LINUX.ORG.RU

OpenVPN отвечает не с того порта


0

0

Есть Машина (сервер), Gentoo, OpenVPN
Проблема в том, что ни с того ни с сего OpenVPN начал отвечать не с того порта, который указан в конфиге.

Конфиг на сервере:
dev tun1
port 9001
ifconfig 192.168.xxx.xxx 192.168.xxx.xxx
secret /etc/openvpn/some.key
user nobody
auth none
comp-lzo
tun-mtu 1500

Конфиг клиента:
dev tun1
port 9001
remote 195.128.xxx.xxx
ifconfig 192.168.xxx.xxx 192.168.xxx.xxx
secret /etc/openvpn/some.key
user nobody
auth none
comp-lzo
tun-mtu 1500

Лог сервера:
Thu Apr 26 12:33:42 2007 OpenVPN 2.0.6 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 26 2007
Thu Apr 26 12:33:42 2007 WARNING: you are using user/group/chroot without persist-key/persist-tun -- this may cause restarts to fail
Thu Apr 26 12:33:42 2007 ******* WARNING *******: null MAC specified, no authentication will be used
Thu Apr 26 12:33:42 2007 LZO compression initialized
Thu Apr 26 12:33:42 2007 TUN/TAP device tun1 opened
Thu Apr 26 12:33:42 2007 /sbin/ifconfig tun1 192.168.xxx.xxx pointopoint 192.168.xxx.xxx mtu 1500
Thu Apr 26 12:33:42 2007 UID set to nobody
Thu Apr 26 12:33:42 2007 UDPv4 link local (bound): [undef]:9001
Thu Apr 26 12:33:42 2007 UDPv4 link remote: [undef]
Thu Apr 26 12:34:55 2007 Peer Connection Initiated with 195.34.xxx.xxx:9001
Thu Apr 26 12:34:56 2007 Initialization Sequence Completed

Лог клиента:
Thu Apr 26 12:35:47 2007 OpenVPN 2.0.6 i686-pc-linux-gnu [SSL] [LZO] built on Apr 27 2006
Thu Apr 26 12:35:47 2007 WARNING: you are using user/group/chroot without persist-key/persist-tun -- this may cause restarts to fail
Thu Apr 26 12:35:47 2007 ******* WARNING *******: null MAC specified, no authentication will be used
Thu Apr 26 12:35:47 2007 LZO compression initialized
Thu Apr 26 12:35:47 2007 TUN/TAP device tun1 opened
Thu Apr 26 12:35:47 2007 /sbin/ifconfig tun1 192.168.xxx.xxx pointopoint 192.168.xxx.xxx mtu 1500
Thu Apr 26 12:35:47 2007 UID set to nobody
Thu Apr 26 12:35:47 2007 UDPv4 link local (bound): [undef]:9001
Thu Apr 26 12:35:47 2007 UDPv4 link remote: 195.128.xxx.xxx:9001
Thu Apr 26 12:35:57 2007 TCP/UDP: Incoming packet rejected from 195.128.xxx.xxx:1024[2], expected peer address: 195.128.xxx.xxx:9001 (allow
 this incoming source address/port by removing --remote or adding --float)
Thu Apr 26 12:36:05 2007 TCP/UDP: Incoming packet rejected from 195.128.xxx.xxx:1024[2], expected peer address: 195.128.xxx.xxx:9001 (allow
 this incoming source address/port by removing --remote or adding --float)
Thu Apr 26 12:36:07 2007 TCP/UDP: Incoming packet rejected from 195.128.xxx.xxx:1024[2], expected peer address: 195.128.xxx.xxx:9001 (allow
 this incoming source address/port by removing --remote or adding --float)

Ну и пример tcpdump в догонку (другие временные метки, но смысл тот же):
08:57:58.671605 IP 195.34.xxx.xxx.9001 > 195.128.xxx.xxx.9001: UDP, length 104
08:57:58.706746 IP 195.128.xxx.xxx.1024 > 195.34.xxx.xxx.9001: UDP, length 104
08:57:59.682306 IP 195.34.xxx.xxx.9001 > 195.128.xxx.xxx.9001: UDP, length 104
08:57:59.702949 IP 195.128.xxx.xxx.1024 > 195.34.xxx.xxx.9001: UDP, length 104
08:58:00.682359 IP 195.34.xxx.xxx.9001 > 195.128.xxx.xxx.9001: UDP, length 104
08:58:00.775881 IP 195.128.xxx.xxx.1024 > 195.34.xxx.xxx.9001: UDP, length 104
08:58:01.682415 IP 195.34.xxx.xxx.9001 > 195.128.xxx.xxx.9001: UDP, length 104
08:58:01.704629 IP 195.128.xxx.xxx.1024 > 195.34.xxx.xxx.9001: UDP, length 104

Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.