LINUX.ORG.RU
ФорумAdmin

OpenVPN не прогружает сайты

 


1

1

Настроил OpenVpn на ubuntu 16.04 по инструкции, чтобы элементарно юзать на винде. Ранее я устанавливал без каких либо проблем и косяков. Сейчас всё установил, подключился, но сайты не загружаются совсем. Собственно вот лог журнала, а так же подскажите где находится файл конфига - я его тоже докину.

Thu Aug 16 07:30:43 2018 NOTE: --user option is not implemented on Windows
Thu Aug 16 07:30:43 2018 NOTE: --group option is not implemented on Windows
Thu Aug 16 07:30:43 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Thu Aug 16 07:30:43 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Aug 16 07:30:43 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Thu Aug 16 07:30:43 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Aug 16 07:30:43 2018 Need hold release from management interface, waiting...
Thu Aug 16 07:30:44 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Aug 16 07:30:44 2018 MANAGEMENT: CMD 'state on'
Thu Aug 16 07:30:44 2018 MANAGEMENT: CMD 'log all on'
Thu Aug 16 07:30:44 2018 MANAGEMENT: CMD 'echo all on'
Thu Aug 16 07:30:44 2018 MANAGEMENT: CMD 'bytecount 5'
Thu Aug 16 07:30:44 2018 MANAGEMENT: CMD 'hold off'
Thu Aug 16 07:30:44 2018 MANAGEMENT: CMD 'hold release'
Thu Aug 16 07:30:44 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Aug 16 07:30:44 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Aug 16 07:30:44 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194
Thu Aug 16 07:30:44 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 16 07:30:44 2018 UDP link local: (not bound)
Thu Aug 16 07:30:44 2018 UDP link remote: [AF_INET]*.*.*.*:1194
Thu Aug 16 07:30:44 2018 MANAGEMENT: >STATE:1534393844,WAIT,,,,,,
Thu Aug 16 07:30:44 2018 MANAGEMENT: >STATE:1534393844,AUTH,,,,,,
Thu Aug 16 07:30:44 2018 TLS: Initial packet from [AF_INET]*.*.*.*:1194, sid=f2e8f986 7df3c0b9
Thu Aug 16 07:30:44 2018 VERIFY OK: depth=1, C=RU, ST=Moscow, L=Moscow, O=GoodFirm, OU=IT, CN=GoodFirm CA, name=server, emailAddress=hello@example.com
Thu Aug 16 07:30:44 2018 VERIFY KU OK
Thu Aug 16 07:30:44 2018 Validating certificate extended key usage
Thu Aug 16 07:30:44 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Aug 16 07:30:44 2018 VERIFY EKU OK
Thu Aug 16 07:30:44 2018 VERIFY OK: depth=0, C=RU, ST=Moscow, L=Moscow, O=GoodFirm, OU=IT, CN=server, name=server, emailAddress=hello@example.com
Thu Aug 16 07:30:44 2018 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Aug 16 07:30:44 2018 [server] Peer Connection Initiated with [AF_INET]*.*.*.*:1194
Thu Aug 16 07:30:45 2018 MANAGEMENT: >STATE:1534393845,GET_CONFIG,,,,,,
Thu Aug 16 07:30:45 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Aug 16 07:30:45 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Thu Aug 16 07:30:45 2018 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 16 07:30:45 2018 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 16 07:30:45 2018 OPTIONS IMPORT: route options modified
Thu Aug 16 07:30:45 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 16 07:30:45 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Aug 16 07:30:45 2018 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Aug 16 07:30:45 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Aug 16 07:30:45 2018 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Aug 16 07:30:45 2018 interactive service msg_channel=0
Thu Aug 16 07:30:45 2018 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=15 HWADDR=34:97:f6:85:a0:6b
Thu Aug 16 07:30:45 2018 open_tun
Thu Aug 16 07:30:45 2018 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{C22AFF1E-018D-4B23-8728-960C8E7196E8}.tap
Thu Aug 16 07:30:45 2018 TAP-Windows Driver Version 9.21 
Thu Aug 16 07:30:45 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {C22AFF1E-018D-4B23-8728-960C8E7196E8} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Thu Aug 16 07:30:45 2018 Successful ARP Flush on interface [16] {C22AFF1E-018D-4B23-8728-960C8E7196E8}
Thu Aug 16 07:30:45 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Aug 16 07:30:45 2018 MANAGEMENT: >STATE:1534393845,ASSIGN_IP,,10.8.0.6,,,,
Thu Aug 16 07:30:50 2018 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Aug 16 07:30:50 2018 C:\Windows\system32\route.exe ADD *.*.*.* MASK 255.255.255.255 192.168.0.1
Thu Aug 16 07:30:50 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Aug 16 07:30:50 2018 Route addition via IPAPI succeeded [adaptive]
Thu Aug 16 07:30:50 2018 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Aug 16 07:30:50 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Aug 16 07:30:50 2018 Route addition via IPAPI succeeded [adaptive]
Thu Aug 16 07:30:50 2018 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Aug 16 07:30:50 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Aug 16 07:30:50 2018 Route addition via IPAPI succeeded [adaptive]
Thu Aug 16 07:30:50 2018 MANAGEMENT: >STATE:1534393850,ADD_ROUTES,,,,,,
Thu Aug 16 07:30:50 2018 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Thu Aug 16 07:30:50 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Aug 16 07:30:50 2018 Route addition via IPAPI succeeded [adaptive]
Thu Aug 16 07:30:50 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Aug 16 07:30:50 2018 Initialization Sequence Completed
Thu Aug 16 07:30:50 2018 MANAGEMENT: >STATE:1534393850,CONNECTED,SUCCESS,10.8.0.6,*.*.*.*,1194,,

В общем по логике вещей он должен подключаться к моему ip, но он подключается к 10.8.0.6, вероятно в этом может быть проблема, если в этом, то как это поменять?



Последнее исправление: Proficus (всего исправлений: 1)

а так же подскажите где находится файл конфига - я его тоже докину.
В общем по логике вещей он должен подключаться к моему ip

Ты странный. Кому должен, если ты конфигов не видел?

Лежат они, обычно, в директории openvpn с расширением .ovpn

Даже интересно стало, что там за инструкция такая.

kravzo ★★
()
Ответ на: комментарий от kravzo

.ovpn профиль к которому я подключаюсь - его лог

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote my_ip 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
#   digitalSignature, keyEncipherment
# and the extendedKeyUsage to
#   serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

cipher AES-128-CBC
auth SHA256
key-direction 1

# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf

Инструкции эти Тык!

Тык!

Proficus
() автор топика
Ответ на: комментарий от gssomi

Хммм

Это как раз второй мой вариант установки клиента, сильно он не отличается от того , что юзал я, при том ранее - всё отлично работало. Вот и думаю, мб хостинг подрезали как то, либо у меня траблы

Proficus
() автор топика
Ответ на: комментарий от gssomi

Решено

Всё, по этот статье всё решил и всё заработало. Спасибо за помощь

Proficus
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.