed
Thu Aug 12 01:14:20 2010 write TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054)
Thu Aug 12 01:14:20 2010 Connection reset, restarting [-1]
Thu Aug 12 01:14:20 2010 TCP/UDP: Closing socket
Thu Aug 12 01:14:20 2010 C:\WINDOWS\system32\route.exe DELETE 192.168.0.1 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:14:20 2010 C:\WINDOWS\system32\route.exe DELETE 192.168.0.0 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:14:20 2010 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:14:20 2010 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:14:20 2010 Closing TUN/TAP interface
Thu Aug 12 01:14:20 2010 SIGUSR1[soft,connection-reset] received, process restarting
Thu Aug 12 01:14:20 2010 Restart pause, 5 second(s)
Thu Aug 12 01:14:25 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Aug 12 01:14:25 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 12 01:14:25 2010 ******* WARNING *******: null cipher specified, no encryption will be used
Thu Aug 12 01:14:25 2010 Control Channel Authentication: using 'C:\OpenVPN\config\vpnet\client-keys\ta
.key' as a OpenVPN static key file
Thu Aug 12 01:14:25 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:14:25 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:14:25 2010 LZO compression initialized
Thu Aug 12 01:14:25 2010 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Thu Aug 12 01:14:25 2010 Data Channel MTU parms [ L:1560 D:1450 EF:28 EB:135 ET:32 EL:0 AF:14/28 ]
Thu Aug 12 01:14:25 2010 Local Options hash (VER=V4): 'c96a3b2c'
Thu Aug 12 01:14:25 2010 Expected Remote Options hash (VER=V4): '1f9380b8'
Thu Aug 12 01:14:25 2010 Attempting to establish TCP connection with 109.95.225.54:5555
Thu Aug 12 01:14:25 2010 TCP connection established with 109.95.225.54:5555
Thu Aug 12 01:14:25 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 12 01:14:25 2010 TCPv4_CLIENT link local: [undef]
Thu Aug 12 01:14:25 2010 TCPv4_CLIENT link remote: 109.95.225.54:5555
Thu Aug 12 01:14:25 2010 TLS: Initial packet from 109.95.225.54:5555, sid=b17021d5 82a38109
Thu Aug 12 01:14:28 2010 VERIFY OK: depth=1, /C=RU/ST=XX/L=Town/O=Companyname/CN=Companyname_CA/emailAddress=test@mail.ru
Thu Aug 12 01:14:28 2010 VERIFY OK: depth=0, /C=RU/ST=XX/L=Town/O=Companyname/CN=vpsrv/emailAddress=test@mail.ru
Thu Aug 12 01:14:33 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:14:33 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:14:33 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 12 01:14:33 2010 [vpsrv] Peer Connection Initiated with 109.95.225.54:5555
Thu Aug 12 01:14:35 2010 SENT CONTROL [vpsrv]: 'PUSH_REQUEST' (status=1)
Thu Aug 12 01:14:36 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway local def1,route-gateway 192.168.0.1,route 192.168.0.0 255.255.255.0,route 192.168.0.1 255.255.255.0,redirect-gateway,dhcp-option DNS 94.232.8.200,dhcp-option DNS 94.232.8.201,ifconfig 192.168.0.4 255.255.255.0'
Thu Aug 12 01:14:36 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 12 01:14:36 2010 OPTIONS IMPORT: route options modified
Thu Aug 12 01:14:36 2010 OPTIONS IMPORT: route-related options modified
Thu Aug 12 01:14:36 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 12 01:14:36 2010 ROUTE default_gateway=10.242.211.79
Thu Aug 12 01:14:36 2010 TAP-WIN32 device [Подключение по локальной сети 3] opened: \\.\Global\{047EAD4A-FD2E-47EC-A14F
-88E3DEDE4C8B}.tap
Thu Aug 12 01:14:36 2010 TAP-Win32 Driver Version 9.6
Thu Aug 12 01:14:36 2010 TAP-Win32 MTU=1500
Thu Aug 12 01:14:36 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.0.4/255.255.255.0 on interface {047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B} [DHCP-serv: 192.168.0.0, lease-time: 31536000]
Thu Aug 12 01:14:36 2010 Successful ARP Flush on interface [4] {047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B}
Thu Aug 12 01:14:38 2010 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Thu Aug 12 01:14:38 2010 Route: Waiting for TUN/TAP interface to come up...
Thu Aug 12 01:14:40 2010 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Thu Aug 12 01:14:40 2010 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:14:40 2010 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:14:40 2010 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:14:40 2010 C:\WINDOWS\system32\route.exe ADD 192.168.0.1 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:14:40 2010 Initialization Sequence Completed
Thu Aug 12 01:15:24 2010 write TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054)
Thu Aug 12 01:15:24 2010 Connection reset, restarting [-1]
Thu Aug 12 01:15:24 2010 TCP/UDP: Closing socket
Thu Aug 12 01:15:24 2010 C:\WINDOWS\system32\route.exe DELETE 192.168.0.1 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:15:24 2010 C:\WINDOWS\system32\route.exe DELETE 192.168.0.0 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:15:24 2010 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:15:24 2010 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:15:24 2010 Closing TUN/TAP interface
Thu Aug 12 01:15:24 2010 SIGUSR1[soft,connection-reset] received, process restarting
Thu Aug 12 01:15:24 2010 Restart pause, 5 second(s)
Thu Aug 12 01:15:29 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Aug 12 01:15:29 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 12 01:15:29 2010 ******* WARNING *******: null cipher specified, no encryption will be used
Thu Aug 12 01:15:29 2010 Control Channel Authentication: using 'C:\OpenVPN\config\vpnet\client-keys\ta.key' as a OpenVPN static key file
Thu Aug 12 01:15:29 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:15:29 2010 Incoming Control Channel Au
thentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:15:29 2010 LZO compression initialized
Thu Aug 12 01:15:29 2010 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Thu Aug 12 01:15:29 2010 Data Channel MTU parms [ L:1560 D:1450 EF:28 EB:135 ET:32 EL:0 AF:14/28 ]
Thu Aug 12 01:15:29 2010 Local Options hash (VER=V4): 'c96a3b2c'
Thu Aug 12 01:15:29 2010 Expected Remote Options hash (VER=V4): '1f9380b8'
Thu Aug 12 01:15:29 2010 Attempting to establish TCP connection with 109.95.225.54:5555
Thu Aug 12 01:15:29 2010 TCP connection established with 109.95.225.54:5555
Thu Aug 12 01:15:29 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 12 01:15:29 2010 TCPv4_CLIENT link local: [undef]
Thu Aug 12 01:15:29 2010 TCPv4_CLIENT link remote: 109.95.225.54:5555
Thu Aug 12 01:15:29 2010 TLS: Initial packet from 109.95.225.54:5555, sid=16f13937 67ca246e
Thu Aug 12 01:15:31 2010 VERIFY OK: depth=1, /C=RU/ST=XX/L=Town/O=Companyname/CN=Companyname_CA/emailAddress=test@mail.ru
Thu Aug 12 01:15:31 2010 VERIFY OK: depth=0, /C=RU/ST=XX/L=Town/O=Companyname/CN=vpsrv/emailAddress=test@mail.ru
Thu Aug 12 01:15:36 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:15:36 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 12 01:15:36 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 12 01:15:36 2010 [vpsrv] Peer Connection Initiated with 109.95.225.54:5555
Thu Aug 12 01:15:39 2010 SENT CONTROL [vpsrv]: 'PUSH_REQUEST' (status=1)
Thu Aug 12 01:15:39 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway local def1,route-gateway 192.168.0.1,route 192.168.0.0 255.255.255.0,route 192.168.0.1 255.255.255.0,redirect-gateway,dhcp-option DNS 94.232.8.200,dhcp-option DNS 94.232.8.201,ifconfig 192.168.0.5 255.255.255.0'
Thu Aug 12 01:15:39 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 12 01:15:39 2010 OPTIONS IMPORT: route options modified
Thu Aug 12 01:15:39 2010 OPTIONS IMPORT: route-related options modified
Thu Aug 12 01:15:39 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 12 01:15:39 2010 ROUTE default_gateway=10.242.211.79
Thu Aug 12 01:15:39 2010 TAP-WIN32 device [Подключение по локальной сети 3] opened: \\.\Global\{047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B}.tap
Thu Aug 12 01:15:39 2010 TAP-Win32 Driver Version 9.6
Thu Aug 12 01:15:39 2010 TAP-Win32 MTU=1500
Thu Aug 12 01:15:39 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.0.5/255.255.255.0 on interface {047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B} [DHCP-serv: 192.168.0.0, lease-time: 31536000]
Thu Aug 12 01:15:39 2010 Successful ARP Flush on interface [4] {047EAD4A-FD2E-47EC-A14F-88E3DEDE4C8B}
Thu Aug 12 01:15:41 2010 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Thu Aug 12 01:15:41 2010 Route: Waiting for TUN/TAP interface to come up...
Thu Aug 12 01:15:43 2010 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Thu Aug 12 01:15:43 2010 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:15:43 2010 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.0.1
Thu Aug 12 01:15:43 2010 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:15:43 2010 C:\WINDOWS\system32\route.exe ADD 192.168.0.1 MASK 255.255.255.0 192.168.0.1
Thu Aug 12 01:15:43 2010 Initialization Sequence Completed

***clk824*** · 12.08.2010 16:32

Кинь мне личкой файлы для подключения. Попробую подключится.

***clk824*** · 16.08.2010 20:21

Извиняюсь за задержку. Обстоятельства.

Подключился сейчас к вашему серверу, соединение не отваливается, но получил ли я доступ к вашей локалке у меня большие сомнения. Ибо у меня тут у самого локальная на 192.168.0.0/24 висит. У вашего клиента такая же фигня может быть. К тому же у меня без прав администратора OpenVPN вообще не смог ничего в таблицу маршрутов добавить.

Пусть ваш чел скинет `route print` до и после подключения, ещё подумаем. Конечно маловероятно что проблема "отваливания" в этом но пока мыслей нет.

Don · 17.08.2010 21:12

OpenVPN перенаправляет череез себя весь траффик. Значит, чтоб проверить работоспособность, нужно было в инете свой айпи глянуть.

Теперь меня интересует, какие маршруты нужно добавлять клиенту?? Я в этом не соображаю((

***clk824*** · 20.08.2010 17:17

Я смотрю ты вырубил OpenVPN. Может Hamachi попробовать приспособить?

Don · 25.08.2010 17:59

Я его не вырубил. Я аайпи сменил. В общем мы тут решили попробовать openvpn версию пониже (последнюю стабильную)

Похожие темы
Тема:		Автор	Ответов:	Просмотров:	Посл. сообщение
	Настройка Hammer`а под ZPS - решено	all__	0	3 219	30.11.2011 12:49 Посл. сообщение: all__

Каскадный режим \| Линейный режим Настройка OpenVPN
Автор	Сообщение