LINUX.ORG.RU
ФорумGeneral

Помогите разобраться с VPN

 


0

1

Доброго времени суток. Возникла задача получить удаленный доступ к ресурсам сети извне. Решил использовать openVPN. Все делал согласно вот этой инструкции https://habr.com/ru/post/233971/.

Не судите строго ибо в линуксах не особо разбираюсь ))

Дошел до шага «Проверка результата запуска демона OpenVPN» однако меня смущают логи и статусы. Для начала выложу конфиг server.conf

dh /etc/openvpn/dh.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/serv.crt
key /etc/openvpn/serv.key
crl-verify /etc/openvpn/crl.pem
tls-auth /etc/openvpn/ta.key 0
server 192.168.50.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
client-to-client
topology subnet
#max-clients 5

push "dhcp-option DNS 192.168.50.1"
route 192.168.50.0 255.255.255.0

comp-lzo
keepalive 10 120

status /var/log/openvpn/openvpn-status.log 1
status-version 3
log-append /var/log/openvpn/openvpn-server.log
verb 9
mute 1

После запуска службы командой sudo service openvpn start вроде все запустилось и при проверке статуса выводит следующее…

sudo service openvpn status 
● openvpn.service - OpenVPN service
   Loaded: loaded (/lib/systemd/system/openvpn.service; disabled; vendor preset: enabled)
   Active: active (exited) since Tue 2020-07-28 08:38:47 UTC; 3min 19s ago
  Process: 2859 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 2859 (code=exited, status=0/SUCCESS)

Jul 28 08:38:47 zeus systemd[1]: Starting OpenVPN service...
Jul 28 08:38:47 zeus systemd[1]: Started OpenVPN service.

Cодержимое лога статуса на момент работы службы таково:

sudo cat openvpn-status.log 
TITLE	OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
TIME	Tue Jul 28 08:43:54 2020	1595925834
HEADER	CLIENT_LIST	Common Name	Real Address	Virtual Address	Virtual IPv6 Address	Bytes Received	Bytes Sent	Connected Since	Connected Since (time_t)	Username	Client ID	Peer ID
HEADER	ROUTING_TABLE	Virtual Address	Common Name	Real Address	Last Ref	Last Ref (time_t)
GLOBAL_STATS	Max bcast/mcast queue length	0
END

Такое ощущение что в нем нехватает данных…

Основной треш начинается в логе openvpn-server.log Он довольно избыточен поэтому представлю его в 2х версиях КРАТКАЯ

Tue Jul 28 08:54:18 2020 us=436692 Current Parameter Settings:
Tue Jul 28 08:54:18 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Tue Jul 28 08:54:18 2020 us=436742 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Tue Jul 28 08:54:18 2020 us=436765 285 variation(s) on previous 1 message(s) suppressed by --mute
Tue Jul 28 08:54:18 2020 us=436777 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Tue Jul 28 08:54:18 2020 us=436791 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Tue Jul 28 08:54:18 2020 us=436884 PKCS#11: pkcs11_initialize - entered
Tue Jul 28 08:54:18 2020 us=436925 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Jul 28 08:54:18 2020 us=437029 1 variation(s) on previous 1 message(s) suppressed by --mute
Tue Jul 28 08:54:18 2020 us=437043 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Jul 28 08:54:18 2020 Diffie-Hellman initialized with 2048 bit key
Tue Jul 28 08:54:18 2020 us=437243 Diffie-Hellman initialized with 2048 bit key
Tue Jul 28 08:54:18 2020 us=437607 PRNG init md=SHA1 size=36
Tue Jul 28 08:54:18 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:18 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:18 2020 us=437705 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:18 2020 us=437723 Outgoing Control Channel Authentication: HMAC KEY: cc64e4e9 4eb53319 8eee8b58 7d4e9cb1 af615fdc
Tue Jul 28 08:54:18 2020 us=437732 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 us=437744 1 variation(s) on previous 1 message(s) suppressed by --mute
Tue Jul 28 08:54:18 2020 us=437753 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:18 2020 us=437766 Incoming Control Channel Authentication: HMAC KEY: ec26a0a4 55be4fb2 ce0f3677 2acefa15 5d31e657
Tue Jul 28 08:54:18 2020 us=437774 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 us=437791 2 variation(s) on previous 1 message(s) suppressed by --mute
Tue Jul 28 08:54:18 2020 us=437801 TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Tue Jul 28 08:54:18 2020 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp2s0 HWADDR=fc:aa:14:01:c2:c0
Tue Jul 28 08:54:18 2020 us=437810 MTU DYNAMIC mtu=1450, flags=2, 1622 -> 1450
Tue Jul 28 08:54:18 2020 us=438170 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp2s0 HWADDR=fc:aa:14:01:c2:c0
Tue Jul 28 08:54:18 2020 us=438314 TUN/TAP device tun1 opened
Tue Jul 28 08:54:18 2020 us=438333 TUN/TAP TX queue length set to 100
Tue Jul 28 08:54:18 2020 us=438344 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 28 08:54:18 2020 us=438354 /sbin/ip link set dev tun1 up mtu 1500
Tue Jul 28 08:54:18 2020 TUN/TAP device tun0 opened
Tue Jul 28 08:54:18 2020 TUN/TAP TX queue length set to 100
Tue Jul 28 08:54:18 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 28 08:54:18 2020 /sbin/ip link set dev tun0 up mtu 1500
Tue Jul 28 08:54:18 2020 us=438561 PKCS#11: __pkcs11h_forkFixup entry pid=5054, activate_slotevent=1
Tue Jul 28 08:54:18 2020 us=438591 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 us=439294 /sbin/ip addr add dev tun1 192.168.50.1/24 broadcast 192.168.50.255
Tue Jul 28 08:54:18 2020 us=439567 PKCS#11: __pkcs11h_forkFixup entry pid=5058, activate_slotevent=1
Tue Jul 28 08:54:18 2020 us=439597 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 us=441187 /sbin/ip route add 192.168.50.0/24 via 192.168.50.2
Tue Jul 28 08:54:18 2020 us=441378 PKCS#11: __pkcs11h_forkFixup entry pid=5061, activate_slotevent=1
Tue Jul 28 08:54:18 2020 us=441415 NOTE: --mute triggered...
RTNETLINK answers: File exists
Tue Jul 28 08:54:18 2020 us=441977 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Jul 28 08:54:18 2020 us=441999 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Tue Jul 28 08:54:18 2020 /sbin/ip addr add dev tun0 192.168.50.1/24 broadcast 192.168.50.255
Tue Jul 28 08:54:18 2020 us=442261 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Jul 28 08:54:18 2020 us=442278 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jul 28 08:54:18 2020 us=442289 UDPv4 link local (bound): [AF_INET][undef]:1194
Tue Jul 28 08:54:18 2020 us=442295 UDPv4 link remote: [AF_UNSPEC]
Tue Jul 28 08:54:18 2020 us=442302 GID set to openvpn
Tue Jul 28 08:54:18 2020 us=442314 UID set to openvpn
Tue Jul 28 08:54:18 2020 us=442324 MULTI: multi_init called, r=256 v=256
Tue Jul 28 08:54:18 2020 us=442346 IFCONFIG POOL: base=192.168.50.2 size=252, ipv6=0
Tue Jul 28 08:54:18 2020 us=442359 PO_INIT maxevents=4 flags=0x00000002
Tue Jul 28 08:54:18 2020 us=442885 Initialization Sequence Completed
Tue Jul 28 08:54:18 2020 us=442898 SCHEDULE: schedule_find_least NULL
Tue Jul 28 08:54:18 2020 us=442904 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 /sbin/ip route add 192.168.50.0/24 via 192.168.50.2
RTNETLINK answers: File exists
Tue Jul 28 08:54:18 2020 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Jul 28 08:54:18 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jul 28 08:54:18 2020 TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98)
Tue Jul 28 08:54:18 2020 Exiting due to fatal error
Tue Jul 28 08:54:18 2020 Closing TUN/TAP interface
Tue Jul 28 08:54:18 2020 /sbin/ip addr del dev tun0 192.168.50.1/24

ПОЛНАЯ


Tue Jul 28 08:54:18 2020 us=436692 Current Parameter Settings:
Tue Jul 28 08:54:18 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Tue Jul 28 08:54:18 2020 us=436742 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Tue Jul 28 08:54:18 2020 us=436765 285 variation(s) on previous 1 message(s) suppressed by --mute
Tue Jul 28 08:54:18 2020 us=436777 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Tue Jul 28 08:54:18 2020 us=436791 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Tue Jul 28 08:54:18 2020 us=436884 PKCS#11: pkcs11_initialize - entered
Tue Jul 28 08:54:18 2020 us=436925 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Jul 28 08:54:18 2020 us=437029 1 variation(s) on previous 1 message(s) suppressed by --mute
Tue Jul 28 08:54:18 2020 us=437043 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Jul 28 08:54:18 2020 Diffie-Hellman initialized with 2048 bit key
Tue Jul 28 08:54:18 2020 us=437243 Diffie-Hellman initialized with 2048 bit key
Tue Jul 28 08:54:18 2020 us=437607 PRNG init md=SHA1 size=36
Tue Jul 28 08:54:18 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:18 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:18 2020 us=437705 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:18 2020 us=437723 Outgoing Control Channel Authentication: HMAC KEY: cc64e4e9 4eb53319 8eee8b58 7d4e9cb1 af615fdc
Tue Jul 28 08:54:18 2020 us=437732 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 us=437744 1 variation(s) on previous 1 message(s) suppressed by --mute
Tue Jul 28 08:54:18 2020 us=437753 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:18 2020 us=437766 Incoming Control Channel Authentication: HMAC KEY: ec26a0a4 55be4fb2 ce0f3677 2acefa15 5d31e657
Tue Jul 28 08:54:18 2020 us=437774 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 us=437791 2 variation(s) on previous 1 message(s) suppressed by --mute
Tue Jul 28 08:54:18 2020 us=437801 TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Tue Jul 28 08:54:18 2020 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp2s0 HWADDR=fc:aa:14:01:c2:c0
Tue Jul 28 08:54:18 2020 us=437810 MTU DYNAMIC mtu=1450, flags=2, 1622 -> 1450
Tue Jul 28 08:54:18 2020 us=438170 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp2s0 HWADDR=fc:aa:14:01:c2:c0
Tue Jul 28 08:54:18 2020 us=438314 TUN/TAP device tun1 opened
Tue Jul 28 08:54:18 2020 us=438333 TUN/TAP TX queue length set to 100
Tue Jul 28 08:54:18 2020 us=438344 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 28 08:54:18 2020 us=438354 /sbin/ip link set dev tun1 up mtu 1500
Tue Jul 28 08:54:18 2020 TUN/TAP device tun0 opened
Tue Jul 28 08:54:18 2020 TUN/TAP TX queue length set to 100
Tue Jul 28 08:54:18 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 28 08:54:18 2020 /sbin/ip link set dev tun0 up mtu 1500
Tue Jul 28 08:54:18 2020 us=438561 PKCS#11: __pkcs11h_forkFixup entry pid=5054, activate_slotevent=1
Tue Jul 28 08:54:18 2020 us=438591 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 us=439294 /sbin/ip addr add dev tun1 192.168.50.1/24 broadcast 192.168.50.255
Tue Jul 28 08:54:18 2020 us=439567 PKCS#11: __pkcs11h_forkFixup entry pid=5058, activate_slotevent=1
Tue Jul 28 08:54:18 2020 us=439597 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 us=441187 /sbin/ip route add 192.168.50.0/24 via 192.168.50.2
Tue Jul 28 08:54:18 2020 us=441378 PKCS#11: __pkcs11h_forkFixup entry pid=5061, activate_slotevent=1
Tue Jul 28 08:54:18 2020 us=441415 NOTE: --mute triggered...
RTNETLINK answers: File exists
Tue Jul 28 08:54:18 2020 us=441977 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Jul 28 08:54:18 2020 us=441999 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Tue Jul 28 08:54:18 2020 /sbin/ip addr add dev tun0 192.168.50.1/24 broadcast 192.168.50.255
Tue Jul 28 08:54:18 2020 us=442261 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Jul 28 08:54:18 2020 us=442278 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jul 28 08:54:18 2020 us=442289 UDPv4 link local (bound): [AF_INET][undef]:1194
Tue Jul 28 08:54:18 2020 us=442295 UDPv4 link remote: [AF_UNSPEC]
Tue Jul 28 08:54:18 2020 us=442302 GID set to openvpn
Tue Jul 28 08:54:18 2020 us=442314 UID set to openvpn
Tue Jul 28 08:54:18 2020 us=442324 MULTI: multi_init called, r=256 v=256
Tue Jul 28 08:54:18 2020 us=442346 IFCONFIG POOL: base=192.168.50.2 size=252, ipv6=0
Tue Jul 28 08:54:18 2020 us=442359 PO_INIT maxevents=4 flags=0x00000002
Tue Jul 28 08:54:18 2020 us=442885 Initialization Sequence Completed
Tue Jul 28 08:54:18 2020 us=442898 SCHEDULE: schedule_find_least NULL
Tue Jul 28 08:54:18 2020 us=442904 NOTE: --mute triggered...
Tue Jul 28 08:54:18 2020 /sbin/ip route add 192.168.50.0/24 via 192.168.50.2
RTNETLINK answers: File exists
Tue Jul 28 08:54:18 2020 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Jul 28 08:54:18 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jul 28 08:54:18 2020 TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98)
Tue Jul 28 08:54:18 2020 Exiting due to fatal error
Tue Jul 28 08:54:18 2020 Closing TUN/TAP interface
Tue Jul 28 08:54:18 2020 /sbin/ip addr del dev tun0 192.168.50.1/24
Tue Jul 28 08:54:23 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Tue Jul 28 08:54:23 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Tue Jul 28 08:54:23 2020 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Jul 28 08:54:23 2020 Diffie-Hellman initialized with 2048 bit key
Tue Jul 28 08:54:23 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:23 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:23 2020 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp2s0 HWADDR=fc:aa:14:01:c2:c0
Tue Jul 28 08:54:23 2020 TUN/TAP device tun0 opened
Tue Jul 28 08:54:23 2020 TUN/TAP TX queue length set to 100
Tue Jul 28 08:54:23 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 28 08:54:23 2020 /sbin/ip link set dev tun0 up mtu 1500
Tue Jul 28 08:54:23 2020 /sbin/ip addr add dev tun0 192.168.50.1/24 broadcast 192.168.50.255
Tue Jul 28 08:54:23 2020 /sbin/ip route add 192.168.50.0/24 via 192.168.50.2
RTNETLINK answers: File exists
Tue Jul 28 08:54:23 2020 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Jul 28 08:54:23 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jul 28 08:54:23 2020 TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98)
Tue Jul 28 08:54:23 2020 Exiting due to fatal error
Tue Jul 28 08:54:23 2020 Closing TUN/TAP interface
Tue Jul 28 08:54:23 2020 /sbin/ip addr del dev tun0 192.168.50.1/24
Tue Jul 28 08:54:28 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Tue Jul 28 08:54:28 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Tue Jul 28 08:54:28 2020 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Jul 28 08:54:28 2020 Diffie-Hellman initialized with 2048 bit key
Tue Jul 28 08:54:28 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:28 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:28 2020 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp2s0 HWADDR=fc:aa:14:01:c2:c0
Tue Jul 28 08:54:28 2020 TUN/TAP device tun0 opened
Tue Jul 28 08:54:28 2020 TUN/TAP TX queue length set to 100
Tue Jul 28 08:54:28 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 28 08:54:28 2020 /sbin/ip link set dev tun0 up mtu 1500
Tue Jul 28 08:54:28 2020 /sbin/ip addr add dev tun0 192.168.50.1/24 broadcast 192.168.50.255
Tue Jul 28 08:54:28 2020 /sbin/ip route add 192.168.50.0/24 via 192.168.50.2
RTNETLINK answers: File exists
Tue Jul 28 08:54:28 2020 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Jul 28 08:54:28 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jul 28 08:54:28 2020 TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98)
Tue Jul 28 08:54:28 2020 Exiting due to fatal error
Tue Jul 28 08:54:28 2020 Closing TUN/TAP interface
Tue Jul 28 08:54:28 2020 /sbin/ip addr del dev tun0 192.168.50.1/24
Tue Jul 28 08:54:34 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Tue Jul 28 08:54:34 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Tue Jul 28 08:54:34 2020 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Jul 28 08:54:34 2020 Diffie-Hellman initialized with 2048 bit key
Tue Jul 28 08:54:34 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:34 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 28 08:54:34 2020 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp2s0 HWADDR=fc:aa:14:01:c2:c0
Tue Jul 28 08:54:34 2020 TUN/TAP device tun0 opened
Tue Jul 28 08:54:34 2020 TUN/TAP TX queue length set to 100
Tue Jul 28 08:54:34 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 28 08:54:34 2020 /sbin/ip link set dev tun0 up mtu 1500
Tue Jul 28 08:54:34 2020 /sbin/ip addr add dev tun0 192.168.50.1/24 broadcast 192.168.50.255
Tue Jul 28 08:54:34 2020 /sbin/ip route add 192.168.50.0/24 via 192.168.50.2
RTNETLINK answers: File exists
Tue Jul 28 08:54:34 2020 ERROR: Linux route add command failed: external program exited with error status: 2
Tue Jul 28 08:54:34 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jul 28 08:54:34 2020 TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address already in use (errno=98)
Tue Jul 28 08:54:34 2020 Exiting due to fatal error
Tue Jul 28 08:54:34 2020 Closing TUN/TAP interface
Tue Jul 28 08:54:34 2020 /sbin/ip addr del dev tun0 192.168.50.1/24

Так же удивляет тот факт что вместо tun0 поднимается tun1. ну и напрягают эти самые ERRORы и faildы в логе. Подскажите где я мог накосячить и вообще в какую сторону копать. Спасибо



Последнее исправление: Empiric-85 (всего исправлений: 2)
Высокочастотный писк
Message from IP address 127.0.0.1, sender <user@computer> rejected: sender domain does not exist

Тут надо бы проверить как демон запускатся. Возможно надо писать что-то типа sudo systemctl start openvpn@server. Чтобы это точно понять, стоит написать какой дистр стоит и что написано в /lib/systemd/system/openvpn@.service

ionanahin ★★★
()
Ответ на: комментарий от ionanahin

Дистрибутив ubuntu server 18.04.4 LTS По системД (о чем вы писали) /lib/systemd/system/openvpn@.service

[Unit]
Description=OpenVPN connection to %i
PartOf=openvpn.service
ReloadPropagatedFrom=openvpn.service
Before=systemd-user-sessions.service
After=network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO

[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn
ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid
PIDFile=/run/openvpn/%i.pid
KillMode=process
ExecReload=/bin/kill -HUP $MAINPID
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
RestartSec=5s
Restart=on-failure

[Install]
WantedBy=multi-user.target
Empiric-85
() автор топика
Ответ на: комментарий от Empiric-85

ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid

Из этого следует, что в /etc/openvpn/ должен лежать server.conf и запускать нужно командой

sudo systemctl start openvpn@server

ionanahin ★★★
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Высокочастотный писк
General
Message from IP address 127.0.0.1, sender <user@computer> rejected: sender domain does not exist