Гуру подскажите в чем может быть проблема, не могу создать впн подключение из вне, локально подключается нормально. 13001 порт проброшен на модеме на локальный интерфейс 192.168.211.62. Конфиг сервера Code: port 13001 proto udp dev tap0 comp-lzo tun-mtu 1500 fragment 1300 #mssfix #server-bridge 192.168.211.62 255.255.255.0 192.168.211.180 192.168.211.189 #Характерно для соеденинения в режиме бриджа. server 10.8.0.0 255.255.255.0 persist-key persist-tun tls-server tls-auth /etc/openvpn/keys/ta.key 0 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem verb 3 keepalive 10 120 log /var/log/openvpn.log status /var/log/openvpn-status.log iptables Code: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:13001 Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination Таблица маршрутов Code: Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.3.1 0.0.0.0 UG 0 0 0 eth1 10.8.0.0 * 255.255.255.0 U 0 0 0 tap0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 192.168.3.0 * 255.255.255.0 U 0 0 0 eth1 localnet * 255.255.255.0 U 0 0 0 eth2 Настройки сети Code: eth0 Link encap:Ethernet HWaddr 1c:bd:b9:e6:d7:31 inet addr:192.168.1.61 Bcast:192.168.211.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:17 Base address:0xd100 eth1 Link encap:Ethernet HWaddr 1c:bd:b9:e6:df:b6 inet addr:192.168.3.61 Bcast:192.168.3.255 Mask:255.255.255.0 inet6 addr: fe80::1ebd:b9ff:fee6:dfb6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:650 errors:0 dropped:0 overruns:0 frame:0 TX packets:724 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:261232 (255.1 KiB) TX bytes:239437 (233.8 KiB) Interrupt:18 Base address:0xd000 eth2 Link encap:Ethernet HWaddr 50:e5:49:19:b1:96 inet addr:192.168.211.62 Bcast:192.168.211.255 Mask:255.255.255.0 inet6 addr: fe80::52e5:49ff:fe19:b196/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:203560 errors:0 dropped:0 overruns:0 frame:0 TX packets:4151 errors:0 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:18046337 (17.2 MiB) TX bytes:1578558 (1.5 MiB) Interrupt:42 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:350 (350.0 B) TX bytes:350 (350.0 B) tap0 Link encap:Ethernet HWaddr ea:b2:f4:d8:0d:0c inet addr:10.8.0.1 Bcast:10.8.0.255 Mask:255.255.255.0 inet6 addr: fe80::e8b2:f4ff:fed8:d0c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:55 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:5458 (5.3 KiB) TX bytes:468 (468.0 B) Вот еще логи клиента Code: Mon Dec 09 15:01:39 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Dec 09 15:01:39 2013 TLS Error: TLS handshake failed Mon Dec 09 15:01:39 2013 SIGUSR1[soft,tls-error] received, process restarting Mon Dec 09 15:01:41 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Mon Dec 09 15:01:41 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Dec 09 15:01:41 2013 Re-using SSL/TLS context Mon Dec 09 15:01:41 2013 LZO compression initialized
Отключи tls-auth , или погугли что с ним не так. У меня выключен, помню тоже были проблемы, стало влом разбираться. Мой работающий конфиг Code: port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/keys/ca.crt # generated keys cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key # keep secret dh /etc/openvpn/easy-rsa/keys/dh1024.pem server 10.9.8.0 255.255.255.0 # internal tun0 connection IP ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo # Compression - must be turned on at both end persist-key persist-tun status log/openvpn-status.log verb 3 # verbose mode client-to-client push "redirect-gateway" duplicate-cn restartvpn.sh Code: #!/bin/sh iptables -t nat -F /etc/init.d/openvpn restart iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -s 10.9.8.0/24 -o eth0 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.9.8.0/24 -o eth0 -j MASQUERADE cat /etc/sysctl.conf | grep forward Code: # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
