OpenVPN-клиент "пропадает" посл

Post new topic   Reply to topic    DD-WRT Forum Index -> Использование и установка DD-WRT
Author Message
nvr258852
DD-WRT Novice


Joined: 19 Apr 2018
Posts: 1

PostPosted: Thu Apr 19, 2018 13:26    Post subject: OpenVPN-клиент "пропадает" посл Reply with quote
Доброго времени суток!
Имеются два роутера ASUS RT-N10U с прошивкой DD-WRT v24-sp2 (03/25/13) vpn.
Один сконфигурирован как сервер, другой - как клиент. Все делается в рамках учебного задания, поэтому все в пределах локальной сети.
IP сервера 192.168.2.1/24
IP клиента 192.168.2.2/24
VPN раздает IP из подсети 10.8.0.0/24

Настройки сервера:
OpenVPN Server/Daemon
OpenVPN: Enable
Start Type: WAN Up
Config as: Daemon
Additional Config:
Code:
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.2.1 255.255.255.255"

server 10.8.0.0 255.255.255.0

dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

comp-lzo

management localhost 16</code>
Administration - Commands - Firewall:
<code>iptables -I INPUT 1 -p udp -dport 1194 -j ACCEPT
iptables -I FORWARD 1 -source 192.168.2.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT


Настройки клиента:


Конфигурация клиента имеет следующий вид:
Code:
client
dev tun
proto tcp
remote 192.168.2.1 1194
resolv-retry infinite
nobind
persist-key
persist-tun

ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
ns-cert-type server

comp-lzo
verb 4

При запуске клиента, он пропадает (ни по 192.168.2.2, ни по 10.8.0.6 подключиться нельзя
На клиенте успеваю наблюдать следующее в Status - OpenVPN:

State
Code:
Server: : Local Address: Remote Address: Client: AUTH: Local Address: Remote Address:

Log
Code:
Serverlog Clientlog 20180419 19:02:36 Current Parameter Settings:
20180419 19:02:36 config = '/tmp/openvpncl/openvpn.conf'
20180419 19:02:36 mode = 0
20180419 19:02:36 NOTE: --mute triggered...
20180419 19:02:36 270 variation(s) on previous 3 message(s) suppressed by --mute
20180419 19:02:36 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20180419 19:02:36 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20180419 19:02:36 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180419 19:02:37 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20180419 19:02:37 LZO compression initialized
20180419 19:02:37 Control Channel MTU parms [ L:1540 D:140 EF:40 EB:0 ET:0 EL:0 ]
20180419 19:02:37 Socket Buffers: R=[87380->131072] S=[16384->131072]
20180419 19:02:37 Data Channel MTU parms [ L:1540 D:1450 EF:40 EB:135 ET:0 EL:0 AF:3/1 ]
20180419 19:02:37 Local Options String: 'V4 dev-type tun link-mtu 1540 tun-mtu 1500 proto TCPv4_CLIENT comp-lzo cipher BF-CBC auth MD5 keysize 128 key-method 2 tls-client'
20180419 19:02:37 Expected Remote Options String: 'V4 dev-type tun link-mtu 1540 tun-mtu 1500 proto TCPv4_SERVER comp-lzo cipher BF-CBC auth MD5 keysize 128 key-method 2 tls-server'
20180419 19:02:37 Local Options hash (VER=V4): 'a4a8100a'
20180419 19:02:37 Expected Remote Options hash (VER=V4): 'f457ea0a'
20180419 19:02:37 I Attempting to establish TCP connection with [AF_INET]192.168.2.1:1194 [nonblock]
20180419 19:02:38 I TCP connection established with [AF_INET]192.168.2.1:1194
20180419 19:02:38 I TCPv4_CLIENT link local: [undef]
20180419 19:02:38 I TCPv4_CLIENT link remote: [AF_INET]192.168.2.1:1194
20180419 19:02:38 TLS: Initial packet from [AF_INET]192.168.2.1:1194 sid=a8835141 01ca3bb0
20180419 19:02:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180419 19:02:39 D MANAGEMENT: CMD 'state'
20180419 19:02:39 MANAGEMENT: Client disconnected
20180419 19:02:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180419 19:02:39 D MANAGEMENT: CMD 'state'
20180419 19:02:39 MANAGEMENT: Client disconnected
20180419 19:02:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180419 19:02:39 D MANAGEMENT: CMD 'state'
20180419 19:02:39 MANAGEMENT: Client disconnected
20180419 19:02:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180419 19:02:39 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00 

после этого доступ теряется

На сервере:
State
Code:
Server: : Local Address: Remote Address: Client: CONNECTED: SUCCESS Local Address: 10.8.0.1 Remote Address:

Log
Code:
Serverlog Clientlog 20180419 19:01:47 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20180419 19:01:47 W NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
20180419 19:01:51 I TUN/TAP device tun0 opened
20180419 19:01:51 I do_ifconfig tt->ipv6=0 tt->did_ifconfig_ipv6_setup=0
20180419 19:01:51 I /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
20180419 19:01:51 W WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info.
20180419 19:01:51 W WARNING: Failed running command (--route-up): external program fork failed
20180419 19:01:51 I Listening for incoming TCP connection on [undef]
20180419 19:01:51 I TCPv4_SERVER link local (bound): [undef]
20180419 19:01:51 I TCPv4_SERVER link remote: [undef]
20180419 19:01:51 I Initialization Sequence Completed
20180419 19:02:46 I TCP connection established with [AF_INET]192.168.2.2:32835
20180419 19:02:59 W 192.168.2.2:32835 WARNING: 'link-mtu' is used inconsistently local='link-mtu 1544' remote='link-mtu 1540'
20180419 19:02:59 W 192.168.2.2:32835 WARNING: 'auth' is used inconsistently local='auth SHA1' remote='auth MD5'
20180419 19:02:59 I 192.168.2.2:32835 [client1] Peer Connection Initiated with [AF_INET]192.168.2.2:32835
20180419 19:02:59 I client1/192.168.2.2:32835 MULTI_sva: pool returned IPv4=10.8.0.6 IPv6=(Not enabled)
20180419 19:03:01 I client1/192.168.2.2:32835 send_push_reply(): safe_cap=940
19700101 00:00:00


Code:
cat /tmp/var/log/messages
на сервере:

Code:
Apr 19 19:01:10 DD-WRT user.debug syslog: ttraff: data collection started
Apr 19 19:01:43 DD-WRT user.info syslog: klogd : kernel log daemon successfully stopped
Apr 19 19:01:43 DD-WRT user.info syslog: ttraff : traffic counter daemon successfully stopped
Apr 19 19:01:43 DD-WRT user.info syslog: dnsmasq : dnsmasq daemon successfully stopped
Apr 19 19:01:43 DD-WRT user.info syslog: telnetd : telnet daemon successfully stopped
Apr 19 19:01:43 DD-WRT kern.notice kernel: klogd: exiting
Apr 19 19:01:45 DD-WRT user.info syslog: klogd : kernel log daemon successfully stopped
Apr 19 19:01:45 DD-WRT user.info syslog: syslogd : syslog daemon successfully stopped
Apr 19 19:01:45 DD-WRT user.info syslog: ttraff : traffic counter daemon successfully started
Apr 19 19:01:45 DD-WRT user.info syslog: telnetd : telnet daemon successfully started
Apr 19 19:01:45 DD-WRT user.info syslog: openvpn : OpenVPN daemon (Server) starting/restarting...
Apr 19 19:01:45 DD-WRT syslog.info syslogd exiting
Apr 19 19:01:45 DD-WRT syslog.info syslogd started: BusyBox v1.21.0
Apr 19 19:01:45 DD-WRT syslog.info syslogd started: BusyBox v1.21.0
Apr 19 19:01:45 DD-WRT kern.notice kernel: klogd started: BusyBox v1.21.0 (2013-03-25 02:54:18 CET)
Apr 19 19:01:45 DD-WRT user.info syslog: klogd : klog daemon successfully started
Apr 19 19:01:45 DD-WRT kern.notice kernel: klogd started: BusyBox v1.21.0 (2013-03-25 02:54:18 CET)
Apr 19 19:01:45 DD-WRT user.info syslog: klogd : klog daemon successfully started
Apr 19 19:01:47 DD-WRT daemon.notice openvpn[1339]: OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
Apr 19 19:01:47 DD-WRT daemon.warn openvpn[1339]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Apr 19 19:01:51 DD-WRT daemon.notice openvpn[1339]: TUN/TAP device tun0 opened
Apr 19 19:01:51 DD-WRT daemon.notice openvpn[1339]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 19 19:01:51 DD-WRT daemon.notice openvpn[1339]: /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Apr 19 19:01:51 DD-WRT daemon.warn openvpn[1339]: WARNING: External program may not be called unless '--script-security 2' or higher is enabled.  Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.  See --help text or
an page for detai
Apr 19 19:01:51 DD-WRT daemon.warn openvpn[1339]: WARNING: Failed running command (--route-up): external program fork failed
Apr 19 19:01:51 DD-WRT daemon.notice openvpn[1575]: Listening for incoming TCP connection on [undef]
Apr 19 19:01:51 DD-WRT daemon.notice openvpn[1575]: TCPv4_SERVER link local (bound): [undef]
Apr 19 19:01:51 DD-WRT daemon.notice openvpn[1575]: TCPv4_SERVER link remote: [undef]
Apr 19 19:01:51 DD-WRT daemon.notice openvpn[1575]: Initialization Sequence Completed
Apr 19 19:02:46 DD-WRT daemon.notice openvpn[1575]: TCP connection established with [AF_INET]192.168.2.2:32835
Apr 19 19:02:59 DD-WRT daemon.warn openvpn[1575]: 192.168.2.2:32835 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1544', remote='link-mtu 1540'
Apr 19 19:02:59 DD-WRT daemon.warn openvpn[1575]: 192.168.2.2:32835 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth MD5'
Apr 19 19:02:59 DD-WRT daemon.notice openvpn[1575]: 192.168.2.2:32835 [client1] Peer Connection Initiated with [AF_INET]192.168.2.2:32835
Apr 19 19:02:59 DD-WRT daemon.notice openvpn[1575]: client1/192.168.2.2:32835 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Apr 19 19:03:01 DD-WRT daemon.notice openvpn[1575]: client1/192.168.2.2:32835 send_push_reply(): safe_cap=940

Пробовал ставить на клиенте SHA1 и MD5
клиент с теми же сертификатами и такой же конфигурацией успешно получает IP и пингует роутер (10.8.0.1)[/img]
Sponsor
vasek00
DD-WRT Guru


Joined: 06 Nov 2010
Posts: 3312

PostPosted: Tue Apr 24, 2018 10:12    Post subject: Re: OpenVPN-клиент "пропадает" по Reply with quote
nvr258852 wrote:
Доброго времени суток!
Имеются два роутера ASUS RT-N10U с прошивкой DD-WRT v24-sp2 (03/25/13) vpn.

Все бы не чего только сегодня 2018 год в отличии от установленной у вас ПО 03/25/13
https://www.dd-wrt.com/phpBB2/viewtopic.php?t=260526
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Использование и установка DD-WRT All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum