LINUX.ORG.RU
ФорумGeneral

openvpn поверх pptp


0

2

есть 2 разных впна.

первый идет через pptp.

второй через openvpn (tun0).

сначала включаю первый, потом второй.

вроде всё номр подключается, но ip остается от первого.

конфиги: . . openvpn

remote XXXXXXXXXXXXXXXXX 443

tun-mtu 1400

client

dev tun

proto tcp

persist-remote-ip

nobind

persist-key

persist-tun

cipher AES-256-CBC

remote-cert-tls server

redirect-gateway def1

tls-timeout 4

comp-lzo

verb 3

ca ca_bundle.crt

tls-auth ta.key 1

cert 6013.crt

key 6013.key

. . . route

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

default * 0.0.0.0 U 0 0 0 ppp0

10.110.0.0 * 255.255.0.0 U 0 0 0 tun0

xxxxxxxxxxxxx.r 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0

xxxxxxxxxxxxx.r 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0

172.16.227.0 * 255.255.255.0 U 0 0 0 vmnet8

192.168.0.0 * 255.255.255.0 U 0 0 0 wlan0

192.168.1.64 * 255.255.255.255 UH 0 0 0 ppp0

192.168.37.0 * 255.255.255.0 U 0 0 0 vmnet1

194.149.148.70 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0

. . .

ifconfig

wlan0 Link encap:Ethernet HWaddr XXXXXXXXXXXXXXxxx

inet addr:192.168.0.104 Bcast:192.168.0.255 Mask:255.255.255.0

inet6 addr: XXXXXXXXXXXX Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1400 Metric:1

RX packets:124382 errors:0 dropped:0 overruns:0 frame:0

TX packets:123305 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:89141360 (85.0 MiB) TX bytes:31660826 (30.1 MiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.110.11.5 P-t-P:10.110.11.5 Mask:255.255.0.0

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100

RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

ppp0 Link encap:Point-to-Point Protocol

inet addr:192.168.1.63 P-t-P:192.168.1.64 Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1

RX packets:9389 errors:0 dropped:0 overruns:0 frame:0 TX packets:11998 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:3

RX bytes:5581185 (5.3 MiB) TX bytes:1467185 (1.3 MiB)


Ответ на: комментарий от xtraeft

у меня тут прогресс небольшой , но еще всё далеко

было вот так

Wed Aug 20 10:44:55 2014 [0] Peer Connection Initiated with [AF_INET]XXXXXXXXXXX:443
Wed Aug 20 10:44:57 2014 SENT CONTROL [0]: 'PUSH_REQUEST' (status=1)
Wed Aug 20 10:44:57 2014 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.110.255.254,dhcp-option DNS 10.110.255.254,topology subnet,ping 10,ping-restart 120,ifconfig 10.110.11.5 255.255.0.0'
Wed Aug 20 10:44:57 2014 OPTIONS IMPORT: timers and/or timeouts modified
Wed Aug 20 10:44:57 2014 OPTIONS IMPORT: --ifconfig/up options modified
Wed Aug 20 10:44:57 2014 OPTIONS IMPORT: route-related options modified
Wed Aug 20 10:44:57 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Aug 20 10:44:57 2014 ROUTE: default_gateway=UNDEF
Wed Aug 20 10:44:57 2014 TUN/TAP device tun0 opened
Wed Aug 20 10:44:57 2014 TUN/TAP TX queue length set to 100
Wed Aug 20 10:44:57 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Aug 20 10:44:57 2014 /sbin/ifconfig tun0 10.110.11.5 netmask 255.255.0.0 mtu 1500 broadcast 10.110.255.255
Wed Aug 20 10:44:57 2014 NOTE: unable to redirect default gateway — Cannot read current default gateway from system
Wed Aug 20 10:44:57 2014 Initialization Sequence Completed

я нагуглил что надо задать default gateway до включения openvpn
ip route replace default via 192.168.1.63 dev ppp0

теперь стало так :
root@xxxx:/etc/openvpn# sudo openvpn --config xxxx.ovpn
Wed Aug 20 12:27:52 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Wed Aug 20 12:27:52 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Aug 20 12:27:52 2014 WARNING: file '6013.key' is group or others accessible
Wed Aug 20 12:27:52 2014 WARNING: file 'ta.key' is group or others accessible
Wed Aug 20 12:27:52 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Wed Aug 20 12:27:52 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 20 12:27:52 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 20 12:27:52 2014 LZO compression initialized
Wed Aug 20 12:27:52 2014 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Wed Aug 20 12:27:52 2014 Control Channel MTU parms [ L:1460 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Aug 20 12:27:52 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Wed Aug 20 12:27:52 2014 Data Channel MTU parms [ L:1460 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 20 12:27:52 2014 Local Options hash (VER=V4): '9d693342'
Wed Aug 20 12:27:52 2014 Expected Remote Options hash (VER=V4): '5f9ef3f2'
Wed Aug 20 12:27:52 2014 Attempting to establish TCP connection with [AF_INET]xxxxxxxx [nonblock]
Wed Aug 20 12:27:53 2014 TCP connection established with [AF_INET]xxxxxx
Wed Aug 20 12:27:53 2014 TCPv4_CLIENT link local: [undef]
Wed Aug 20 12:27:53 2014 TCPv4_CLIENT link remote: [AF_INET]xxxxxxxxx:443
Wed Aug 20 12:27:53 2014 TLS: Initial packet from [AF_INET]xxxxxxxxx:443, sid=63d9d88d d9cacee3
Wed Aug 20 12:28:05 2014 VERIFY OK: depth=2, /CN=a
Wed Aug 20 12:28:05 2014 VERIFY OK: depth=1, /CN=b
Wed Aug 20 12:28:05 2014 Validating certificate key usage
Wed Aug 20 12:28:05 2014 ++ Certificate has key usage 00a0, expects 00a0
Wed Aug 20 12:28:05 2014 VERIFY KU OK
Wed Aug 20 12:28:05 2014 Validating certificate extended key usage
Wed Aug 20 12:28:05 2014 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Aug 20 12:28:05 2014 VERIFY EKU OK
Wed Aug 20 12:28:05 2014 VERIFY OK: depth=0, /CN=0
Wed Aug 20 12:28:14 2014 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1460', remote='link-mtu 1560'
Wed Aug 20 12:28:14 2014 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1400', remote='tun-mtu 1500'
Wed Aug 20 12:28:14 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Aug 20 12:28:14 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 20 12:28:14 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Aug 20 12:28:14 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 20 12:28:14 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Wed Aug 20 12:28:14 2014 [0] Peer Connection Initiated with [AF_INET]xxxxxxxxxxx:443
Wed Aug 20 12:28:16 2014 SENT CONTROL [0]: 'PUSH_REQUEST' (status=1)
Wed Aug 20 12:28:16 2014 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.110.255.254,dhcp-option DNS 10.110.255.254,topology subnet,ping 10,ping-restart 120,ifconfig 10.110.11.5 255.255.0.0'
Wed Aug 20 12:28:16 2014 OPTIONS IMPORT: timers and/or timeouts modified
Wed Aug 20 12:28:16 2014 OPTIONS IMPORT: --ifconfig/up options modified
Wed Aug 20 12:28:16 2014 OPTIONS IMPORT: route-related options modified
Wed Aug 20 12:28:16 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Aug 20 12:28:16 2014 ROUTE default_gateway=192.168.1.63
Wed Aug 20 12:28:16 2014 TUN/TAP device tun0 opened
Wed Aug 20 12:28:16 2014 TUN/TAP TX queue length set to 100
Wed Aug 20 12:28:16 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Aug 20 12:28:16 2014 /sbin/ifconfig tun0 10.110.11.5 netmask 255.255.0.0 mtu 1400 broadcast 10.110.255.255
Wed Aug 20 12:28:16 2014 /sbin/route add -net xxxxxxxxx netmask 255.255.255.255 gw 192.168.1.63
Wed Aug 20 12:28:16 2014 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.110.255.254
Wed Aug 20 12:28:16 2014 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.110.255.254
Wed Aug 20 12:28:16 2014 Initialization Sequence Completed

теперь всё идет сразу через openvpn без pptp

truza
() автор топика

У вас должен быть маршрут до pptp сервера через wlan и маршут до openvpn сервера через ppp0. Если я правильно понял, что вам нужно.

вроде всё номр подключается, но ip остается от первого.

Это я не понял. Где ip-остаётся, на tun0 интерфейсе?

mky ★★★★★
()
Ответ на: комментарий от mky

Где ip-остаётся, на tun0 интерфейсе?

Очевидно что через который идет трафик.

xtraeft ★★☆☆
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
General