Есть VPS, система debian-6.0-i386-minimal 32-битная, виртуализация OpenVZ. TUN/TAP включен. OpenVPN устанавливал по этим руководствам
Настройка OpenVPN шлюза в интернет на Debian, который на OpenVZ http://habrahabr.ru/post/188474/
Теплый и ламповый VPN http://habrahabr.ru/post/153855/
Установка OpenVPN на CentOS 6.4 http://habrahabr.ru/post/194144/
Установил OpenVPN, сервер запустился, сетевой интерфейс tun0 создался. Но выделенного IP у VPS нет, есть только внутренний адрес 10.0.1.95 на который проброшены порты с общего IP адреса. Пока есть 3 порта проброшенные на общий IP адрес. Один порт для подключения по SSH и ещё два порта:
Web serwer port (80): 1685
Extra port: 1695
Для OpenVPN я прописывал порт TCP 1695
Iptables на VPS отключен из-за угрозы безопасности основному узлу. Я писал хостеру и мне ответили вот что:
Iptables отключен из-за угрозы безопасности основному узлу. Вам нужно передать трафик непосредственно через VPN без NAT.
OpenVPN установил, подключение устанавливается, но выхода в интернет нет, сайты не загружаются. Я предпологаю что это потому что не настроена маршрутезация на сервере. По руководству нужно выполнить вот эти команды:
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to IP_АДРЕС_ВАШЕГО_СЕРВЕРА
iptables -A FORWARD -i venet0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun0 -o venet0 -j ACCEPT
но так как Iptables отключен, мне их выполнить не удалось.
local 10.0.1.95
port 1695
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
mute 20
client
remote 95.128.47.39 1695
proto tcp
dev tun
push "redirect-gateway def1"
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-client
comp-lzo
verb 4
mute 20
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:719 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:116681 (113.9 KiB) TX bytes:0 (0.0 B)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:966 errors:0 dropped:0 overruns:0 frame:0
TX packets:972 errors:0 dropped:719 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:225258 (219.9 KiB) TX bytes:120433 (117.6 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.1.95 P-t-P:10.0.1.95 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1332/dnsmasq
tcp 0 0 10.8.0.1:53 0.0.0.0:* LISTEN 1332/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1321/sshd
tcp 0 0 10.0.1.95:1695 0.0.0.0:* LISTEN 1315/openvpn
tcp6 0 0 :::22 :::* LISTEN 1321/sshd
udp 0 0 127.0.0.1:53 0.0.0.0:* 1332/dnsmasq
udp 0 0 10.8.0.1:53 0.0.0.0:* 1332/dnsmasq
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
Tue Jan 7 12:09:55 2014 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jun 6 2013
Tue Jan 7 12:09:55 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 7 12:09:55 2014 Diffie-Hellman initialized with 1024 bit key
Tue Jan 7 12:09:55 2014 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Tue Jan 7 12:09:55 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Jan 7 12:09:55 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 7 12:09:55 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 7 12:09:55 2014 TLS-Auth MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan 7 12:09:55 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Jan 7 12:09:55 2014 ROUTE: default_gateway=UNDEF
Tue Jan 7 12:09:55 2014 TUN/TAP device tun0 opened
Tue Jan 7 12:09:55 2014 TUN/TAP TX queue length set to 100
Tue Jan 7 12:09:55 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Tue Jan 7 12:09:55 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Tue Jan 7 12:09:55 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 7 12:09:55 2014 GID set to nogroup
Tue Jan 7 12:09:55 2014 UID set to nobody
Tue Jan 7 12:09:55 2014 Listening for incoming TCP connection on [AF_INET]10.0.1.95:1695
Tue Jan 7 12:09:55 2014 TCPv4_SERVER link local (bound): [AF_INET]10.0.1.95:1695
Tue Jan 7 12:09:55 2014 TCPv4_SERVER link remote: [undef]
Tue Jan 7 12:09:55 2014 MULTI: multi_init called, r=256 v=256
Tue Jan 7 12:09:55 2014 IFCONFIG POOL: base=10.8.0.4 size=62
Tue Jan 7 12:09:55 2014 IFCONFIG POOL LIST
Tue Jan 7 12:09:55 2014 client,10.8.0.4
Tue Jan 7 12:09:55 2014 MULTI: TCP INIT maxclients=1024 maxevents=1028
Tue Jan 7 12:09:55 2014 Initialization Sequence Completed
Tue Jan 7 12:16:23 2014 MULTI: multi_create_instance called
Tue Jan 7 12:16:23 2014 Re-using SSL/TLS context
Tue Jan 7 12:16:23 2014 LZO compression initialized
Tue Jan 7 12:16:23 2014 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan 7 12:16:23 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 7 12:16:23 2014 Local Options hash (VER=V4): 'bd577cd1'
Tue Jan 7 12:16:23 2014 Expected Remote Options hash (VER=V4): 'ee93268d'
Tue Jan 7 12:16:23 2014 TCP connection established with [AF_INET]95.128.47.39:6402
Tue Jan 7 12:16:23 2014 TCPv4_SERVER link local: [undef]
Tue Jan 7 12:16:23 2014 TCPv4_SERVER link remote: [AF_INET]95.128.47.39:6402
Tue Jan 7 12:16:23 2014 95.128.47.39:6402 TLS: Initial packet from [AF_INET]95.128.47.39:6402, sid=85fa5342 6eca6951
Tue Jan 7 12:16:26 2014 95.128.47.39:6402 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Jan 7 12:16:26 2014 95.128.47.39:6402 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=client/emailAddress=me@myhost.mydomain
Tue Jan 7 12:16:27 2014 95.128.47.39:6402 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 7 12:16:27 2014 95.128.47.39:6402 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 7 12:16:27 2014 95.128.47.39:6402 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 7 12:16:27 2014 95.128.47.39:6402 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 7 12:16:27 2014 95.128.47.39:6402 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 7 12:16:27 2014 95.128.47.39:6402 [client] Peer Connection Initiated with [AF_INET]95.128.47.39:6402
Tue Jan 7 12:16:27 2014 client/95.128.47.39:6402 MULTI: Learn: 10.8.0.6 -> client/95.128.47.39:6402
Tue Jan 7 12:16:27 2014 client/95.128.47.39:6402 MULTI: primary virtual IP for client/95.128.47.39:6402: 10.8.0.6
Tue Jan 7 12:16:30 2014 client/95.128.47.39:6402 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan 7 12:16:30 2014 client/95.128.47.39:6402 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Tue Jan 7 12:18:14 2014 client/95.128.47.39:6402 Connection reset, restarting [-1]
Tue Jan 7 12:18:14 2014 client/95.128.47.39:6402 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Jan 7 12:18:14 2014 TCP/UDP: Closing socket
Tue Jan 7 12:21:39 2014 MULTI: multi_create_instance called
Tue Jan 7 12:21:39 2014 Re-using SSL/TLS context
Tue Jan 7 12:21:39 2014 LZO compression initialized
Tue Jan 7 12:21:39 2014 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan 7 12:21:39 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 7 12:21:39 2014 Local Options hash (VER=V4): 'bd577cd1'
Tue Jan 7 12:21:39 2014 Expected Remote Options hash (VER=V4): 'ee93268d'
Tue Jan 7 12:21:39 2014 TCP connection established with [AF_INET]95.128.47.39:19524
Tue Jan 7 12:21:39 2014 TCPv4_SERVER link local: [undef]
Tue Jan 7 12:21:39 2014 TCPv4_SERVER link remote: [AF_INET]95.128.47.39:19524
Tue Jan 7 12:21:39 2014 95.128.47.39:19524 TLS: Initial packet from [AF_INET]95.128.47.39:19524, sid=16384c26 b520f69a
Tue Jan 7 12:21:42 2014 95.128.47.39:19524 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Jan 7 12:21:42 2014 95.128.47.39:19524 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=client/emailAddress=me@myhost.mydomain
Tue Jan 7 12:21:43 2014 95.128.47.39:19524 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 7 12:21:43 2014 95.128.47.39:19524 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 7 12:21:43 2014 95.128.47.39:19524 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 7 12:21:43 2014 95.128.47.39:19524 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 7 12:21:44 2014 95.128.47.39:19524 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 7 12:21:44 2014 95.128.47.39:19524 [client] Peer Connection Initiated with [AF_INET]95.128.47.39:19524
Tue Jan 7 12:21:44 2014 client/95.128.47.39:19524 MULTI: Learn: 10.8.0.6 -> client/95.128.47.39:19524
Tue Jan 7 12:21:44 2014 client/95.128.47.39:19524 MULTI: primary virtual IP for client/95.128.47.39:19524: 10.8.0.6
Tue Jan 7 12:21:46 2014 client/95.128.47.39:19524 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan 7 12:21:46 2014 client/95.128.47.39:19524 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Tue Jan 7 12:23:01 2014 client/95.128.47.39:19524 Connection reset, restarting [-1]
Tue Jan 7 12:23:01 2014 client/95.128.47.39:19524 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Jan 7 12:23:01 2014 TCP/UDP: Closing socket
Tue Jan 7 12:25:17 2014 MULTI: multi_create_instance called
Tue Jan 7 12:25:17 2014 Re-using SSL/TLS context
Tue Jan 7 12:25:17 2014 LZO compression initialized
Tue Jan 7 12:25:17 2014 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan 7 12:25:17 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 7 12:25:17 2014 Local Options hash (VER=V4): 'bd577cd1'
Tue Jan 7 12:25:17 2014 Expected Remote Options hash (VER=V4): 'ee93268d'
Tue Jan 7 12:25:17 2014 TCP connection established with [AF_INET]95.128.47.39:1156
Tue Jan 7 12:25:17 2014 TCPv4_SERVER link local: [undef]
Tue Jan 7 12:25:17 2014 TCPv4_SERVER link remote: [AF_INET]95.128.47.39:1156
Tue Jan 7 12:25:17 2014 95.128.47.39:1156 TLS: Initial packet from [AF_INET]95.128.47.39:1156, sid=6dfea81e 5d80c464
Tue Jan 7 12:25:20 2014 95.128.47.39:1156 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Jan 7 12:25:20 2014 95.128.47.39:1156 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=client/emailAddress=me@myhost.mydomain
Tue Jan 7 12:25:21 2014 95.128.47.39:1156 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 7 12:25:21 2014 95.128.47.39:1156 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 7 12:25:21 2014 95.128.47.39:1156 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 7 12:25:21 2014 95.128.47.39:1156 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 7 12:25:22 2014 95.128.47.39:1156 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 7 12:25:22 2014 95.128.47.39:1156 [client] Peer Connection Initiated with [AF_INET]95.128.47.39:1156
Tue Jan 7 12:25:22 2014 client/95.128.47.39:1156 MULTI: Learn: 10.8.0.6 -> client/95.128.47.39:1156
Tue Jan 7 12:25:22 2014 client/95.128.47.39:1156 MULTI: primary virtual IP for client/95.128.47.39:1156: 10.8.0.6
Tue Jan 7 12:25:24 2014 client/95.128.47.39:1156 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan 7 12:25:24 2014 client/95.128.47.39:1156 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Tue Jan 7 12:26:57 2014 client/95.128.47.39:1156 Connection reset, restarting [-1]
Tue Jan 7 12:26:57 2014 client/95.128.47.39:1156 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Jan 7 12:26:57 2014 TCP/UDP: Closing socket
Tue Jan 07 16:26:04 2014 us=716484 Current Parameter Settings:
Tue Jan 07 16:26:04 2014 us=717484 config = 'myvpnconfig.ovpn'
Tue Jan 07 16:26:04 2014 us=717484 mode = 0
Tue Jan 07 16:26:04 2014 us=717484 show_ciphers = DISABLED
Tue Jan 07 16:26:04 2014 us=717484 show_digests = DISABLED
Tue Jan 07 16:26:04 2014 us=717484 show_engines = DISABLED
Tue Jan 07 16:26:04 2014 us=717484 genkey = DISABLED
Tue Jan 07 16:26:04 2014 us=717484 key_pass_file = '[UNDEF]'
Tue Jan 07 16:26:04 2014 us=717484 show_tls_ciphers = DISABLED
Tue Jan 07 16:26:04 2014 us=717484 Connection profiles [default]:
Tue Jan 07 16:26:04 2014 us=717484 proto = tcp-client
Tue Jan 07 16:26:04 2014 us=717484 local = '[UNDEF]'
Tue Jan 07 16:26:04 2014 us=717484 local_port = 0
Tue Jan 07 16:26:04 2014 us=717484 remote = '95.128.47.39'
Tue Jan 07 16:26:04 2014 us=717484 remote_port = 1695
Tue Jan 07 16:26:04 2014 us=717484 remote_float = DISABLED
Tue Jan 07 16:26:04 2014 us=717484 bind_defined = DISABLED
Tue Jan 07 16:26:04 2014 us=717484 bind_local = DISABLED
Tue Jan 07 16:26:04 2014 us=717484 connect_retry_seconds = 5
Tue Jan 07 16:26:04 2014 us=717484 connect_timeout = 10
Tue Jan 07 16:26:04 2014 us=717484 NOTE: --mute triggered...
Tue Jan 07 16:26:04 2014 us=717484 266 variation(s) on previous 20 message(s) suppressed by --mute
Tue Jan 07 16:26:04 2014 us=717484 OpenVPN 2.3.1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Enter Management Password:
Tue Jan 07 16:26:04 2014 us=721484 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jan 07 16:26:04 2014 us=722484 Need hold release from management interface, waiting...
Tue Jan 07 16:26:05 2014 us=195511 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jan 07 16:26:05 2014 us=295517 MANAGEMENT: CMD 'state on'
Tue Jan 07 16:26:05 2014 us=295517 MANAGEMENT: CMD 'log all on'
Tue Jan 07 16:26:05 2014 us=327519 MANAGEMENT: CMD 'hold off'
Tue Jan 07 16:26:05 2014 us=328519 MANAGEMENT: CMD 'hold release'
Tue Jan 07 16:26:05 2014 us=329519 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 07 16:26:05 2014 us=565532 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Jan 07 16:26:05 2014 us=565532 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 07 16:26:05 2014 us=565532 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 07 16:26:05 2014 us=565532 LZO compression initialized
Tue Jan 07 16:26:05 2014 us=565532 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan 07 16:26:05 2014 us=565532 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jan 07 16:26:05 2014 us=565532 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 07 16:26:05 2014 us=565532 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Jan 07 16:26:05 2014 us=565532 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Jan 07 16:26:05 2014 us=565532 Local Options hash (VER=V4): 'ee93268d'
Tue Jan 07 16:26:05 2014 us=565532 Expected Remote Options hash (VER=V4): 'bd577cd1'
Tue Jan 07 16:26:05 2014 us=565532 Attempting to establish TCP connection with [AF_INET]95.128.47.39:1695
Tue Jan 07 16:26:05 2014 us=565532 MANAGEMENT: >STATE:1389101165,TCP_CONNECT,,,
Tue Jan 07 16:26:05 2014 us=645537 TCP connection established with [AF_INET]95.128.47.39:1695
Tue Jan 07 16:26:05 2014 us=645537 TCPv4_CLIENT link local: [undef]
Tue Jan 07 16:26:05 2014 us=646537 TCPv4_CLIENT link remote: [AF_INET]95.128.47.39:1695
Tue Jan 07 16:26:05 2014 us=646537 MANAGEMENT: >STATE:1389101165,WAIT,,,
Tue Jan 07 16:26:05 2014 us=727542 MANAGEMENT: >STATE:1389101165,AUTH,,,
Tue Jan 07 16:26:05 2014 us=727542 TLS: Initial packet from [AF_INET]95.128.47.39:1695, sid=c162ce50 fd110e15
Tue Jan 07 16:26:07 2014 us=254629 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=server, CN=server, emailAddress=me@myhost.mydomain
Tue Jan 07 16:26:07 2014 us=254629 Validating certificate key usage
Tue Jan 07 16:26:07 2014 us=254629 ++ Certificate has key usage 00a0, expects 00a0
Tue Jan 07 16:26:07 2014 us=254629 VERIFY KU OK
Tue Jan 07 16:26:07 2014 us=254629 Validating certificate extended key usage
Tue Jan 07 16:26:07 2014 us=254629 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jan 07 16:26:07 2014 us=254629 VERIFY EKU OK
Tue Jan 07 16:26:07 2014 us=254629 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=server, CN=server, emailAddress=me@myhost.mydomain
Tue Jan 07 16:26:10 2014 us=315804 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 07 16:26:10 2014 us=315804 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 07 16:26:10 2014 us=315804 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 07 16:26:10 2014 us=315804 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 07 16:26:10 2014 us=315804 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 07 16:26:10 2014 us=315804 [server] Peer Connection Initiated with [AF_INET]95.128.47.39:1695
Tue Jan 07 16:26:11 2014 us=566876 MANAGEMENT: >STATE:1389101171,GET_CONFIG,,,
Tue Jan 07 16:26:12 2014 us=817947 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Jan 07 16:26:13 2014 us=175968 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Jan 07 16:26:13 2014 us=175968 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 07 16:26:13 2014 us=175968 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jan 07 16:26:13 2014 us=175968 OPTIONS IMPORT: route options modified
Tue Jan 07 16:26:13 2014 us=175968 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jan 07 16:26:13 2014 us=192969 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jan 07 16:26:13 2014 us=192969 MANAGEMENT: >STATE:1389101173,ASSIGN_IP,,10.8.0.6,
Tue Jan 07 16:26:13 2014 us=192969 open_tun, tt->ipv6=0
Tue Jan 07 16:26:13 2014 us=194969 TAP-WIN32 device [Подключение по локальной сети 3] opened: \\.\Global\{9C0AA20A-8AE2-46D5-8AB7-8FE1F7513947}.tap
Tue Jan 07 16:26:13 2014 us=194969 TAP-Windows Driver Version 9.9
Tue Jan 07 16:26:13 2014 us=194969 TAP-Windows MTU=1500
Tue Jan 07 16:26:13 2014 us=197969 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {9C0AA20A-8AE2-46D5-8AB7-8FE1F7513947} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Jan 07 16:26:13 2014 us=197969 DHCP option string: 06080808 08080808 0404
Tue Jan 07 16:26:13 2014 us=197969 Successful ARP Flush on interface [17] {9C0AA20A-8AE2-46D5-8AB7-8FE1F7513947}
Tue Jan 07 16:26:18 2014 us=455270 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Tue Jan 07 16:26:18 2014 us=455270 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 07 16:26:23 2014 us=774574 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Jan 07 16:26:23 2014 us=774574 C:\Windows\system32\route.exe ADD 95.128.47.39 MASK 255.255.255.255 192.168.1.1
Tue Jan 07 16:26:23 2014 us=777574 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jan 07 16:26:23 2014 us=777574 Route addition via IPAPI succeeded [adaptive]
Tue Jan 07 16:26:23 2014 us=777574 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jan 07 16:26:23 2014 us=781574 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Jan 07 16:26:23 2014 us=781574 Route addition via IPAPI succeeded [adaptive]
Tue Jan 07 16:26:23 2014 us=781574 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jan 07 16:26:23 2014 us=784574 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Jan 07 16:26:23 2014 us=784574 Route addition via IPAPI succeeded [adaptive]
Tue Jan 07 16:26:23 2014 us=784574 MANAGEMENT: >STATE:1389101183,ADD_ROUTES,,,
Tue Jan 07 16:26:23 2014 us=784574 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Tue Jan 07 16:26:23 2014 us=788575 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Jan 07 16:26:23 2014 us=788575 Route addition via IPAPI succeeded [adaptive]
Tue Jan 07 16:26:23 2014 us=788575 Initialization Sequence Completed
Tue Jan 07 16:26:23 2014 us=788575 MANAGEMENT: >STATE:1389101183,CONNECTED,SUCCESS,10.8.0.6,95.128.47.39
Tue Jan 07 16:27:45 2014 us=843268 TCP/UDP: Closing socket
Tue Jan 07 16:27:45 2014 us=843268 C:\Windows\system32\route.exe DELETE 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Tue Jan 07 16:27:45 2014 us=846268 Route deletion via IPAPI succeeded [adaptive]
Tue Jan 07 16:27:45 2014 us=847268 C:\Windows\system32\route.exe DELETE 95.128.47.39 MASK 255.255.255.255 192.168.1.1
Tue Jan 07 16:27:45 2014 us=849268 Route deletion via IPAPI succeeded [adaptive]
Tue Jan 07 16:27:45 2014 us=850268 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jan 07 16:27:45 2014 us=852268 Route deletion via IPAPI succeeded [adaptive]
Tue Jan 07 16:27:45 2014 us=853268 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jan 07 16:27:45 2014 us=856269 Route deletion via IPAPI succeeded [adaptive]
Tue Jan 07 16:27:45 2014 us=856269 Closing TUN/TAP interface
Tue Jan 07 16:27:45 2014 us=856269 SIGTERM[hard,] received, process exiting
Tue Jan 07 16:27:45 2014 us=856269 MANAGEMENT: >STATE:1389101265,EXITING,SIGTERM,,
IP адрес интерфейса при подключении к VPN всегда 10.8.0.6
Сейчас клиентские ключи у меня такие:
Как настроить маршрутизацию чтобы подключение заработало? Подключение устанавливается, но выхода в интернет нет, сайты не загружаются.