И снова OpenVPN

Обсуждение настройки и работы сервисов, резервирования, сетевых настроек и вопросов безопасности ОС для молодых и начинающих системных администраторов.

Модератор: SLEDopit

Аватара пользователя
Katochimoto
Сообщения: 88
ОС: Ubuntu 9.04

И снова OpenVPN

Сообщение Katochimoto »

Работало до вчерашнего дня, после хард резет сервака не хочет подключаться. Помогите, пожалуйста.

Серверный конфиг:

Код: Выделить всё

port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key # This file should be kept secret
dh /etc/openvpn/dh1024.pem
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
server 10.0.0.0 255.255.255.0 # vpn subnet
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.255.0" # home subnet
#push "route 10.0.0.0 255.255.255.0"
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
verb 6
mute 20
#push "dhcp-option DNS 192.168.10.100"
client-to-client
ifconfig 10.0.0.1 255.255.255.0
#duplicate-cn


Клиентский:

Код: Выделить всё

log openvpn.log

ca ca.crt

cert client.crt

key client.key



client

dev tun

proto tcp

remote xxx.xxx.xxx.xxx 1194

resolv-retry infinite

nobind

persist-key

persist-tun

verb 4


openvpn.log:

Код: Выделить всё

Tue Apr 21 13:19:55 2009 us=386832 77.37.205.99:33184 TCPv4_SERVER WRITE [114] to 77.37.205.99:33184: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Tue Apr 21 13:19:55 2009 us=390123 77.37.205.99:33184 NOTE: --mute triggered...
Tue Apr 21 13:19:55 2009 us=642151 77.37.205.99:33184 72 variation(s) on previous 20 message(s) suppressed by --mute
Tue Apr 21 13:19:55 2009 us=642164 77.37.205.99:33184 VERIFY OK: depth=1, /C=ru/ST=Moskow/L=Msk/O=just/OU=it/CN=dat-s-proxy01.just.ru/emailAddress=gavrryushin.a@just.ru
Tue Apr 21 13:19:55 2009 us=642359 77.37.205.99:33184 VERIFY OK: depth=0, /C=ks/ST=weopjf/L=we/O=fjo/CN=sdp_k/emailAddress=sdpfo
Tue Apr 21 13:19:55 2009 us=642389 77.37.205.99:33184 TCPv4_SERVER WRITE [22] to 77.37.205.99:33184: P_ACK_V1 kid=0 [ 20 ]

Tue Apr 21 13:19:55 2009 us=705532 77.37.205.99:33184 TCPv4_SERVER READ [60] from 77.37.205.99:33184: P_CONTROL_V1 kid=0 [ ] pid=28 DATA len=46
Tue Apr 21 13:19:55 2009 us=705634 77.37.205.99:33184 WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 192.168.90.17 192.168.90.18'
Tue Apr 21 13:19:55 2009 us=705843 77.37.205.99:33184 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 21 13:19:55 2009 us=705857 77.37.205.99:33184 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 21 13:19:55 2009 us=705922 77.37.205.99:33184 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 21 13:19:55 2009 us=705933 77.37.205.99:33184 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 21 13:19:55 2009 us=706014 77.37.205.99:33184 TCPv4_SERVER WRITE [126] to 77.37.205.99:33184: P_CONTROL_V1 kid=0 [ 28 ] pid=28 DATA len=100
Tue Apr 21 13:19:55 2009 us=706038 77.37.205.99:33184 TCPv4_SERVER WRITE [114] to 77.37.205.99:33184: P_CONTROL_V1 kid=0 [ ] pid=29 DATA len=100
Tue Apr 21 13:19:55 2009 us=706060 77.37.205.99:33184 TCPv4_SERVER WRITE [80] to 77.37.205.99:33184: P_CONTROL_V1 kid=0 [ ] pid=30 DATA len=66
Tue Apr 21 13:19:55 2009 us=754329 77.37.205.99:33184 TCPv4_SERVER READ [22] from 77.37.205.99:33184: P_ACK_V1 kid=0 [ 28 ]
Tue Apr 21 13:19:55 2009 us=799858 77.37.205.99:33184 TCPv4_SERVER READ [26] from 77.37.205.99:33184: P_ACK_V1 kid=0 [ 29 30 ]
Tue Apr 21 13:19:55 2009 us=799875 77.37.205.99:33184 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Apr 21 13:19:55 2009 us=799895 77.37.205.99:33184 [sdp_k] Peer Connection Initiated with 77.37.205.99:33184
Tue Apr 21 13:19:55 2009 us=799942 sdp_k/77.37.205.99:33184 MULTI: Learn: 10.0.0.10 -> sdp_k/77.37.205.99:33184
Tue Apr 21 13:19:55 2009 us=799956 sdp_k/77.37.205.99:33184 MULTI: primary virtual IP for sdp_k/77.37.205.99:33184: 10.0.0.10
Tue Apr 21 13:19:57 2009 us=632511 awemfp/79.111.132.15:45915 TCPv4_SERVER WRITE [53] to 79.111.132.15:45915: P_DATA_V1 kid=0 DATA len=52
Tue Apr 21 13:19:57 2009 us=634445 awemfp/79.111.132.15:45915 TCPv4_SERVER READ [53] from 79.111.132.15:45915: P_DATA_V1 kid=0 DATA len=52


192.168.90.0 - бывшая подсетка впн, но откуда он берет ипы .17 и .18 - не понимаю.

Вот еще часть лога.

Код: Выделить всё

Tue Apr 21 13:39:40 2009 us=166599 Initialization Sequence Completed
Tue Apr 21 13:42:46 2009 us=431523 event_wait : Interrupted system call (code=4)
Tue Apr 21 13:42:46 2009 us=431713 TCP/UDP: Closing socket
Tue Apr 21 13:42:46 2009 us=431739 route del -net 10.0.0.0 netmask 255.255.255.0
SIOCDELRT: Operation not permitted
Tue Apr 21 13:42:46 2009 us=433490 ERROR: Linux route delete command failed: shell command exited with error status: 7
Tue Apr 21 13:42:46 2009 us=433509 Closing TUN/TAP interface
Спасибо сказали:

Аватара пользователя
Katochimoto
Сообщения: 88
ОС: Ubuntu 9.04

Re: И снова OpenVPN

Сообщение Katochimoto »

Разобрался.
Спасибо сказали: