LINUX.ORG.RU

Помогите с настройкой OpenVPN

 


0

2

Помогите, пожалуйста, с настройкой OpenVPN.
Имею свой VPS с OpenVPN.
Настройки сервера:

port 443
proto tcp
dev tun
topology subnet
server 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
log-append openvpn.log
verb 3 
Настройки клиента1:
client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 443  
resolv-retry infinite
nobind
persist-tun
persist-key
comp-lzo
verb 3
redirect-gateway 
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
Соединяюсь из под винды 7.
Напрямую не получается соединиться, но если через прокси,то соединение устанавливается.
Для проверки, не блокирует ли провайдер, взял в инете бесплатный OpenVPN. С ним соединение устанавливается
напрямую без прокси.
Настройки его клиента2:
setenv UV_ID c8af6190f6414a3b98296565398e8cc0
setenv UV_NAME winter-dreams-6849
client
dev tun
dev-type tun
remote 46.30.45.178 443 tcp-client
nobind
persist-tun
cipher AES-256-CBC
auth SHA256
verb 2
mute 3
push-peer-info
ping 10
ping-restart 60
hand-window 70
server-poll-timeout 4
reneg-sec 2592000
sndbuf 100000
rcvbuf 100000
remote-cert-tls server
comp-lzo no
auth-user-pass
key-direction 1 
<ca>
-----BEGIN CERTIFICATE-----
...здесь код ...(я удалил, потому что слишком длинный получается)
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...здесь код...
-----END OpenVPN Static key V1-----
</tls-auth>
<cert>
-----BEGIN CERTIFICATE-----
...здесь код ...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...здесь код ...
-----END PRIVATE KEY-----
</key>
Хотелось бы свой OpenVPN настроить также.
Изходя из настроек клиента2 каковы могли бы быть настройки сервера на этом бесплатном OpenVPN?

Ответ на: комментарий от ac9725a910

Лог клиента:

Tue Dec 20 16:16:40 2016 us=625000 LZO compression initialized
Tue Dec 20 16:16:40 2016 us=625000 Control Channel MTU parms [ L:1544 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Tue Dec 20 16:16:40 2016 us=625000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Dec 20 16:16:40 2016 us=625976 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:143 ET:0 EL:3 AF:3/1 ]
Tue Dec 20 16:16:40 2016 us=625976 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Dec 20 16:16:40 2016 us=625976 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Dec 20 16:16:40 2016 us=625976 Local Options hash (VER=V4): 'db288bdd'
Tue Dec 20 16:16:40 2016 us=625976 Expected Remote Options hash (VER=V4): '87601ae4'
Tue Dec 20 16:16:40 2016 us=625976 Attempting to establish TCP connection with [AF_INET]xx.xxx.xxx.xxx:443 [nonblock]
Tue Dec 20 16:16:40 2016 us=625976 MANAGEMENT: >STATE:1482232600,TCP_CONNECT,,,
Tue Dec 20 16:16:41 2016 us=625976 TCP connection established with [AF_INET]xx.xxx.xxx.xxx:443
Tue Dec 20 16:16:41 2016 us=625976 TCPv4_CLIENT link local: [undef]
Tue Dec 20 16:16:41 2016 us=625976 TCPv4_CLIENT link remote: [AF_INET]xx.xxx.xxx.xxx:443
Tue Dec 20 16:16:41 2016 us=625976 MANAGEMENT: >STATE:1482232601,WAIT,,,
Tue Dec 20 16:16:41 2016 us=625976 TCPv4_CLIENT WRITE [14] to [AF_INET]xx.xxx.xxx.xxx:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Tue Dec 20 16:16:41 2016 us=741210 TCPv4_CLIENT READ [26] from [AF_INET]xx.xxx.xxx.xxx:443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Tue Dec 20 16:16:41 2016 us=741210 MANAGEMENT: >STATE:1482232601,AUTH,,,
Tue Dec 20 16:16:41 2016 us=741210 TLS: Initial packet from [AF_INET]xx.xxx.xxx.xxx:443, sid=5de1ac19 401aa859
Tue Dec 20 16:16:41 2016 us=742187 TCPv4_CLIENT WRITE [22] to [AF_INET]xx.xxx.xxx.xxx:443: P_ACK_V1 kid=0 [ 0 ]
Tue Dec 20 16:16:41 2016 us=744140 TCPv4_CLIENT WRITE [259] to [AF_INET]xx.xxx.xxx.xxx:443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=245
Tue Dec 20 16:16:41 2016 us=911132 Connection reset, restarting [-1]
Tue Dec 20 16:16:41 2016 us=912109 TCP/UDP: Closing socket
Tue Dec 20 16:16:41 2016 us=912109 SIGUSR1[soft,connection-reset] received, process restarting
Tue Dec 20 16:16:41 2016 us=912109 MANAGEMENT: >STATE:1482232601,RECONNECTING,connection-reset,,
Tue Dec 20 16:16:41 2016 us=912109 Restart pause, 5 second(s)
Лог сервера:
Tue Dec 20 14:16:40 2016 us=110700 MULTI: multi_create_instance called
Tue Dec 20 14:16:40 2016 us=110964 Re-using SSL/TLS context
Tue Dec 20 14:16:40 2016 us=111028 LZO compression initialized
Tue Dec 20 14:16:40 2016 us=111240 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Dec 20 14:16:40 2016 us=111305 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Dec 20 14:16:40 2016 us=111371 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Dec 20 14:16:40 2016 us=111394 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Dec 20 14:16:40 2016 us=111420 Local Options hash (VER=V4): 'c0103fa8'
Tue Dec 20 14:16:40 2016 us=111437 Expected Remote Options hash (VER=V4): '69109d17'
Tue Dec 20 14:16:40 2016 us=111469 TCP connection established with [AF_INET]xx.xx.xx.xx:34433
Tue Dec 20 14:16:40 2016 us=111493 TCPv4_SERVER link local: [undef]
Tue Dec 20 14:16:40 2016 us=111511 TCPv4_SERVER link remote: [AF_INET]xx.xx.xx.xx:34433
Tue Dec 20 14:16:40 2016 us=997615 xx.xx.xx.xx:34433 TCPv4_SERVER READ [14] from [AF_INET]xx.xx.xx.xx:34433: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Tue Dec 20 14:16:40 2016 us=997694 xx.xx.xx.xx:34433 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:34433, sid=69aeb96c 5943e5c1
Tue Dec 20 14:16:40 2016 us=997758 xx.xx.xx.xx:34433 TCPv4_SERVER WRITE [26] to [AF_INET]xx.xx.xx.xx:34433: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Tue Dec 20 14:16:41 2016 us=114138 xx.xx.xx.xx:34433 TCPv4_SERVER READ [22] from [AF_INET]xx.xx.xx.xx:34433: P_ACK_V1 kid=0 [ 0 ]
Tue Dec 20 14:16:46 2016 us=399948 MULTI: multi_create_instance called
Tue Dec 20 14:16:46 2016 us=400118 Re-using SSL/TLS context
Tue Dec 20 14:16:46 2016 us=400170 LZO compression initialized
Tue Dec 20 14:16:46 2016 us=400333 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Dec 20 14:16:46 2016 us=400379 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Dec 20 14:16:46 2016 us=400471 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Dec 20 14:16:46 2016 us=400511 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Dec 20 14:16:46 2016 us=400553 Local Options hash (VER=V4): 'c0103fa8'
Tue Dec 20 14:16:46 2016 us=400574 Expected Remote Options hash (VER=V4): '69109d17'
Tue Dec 20 14:16:46 2016 us=400614 TCP connection established with [AF_INET]xx.xx.xx.xx:34434
Tue Dec 20 14:16:46 2016 us=400639 TCPv4_SERVER link local: [undef]
Tue Dec 20 14:16:46 2016 us=400656 TCPv4_SERVER link remote: [AF_INET]xx.xx.xx.xx:34434
Tue Dec 20 14:16:47 2016 us=285947 xx.xx.xx.xx:34434 TCPv4_SERVER READ [14] from [AF_INET]xx.xx.xx.xx:34434: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Tue Dec 20 14:16:47 2016 us=286047 xx.xx.xx.xx:34434 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:34434, sid=c3d4d7fc 5f77c406
Tue Dec 20 14:16:47 2016 us=286107 xx.xx.xx.xx:34434 TCPv4_SERVER WRITE [26] to [AF_INET]xx.xx.xx.xx:34434: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Tue Dec 20 14:16:47 2016 us=402160 xx.xx.xx.xx:34434 TCPv4_SERVER READ [22] from [AF_INET]xx.xx.xx.xx:34434: P_ACK_V1 kid=0 [ 0 ]
Tue Dec 20 14:17:33 2016 us=300560 xx.xx.xx.xx:34432 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Dec 20 14:17:33 2016 us=300880 xx.xx.xx.xx:34432 TLS Error: TLS handshake failed
Tue Dec 20 14:17:33 2016 us=301385 xx.xx.xx.xx:34432 Fatal TLS error (check_tls_errors_co), restarting
Tue Dec 20 14:17:33 2016 us=301427 xx.xx.xx.xx:34432 SIGUSR1[soft,tls-error] received, client-instance restarting
Tue Dec 20 14:17:33 2016 us=301579 TCP/UDP: Closing socket

Mick555 ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.