LINUX.ORG.RU
ФорумAdmin

не работает openvpn

 , ,


0

2

Поставил на vds сервак сборку ovpn самую обычную отсюда - https://github.com/angristan/openvpn-install (знаю, что она рабочая). Клиент на windows, интернет подключен через точку доступа с android, оператор мегафон. Проблема в том, что клиент постоянно отваливается, не может подключиться к серверу. Не знаю, что делать, весь интернет уже проштудировал, ничего не помогает. Лог клиента:

Thu Mar 14 02:08:08 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:08 2024 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 14 02:08:08 2024 Attempting to establish TCP connection with [AF_INET]80.92.205.98:6666 [nonblock]
Thu Mar 14 02:08:08 2024 MANAGEMENT: >STATE:1710396488,TCP_CONNECT,,,,,,
Thu Mar 14 02:08:09 2024 TCP connection established with [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:09 2024 TCP_CLIENT link local: (not bound)
Thu Mar 14 02:08:09 2024 TCP_CLIENT link remote: [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:09 2024 MANAGEMENT: >STATE:1710396489,WAIT,,,,,,
Thu Mar 14 02:08:09 2024 MANAGEMENT: >STATE:1710396489,AUTH,,,,,,
Thu Mar 14 02:08:09 2024 TLS: Initial packet from [AF_INET]80.92.205.98:6666, sid=c1e3bb45 ac9f28d9
Thu Mar 14 02:08:09 2024 VERIFY OK: depth=1, CN=cn_ntxy5JX0MmvWLOgY
Thu Mar 14 02:08:09 2024 VERIFY KU OK
Thu Mar 14 02:08:09 2024 Validating certificate extended key usage
Thu Mar 14 02:08:09 2024 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Mar 14 02:08:09 2024 VERIFY EKU OK
Thu Mar 14 02:08:09 2024 VERIFY X509NAME OK: CN=server_LIflinwqjqkcK8zV
Thu Mar 14 02:08:09 2024 VERIFY OK: depth=0, CN=server_LIflinwqjqkcK8zV
Thu Mar 14 02:08:10 2024 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Thu Mar 14 02:08:10 2024 [server_LIflinwqjqkcK8zV] Peer Connection Initiated with [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:11 2024 MANAGEMENT: >STATE:1710396491,GET_CONFIG,,,,,,
Thu Mar 14 02:08:11 2024 SENT CONTROL [server_LIflinwqjqkcK8zV]: 'PUSH_REQUEST' (status=1)
Thu Mar 14 02:08:11 2024 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
Thu Mar 14 02:08:11 2024 OPTIONS IMPORT: timers and/or timeouts modified
Thu Mar 14 02:08:11 2024 OPTIONS IMPORT: --ifconfig/up options modified
Thu Mar 14 02:08:11 2024 OPTIONS IMPORT: route options modified
Thu Mar 14 02:08:11 2024 OPTIONS IMPORT: route-related options modified
Thu Mar 14 02:08:11 2024 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Mar 14 02:08:11 2024 OPTIONS IMPORT: peer-id set
Thu Mar 14 02:08:11 2024 OPTIONS IMPORT: adjusting link_mtu to 1626
Thu Mar 14 02:08:11 2024 OPTIONS IMPORT: data channel crypto options modified
Thu Mar 14 02:08:11 2024 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Thu Mar 14 02:08:11 2024 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Thu Mar 14 02:08:11 2024 Preserving previous TUN/TAP instance: Ethernet 2
Thu Mar 14 02:08:11 2024 Blocking outside dns using service succeeded.
Thu Mar 14 02:08:11 2024 Initialization Sequence Completed
Thu Mar 14 02:08:11 2024 MANAGEMENT: >STATE:1710396491,CONNECTED,SUCCESS,10.8.0.2,80.92.205.98,6666,192.168.42.38,63118
Thu Mar 14 02:08:12 2024 Connection reset, restarting [-1]
Thu Mar 14 02:08:12 2024 Unblocking outside dns using service succeeded.
Thu Mar 14 02:08:12 2024 SIGUSR1[soft,connection-reset] received, process restarting
Thu Mar 14 02:08:12 2024 MANAGEMENT: >STATE:1710396492,RECONNECTING,connection-reset,,,,,
Thu Mar 14 02:08:12 2024 Restart pause, 5 second(s)
Thu Mar 14 02:08:17 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:17 2024 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 14 02:08:17 2024 Attempting to establish TCP connection with [AF_INET]80.92.205.98:6666 [nonblock]
Thu Mar 14 02:08:17 2024 MANAGEMENT: >STATE:1710396497,TCP_CONNECT,,,,,,
Thu Mar 14 02:08:18 2024 TCP connection established with [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:18 2024 TCP_CLIENT link local: (not bound)
Thu Mar 14 02:08:18 2024 TCP_CLIENT link remote: [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:18 2024 MANAGEMENT: >STATE:1710396498,WAIT,,,,,,
Thu Mar 14 02:08:18 2024 MANAGEMENT: >STATE:1710396498,AUTH,,,,,,
Thu Mar 14 02:08:18 2024 TLS: Initial packet from [AF_INET]80.92.205.98:6666, sid=88783727 42080831
Thu Mar 14 02:08:19 2024 VERIFY OK: depth=1, CN=cn_ntxy5JX0MmvWLOgY
Thu Mar 14 02:08:19 2024 VERIFY KU OK
Thu Mar 14 02:08:19 2024 Validating certificate extended key usage
Thu Mar 14 02:08:19 2024 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Mar 14 02:08:19 2024 VERIFY EKU OK
Thu Mar 14 02:08:19 2024 VERIFY X509NAME OK: CN=server_LIflinwqjqkcK8zV
Thu Mar 14 02:08:19 2024 VERIFY OK: depth=0, CN=server_LIflinwqjqkcK8zV
Thu Mar 14 02:08:19 2024 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Thu Mar 14 02:08:19 2024 [server_LIflinwqjqkcK8zV] Peer Connection Initiated with [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:20 2024 MANAGEMENT: >STATE:1710396500,GET_CONFIG,,,,,,
Thu Mar 14 02:08:20 2024 SENT CONTROL [server_LIflinwqjqkcK8zV]: 'PUSH_REQUEST' (status=1)
Thu Mar 14 02:08:20 2024 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
Thu Mar 14 02:08:20 2024 OPTIONS IMPORT: timers and/or timeouts modified
Thu Mar 14 02:08:20 2024 OPTIONS IMPORT: --ifconfig/up options modified
Thu Mar 14 02:08:20 2024 OPTIONS IMPORT: route options modified
Thu Mar 14 02:08:20 2024 OPTIONS IMPORT: route-related options modified
Thu Mar 14 02:08:20 2024 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Mar 14 02:08:20 2024 OPTIONS IMPORT: peer-id set
Thu Mar 14 02:08:20 2024 OPTIONS IMPORT: adjusting link_mtu to 1626
Thu Mar 14 02:08:20 2024 OPTIONS IMPORT: data channel crypto options modified
Thu Mar 14 02:08:20 2024 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Thu Mar 14 02:08:20 2024 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Thu Mar 14 02:08:20 2024 Preserving previous TUN/TAP instance: Ethernet 2
Thu Mar 14 02:08:20 2024 Blocking outside dns using service succeeded.
Thu Mar 14 02:08:20 2024 Initialization Sequence Completed
Thu Mar 14 02:08:20 2024 MANAGEMENT: >STATE:1710396500,CONNECTED,SUCCESS,10.8.0.2,80.92.205.98,6666,192.168.42.38,63121
Thu Mar 14 02:08:21 2024 Connection reset, restarting [-1]
Thu Mar 14 02:08:21 2024 Unblocking outside dns using service succeeded.
Thu Mar 14 02:08:21 2024 SIGUSR1[soft,connection-reset] received, process restarting
Thu Mar 14 02:08:21 2024 MANAGEMENT: >STATE:1710396501,RECONNECTING,connection-reset,,,,,
Thu Mar 14 02:08:21 2024 Restart pause, 5 second(s)
Thu Mar 14 02:08:26 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:26 2024 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 14 02:08:26 2024 Attempting to establish TCP connection with [AF_INET]80.92.205.98:6666 [nonblock]
Thu Mar 14 02:08:26 2024 MANAGEMENT: >STATE:1710396506,TCP_CONNECT,,,,,,
Thu Mar 14 02:08:27 2024 TCP connection established with [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:27 2024 TCP_CLIENT link local: (not bound)
Thu Mar 14 02:08:27 2024 TCP_CLIENT link remote: [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:27 2024 MANAGEMENT: >STATE:1710396507,WAIT,,,,,,
Thu Mar 14 02:08:27 2024 MANAGEMENT: >STATE:1710396507,AUTH,,,,,,
Thu Mar 14 02:08:27 2024 TLS: Initial packet from [AF_INET]80.92.205.98:6666, sid=d828802d 33f1641e
Thu Mar 14 02:08:28 2024 VERIFY OK: depth=1, CN=cn_ntxy5JX0MmvWLOgY
Thu Mar 14 02:08:28 2024 VERIFY KU OK
Thu Mar 14 02:08:28 2024 Validating certificate extended key usage
Thu Mar 14 02:08:28 2024 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Mar 14 02:08:28 2024 VERIFY EKU OK
Thu Mar 14 02:08:28 2024 VERIFY X509NAME OK: CN=server_LIflinwqjqkcK8zV
Thu Mar 14 02:08:28 2024 VERIFY OK: depth=0, CN=server_LIflinwqjqkcK8zV
Thu Mar 14 02:08:28 2024 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Thu Mar 14 02:08:28 2024 [server_LIflinwqjqkcK8zV] Peer Connection Initiated with [AF_INET]80.92.205.98:6666
Thu Mar 14 02:08:29 2024 MANAGEMENT: >STATE:1710396509,GET_CONFIG,,,,,,
Thu Mar 14 02:08:29 2024 SENT CONTROL [server_LIflinwqjqkcK8zV]: 'PUSH_REQUEST' (status=1)
Thu Mar 14 02:08:29 2024 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
Thu Mar 14 02:08:29 2024 OPTIONS IMPORT: timers and/or timeouts modified
Thu Mar 14 02:08:29 2024 OPTIONS IMPORT: --ifconfig/up options modified
Thu Mar 14 02:08:29 2024 OPTIONS IMPORT: route options modified
Thu Mar 14 02:08:29 2024 OPTIONS IMPORT: route-related options modified
Thu Mar 14 02:08:29 2024 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Mar 14 02:08:29 2024 OPTIONS IMPORT: peer-id set
Thu Mar 14 02:08:29 2024 OPTIONS IMPORT: adjusting link_mtu to 1626
Thu Mar 14 02:08:29 2024 OPTIONS IMPORT: data channel crypto options modified
Thu Mar 14 02:08:29 2024 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Thu Mar 14 02:08:29 2024 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Thu Mar 14 02:08:29 2024 Preserving previous TUN/TAP instance: Ethernet 2
Thu Mar 14 02:08:29 2024 Blocking outside dns using service succeeded.
Thu Mar 14 02:08:29 2024 Initialization Sequence Completed
Thu Mar 14 02:08:29 2024 MANAGEMENT: >STATE:1710396509,CONNECTED,SUCCESS,10.8.0.2,80.92.205.98,6666,192.168.42.38,63129
Thu Mar 14 02:08:30 2024 Connection reset, restarting [-1]
Thu Mar 14 02:08:30 2024 Unblocking outside dns using service succeeded.
Thu Mar 14 02:08:30 2024 SIGUSR1[soft,connection-reset] received, process restarting
Thu Mar 14 02:08:30 2024 MANAGEMENT: >STATE:1710396510,RECONNECTING,connection-reset,,,,,
Thu Mar 14 02:08:30 2024 Restart pause, 5 second(s)

конфиг сервера:

  GNU nano 4.8                      server.conf
port 6666
proto tcp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_LIflinwqjqkcK8zV.crt

Ответ на: комментарий от kostik87

да, действительно есть подозрения на это, есть прикол, что в один день всё может отлично конектиться, а на другой начинается вот это. Может есть информация каких провайдеров лучше использовать, пробовал МТС и мегафон?

deusex
() автор топика
Ответ на: комментарий от deusex

Эта информация будет бесполезной. Завтра всё поменяется, а послезавтра еще раз.

Если ты в РФ, то просто не используй чистый OpenVPN, а изучай всякие XRay (с VLESS/XTLS) и заворачивай OpenVPN в них.

BOOBLIK ★★★
()
Ответ на: комментарий от Dimez

Другими словами, DPI уже очень давно режет не по порту, а по сигнатуре.

Бывает, но сииильно не везде, очень сильно не везде на этом глобусе. Я поэтому написал слово «нередко», а не «на 146% спасет».

anc ★★★★★
()
Admin