LINUX.ORG.RU

Сообщения grandlovelace

 

OpenVPN - помогите разобраться

Форум — Security

Здравствуйте. Решил недавно арендовать VPS (Centos 7 / KVM) и поднять на нем openvpn. Однако нормальных статьей на эту тему не нашел, а сам я чайник, поднял на основе автоматического скрипта: https://github.com/Angristan/OpenVPN-install

Из за того что в нашей стране заблокировано практически все и очень жесткий контроль, работает только TCP и то порт подобрал 7654 для надежности.

С ios и андроид телефонов все ок. Коннектится быстро и без проблем.

Теперь проблема вот в чем: С компа windows 7/10 и macos никак не хочет коннектится. У меня на windows 10 еще стоит expressvpn (который как выяснилось тоже на базе openvpn) и когда он подключен то иногда коннетится мой созданный профиль ovpn , а вот самостоятельно никак.

Лог с работающего VPN на iOS:

2018-06-14 23:06:48 Connecting to [185.211.246.254]:9876 (185.211.246.254) via TCPv4

2018-06-14 23:06:48 EVENT: CONNECTING

2018-06-14 23:06:48 Tunnel Options:V4,dev-type tun,link-mtu 1571,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client

2018-06-14 23:06:48 Creds: UsernameEmpty/PasswordEmpty

2018-06-14 23:06:48 Peer Info:

IV_GUI_VER=net.openvpn.connect.ios 1.2.9-0

IV_VER=3.2

IV_PLAT=ios

IV_NCP=2

IV_TCPNL=1

IV_PROTO=2

IV_IPv6=0

IV_AUTO_SESS=1

2018-06-14 23:06:48 VERIFY OK : depth=1

cert. version : 3

serial number : F1:53:7F:6B:90:DE:18:D5

issuer name : CN=cn_AOht7vBOQqi8sQP2

subject name : CN=cn_AOht7vBOQqi8sQP2

issued on : 2018-06-12 23:03:17

expires on : 2028-06-09 23:03:17

signed using : RSA with SHA-256

RSA key size : 2048 bits

basic constraints : CA=true

key usage : Key Cert Sign, CRL Sign

2018-06-14 23:06:48 VERIFY OK : depth=0

cert. version : 3

serial number : 16:A2:93:35:59:65:65:93:7C:64:91:41:C0:D9:E0:79

issuer name : CN=cn_AOht7vBOQqi8sQP2

subject name : CN=server_FJeTp2kp8adTaTvQ

issued on : 2018-06-12 23:04:08

expires on : 2028-06-09 23:04:08

signed using : RSA with SHA-256

RSA key size : 2048 bits

basic constraints : CA=false

subject alt name : server_FJeTp2kp8adTaTvQ

key usage : Digital Signature, Key Encipherment

ext key usage : TLS Web Server Authentication

2018-06-14 23:06:49 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-128-GCM-SHA256

2018-06-14 23:06:49 Session is ACTIVE

2018-06-14 23:06:49 EVENT: GET_CONFIG

2018-06-14 23:06:49 Sending PUSH_REQUEST to server...

2018-06-14 23:06:49 OPTIONS:

0 [dhcp-option] [DNS] [8.8.8.8]

1 [dhcp-option] [DNS] [8.8.4.4]

2 [redirect-gateway] [def1] [bypass-dhcp]

3 [route-gateway] [10.8.0.1]

4 [topology] [subnet]

5 [ping] [10]

6 [ping-restart] [120]

7 [ifconfig] [10.8.0.2] [255.255.255.0]

8 [peer-id] [0]

9 [cipher] [AES-256-GCM]

10 [block-ipv6]

2018-06-14 23:06:49 PROTOCOL OPTIONS:

cipher: AES-256-GCM

digest: SHA256

compress: NONE

peer ID: 0

2018-06-14 23:06:49 EVENT: ASSIGN_IP

2018-06-14 23:06:49 NIP: preparing TUN network settings

2018-06-14 23:06:49 NIP: init TUN network settings with endpoint: 185.211.246.254

2018-06-14 23:06:49 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0

2018-06-14 23:06:49 NIP: adding (included) IPv4 route 10.8.0.0/24

2018-06-14 23:06:49 NIP: redirecting all IPv4 traffic to TUN interface

2018-06-14 23:06:49 NIP: adding DNS 8.8.8.8

2018-06-14 23:06:49 NIP: adding DNS 8.8.4.4

2018-06-14 23:06:49 NIP: blocking all IPv6 traffic - not supported

2018-06-14 23:06:49 Connected via NetworkExtensionTUN

2018-06-14 23:06:49 EVENT: CONNECTED @185.211.246.254:9876 (185.211.246.254) via /TCPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

Вот лог windows 10 без express vpn:

Thu Jun 14 22:55:22 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018

Thu Jun 14 22:55:22 2018 Windows version 6.2 (Windows 8 or greater) 64bit

Thu Jun 14 22:55:22 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

Thu Jun 14 22:55:22 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25347

Thu Jun 14 22:55:22 2018 Need hold release from management interface, waiting...

Thu Jun 14 22:55:22 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25347

Thu Jun 14 22:55:22 2018 MANAGEMENT: CMD 'state on'

Thu Jun 14 22:55:22 2018 MANAGEMENT: CMD 'log all on'

Thu Jun 14 22:55:22 2018 MANAGEMENT: CMD 'echo all on'

Thu Jun 14 22:55:22 2018 MANAGEMENT: CMD 'bytecount 5'

Thu Jun 14 22:55:22 2018 MANAGEMENT: CMD 'hold off'

Thu Jun 14 22:55:22 2018 MANAGEMENT: CMD 'hold release'

Thu Jun 14 22:55:22 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication

Thu Jun 14 22:55:22 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication

Thu Jun 14 22:55:22 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]185.211.246.254:9876

Thu Jun 14 22:55:22 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]

Thu Jun 14 22:55:22 2018 Attempting to establish TCP connection with [AF_INET]185.211.246.254:9876 [nonblock]

Thu Jun 14 22:55:22 2018 MANAGEMENT:

STATE:1528998922,TCP_CONNECT,,,,,,

Thu Jun 14 22:55:23 2018 TCP connection established with [AF_INET]185.211.246.254:9876

Thu Jun 14 22:55:23 2018 TCP_CLIENT link local: (not bound)

Thu Jun 14 22:55:23 2018 TCP_CLIENT link remote: [AF_INET]185.211.246.254:9876

Thu Jun 14 22:55:23 2018 MANAGEMENT: >STATE:1528998923,WAIT,,,,,,

Thu Jun 14 22:55:23 2018 MANAGEMENT: >STATE:1528998923,AUTH,,,,,,

Thu Jun 14 22:55:23 2018 TLS: Initial packet from [AF_INET]185.211.246.254:9876, sid=94670892 1f4bb1c2

Thu Jun 14 22:55:24 2018 Connection reset, restarting [-1]

Thu Jun 14 22:55:24 2018 SIGUSR1[soft,connection-reset] received, process restarting

Thu Jun 14 22:55:24 2018 MANAGEMENT: >STATE:1528998924,RECONNECTING,connection-reset,,,,,

Thu Jun 14 22:55:24 2018 Restart pause, 5 second(s)

Вот конфигурация самого профиля (клиентовского):

client
proto tcp-client
remote 185.211.246.254 9876
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_FJeTp2kp8adTaTvQ name
auth SHA256
auth-nocache
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
ТУТ СЕРТИФИКАТ
-----END CERTIFICATE-----
</ca>
<cert>
ТУТ СЕРТИФИКАТ
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
ТУТ КЛЮЧ
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
КЛЮЧ
</tls-auth>

Настройка со стороны сервера /etc/openvpn/server.conf

port 9876
proto tcp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 1800 3600
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push «dhcp-option DNS 8.8.8.8»
push «dhcp-option DNS 8.8.4.4»
push «redirect-gateway def1 bypass-dhcp»
crl-verify crl.pem
ca ca.crt
cert server_FJeTp2kp8adTaTvQ.crt
key server_FJeTp2kp8adTaTvQ.key
tls-auth tls-auth.key 0
dh dh.pem
auth SHA256
cipher AES-128-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status openvpn.log
verb 3

Помогите пожалуйста настроить под windows 10! Очень прошу Вас!

 

grandlovelace
()
25 комментариев

RSS подписка на новые темы