LINUX.ORG.RU
ФорумAdmin

Проблема с OpenVPN клиентом


0

0

Тут такая вещь вылезла, раньше вроде нормально подключался, теперь говорит вот что:

% sudo openvpn --config client.conf Mon Nov 19 14:06:57 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Nov 4 2007 Mon Nov 19 14:06:57 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Nov 19 14:06:57 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Mon Nov 19 14:06:57 2007 WARNING: file 'artem.key' is group or others accessible Mon Nov 19 14:06:57 2007 LZO compression initialized Mon Nov 19 14:06:57 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Nov 19 14:06:57 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Nov 19 14:06:57 2007 Local Options hash (VER=V4): '41690919' Mon Nov 19 14:06:57 2007 Expected Remote Options hash (VER=V4): '530fdded' Mon Nov 19 14:06:57 2007 UDPv4 link local: [undef] Mon Nov 19 14:06:57 2007 UDPv4 link remote: 172.22.16.65:1194 Mon Nov 19 14:06:59 2007 TLS Error: Unroutable control packet received from 172.22.16.65:1194 (si=3 op=P_ACK_V1) Mon Nov 19 14:06:59 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float) Mon Nov 19 14:07:00 2007 TLS: Initial packet from 172.22.16.65:1194, sid=a37347a3 12f603dc Mon Nov 19 14:07:00 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float) Mon Nov 19 14:07:00 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float) Mon Nov 19 14:07:00 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float) Mon Nov 19 14:07:00 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float) Mon Nov 19 14:07:00 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float) Mon Nov 19 14:07:00 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float) Mon Nov 19 14:07:01 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float) Mon Nov 19 14:07:01 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float) Mon Nov 19 14:07:01 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float) Mon Nov 19 14:07:01 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)

Ну и так далее.

Конфиг:

client

dev tun

proto udp

remote 172.22.16.65 1194 resolv-retry infinite

nobind

persist-key persist-tun

ca ca.crt cert artem.crt key artem.key

comp-lzo

verb 3

В чем проблема?


Re: Проблема с OpenVPN клиентом

Вот это каша... Вот что выдает:

% openvpn --config client.conf
Mon Nov 19 14:20:11 2007 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Nov  4 2007
Mon Nov 19 14:20:11 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Nov 19 14:20:11 2007 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Nov 19 14:20:11 2007 WARNING: file 'artem.key' is group or others accessible
Mon Nov 19 14:20:11 2007 LZO compression initialized
Mon Nov 19 14:20:11 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Nov 19 14:20:11 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Nov 19 14:20:11 2007 Local Options hash (VER=V4): '41690919'
Mon Nov 19 14:20:11 2007 Expected Remote Options hash (VER=V4): '530fdded'
Mon Nov 19 14:20:11 2007 UDPv4 link local: [undef]
Mon Nov 19 14:20:11 2007 UDPv4 link remote: 172.22.16.65:1194
Mon Nov 19 14:20:11 2007 TLS: Initial packet from 172.22.16.65:1194, sid=ebd36649 ef2bd384
Mon Nov 19 14:20:11 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:12 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:12 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:12 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:12 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:14 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:14 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:14 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:14 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:14 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:14 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:14 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:14 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:14 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)
Mon Nov 19 14:20:14 2007 TCP/UDP: Incoming packet rejected from 172.17.50.11:1194[2], expected peer address: 172.22.16.65:1194 (allow this incoming source address/port by removing --remote or adding --float)

urandom ()
Ответ на: Re: Проблема с OpenVPN клиентом от urandom

Re: Проблема с OpenVPN клиентом

Да, еще один момент, клиент за роутером, ипшник компа внутренней сети 192.168.1.2, снаружи 172.17.50.13, но тем не менее раньше было все пучком...

urandom ()

Re: Проблема с OpenVPN клиентом

Такое можно наблюдать, если есть два канала и ответ на запросы openvpn идут с заголовком не того канала, откуда пришел запрос. Можно tcpdump -i интерфейс port 1194 посмотреть.

TuxR ★★★★ ()
Ответ на: Re: Проблема с OpenVPN клиентом от TuxR

Re: Проблема с OpenVPN клиентом

Хм, проблема с подключением видимо не в этом была, сейчас нормально соединяется, хотя все равно сообщения про отброшенные пакеты появляются, вот что tcpdump выдал (без поднятого впн соединения).

% sudo tcpdump -i eth0 port 1194
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:50:55.400278 IP 172.22.16.65.1194 > m16.32773: UDP, length 53
15:50:55.421068 IP 172.17.50.11.1194 > m16.32773: UDP, length 53
15:51:05.505444 IP 172.22.16.65.1194 > m16.32773: UDP, length 53
15:51:05.525485 IP 172.17.50.11.1194 > m16.32773: UDP, length 53

urandom ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.