Впн подключается, все работает. Но проблема в том, что whoer.net палит мой российский DNS.
Не могу понять где проблема, конфиги вроде правильные. Судя по логам роутера, dhcp-option DNS 8.8.8.8 не пушатся на роутер или роутер отвергает и dns идет в обход впн. А надо чтобы весь трафик+днс все шло через туннель впн. Кто нибудь может объяснить, как сделать ?
структура сети примерно такая
-------------- --------
| *client1 |10.10.106.6 VPN 10.10.106.5| |
|openwrt router|-----------------------------|*server |
| 192.168.1.1 | | |
--------------- --------
| 192.168.2.244 | 188.166.xx.xxx
| |
| 192.168.2.2 |
------------- --------
| router | | |
| internet | |internet|
|192.168.2.2 | | |
------------- --------
конфиг сервера
port 1194
proto tcp
dev tun
dh dh2048.pem
ca ca.crt
cert server.crt
key server.key
tls-server
tls-auth ta.key 0
auth SHA1
server 10.10.106.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
route 192.168.1.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
user@server:~$ cat /etc/openvpn/ccd/client1
iroute 192.168.1.0 255.255.255.0
user@server:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 188.166.0.1 0.0.0.0 UG 0 0 0 eth0
10.10.106.0 10.10.106.2 255.255.255.0 UG 0 0 0 tun0
10.10.106.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
188.166.0.0 0.0.0.0 255.255.192.0 U 0 0 0 eth0
192.168.1.0 10.10.106.2 255.255.255.0 UG 0 0 0 tun0
user@server:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 01:04:9d:1b:b8:05
inet addr: 188.166.xx.xxx Bcast:188.166.63.255 Mask:255.255.192.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32162 errors:0 dropped:0 overruns:0 frame:0
TX packets:36305 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13216347 (13.2 MB) TX bytes:14018950 (14.0 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.10.106.1 P-t-P:10.10.106.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:20756 errors:0 dropped:0 overruns:0 frame:0
TX packets:18331 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2039764 (2.0 MB) TX bytes:8958756 (8.9 MB)
user@server:~$ Iptables
Chain INPUT (policy ACCEPT 2102 packets, 370K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
888 149K ACCEPT all -- * * 10.10.106.0/24 0.0.0.0/0
848 421K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 2149 packets, 742K bytes)
pkts bytes target prot opt in out source destination
—————— конфиг клиента1
client
dev tun
proto tcp
remote 188.166.xx.xxx
port 1194
resolv-retry infinite
route 188.166.0.0 255.255.192.0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
tls-client
tls-auth /etc/openvpn/ta.key 1
auth SHA1
ns-cert-type server
comp-lzo
persist-key
persist-tun
root@OpenWrt:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.106.5 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.2.2 0.0.0.0 UG 0 0 0 eth0.2
10.10.106.1 10.10.106.5 255.255.255.255 UGH 0 0 0 tun0
10.10.106.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.0.0.0 10.10.106.5 128.0.0.0 UG 0 0 0 tun0
188.166.0.0 10.10.106.5 255.255.192.0 UG 0 0 0 tun0
188.166.xx.xxx 192.168.2.2 255.255.255.255 UGH 0 0 0 eth0.2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.2
root@OpenWrt:~# ifconfig
eth0.2 Link encap:Ethernet HWaddr F6:7A:62:8A:C4:B3
inet addr:192.168.2.244 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10696 errors:0 dropped:53 overruns:0 frame:0
TX packets:10098 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8582753 (8.1 MiB) TX bytes:3033319 (2.8 MiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.10.106.6 P-t-P:10.10.106.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:14947 errors:0 dropped:0 overruns:0 frame:0
TX packets:17596 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:7382547 (7.0 MiB) TX bytes:1593893 (1.5 MiB)
log openwrt
Oct 18 13:45:29 OpenWrt daemon.notice openvpn(custom_config)[1406]: OpenVPN 2.2.2 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Mar 14 2013
Oct 18 13:45:29 OpenWrt daemon.warn openvpn(custom_config)[1406]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Oct 18 13:45:29 OpenWrt daemon.notice openvpn(custom_config)[1406]: Control Channel Authentication: using '/etc/openvpn/ta.key' as a OpenVPN static key file
Oct 18 13:45:29 OpenWrt daemon.notice openvpn(custom_config)[1406]: LZO compression initialized
Oct 18 13:45:29 OpenWrt daemon.notice openvpn(custom_config)[1406]: Attempting to establish TCP connection with 188.166.xx.xxx:1194 [nonblock]
Oct 18 13:45:30 OpenWrt daemon.notice openvpn(custom_config)[1406]: TCP connection established with 188.166.xx.xxx:1194
Oct 18 13:45:30 OpenWrt daemon.notice openvpn(custom_config)[1406]: TCPv4_CLIENT link local: [undef]
Oct 18 13:45:30 OpenWrt daemon.notice openvpn(custom_config)[1406]: TCPv4_CLIENT link remote: 188.166.xx.xxx:1194
Oct 18 13:45:31 OpenWrt daemon.info dnsmasq-dhcp[1397]: DHCPDISCOVER(br-lan) 08:00:27:01:47:B0
Oct 18 13:45:31 OpenWrt daemon.info dnsmasq-dhcp[1397]: DHCPOFFER(br-lan) 192.168.1.245 08:00:27:01:47:B0
Oct 18 13:45:31 OpenWrt daemon.info dnsmasq-dhcp[1397]: DHCPDISCOVER(br-lan) 08:00:27:01:47:B0
Oct 18 13:45:31 OpenWrt daemon.info dnsmasq-dhcp[1397]: DHCPOFFER(br-lan) 192.168.1.245 08:00:27:01:47:B0
Oct 18 13:45:32 OpenWrt daemon.info dnsmasq-dhcp[1397]: DHCPREQUEST(br-lan) 192.168.1.245 08:00:27:01:47:B0
Oct 18 13:45:32 OpenWrt daemon.info dnsmasq-dhcp[1397]: DHCPACK(br-lan) 192.168.1.245 08:00:27:01:47:B0 Notebook-PC
Oct 18 13:45:43 OpenWrt daemon.notice openvpn(custom_config)[1406]: [server] Peer Connection Initiated with 188.166.xx.xxx:1194
Oct 18 13:45:46 OpenWrt daemon.notice openvpn(custom_config)[1406]: TUN/TAP device tun0 opened
Oct 18 13:45:46 OpenWrt daemon.notice openvpn(custom_config)[1406]: /sbin/ifconfig tun0 10.10.106.6 pointopoint 10.10.106.5 mtu 1500
Oct 18 13:45:46 OpenWrt daemon.notice netifd: Interface 'vpn' is now up
Oct 18 13:45:46 OpenWrt daemon.info dnsmasq[1397]: reading /tmp/resolv.conf.auto
Oct 18 13:45:46 OpenWrt daemon.info dnsmasq[1397]: using nameserver 192.168.1.1#53
Oct 18 13:45:46 OpenWrt daemon.info dnsmasq[1397]: using local addresses only for domain lan
Oct 18 13:45:46 OpenWrt daemon.notice openvpn(custom_config)[1406]: Initialization Sequence Completed
Oct 18 13:45:47 OpenWrt user.notice ifup: Enabling Router Solicitations on vpn (tun0)
Oct 18 13:45:48 OpenWrt user.info firewall: adding vpn (tun0) to zone wan
Oct 18 13:45:58 OpenWrt authpriv.info dropbear[1534]: Child connection from 192.168.1.245:52626
Oct 18 13:46:56 OpenWrt authpriv.notice dropbear[1534]: Password auth succeeded for 'root' from 192.168.1.245:52626
Oct 18 13:48:53 OpenWrt authpriv.info dropbear[1534]: Exit (root): Disconnect receive
