Ubuntu отказывается отправлять данные в интернет при использовании OpenVPN

@toaster:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 04:7d:7b:d4:f7:c2  
          inet addr:192.168.0.102  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::67d:7bff:fed4:f7c2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:279254 errors:0 dropped:0 overruns:0 frame:0
          TX packets:177870 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:318081521 (318.0 MB)  TX bytes:30580073 (30.5 MB)

lo        Link encap:Локальная петля (Loopback)  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:5920 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5920 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:586927 (586.9 KB)  TX bytes:586927 (586.9 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.101.6  P-t-P:192.168.101.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:31495 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20922 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:36298221 (36.2 MB)  TX bytes:2357303 (2.3 MB)

@toaster:~$ route
Таблица маршутизации ядра протокола IP
Destination Gateway Genmask Flags Metric Ref Use Iface


default         192.168.101.5   128.0.0.0       UG    0      0        0 tun0
default         dir-300         0.0.0.0         UG    0      0        0 eth0
xx-xx-xx-xx.st dir-300         255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       192.168.101.5   128.0.0.0       UG    0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 eth0
192.168.0.0     *               255.255.255.0   U     1      0        0 eth0


192.168.101.1   192.168.101.5   255.255.255.255 UGH   0      0        0 tun0
192.168.101.5   *               255.255.255.255 UH    0      0        0 tun0

port 1194
proto udp
dev tun0
ca keys/sekretniy/ca.crt
cert keys/sekretniy/sekretniy_server.crt
key keys/sekretniy/sekretniy_server.key
dh keys/sekretniy/dh2048.pem
server 192.168.101.0 255.255.255.128
crl-verify keys/sekretniy/crl.pem
cipher AES-256-CBC
user nobody
group nobody
status servers/sekretniy_server/logs/openvpn-status.log
log-append servers/sekretniy_server/logs/openvpn.log
verb 3
mute 20
max-clients 10
local xx.xx.xx.xx
management 127.0.0.1 1984
keepalive 5 15
client-config-dir /etc/openvpn/servers/sekretniy_server/ccd
persist-key
persist-tun
ccd-exclusive
push "redirect-gateway def1 bypass-dhcp"

Sat Jul 27 15:20:02 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 13 2013
Sat Jul 27 15:20:02 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jul 27 15:20:02 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Enter Private Key Password:
Sat Jul 27 15:20:08 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jul 27 15:20:08 2013 WARNING: file 'sekretniy_client1.key' is group or others accessible
Sat Jul 27 15:20:08 2013 Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jul 27 15:20:08 2013 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Jul 27 15:20:08 2013 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
Sat Jul 27 15:20:08 2013 Local Options hash (VER=V4): '2dd3fcaf'
Sat Jul 27 15:20:08 2013 Expected Remote Options hash (VER=V4): '8114d01c'
Sat Jul 27 15:20:08 2013 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Jul 27 15:20:08 2013 UDPv4 link local: [undef]
Sat Jul 27 15:20:08 2013 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Sat Jul 27 15:20:08 2013 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=b092e183 6d2e7bc4
Sat Jul 27 15:20:09 2013 VERIFY OK: depth=1, /C=CH/ST=CH/L=Zurich/O=Zurich/emailAddress=a@b.c
Sat Jul 27 15:20:09 2013 VERIFY OK: depth=0, /C=CH/ST=CH/L=Zurich/O=Zurich/OU=Office/CN=sekretniy_server/emailAddress=a@b.c
Sat Jul 27 15:20:11 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jul 27 15:20:11 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 27 15:20:11 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jul 27 15:20:11 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 27 15:20:11 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Jul 27 15:20:11 2013 [sekretniy_server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Sat Jul 27 15:20:14 2013 SENT CONTROL [sekretniy_server]: 'PUSH_REQUEST' (status=1)
Sat Jul 27 15:20:14 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 192.168.101.1,topology net30,ping 5,ping-restart 15,ifconfig 192.168.101.6 192.168.101.5'
Sat Jul 27 15:20:14 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jul 27 15:20:14 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jul 27 15:20:14 2013 OPTIONS IMPORT: route options modified
Sat Jul 27 15:20:14 2013 ROUTE default_gateway=192.168.0.1
Sat Jul 27 15:20:14 2013 TUN/TAP device tun0 opened
Sat Jul 27 15:20:14 2013 TUN/TAP TX queue length set to 100
Sat Jul 27 15:20:14 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jul 27 15:20:14 2013 /sbin/ifconfig tun0 192.168.101.6 pointopoint 192.168.101.5 mtu 1500
Sat Jul 27 15:20:14 2013 /sbin/route add -net x.x.x.x netmask 255.255.255.255 gw 192.168.0.1
SIOCADDRT: File exists
Sat Jul 27 15:20:14 2013 ERROR: Linux route add command failed: external program exited with error status: 7
Sat Jul 27 15:20:14 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 192.168.101.5
Sat Jul 27 15:20:14 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 192.168.101.5
Sat Jul 27 15:20:14 2013 /sbin/route add -net 192.168.101.1 netmask 255.255.255.255 gw 192.168.101.5
Sat Jul 27 15:20:14 2013 GID set to nogroup
Sat Jul 27 15:20:14 2013 UID set to nobody
Sat Jul 27 15:20:14 2013 Initialization Sequence Completed
Sat Jul 27 15:20:15 2013 Replay-window backtrack occurred [1]
Sat Jul 27 15:20:40 2013 Replay-window backtrack occurred [3]
^CSat Jul 27 15:21:30 2013 event_wait : Interrupted system call (code=4)
Sat Jul 27 15:21:30 2013 TCP/UDP: Closing socket
Sat Jul 27 15:21:30 2013 /sbin/route del -net 192.168.101.1 netmask 255.255.255.255
SIOCDELRT: Operation not permitted
Sat Jul 27 15:21:30 2013 ERROR: Linux route delete command failed: external program exited with error status: 7
Sat Jul 27 15:21:30 2013 /sbin/route del -net x.x.x.x netmask 255.255.255.255
SIOCDELRT: Operation not permitted
Sat Jul 27 15:21:30 2013 ERROR: Linux route delete command failed: external program exited with error status: 7
Sat Jul 27 15:21:30 2013 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
SIOCDELRT: Operation not permitted
Sat Jul 27 15:21:30 2013 ERROR: Linux route delete command failed: external program exited with error status: 7
Sat Jul 27 15:21:30 2013 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
SIOCDELRT: Operation not permitted
Sat Jul 27 15:21:30 2013 ERROR: Linux route delete command failed: external program exited with error status: 7
Sat Jul 27 15:21:30 2013 Closing TUN/TAP interface
Sat Jul 27 15:21:30 2013 /sbin/ifconfig tun0 0.0.0.0
SIOCSIFADDR: Operation not permitted
SIOCSIFFLAGS: Operation not permitted
Sat Jul 27 15:21:30 2013 Linux ip addr del failed: external program exited with error status: 255
Sat Jul 27 15:21:30 2013 SIGINT[hard,] received, process exiting

user@toaster:/etc/openvpn$ sudo service openvpn stop
 * Stopping virtual private network daemon(s)...                                 *   Stopping VPN 'sekretniy_client1'                                        [ OK ] 
user@toaster:/etc/openvpn$ sudo openvpn ./sekretniy_client1.conf
Sat Jul 27 15:34:57 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 13 2013
Sat Jul 27 15:34:57 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jul 27 15:34:57 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Enter Private Key Password:
Sat Jul 27 15:35:02 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jul 27 15:35:02 2013 WARNING: file 'sekretniy_client1.key' is group or others accessible
Sat Jul 27 15:35:02 2013 Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jul 27 15:35:02 2013 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Jul 27 15:35:02 2013 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
Sat Jul 27 15:35:02 2013 Local Options hash (VER=V4): '2dd3fcaf'
Sat Jul 27 15:35:02 2013 Expected Remote Options hash (VER=V4): '8114d01c'
Sat Jul 27 15:35:02 2013 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Jul 27 15:35:02 2013 UDPv4 link local: [undef]
Sat Jul 27 15:35:02 2013 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Sat Jul 27 15:35:02 2013 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=cf85b138 3bab2486
Sat Jul 27 15:35:03 2013 VERIFY OK: depth=1, /C=CH/ST=CH/L=Zurich/O=Zurich/emailAddress=a@b.c
Sat Jul 27 15:35:03 2013 VERIFY OK: depth=0, /C=CH/ST=CH/L=Zurich/O=Zurich/OU=Office/CN=sekretniy_server/emailAddress=a@b.c
Sat Jul 27 15:35:05 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jul 27 15:35:05 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 27 15:35:05 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jul 27 15:35:05 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 27 15:35:05 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Jul 27 15:35:05 2013 [sekretniy_server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Sat Jul 27 15:35:07 2013 SENT CONTROL [sekretniy_server]: 'PUSH_REQUEST' (status=1)
Sat Jul 27 15:35:07 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 192.168.101.1,topology net30,ping 5,ping-restart 15,ifconfig 192.168.101.6 192.168.101.5'
Sat Jul 27 15:35:07 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jul 27 15:35:07 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jul 27 15:35:07 2013 OPTIONS IMPORT: route options modified
Sat Jul 27 15:35:07 2013 ROUTE default_gateway=192.168.0.1
Sat Jul 27 15:35:07 2013 TUN/TAP device tun0 opened
Sat Jul 27 15:35:07 2013 TUN/TAP TX queue length set to 100
Sat Jul 27 15:35:07 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jul 27 15:35:07 2013 /sbin/ifconfig tun0 192.168.101.6 pointopoint 192.168.101.5 mtu 1500
Sat Jul 27 15:35:07 2013 /sbin/route add -net x.x.x.x netmask 255.255.255.255 gw 192.168.0.1
SIOCADDRT: File exists
Sat Jul 27 15:35:07 2013 ERROR: Linux route add command failed: external program exited with error status: 7
Sat Jul 27 15:35:07 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 192.168.101.5
Sat Jul 27 15:35:07 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 192.168.101.5
Sat Jul 27 15:35:07 2013 /sbin/route add -net 192.168.101.1 netmask 255.255.255.255 gw 192.168.101.5
Sat Jul 27 15:35:07 2013 GID set to nogroup
Sat Jul 27 15:35:07 2013 UID set to nobody
Sat Jul 27 15:35:07 2013 Initialization Sequence Completed
Sat Jul 27 15:35:08 2013 Replay-window backtrack occurred [1]
Sat Jul 27 15:35:26 2013 Replay-window backtrack occurred [2]
Sat Jul 27 15:35:27 2013 Replay-window backtrack occurred [3]

user@toaster:~$ cd /etc/openvpn
user@toaster:/etc/openvpn$ sudo openvpn ./sekretniy_client1.conf
Sat Jul 27 16:13:14 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 13 2013
Sat Jul 27 16:13:14 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jul 27 16:13:14 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Enter Private Key Password:
Sat Jul 27 16:13:17 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jul 27 16:13:17 2013 WARNING: file 'sekretniy_client1.key' is group or others accessible
Sat Jul 27 16:13:17 2013 Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jul 27 16:13:17 2013 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Jul 27 16:13:17 2013 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
Sat Jul 27 16:13:17 2013 Local Options hash (VER=V4): '2dd3fcaf'
Sat Jul 27 16:13:17 2013 Expected Remote Options hash (VER=V4): '8114d01c'
Sat Jul 27 16:13:17 2013 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Jul 27 16:13:17 2013 UDPv4 link local: [undef]
Sat Jul 27 16:13:17 2013 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Sat Jul 27 16:13:17 2013 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=db285309 9c84db86
Sat Jul 27 16:13:18 2013 VERIFY OK: depth=1, /C=CH/ST=CH/L=Zurich/O=Zurich/emailAddress=a@b.c
Sat Jul 27 16:13:18 2013 VERIFY OK: depth=0, /C=CH/ST=CH/L=Zurich/O=Zurich/OU=Office/CN=sekretniy_server/emailAddress=a@b.c
Sat Jul 27 16:13:20 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jul 27 16:13:20 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 27 16:13:20 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jul 27 16:13:20 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 27 16:13:20 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Jul 27 16:13:20 2013 [sekretniy_server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Sat Jul 27 16:13:23 2013 SENT CONTROL [sekretniy_server]: 'PUSH_REQUEST' (status=1)
Sat Jul 27 16:13:23 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 192.168.101.1,topology net30,ping 5,ping-restart 15,ifconfig 192.168.101.6 192.168.101.5'
Sat Jul 27 16:13:23 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jul 27 16:13:23 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jul 27 16:13:23 2013 OPTIONS IMPORT: route options modified
Sat Jul 27 16:13:23 2013 ROUTE default_gateway=192.168.0.1
Sat Jul 27 16:13:23 2013 TUN/TAP device tun0 opened
Sat Jul 27 16:13:23 2013 TUN/TAP TX queue length set to 100
Sat Jul 27 16:13:23 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jul 27 16:13:23 2013 /sbin/ifconfig tun0 192.168.101.6 pointopoint 192.168.101.5 mtu 1500
Sat Jul 27 16:13:23 2013 /sbin/route add -net x.x.x.x netmask 255.255.255.255 gw 192.168.0.1
Sat Jul 27 16:13:23 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 192.168.101.5
Sat Jul 27 16:13:23 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 192.168.101.5
Sat Jul 27 16:13:23 2013 /sbin/route add -net 192.168.101.1 netmask 255.255.255.255 gw 192.168.101.5
Sat Jul 27 16:13:23 2013 GID set to nogroup
Sat Jul 27 16:13:23 2013 UID set to nobody
Sat Jul 27 16:13:23 2013 Initialization Sequence Completed
Sat Jul 27 16:13:24 2013 Replay-window backtrack occurred [1]

eth0 MTU:1500
lo MTU:65536
tun0 MTU:1500

push "redirect-gateway def1 bypass-dhcp"

0.0.0.0/1 via 192.168.101.5 dev tun0 
default via 192.168.0.1 dev eth0  proto static 
x.x.x.x via 192.168.0.1 dev eth0 
128.0.0.0/1 via 192.168.101.5 dev tun0 
169.254.0.0/16 dev eth0  scope link  metric 1000 
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.102  metric 1 
192.168.101.1 via 192.168.101.5 dev tun0 
192.168.101.5 dev tun0  proto kernel  scope link  src 192.168.101.6 

up route add default via 192.168.0.1 dev eth0 proto static

default         dir-300         0.0.0.0         UG    0      0        0 eth0
link-local      *               255.255.0.0     U     1000   0        0 eth0
192.168.0.0     *               255.255.255.0   U     1      0        0 eth0

default         192.168.101.5   128.0.0.0       UG    0      0        0 tun0
default         dir-300         0.0.0.0         UG    0      0        0 eth0
70-50-235-37.st dir-300         255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       192.168.101.5   128.0.0.0       UG    0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 eth0
192.168.0.0     *               255.255.255.0   U     1      0        0 eth0
192.168.101.1   192.168.101.5   255.255.255.255 UGH   0      0        0 tun0
192.168.101.5   *               255.255.255.255 UH    0      0        0 tun0