LINUX.ORG.RU

История изменений

Исправление Tomohyeah, (текущая версия) :

Поменял. Выхлоп теперь такой:

[workstation user ~/Folder]% sudo openvpn --config vpngate_219.100.37.51_tcp_443.ovpn
2023-10-30 12:18:45 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-10-30 12:18:45 Note: cipher 'AES-128-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2023-10-30 12:18:45 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-10-30 12:18:45 library versions: OpenSSL 3.0.11 19 Sep 2023, LZO 2.10
2023-10-30 12:18:45 DCO version: N/A
2023-10-30 12:18:45 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-10-30 12:18:45 TCP/UDP: Preserving recently used remote address: [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-10-30 12:18:45 Attempting to establish TCP connection with [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 TCP connection established with [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 TCPv4_CLIENT link local: (not bound)
2023-10-30 12:18:45 TCPv4_CLIENT link remote: [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 TLS: Initial packet from [AF_INET]219.100.37.51:443, sid=1e35108c ca1811ef
2023-10-30 12:18:46 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
2023-10-30 12:18:46 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
2023-10-30 12:18:46 VERIFY OK: depth=0, CN=opengw.net
2023-10-30 12:18:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-10-30 12:18:46 [opengw.net] Peer Connection Initiated with [AF_INET]219.100.37.51:443
2023-10-30 12:18:46 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-10-30 12:18:46 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-10-30 12:18:47 SENT CONTROL [opengw.net]: 'PUSH_REQUEST' (status=1)
2023-10-30 12:18:51 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.236.7.9 10.236.7.10,dhcp-option DNS 10.236.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.236.7.10,redirect-gateway def1'
2023-10-30 12:18:51 OPTIONS IMPORT: --ifconfig/up options modified
2023-10-30 12:18:51 OPTIONS IMPORT: route options modified
2023-10-30 12:18:51 OPTIONS IMPORT: route-related options modified
2023-10-30 12:18:51 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-10-30 12:18:51 Using peer cipher 'AES-128-CBC'
2023-10-30 12:18:51 net_route_v4_best_gw query: dst 0.0.0.0
2023-10-30 12:18:51 net_route_v4_best_gw result: via 10.152.152.10 dev eth0
2023-10-30 12:18:51 ROUTE_GATEWAY 10.152.152.10/255.255.192.0 IFACE=eth0 HWADDR=08:00:27:56:c7:2b
2023-10-30 12:18:51 TUN/TAP device tun0 opened
2023-10-30 12:18:51 net_iface_mtu_set: mtu 1500 for tun0
2023-10-30 12:18:51 net_iface_up: set tun0 up
2023-10-30 12:18:51 net_addr_ptp_v4_add: 10.236.7.9 peer 10.236.7.10 dev tun0
2023-10-30 12:18:51 net_route_v4_add: 219.100.37.51/32 via 10.152.152.10 dev [NULL] table 0 metric -1
2023-10-30 12:18:51 net_route_v4_add: 0.0.0.0/1 via 10.236.7.10 dev [NULL] table 0 metric -1
2023-10-30 12:18:51 net_route_v4_add: 128.0.0.0/1 via 10.236.7.10 dev [NULL] table 0 metric -1
2023-10-30 12:18:51 Initialization Sequence Completed
2023-10-30 12:18:51 Data Channel: cipher 'AES-128-CBC', auth 'SHA1'
2023-10-30 12:18:51 Timers: ping 3, ping-restart 10

А через раз в конце ещё это выдаёт:

2023-10-30 12:20:48 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.236.7.9 10.236.7.10,dhcp-option DNS 10.236.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.236.7.10,redirect-gateway def'
2023-10-30 12:20:48 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2023-10-30 12:20:48 Options error: unknown --redirect-gateway flag: def

Исправление Tomohyeah, :

Поменял. Выхлоп теперь такой:

[workstation user ~/Folder]% sudo openvpn --config vpngate_219.100.37.51_tcp_443.ovpn
2023-10-30 12:18:45 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-10-30 12:18:45 Note: cipher 'AES-128-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2023-10-30 12:18:45 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-10-30 12:18:45 library versions: OpenSSL 3.0.11 19 Sep 2023, LZO 2.10
2023-10-30 12:18:45 DCO version: N/A
2023-10-30 12:18:45 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-10-30 12:18:45 TCP/UDP: Preserving recently used remote address: [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-10-30 12:18:45 Attempting to establish TCP connection with [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 TCP connection established with [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 TCPv4_CLIENT link local: (not bound)
2023-10-30 12:18:45 TCPv4_CLIENT link remote: [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 TLS: Initial packet from [AF_INET]219.100.37.51:443, sid=1e35108c ca1811ef
2023-10-30 12:18:46 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
2023-10-30 12:18:46 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
2023-10-30 12:18:46 VERIFY OK: depth=0, CN=opengw.net
2023-10-30 12:18:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-10-30 12:18:46 [opengw.net] Peer Connection Initiated with [AF_INET]219.100.37.51:443
2023-10-30 12:18:46 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-10-30 12:18:46 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-10-30 12:18:47 SENT CONTROL [opengw.net]: 'PUSH_REQUEST' (status=1)
2023-10-30 12:18:51 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.236.7.9 10.236.7.10,dhcp-option DNS 10.236.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.236.7.10,redirect-gateway def1'
2023-10-30 12:18:51 OPTIONS IMPORT: --ifconfig/up options modified
2023-10-30 12:18:51 OPTIONS IMPORT: route options modified
2023-10-30 12:18:51 OPTIONS IMPORT: route-related options modified
2023-10-30 12:18:51 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-10-30 12:18:51 Using peer cipher 'AES-128-CBC'
2023-10-30 12:18:51 net_route_v4_best_gw query: dst 0.0.0.0
2023-10-30 12:18:51 net_route_v4_best_gw result: via 10.152.152.10 dev eth0
2023-10-30 12:18:51 ROUTE_GATEWAY 10.152.152.10/255.255.192.0 IFACE=eth0 HWADDR=08:00:27:56:c7:2b
2023-10-30 12:18:51 TUN/TAP device tun0 opened
2023-10-30 12:18:51 net_iface_mtu_set: mtu 1500 for tun0
2023-10-30 12:18:51 net_iface_up: set tun0 up
2023-10-30 12:18:51 net_addr_ptp_v4_add: 10.236.7.9 peer 10.236.7.10 dev tun0
2023-10-30 12:18:51 net_route_v4_add: 219.100.37.51/32 via 10.152.152.10 dev [NULL] table 0 metric -1
2023-10-30 12:18:51 net_route_v4_add: 0.0.0.0/1 via 10.236.7.10 dev [NULL] table 0 metric -1
2023-10-30 12:18:51 net_route_v4_add: 128.0.0.0/1 via 10.236.7.10 dev [NULL] table 0 metric -1
2023-10-30 12:18:51 Initialization Sequence Completed
2023-10-30 12:18:51 Data Channel: cipher 'AES-128-CBC', auth 'SHA1'
2023-10-30 12:18:51 Timers: ping 3, ping-restart 10

Исходная версия Tomohyeah, :

Поменял. Выхлоп теперь такой:

[workstation user ~/Folder]% sudo openvpn --config vpngate_219.100.37.51_tcp_443.ovpn
2023-10-30 12:18:45 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-10-30 12:18:45 Note: cipher 'AES-128-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2023-10-30 12:18:45 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-10-30 12:18:45 library versions: OpenSSL 3.0.11 19 Sep 2023, LZO 2.10
2023-10-30 12:18:45 DCO version: N/A
2023-10-30 12:18:45 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-10-30 12:18:45 TCP/UDP: Preserving recently used remote address: [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-10-30 12:18:45 Attempting to establish TCP connection with [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 TCP connection established with [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 TCPv4_CLIENT link local: (not bound)
2023-10-30 12:18:45 TCPv4_CLIENT link remote: [AF_INET]219.100.37.51:443
2023-10-30 12:18:45 TLS: Initial packet from [AF_INET]219.100.37.51:443, sid=1e35108c ca1811ef
2023-10-30 12:18:46 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
2023-10-30 12:18:46 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
2023-10-30 12:18:46 VERIFY OK: depth=0, CN=opengw.net
2023-10-30 12:18:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-10-30 12:18:46 [opengw.net] Peer Connection Initiated with [AF_INET]219.100.37.51:443
2023-10-30 12:18:46 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-10-30 12:18:46 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-10-30 12:18:47 SENT CONTROL [opengw.net]: 'PUSH_REQUEST' (status=1)
2023-10-30 12:18:51 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.236.7.9 10.236.7.10,dhcp-option DNS 10.236.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.236.7.10,redirect-gateway def1'
2023-10-30 12:18:51 OPTIONS IMPORT: --ifconfig/up options modified
2023-10-30 12:18:51 OPTIONS IMPORT: route options modified
2023-10-30 12:18:51 OPTIONS IMPORT: route-related options modified
2023-10-30 12:18:51 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-10-30 12:18:51 Using peer cipher 'AES-128-CBC'
2023-10-30 12:18:51 net_route_v4_best_gw query: dst 0.0.0.0
2023-10-30 12:18:51 net_route_v4_best_gw result: via 10.152.152.10 dev eth0
2023-10-30 12:18:51 ROUTE_GATEWAY 10.152.152.10/255.255.192.0 IFACE=eth0 HWADDR=08:00:27:56:c7:2b
2023-10-30 12:18:51 TUN/TAP device tun0 opened
2023-10-30 12:18:51 net_iface_mtu_set: mtu 1500 for tun0
2023-10-30 12:18:51 net_iface_up: set tun0 up
2023-10-30 12:18:51 net_addr_ptp_v4_add: 10.236.7.9 peer 10.236.7.10 dev tun0
2023-10-30 12:18:51 net_route_v4_add: 219.100.37.51/32 via 10.152.152.10 dev [NULL] table 0 metric -1
2023-10-30 12:18:51 net_route_v4_add: 0.0.0.0/1 via 10.236.7.10 dev [NULL] table 0 metric -1
2023-10-30 12:18:51 net_route_v4_add: 128.0.0.0/1 via 10.236.7.10 dev [NULL] table 0 metric -1
2023-10-30 12:18:51 Initialization Sequence Completed
2023-10-30 12:18:51 Data Channel: cipher 'AES-128-CBC', auth 'SHA1'
2023-10-30 12:18:51 Timers: ping 3, ping-restart 10