Автор: Scorpi1975
Дата сообщения: 02.04.2016 22:35
Доброго времени суток.
Установил openvpn, генерировал ключи, создал конфигурационные файлы.
Соединение устанавливается, но клиент и сервер в разных подсетях и не видят друг друга.
Что-же я забыл?
Server.ovpn
[more]dev tun
proto tcp-server
port 1194
tls-server
server 192.168.10.0 255.255.255.0
comp-lzo
dh C:\\OpenVPN\\ssl\\dh1024.pem
ca C:\\OpenVPN\\ssl\\ca.crt
cert C:\\OpenVPN\\ssl\\server.crt
key C:\\OpenVPN\\ssl\\server.key
tls-auth C:\\OpenVPN\\ssl\\ta.key 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
keepalive 10 120
status C:\\OpenVPN\\log\\openvupn-status.log
log C:\\OpenVPN\\log\\openvpn.log
verb 3[/more]
client.ovpn
[more]dev tun
proto tcp
remote ХХХХ.dtdns.net 1194
route-delay 3
client
tls-client
ns-cert-type server
ca C:\\OpenVPN\\ssl\\ca.crt
cert C:\\OpenVPN\\ssl\\client.crt
key C:\\OpenVPN\\ssl\\client.key
tls-auth C:\\OpenVPN\\ssl\\ta.key 1
comp-lzo
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping-restart 60
ping 10
status C:\\OpenVPN\\log\\openvpn-status.log
log C:\\OpenVPN\\log\\openvpn.log
verb 3[/more]
Лог сервера
[more]Sat Apr 02 23:29:40 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Sat Apr 02 23:29:40 2016 Windows version 6.2 (Windows 8 or greater)
Sat Apr 02 23:29:40 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Enter Management Password:
Sat Apr 02 23:29:40 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Apr 02 23:29:40 2016 Need hold release from management interface, waiting...
Sat Apr 02 23:29:41 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Apr 02 23:29:41 2016 MANAGEMENT: CMD 'state on'
Sat Apr 02 23:29:41 2016 MANAGEMENT: CMD 'log all on'
Sat Apr 02 23:29:41 2016 MANAGEMENT: CMD 'hold off'
Sat Apr 02 23:29:41 2016 MANAGEMENT: CMD 'hold release'
Sat Apr 02 23:29:41 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sat Apr 02 23:29:41 2016 Diffie-Hellman initialized with 1024 bit key
Sat Apr 02 23:29:41 2016 Control Channel Authentication: using 'C:\OpenVPN\ssl\ta.key' as a OpenVPN static key file
Sat Apr 02 23:29:41 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 02 23:29:41 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 02 23:29:41 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 02 23:29:41 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=3 HWADDR=20:18:0e:03:7b:61
Sat Apr 02 23:29:41 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Apr 02 23:29:41 2016 MANAGEMENT: >STATE:1459625381,ASSIGN_IP,,192.168.10.1,
Sat Apr 02 23:29:41 2016 open_tun, tt->ipv6=0
Sat Apr 02 23:29:41 2016 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{F3BE910D-D825-4F34-8404-4EA6CDFE0021}.tap
Sat Apr 02 23:29:41 2016 TAP-Windows Driver Version 9.21
Sat Apr 02 23:29:41 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.10.1/255.255.255.252 on interface {F3BE910D-D825-4F34-8404-4EA6CDFE0021} [DHCP-serv: 192.168.10.2, lease-time: 31536000]
Sat Apr 02 23:29:41 2016 Sleeping for 10 seconds...
Sat Apr 02 23:29:51 2016 Successful ARP Flush on interface [23] {F3BE910D-D825-4F34-8404-4EA6CDFE0021}
Sat Apr 02 23:29:51 2016 MANAGEMENT: >STATE:1459625391,ADD_ROUTES,,,
Sat Apr 02 23:29:51 2016 C:\Windows\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 192.168.10.2
Sat Apr 02 23:29:51 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sat Apr 02 23:29:51 2016 Route addition via IPAPI succeeded [adaptive]
Sat Apr 02 23:29:51 2016 Listening for incoming TCP connection on [undef]
Sat Apr 02 23:29:51 2016 TCPv4_SERVER link local (bound): [undef]
Sat Apr 02 23:29:51 2016 TCPv4_SERVER link remote: [undef]
Sat Apr 02 23:29:51 2016 MULTI: multi_init called, r=256 v=256
Sat Apr 02 23:29:51 2016 IFCONFIG POOL: base=192.168.10.4 size=62, ipv6=0
Sat Apr 02 23:29:51 2016 MULTI: TCP INIT maxclients=60 maxevents=64
Sat Apr 02 23:29:51 2016 Initialization Sequence Completed
Sat Apr 02 23:29:51 2016 MANAGEMENT: >STATE:1459625391,CONNECTED,SUCCESS,192.168.10.1,
Sat Apr 02 23:29:54 2016 TCP connection established with [AF_INET]81.28.163.37:64059
Sat Apr 02 23:29:55 2016 81.28.163.37:64059 TLS: Initial packet from [AF_INET]81.28.163.37:64059, sid=e1284f50 cf46f5e7
Sat Apr 02 23:29:55 2016 81.28.163.37:64059 VERIFY OK: depth=1, C=RU, ST=Samara, L=TLT, O=ХХХХ, emailAddress=mail@ХХХХ.dtdns.net
Sat Apr 02 23:29:55 2016 81.28.163.37:64059 VERIFY OK: depth=0, C=RU, ST=Samara, O=ХХХХ, CN=client, emailAddress=mail@ХХХХ.dtdns.net
Sat Apr 02 23:29:55 2016 81.28.163.37:64059 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Apr 02 23:29:55 2016 81.28.163.37:64059 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 02 23:29:55 2016 81.28.163.37:64059 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Apr 02 23:29:55 2016 81.28.163.37:64059 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 02 23:29:55 2016 81.28.163.37:64059 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sat Apr 02 23:29:55 2016 81.28.163.37:64059 [client] Peer Connection Initiated with [AF_INET]81.28.163.37:64059
Sat Apr 02 23:29:55 2016 client/81.28.163.37:64059 MULTI_sva: pool returned IPv4=192.168.10.6, IPv6=(Not enabled)
Sat Apr 02 23:29:55 2016 client/81.28.163.37:64059 MULTI: Learn: 192.168.10.6 -> client/81.28.163.37:64059
Sat Apr 02 23:29:55 2016 client/81.28.163.37:64059 MULTI: primary virtual IP for client/81.28.163.37:64059: 192.168.10.6
Sat Apr 02 23:29:58 2016 client/81.28.163.37:64059 PUSH: Received control message: 'PUSH_REQUEST'
Sat Apr 02 23:29:58 2016 client/81.28.163.37:64059 send_push_reply(): safe_cap=940
Sat Apr 02 23:29:58 2016 client/81.28.163.37:64059 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.10.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.10.6 192.168.10.5' (status=1)[/more]
Лог клиента
[more]Sat Apr 02 23:29:48 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Sat Apr 02 23:29:48 2016 Windows version 6.2 (Windows 8 or greater)
Sat Apr 02 23:29:48 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Enter Management Password:
Sat Apr 02 23:29:48 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Apr 02 23:29:48 2016 Need hold release from management interface, waiting...
Sat Apr 02 23:29:48 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Apr 02 23:29:48 2016 MANAGEMENT: CMD 'state on'
Sat Apr 02 23:29:48 2016 MANAGEMENT: CMD 'log all on'
Sat Apr 02 23:29:48 2016 MANAGEMENT: CMD 'hold off'
Sat Apr 02 23:29:48 2016 MANAGEMENT: CMD 'hold release'
Sat Apr 02 23:29:48 2016 Control Channel Authentication: using 'C:\OpenVPN\ssl\ta.key' as a OpenVPN static key file
Sat Apr 02 23:29:48 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 02 23:29:48 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 02 23:29:48 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 02 23:29:48 2016 MANAGEMENT: >STATE:1459625388,RESOLVE,,,
Sat Apr 02 23:29:48 2016 Attempting to establish TCP connection with [AF_INET]95.67.196.67:1194 [nonblock]
Sat Apr 02 23:29:48 2016 MANAGEMENT: >STATE:1459625388,TCP_CONNECT,,,
Sat Apr 02 23:29:52 2016 TCP connection established with [AF_INET]95.67.196.67:1194
Sat Apr 02 23:29:52 2016 TCPv4_CLIENT link local: [undef]
Sat Apr 02 23:29:52 2016 TCPv4_CLIENT link remote: [AF_INET]95.67.196.67:1194
Sat Apr 02 23:29:52 2016 MANAGEMENT: >STATE:1459625392,WAIT,,,
Sat Apr 02 23:29:52 2016 MANAGEMENT: >STATE:1459625392,AUTH,,,
Sat Apr 02 23:29:52 2016 TLS: Initial packet from [AF_INET]95.67.196.67:1194, sid=1d1eb018 c362681b
Sat Apr 02 23:29:52 2016 VERIFY OK: depth=1, C=RU, ST=Samara, L=TLT, O=ХХХХ, emailAddress=mail@ХХХХ.dtdns.net
Sat Apr 02 23:29:52 2016 VERIFY OK: nsCertType=SERVER
Sat Apr 02 23:29:52 2016 VERIFY OK: depth=0, C=RU, ST=Samara, O=ХХХХ, CN=server, emailAddress=mail@ХХХХ.dtdns.net
Sat Apr 02 23:29:53 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Apr 02 23:29:53 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 02 23:29:53 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Apr 02 23:29:53 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 02 23:29:53 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sat Apr 02 23:29:53 2016 [server] Peer Connection Initiated with [AF_INET]95.67.196.67:1194
Sat Apr 02 23:29:54 2016 MANAGEMENT: >STATE:1459625394,GET_CONFIG,,,
Sat Apr 02 23:29:55 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Apr 02 23:29:55 2016 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.10.6 192.168.10.5'
Sat Apr 02 23:29:55 2016 OPTIONS IMPORT: timers and/or timeouts modified
Sat Apr 02 23:29:55 2016 OPTIONS IMPORT: --ifconfig/up options modified
Sat Apr 02 23:29:55 2016 OPTIONS IMPORT: route options modified
Sat Apr 02 23:29:55 2016 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=6 HWADDR=40:8d:5c:5c:d2:b2
Sat Apr 02 23:29:55 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Apr 02 23:29:55 2016 MANAGEMENT: >STATE:1459625395,ASSIGN_IP,,192.168.10.6,
Sat Apr 02 23:29:55 2016 open_tun, tt->ipv6=0
Sat Apr 02 23:29:55 2016 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{8AF3CCC6-0274-4DB4-876E-6E42AC1DE023}.tap
Sat Apr 02 23:29:55 2016 TAP-Windows Driver Version 9.21
Sat Apr 02 23:29:55 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.10.6/255.255.255.252 on interface {8AF3CCC6-0274-4DB4-876E-6E42AC1DE023} [DHCP-serv: 192.168.10.5, lease-time: 31536000]
Sat Apr 02 23:29:55 2016 Successful ARP Flush on interface [5] {8AF3CCC6-0274-4DB4-876E-6E42AC1DE023}
Sat Apr 02 23:29:58 2016 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Sat Apr 02 23:29:58 2016 MANAGEMENT: >STATE:1459625398,ADD_ROUTES,,,
Sat Apr 02 23:29:58 2016 C:\Windows\system32\route.exe ADD 192.168.10.1 MASK 255.255.255.255 192.168.10.5
Sat Apr 02 23:29:58 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sat Apr 02 23:29:58 2016 Route addition via IPAPI succeeded [adaptive]
Sat Apr 02 23:29:58 2016 Initialization Sequence Completed
Sat Apr 02 23:29:58 2016 MANAGEMENT: >STATE:1459625398,CONNECTED,SUCCESS,192.168.10.6,95.67.196.67
[/more]
Где дальше рыть, подскажите?
