Настроен openvpn сервер на отдельной машине на хостинге - проблема в том, что клиенту не проходят пакеты после установления соединения (хотя во время установления - очень даже проходят).
Порт форвардинг включен, ufw настроен - и все равно. Что еще можно и нужно посмотреть?
Версии
Ubuntu 22.04.2
OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 27 2024
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Логи клиента
2024-09-23 13:19:38.246711 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:63081
2024-09-23 13:19:38.262125 MANAGEMENT: CMD 'pid'
2024-09-23 13:19:38.262184 MANAGEMENT: CMD 'auth-retry interact'
2024-09-23 13:19:38.262224 MANAGEMENT: CMD 'state on'
2024-09-23 13:19:38.262260 MANAGEMENT: CMD 'state'
2024-09-23 13:19:38.262322 MANAGEMENT: CMD 'bytecount 1'
2024-09-23 13:19:38.264114 *Tunnelblick: Established communication with OpenVPN
2024-09-23 13:19:38.264646 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2024-09-23 13:19:38.265446 MANAGEMENT: CMD 'hold release'
2024-09-23 13:19:38.267023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-09-23 13:19:38.274824 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2024-09-23 13:19:38.274897 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2024-09-23 13:19:38.274908 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2024-09-23 13:19:38.274920 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2024-09-23 13:19:38.275623 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
2024-09-23 13:19:38.275664 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2024-09-23 13:19:38.275688 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
2024-09-23 13:19:38.275700 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
2024-09-23 13:19:38.275717 TCP/UDP: Preserving recently used remote address: [AF_INET]5.180.55.57:1194
2024-09-23 13:19:38.275778 Socket Buffers: R=[786896->786896] S=[9216->9216]
2024-09-23 13:19:38.275795 UDP link local: (not bound)
2024-09-23 13:19:38.275805 UDP link remote: [AF_INET]5.180.55.57:1194
2024-09-23 13:19:38.275825 MANAGEMENT: >STATE:1727086778,WAIT,,,,,,
2024-09-23 13:19:38.275945 UDP WRITE [54] to [AF_INET]5.180.55.57:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=358 DATA len=40
2024-09-23 13:19:38.340408 UDP READ [66] from [AF_INET]5.180.55.57:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=358 DATA len=52
2024-09-23 13:19:38.340488 MANAGEMENT: >STATE:1727086778,AUTH,,,,,,
2024-09-23 13:19:38.340507 TLS: Initial packet from [AF_INET]5.180.55.57:1194, sid=c5752139 307aae59
2024-09-23 13:19:38.340654 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.340937 UDP WRITE [331] to [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=870 DATA len=317
2024-09-23 13:19:38.410280 UDP READ [1128] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=614 DATA len=1114
2024-09-23 13:19:38.411018 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.411277 UDP READ [1116] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=870 DATA len=1102
2024-09-23 13:19:38.412124 VERIFY OK: depth=1, CN=Easy-RSA CA
2024-09-23 13:19:38.412493 VERIFY KU OK
2024-09-23 13:19:38.412505 Validating certificate extended key usage
2024-09-23 13:19:38.412515 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-09-23 13:19:38.412523 VERIFY EKU OK
2024-09-23 13:19:38.412530 VERIFY OK: depth=0, CN=server
2024-09-23 13:19:38.412594 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.412722 UDP READ [313] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=1126 DATA len=299
2024-09-23 13:19:38.422314 UDP WRITE [1128] to [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=1638 DATA len=1114
2024-09-23 13:19:38.422661 UDP WRITE [1116] to [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=1894 DATA len=1102
2024-09-23 13:19:38.422757 UDP WRITE [546] to [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=2150 DATA len=532
2024-09-23 13:19:38.485783 UDP READ [62] from [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.493253 UDP READ [224] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=1638 DATA len=210
2024-09-23 13:19:38.493525 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.493704 UDP READ [294] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=1894 DATA len=280
2024-09-23 13:19:38.493865 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:38.493918 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2024-09-23 13:19:38.493948 [server] Peer Connection Initiated with [AF_INET]5.180.55.57:1194
2024-09-23 13:19:39.779760 MANAGEMENT: >STATE:1727086779,GET_CONFIG,,,,,,
2024-09-23 13:19:39.779982 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2024-09-23 13:19:39.780225 UDP WRITE [89] to [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=2918 DATA len=75
2024-09-23 13:19:39.847404 UDP READ [62] from [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:39.847557 UDP READ [294] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=2406 DATA len=280
2024-09-23 13:19:39.847997 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
2024-09-23 13:19:39.848138 OPTIONS IMPORT: timers and/or timeouts modified
2024-09-23 13:19:39.848160 OPTIONS IMPORT: --ifconfig/up options modified
2024-09-23 13:19:39.848174 OPTIONS IMPORT: route options modified
2024-09-23 13:19:39.848189 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-09-23 13:19:39.848202 OPTIONS IMPORT: peer-id set
2024-09-23 13:19:39.848219 OPTIONS IMPORT: adjusting link_mtu to 1624
2024-09-23 13:19:39.848233 OPTIONS IMPORT: data channel crypto options modified
2024-09-23 13:19:39.848259 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
2024-09-23 13:19:39.848482 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-09-23 13:19:39.848508 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-09-23 13:19:39.848826 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.848968 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.849006 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.849040 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.849073 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.849109 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2024-09-23 13:19:39.873958 Opened utun device utun6
2024-09-23 13:19:39.874050 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2024-09-23 13:19:39.874068 MANAGEMENT: >STATE:1727086779,ASSIGN_IP,,10.8.0.6,,,,
2024-09-23 13:19:39.874107 /sbin/ifconfig utun6 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2024-09-23 13:19:39.886604 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2024-09-23 13:19:39.886642 /sbin/ifconfig utun6 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2024-09-23 13:19:39.906470 /sbin/route add -net 5.180.55.57 192.168.0.1 255.255.255.255
add net 5.180.55.57: gateway 192.168.0.1
2024-09-23 13:19:39.926258 /sbin/route add -net 0.0.0.0 10.8.0.5 128.0.0.0
add net 0.0.0.0: gateway 10.8.0.5
2024-09-23 13:19:39.936503 /sbin/route add -net 128.0.0.0 10.8.0.5 128.0.0.0
add net 128.0.0.0: gateway 10.8.0.5
2024-09-23 13:19:39.939134 MANAGEMENT: >STATE:1727086779,ADD_ROUTES,,,,,,
2024-09-23 13:19:39.939174 /sbin/route add -net 10.8.0.1 10.8.0.5 255.255.255.255
add net 10.8.0.1: gateway 10.8.0.5
13:19:39 *Tunnelblick: **********************************************
13:19:39 *Tunnelblick: Start of output from client.up.tunnelblick.sh
13:19:42 *Tunnelblick: Retrieved from OpenVPN: name server(s) [ 208.67.222.222 208.67.220.220 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
13:19:42 *Tunnelblick: Not aggregating ServerAddresses because running on macOS 10.6 or higher
13:19:42 *Tunnelblick: Setting search domains to 'openvpn' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
13:19:43 *Tunnelblick: Saved the DNS and SMB configurations so they can be restored
13:19:43 *Tunnelblick: Changed DNS ServerAddresses setting from '192.168.0.1' to '208.67.222.222 208.67.220.220'
13:19:43 *Tunnelblick: Changed DNS SearchDomains setting from '' to 'openvpn'
13:19:43 *Tunnelblick: Changed DNS DomainName setting from '' to 'openvpn'
13:19:43 *Tunnelblick: Did not change SMB NetBIOSName setting of ''
13:19:43 *Tunnelblick: Did not change SMB Workgroup setting of ''
13:19:43 *Tunnelblick: Did not change SMB WINSAddresses setting of ''
13:19:43 *Tunnelblick: DNS servers '208.67.222.222 208.67.220.220' will be used for DNS queries when the VPN is active
13:19:43 *Tunnelblick: The DNS servers include only free public DNS servers known to Tunnelblick.
13:19:43 *Tunnelblick: Flushed the DNS cache via dscacheutil
13:19:43 *Tunnelblick: /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
13:19:43 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed
13:19:43 *Tunnelblick: Notified mDNSResponderHelper that the DNS cache was flushed
13:19:43 *Tunnelblick: Setting up to monitor system configuration with process-network-changes
13:19:43 *Tunnelblick: End of output from client.up.tunnelblick.sh
13:19:43 *Tunnelblick: **********************************************
2024-09-23 13:19:43.685534 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-09-23 13:19:43.685541 Initialization Sequence Completed
2024-09-23 13:19:43.685563 MANAGEMENT: >STATE:1727086783,CONNECTED,SUCCESS,10.8.0.6,5.180.55.57,1194,,
2024-09-23 13:19:43.685610 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:43.685684 UDP READ [294] from [AF_INET]5.180.55.57:1194: P_CONTROL_V1 kid=0 [ ] pid=2662 DATA len=280
2024-09-23 13:19:43.685709 UDP WRITE [62] to [AF_INET]5.180.55.57:1194: P_ACK_V1 kid=0 [ ]
2024-09-23 13:19:43.685737 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685756 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685774 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685835 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685855 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685874 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685892 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685920 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685937 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685952 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685973 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.685989 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.686006 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.686025 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
2024-09-23 13:19:43.686042 UDP WRITE [88] to [AF_INET]5.180.55.57:1194: P_DATA_V2 kid=0 DATA len=87
Все, UDP_READ больше не будет никогда, дальше клиент отваливается по таймауту через какое-то время.
Логи со стороны сервера выглядят следующим образом:
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: MULTI: multi_create_instance called
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Re-using SSL/TLS context
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [54] from [AF_INET]client_ip:57537: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=358 DATA len=40
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 TLS: Initial packet from [AF_INET]client_ip:57537, sid=277076f6 1cd8249e
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [66] to [AF_INET]client_ip:57537: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=358 DATA len=52
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [331] from [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=870 DATA len=317
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [1128] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=614 DATA len=1114
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [1116] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=870 DATA len=1102
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [313] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=1126 DATA len=299
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [1128] from [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=1638 DATA len=1114
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [62] to [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [1116] from [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=1894 DATA len=1102
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 VERIFY OK: depth=1, CN=Easy-RSA CA
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 VERIFY OK: depth=0, CN=vt_client
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [224] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=1638 DATA len=210
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [546] from [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=2150 DATA len=532
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_VER=2.4.12
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_PLAT=mac
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_PROTO=2
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_NCP=2
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_LZ4=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_LZ4v2=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_LZO=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_COMP_STUB=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_COMP_STUBv2=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_TCPNL=1
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5971_4.0.1__build_5971)"
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 WRITE [294] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=1894 DATA len=280
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: client_ip:57537 [vt_client] Peer Connection Initiated with [AF_INET]client_ip:57537
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 MULTI: Learn: 10.8.0.6 -> vt_client/client_ip:57537
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 MULTI: primary virtual IP for vt_client/client_ip:57537: 10.8.0.6
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 23 12:19:38 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 23 12:19:39 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [89] from [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=2918 DATA len=75
Sep 23 12:19:39 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 PUSH: Received control message: 'PUSH_REQUEST'
Sep 23 12:19:39 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 SENT CONTROL [vt_client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Sep 23 12:19:39 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [62] to [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:39 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [294] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=2406 DATA len=280
Sep 23 12:19:42 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [294] to [AF_INET]client_ip:57537: P_CONTROL_V1 kid=0 [ ] pid=2662 DATA len=280
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [62] from [AF_INET]client_ip:57537: P_ACK_V1 kid=0 [ ]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 READ [88] from [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=87
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN WRITE [64]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:44 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:46 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:50 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:51 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:51 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:58 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:58 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:59 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:59 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:59 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
Sep 23 12:19:59 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 UDPv4 WRITE [84] to [AF_INET]client_ip:57537: P_DATA_V2 kid=0 DATA len=83
Sep 23 12:19:59 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 TUN READ [60]
...
Sep 23 12:23:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 [vt_client] Inactivity timeout (--ping-restart), restarting
Sep 23 12:23:43 vm3028493.stark-industries.solutions ovpn-udp[1673]: vt_client/client_ip:57537 SIGUSR1[soft,ping-restart] received, client-instance restarting
Конфиги сервера
username@vm3028493:/etc/openvpn$ cat udp.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh none
# crl-verify crl.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
duplicate-cn
keepalive 10 120
tls-crypt ta.key
cipher AES-256-GCM
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
verb 6
explicit-exit-notify 1
username@vm3028493:/etc/openvpn$ cat tcp.conf
port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh none
server 10.9.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
duplicate-cn
keepalive 10 120
tls-crypt ta.key
cipher AES-256-GCM
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
verb 3
Конфиги клиента
client
dev tun
remote host_white_ip 1194 udp
remote host_white_ip 443 tcp
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
key-direction 1
verb 6
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-crypt>
...
</tls-crypt>
pf включен (тут для демонстрации, в /etc/sysctl.conf строчка есть)
username@vm3028493:/etc/openvpn$ sudo sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
ufw
username@vm3028493:/etc/openvpn$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
1194/udp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
2022/tcp ALLOW IN Anywhere
1194/udp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
2022/tcp (v6) ALLOW IN Anywhere (v6)
username@vm3028493:/etc/openvpn$ sudo cat /etc/ufw/before.rules
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o ens3 -j MASQUERADE
-A POSTROUTING -s 10.9.0.0/8 -o ens3 -j MASQUERADE
COMMIT
# END OPENVPN RULES
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines
# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT
# quickly process packets for which we already have a connection
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT
# allow dhcp client to work
-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT
#
# ufw-not-local
#
-A ufw-before-input -j ufw-not-local
# if LOCAL, RETURN
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
# if MULTICAST, RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
# if BROADCAST, RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
# all other non-local packets are dropped
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
# allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
Перемещено hobbit из general