LINUX.ORG.RU
ФорумAdmin

OpenVPN нет пакетов для клиента

 ,


0

1

Настроен openvpn сервер на отдельной машине на хостинге - проблема в том, что клиенту не проходят пакеты после установления соединения (хотя во время установления - очень даже проходят).

Порт форвардинг включен, ufw настроен - и все равно. Что еще можно и нужно посмотреть?

Версии

Ubuntu 22.04.2

OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 27 2024
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10

Логи клиента

2024-09-23 13:19:38.246711 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:63081
2024-09-23 13:19:38.262125 MANAGEMENT: CMD 'pid'
2024-09-23 13:19:38.262184 MANAGEMENT: CMD 'auth-retry interact'
2024-09-23 13:19:38.262224 MANAGEMENT: CMD 'state on'
2024-09-23 13:19:38.262260 MANAGEMENT: CMD 'state'
2024-09-23 13:19:38.262322 MANAGEMENT: CMD 'bytecount 1'
2024-09-23 13:19:38.264114 *Tunnelblick: Established communication with OpenVPN
2024-09-23 13:19:38.264646 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2024-09-23 13:19:38.265446 MANAGEMENT: CMD 'hold release'
2024-09-23 13:19:38.267023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-09-23 13:19:38.274824 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2024-09-23 13:19:38.274897 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2024-09-23 13:19:38.274908 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2024-09-23 13:19:38.274920 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2024-09-23 13:19:38.275623 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
2024-09-23 13:19:38.275664 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2024-09-23 13:19:38.275688 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
2024-09-23 13:19:38.275700 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
2024-09-23 13:19:38.275717 TCP/UDP: Preserving recently used remote address: [AF_INET]5.180.55.57:1194
2024-09-23 13:19:38.275778 Socket Buffers: R=[786896->786896] S=[9216->9216]
2024-09-23 13:19:38.275795 UDP link local: (not bound)
2024-09-23 13:19:38.275805 UDP link remote: [AF_INET]5.180.55.57:1194
2024-09-23 13:19:38.275825 MANAGEMENT: >STATE:1727086778,WAIT,,,,,,
2024-09-23 13:19:38.275945 UDP WRITE [54] to [AF_INET]5.180.55.57:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=358 DATA len=40
2024-09-23 13:19:38.340408 UDP READ [66] from [AF_INET]5.180.55.57:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=358 DATA len=52
2024-09-23 13:19:38.340488 MANAGEMENT: >STATE:1727086778,AUTH,,,,,,
2024-09-23 13:19:38.340507 TLS: Initial packet from [AF_INET]5.180.55.57:1194, sid=c5752139 307aae59
2024-09-23 13:19:38.340654 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.340937 UDP WRITE [331] to [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=870 DATA len=317
2024-09-23 13:19:38.410280 UDP READ [1128] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=614 DATA len=1114
2024-09-23 13:19:38.411018 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.411277 UDP READ [1116] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=870 DATA len=1102
2024-09-23 13:19:38.412124 VERIFY OK: depth=1, CN=Easy-RSA CA
2024-09-23 13:19:38.412493 VERIFY KU OK
2024-09-23 13:19:38.412505 Validating certificate extended key usage
2024-09-23 13:19:38.412515 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-09-23 13:19:38.412523 VERIFY EKU OK
2024-09-23 13:19:38.412530 VERIFY OK: depth=0, CN=server
2024-09-23 13:19:38.412594 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.412722 UDP READ [313] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=1126 DATA len=299
2024-09-23 13:19:38.422314 UDP WRITE [1128] to [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=1638 DATA len=1114
2024-09-23 13:19:38.422661 UDP WRITE [1116] to [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=1894 DATA len=1102
2024-09-23 13:19:38.422757 UDP WRITE [546] to [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=2150 DATA len=532
2024-09-23 13:19:38.485783 UDP READ [62] from [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.493253 UDP READ [224] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=1638 DATA len=210
2024-09-23 13:19:38.493525 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.493704 UDP READ [294] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=1894 DATA len=280
2024-09-23 13:19:38.493865 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.493918 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2024-09-23 13:19:38.493948 [server] Peer Connection Initiated with [AF_INET]5.180.55.57:1194
2024-09-23 13:19:39.779760 MANAGEMENT: >STATE:1727086779,GET_CONFIG,,,,,,
2024-09-23 13:19:39.779982 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2024-09-23 13:19:39.780225 UDP WRITE [89] to [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=2918 DATA len=75
2024-09-23 13:19:39.847404 UDP READ [62] from [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:39.847557 UDP READ [294] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=2406 DATA len=280
2024-09-23 13:19:39.847997 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
2024-09-23 13:19:39.848138 OPTIONS IMPORT: timers and/or timeouts modified
2024-09-23 13:19:39.848160 OPTIONS IMPORT: --ifconfig/up options modified
2024-09-23 13:19:39.848174 OPTIONS IMPORT: route options modified
2024-09-23 13:19:39.848189 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-09-23 13:19:39.848202 OPTIONS IMPORT: peer-id set
2024-09-23 13:19:39.848219 OPTIONS IMPORT: adjusting link_mtu to 1624
2024-09-23 13:19:39.848233 OPTIONS IMPORT: data channel crypto options modified
2024-09-23 13:19:39.848259 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
2024-09-23 13:19:39.848482 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-09-23 13:19:39.848508 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-09-23 13:19:39.848826 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.848968 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.849006 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.849040 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.849073 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.849109 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.873958 Opened utun device utun6
2024-09-23 13:19:39.874050 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2024-09-23 13:19:39.874068 MANAGEMENT: >STATE:1727086779,ASSIGN_IP,,10.8.0.6,,,,
2024-09-23 13:19:39.874107 /sbin/ifconfig utun6 delete
                           ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2024-09-23 13:19:39.886604 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2024-09-23 13:19:39.886642 /sbin/ifconfig utun6 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2024-09-23 13:19:39.906470 /sbin/route add -net 5.180.55.57 192.168.0.1 255.255.255.255
                           add net 5.180.55.57: gateway 192.168.0.1
2024-09-23 13:19:39.926258 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0
                           add net 0.0.0.0: gateway 10.8.0.5
2024-09-23 13:19:39.936503 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0
                           add net 128.0.0.0: gateway 10.8.0.5
2024-09-23 13:19:39.939134 MANAGEMENT: >STATE:1727086779,ADD_ROUTES,,,,,,
2024-09-23 13:19:39.939174 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
                           add net 10.8.0.1: gateway 10.8.0.5
                           13:19:39 *Tunnelblick:  **********************************************
                           13:19:39 *Tunnelblick:  Start of output from client.up.tunnelblick.sh
                           13:19:42 *Tunnelblick:  Retrieved from OpenVPN: name server(s) [ 208.67.222.222 208.67.220.220 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
                           13:19:42 *Tunnelblick:  Not aggregating ServerAddresses because running on macOS 10.6 or higher
                           13:19:42 *Tunnelblick:  Setting search domains to 'openvpn' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
                           13:19:43 *Tunnelblick:  Saved the DNS and SMB configurations so they can be restored
                           13:19:43 *Tunnelblick:  Changed DNS ServerAddresses setting from '192.168.0.1' to '208.67.222.222 208.67.220.220'
                           13:19:43 *Tunnelblick:  Changed DNS SearchDomains setting from '' to 'openvpn'
                           13:19:43 *Tunnelblick:  Changed DNS DomainName setting from '' to 'openvpn'
                           13:19:43 *Tunnelblick:  Did not change SMB NetBIOSName setting of ''
                           13:19:43 *Tunnelblick:  Did not change SMB Workgroup setting of ''
                           13:19:43 *Tunnelblick:  Did not change SMB WINSAddresses setting of ''
                           13:19:43 *Tunnelblick:  DNS servers '208.67.222.222 208.67.220.220' will be used for DNS queries when the VPN is active
                           13:19:43 *Tunnelblick:  The DNS servers include only free public DNS servers known to Tunnelblick.
                           13:19:43 *Tunnelblick:  Flushed the DNS cache via dscacheutil
                           13:19:43 *Tunnelblick:  /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                           13:19:43 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed
                           13:19:43 *Tunnelblick:  Notified mDNSResponderHelper that the DNS cache was flushed
                           13:19:43 *Tunnelblick:  Setting up to monitor system configuration with process-network-changes
                           13:19:43 *Tunnelblick:  End of output from client.up.tunnelblick.sh
                           13:19:43 *Tunnelblick:  **********************************************
2024-09-23 13:19:43.685534 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-09-23 13:19:43.685541 Initialization Sequence Completed
2024-09-23 13:19:43.685563 MANAGEMENT: >STATE:1727086783,CONNECTED,SUCCESS,10.8.0.6,5.180.55.57,1194,,
2024-09-23 13:19:43.685610 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:43.685684 UDP READ [294] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=2662 DATA len=280
2024-09-23 13:19:43.685709 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:43.685737 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685756 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685774 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685835 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685855 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685874 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685892 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685920 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685937 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685952 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685973 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685989 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.686006 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.686025 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.686042 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87

Все, UDP_READ больше не будет никогда, дальше клиент отваливается по таймауту через какое-то время.

Логи со стороны сервера выглядят следующим образом:


Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: MULTI: multi_create_instance called
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Re-using SSL/TLS context
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [54] from [AF_INET]client_ip:57537: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=358 DATA len=40
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 TLS: Initial packet from [AF_INET]client_ip:57537, sid=277076f6 1cd8249e
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [66] to [AF_INET]client_ip:57537: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=358 DATA len=52
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [331] from [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=870 DATA len=317
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [1128] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=614 DATA len=1114
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [1116] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=870 DATA len=1102
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [313] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=1126 DATA len=299
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [1128] from [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=1638 DATA len=1114
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [62] to [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [1116] from [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=1894 DATA len=1102
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 VERIFY OK: depth=1, CN=Easy-RSA CA
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 VERIFY OK: depth=0, CN=vt_client
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [224] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=1638 DATA len=210
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [546] from [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=2150 DATA len=532
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_VER=2.4.12
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_PLAT=mac
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_PROTO=2
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_NCP=2
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_LZ4=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_LZ4v2=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_LZO=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_COMP_STUB=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_COMP_STUBv2=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_TCPNL=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5971_4.0.1__build_5971)"
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [294] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=1894 DATA len=280
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 [vt_client] Peer Connection Initiated with [AF_INET]client_ip:57537
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 MULTI: Learn: 10.8.0.6 -> vt_client/client_ip:57537
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 MULTI: primary virtual IP for vt_client/client_ip:57537: 10.8.0.6
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 23 12:19:39 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [89] from [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=2918 DATA len=75
Sep 23 12:19:39 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 PUSH: Received control message: 'PUSH_REQUEST'
Sep 23 12:19:39 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 SENT CONTROL [vt_client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Sep 23 12:19:39 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [62] to [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:39 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [294] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=2406 DATA len=280
Sep 23 12:19:42 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [294] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=2662 DATA len=280
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:51 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:51 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:58 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:58 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:59 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:59 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:59 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:59 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:59 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
...
Sep 23 12:23:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 [vt_client] Inactivity timeout (--ping-restart), restarting
Sep 23 12:23:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 SIGUSR1[soft,ping-restart] received, client-instance restarting

Конфиги сервера

username@vm3028493:/etc/openvpn$ cat udp.conf 
port 1194
proto udp

dev tun

ca ca.crt
cert server.crt
key server.key
dh none

# crl-verify crl.pem

server 10.8.0.0 255.255.255.0

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

duplicate-cn
keepalive 10 120

tls-crypt ta.key
cipher AES-256-GCM
auth SHA256

user nobody
group nogroup

persist-key
persist-tun

verb 6

explicit-exit-notify 1


username@vm3028493:/etc/openvpn$ cat tcp.conf 
port 443
proto tcp

dev tun

ca ca.crt
cert server.crt
key server.key  
dh none

server 10.9.0.0 255.255.255.0

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

duplicate-cn
keepalive 10 120

tls-crypt ta.key
cipher AES-256-GCM
auth SHA256

user nobody
group nogroup

persist-key
persist-tun

verb 3

Конфиги клиента

client
dev tun

remote host_white_ip 1194 udp
remote host_white_ip 443 tcp

resolv-retry infinite

nobind

persist-key
persist-tun

remote-cert-tls server
cipher AES-256-GCM
auth SHA256
key-direction 1

verb 6
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-crypt>
...
</tls-crypt>

pf включен (тут для демонстрации, в /etc/sysctl.conf строчка есть)

username@vm3028493:/etc/openvpn$ sudo sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

ufw

username@vm3028493:/etc/openvpn$ sudo ufw status verbose 
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
1194/udp                   ALLOW IN    Anywhere                  
443/tcp                    ALLOW IN    Anywhere                  
2022/tcp                   ALLOW IN    Anywhere                  
1194/udp (v6)              ALLOW IN    Anywhere (v6)             
443/tcp (v6)               ALLOW IN    Anywhere (v6)             
2022/tcp (v6)              ALLOW IN    Anywhere (v6)     


username@vm3028493:/etc/openvpn$ sudo cat /etc/ufw/before.rules 
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
#   ufw-before-input
#   ufw-before-output
#   ufw-before-forward
#

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o ens3 -j MASQUERADE
-A POSTROUTING -s 10.9.0.0/8 -o ens3 -j MASQUERADE
COMMIT
# END OPENVPN RULES


# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines


# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT

# quickly process packets for which we already have a connection
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT

# allow dhcp client to work
-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT

#
# ufw-not-local
#
-A ufw-before-input -j ufw-not-local

# if LOCAL, RETURN
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN

# if MULTICAST, RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN

# if BROADCAST, RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN

# all other non-local packets are dropped
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP

# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT

# allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT

# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

Перемещено hobbit из general



Последнее исправление: Igor_B (всего исправлений: 1)

Зачем вы используете термин «Порт форвардинг» для ip_forward (маршрутизации пакетов)? И зачем её включать, если пока у вас просто не работает связь VPN клиент-сервер.

ИМХО, если есть возможноть, запустите tcpdump на udp 1194 на клиенте и сервере после установления соединения и смотрите. Если с клиента пакет уходит, а на сервер не приходит, или наоборот, то значит по дороге теряется. С этим настройками openvpn особо ничего не сделать. А если пакеты проходят нормально, а openvpn сервер не отвечает, вот тогда можно изучать, не рубит ли их файерволл или ещё что.

mky ★★★★★
()
Ответ на: комментарий от mky

С термином вы правы, использовал не тот…

Как же не работает - она работает, они устанавливают соединение, хендшейки и пр отрабатывают… Просто трафик с клиента не уходит в интернет (или ему не долетают ответы до сервера), вот тут не могу понять

Igor_B
() автор топика