Добрый день.
Все сделал по инструкции в начале темы. Подключение создается. На компьютере клиента пишет получен IP 10.8.0.6, на сервере IP VPN Servera 10.8.0.1. Локальная сеть 192.168.0.0 Не пингуется никакой айпишник, кроме локальных. Может дело в маршрутизации?
Вот с сервера:
[root@domen tun0]# ip route
default via 192.168.0.1 dev enp3s0
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.250
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
[root@domen tun0]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 74:d4:35:14:dd:83 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.250/24 brd 192.168.0.255 scope global enp3s0
valid_lft forever preferred_lft forever
inet6 fe80::76d4:35ff:fe14:dd83/64 scope link
valid_lft forever preferred_lft forever
3: enp4s1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:40:f4:75:c7:66 brd ff:ff:ff:ff:ff:ff
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 56:ca:bc:31:9a:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
35: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/none
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
valid_lft forever preferred_lft forever
[root@domen tun0]#
[root@domen tun0]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 enp3s0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
[root@domen tun0]#
Вот /etc/net/ifaces/tun0
ovpnoptions [B---] 0 L:[ 1+24 25/ 25] *(627 / 627b) <EOF>
# Generated by alterator-openvpn-server, do not edit manually
port 1194
proto udp
dev-type tun
ca /var/lib/ssl/certs/openvpn-server-CA.crt
cert /var/lib/ssl/certs/openvpn-server.cert
key /var/lib/ssl/private/openvpn-server.key
dh /var/lib/ssl/private/openvpn-server.dh
server 10.8.0.0 255.255.255.0
user openvpn
group openvpn
ifconfig-pool-persist ipp.txt
keepalive 10 120
client-config-dir /etc/openvpn/ccd
persist-key
persist-tun
client-to-client
script-security 2
status openvpn-status.log
verb 3
# Server networks start
push "route 192.168.0.0 255.255.255.0"
# Server networks end
push "dhcp-option DNS 192.168.0.250"
Вот из messages:
messages [B---] 0 L:[5079+57 5136/5136] *(544664/544664b) <EOF>
Jan 25 21:59:51 domen openvpn[3042]: MULTI: primary virtual IP for chaikovskogo/31.200.251.92:55227: 10.8.0.6
Jan 25 21:59:53 domen openvpn[3042]: chaikovskogo/31.200.251.92:55227 PUSH: Received control message: 'PUSH_REQUEST'
Jan 25 21:59:53 domen openvpn[3042]: chaikovskogo/31.200.251.92:55227 SENT CONTROL [chaikovskogo]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,dhcp-option DN
Jan 25 22:00:02 domen crond[25821]: (root) CMD (/usr/lib64/sa/sa1 -S DISK 1 1)
Jan 25 22:01:02 domen crond[25857]: (root) CMD (run-parts /etc/cron.hourly)
Jan 25 22:01:55 domen openvpn[3042]: MULTI: multi_create_instance called
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 Re-using SSL/TLS context
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 Local Options hash (VER=V4): '239669a8'
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 Expected Remote Options hash (VER=V4): '3514370b'
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 TLS: Initial packet from 31.200.251.92:59074, sid=edf5d4cc f6b63da0
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 VERIFY OK: depth=1, /C=RU/O=dkb-1/OU=dkb-1_Certification_Authority/CN=dkb-1_Root_Certification_Autho
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 VERIFY OK: depth=0, /C=RU/O=dkb1/CN=chaikovskogo
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 25 22:01:55 domen openvpn[3042]: 31.200.251.92:59074 [chaikovskogo] Peer Connection Initiated with 31.200.251.92:59074
Jan 25 22:01:55 domen openvpn[3042]: MULTI: new connection by client 'chaikovskogo' will cause previous active sessions by this client to be dropped. Rememb
Jan 25 22:01:55 domen openvpn[3042]: MULTI: Learn: 10.8.0.6 -> chaikovskogo/31.200.251.92:59074
Jan 25 22:01:55 domen openvpn[3042]: MULTI: primary virtual IP for chaikovskogo/31.200.251.92:59074: 10.8.0.6
Jan 25 22:01:57 domen openvpn[3042]: chaikovskogo/31.200.251.92:59074 PUSH: Received control message: 'PUSH_REQUEST'
Jan 25 22:01:57 domen openvpn[3042]: chaikovskogo/31.200.251.92:59074 SENT CONTROL [chaikovskogo]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,dhcp-option DN
Jan 25 22:06:59 domen dhcpd: DHCPREQUEST for 192.168.0.91 from 00:01:6c:a7:53:a2 (pc-64) via enp3s0
Jan 25 22:06:59 domen dhcpd: DHCPACK on 192.168.0.91 to 00:01:6c:a7:53:a2 (pc-64) via enp3s0
Jan 25 22:07:53 domen openvpn[3042]: chaikovskogo/31.200.251.92:59074 [chaikovskogo] Inactivity timeout (--ping-restart), restarting
Jan 25 22:07:53 domen openvpn[3042]: chaikovskogo/31.200.251.92:59074 SIGUSR1[soft,ping-restart] received, client-instance restarting
Jan 25 22:08:36 domen dhcpd: DHCPREQUEST for 192.168.0.192 from 00:1c:c4:24:e4:36 (LBS1651) via enp3s0
Jan 25 22:08:36 domen dhcpd: DHCPACK on 192.168.0.192 to 00:1c:c4:24:e4:36 (LBS1651) via enp3s0
Jan 25 22:10:00 domen dhcpd: DHCPREQUEST for 192.168.0.219 from 00:25:90:d4:6e:97 via enp3s0
Jan 25 22:10:00 domen dhcpd: DHCPACK on 192.168.0.219 to 00:25:90:d4:6e:97 via enp3s0
Jan 25 22:10:01 domen crond[26176]: (root) CMD (/usr/lib64/sa/sa1 -S DISK 1 1)
Jan 25 22:11:03 domen openvpn[3042]: MULTI: multi_create_instance called
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 Re-using SSL/TLS context
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 Local Options hash (VER=V4): '239669a8'
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 Expected Remote Options hash (VER=V4): '3514370b'
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 TLS: Initial packet from 31.200.251.92:62609, sid=d04facf0 b4d8c9b5
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 VERIFY OK: depth=1, /C=RU/O=dkb-1/OU=dkb-1_Certification_Authority/CN=dkb-1_Root_Certification_Autho
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 VERIFY OK: depth=0, /C=RU/O=dkb1/CN=chaikovskogo
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 25 22:11:03 domen openvpn[3042]: 31.200.251.92:62609 [chaikovskogo] Peer Connection Initiated with 31.200.251.92:62609
Jan 25 22:11:03 domen openvpn[3042]: chaikovskogo/31.200.251.92:62609 MULTI: Learn: 10.8.0.6 -> chaikovskogo/31.200.251.92:62609
Jan 25 22:11:03 domen openvpn[3042]: chaikovskogo/31.200.251.92:62609 MULTI: primary virtual IP for chaikovskogo/31.200.251.92:62609: 10.8.0.6
Jan 25 22:11:05 domen openvpn[3042]: chaikovskogo/31.200.251.92:62609 PUSH: Received control message: 'PUSH_REQUEST'
Jan 25 22:11:05 domen openvpn[3042]: chaikovskogo/31.200.251.92:62609 SENT CONTROL [chaikovskogo]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,dhcp-option DN