Íàñòðîéêà êëèåíòà è ñåðâåðà OpenVPN íà ðîóòåðå

**lokus** · 28-10-2013, 23:54

Ìîå ïî÷òåíèå. Òàêàÿ øòóêà: õî÷ó ÷òîáû ðîóòåð ïîäêëþ÷àëñÿ ê OpenVPN-ñåðâåðó êàê êëèåíò,
ïðè ýòîì íóæíî ñî ñòîðîíû ñåðâåðà èìåòü äîñòóï ê ïîäñåòè 10.0.0.0, êîòîðóþ äàåò ïðîâàéäåð.
Êðîìå òîãî ÷òîáû ïóñòèòü ñåðâåð â ñåòü ïðîâàéäåðà íè÷åãî îò VPN íå íóæíî.
Êàêèå íàñòðîéêè ðîóòèíãà íóæíî ïðîïèñàòü äëÿ ýòîãî ïîäñêàæèòå.

**lokus** · 29-09-2014, 19:47

Äîêëàäûâàþ ïîêà î ïðîìåæóòî÷íûõ ðåçóëüòàòàõ.
VPN çàïóñêàþ èç services-start ñ çàäåðæêîé 30 ñåêóíä, ïîòîìó ÷òî, åñëè çàïóñêàòü åãî ðàíüøå, íå óñïåâàåò ñèíõðîíèçèðîâàòüñÿ âðåìÿ ïî ntp è èç-çà ýòîãî ñåðâåð íå ïðîõîäèò TLS-àóòåíòèôèêàöèþ.
Ñêðèïò òàêîé:
killall openvpn
sleep 30s
openvpn --daemon --cd /jffs/configs/openvpn --config client-home-rtn16.conf
sleep 30s
ip route add 172.22.0.1 dev tun0 table 100
ip route add 172.22.0.0/24 via 172.22.0.1 dev tun0 table 100
iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT
Ïîñëå çàãðóçêè âñå ðàáîòàåò, íî åñòü ïðîáëåìà: ïîñëå êàêîãî-òî âðåìåíè ðàáîòû âñå ïðàâèëà iptables îòâàëèâàþòñÿ è ïðîïàäàþò ìàðøðóòû â òàáëèöå 100. Ïðè ýòîì ñàì OpenVPN ðàáîòàåò è ñ ðîóòåðà äî VPS ïèíã åñòü.
Â êàêóþ ñòîðîíó êîïàòü?

**AndreyPopov** · 29-09-2014, 20:11

Originally Posted by lokus

Ïîñëå çàãðóçêè âñå ðàáîòàåò, íî åñòü ïðîáëåìà: ïîñëå êàêîãî-òî âðåìåíè ðàáîòû âñå ïðàâèëà iptables îòâàëèâàþòñÿ è ïðîïàäàþò ìàðøðóòû â òàáëèöå 100. Ïðè ýòîì ñàì OpenVPN ðàáîòàåò è ñ ðîóòåðà äî VPS ïèíã åñòü.
Â êàêóþ ñòîðîíó êîïàòü?

"êàêîå-òî" âðåìÿ ýòî ñêîëüêî? 2-3 ìèí, 5-10 ìèí, 30 ìèí?

**lokus** · 29-09-2014, 22:26

Originally Posted by AndreyPopov

Â ëîãå ÷òî? Ðå ñòàðòû, îáðûâû, îáíîâëåíèå âðåìåíè È òàê äàëåå?

....
Sep 29 23:35:52 openvpn[1559]: Initialization Sequence Completed
Sep 30 00:39:28 dnsmasq-dhcp[1156]: DHCPACK(br0) 192.168.1.110 00:1d:ec:04:78:f3 alo
Sep 30 01:04:16 openvpn[1559]: [vps] Inactivity timeout (--ping-restart), restarting
Sep 30 01:04:16 openvpn[1559]: /usr/sbin/ip addr del dev tun0 local 172.22.0.2 peer 172.22.0.1
Sep 30 01:04:16 openvpn[1559]: SIGUSR1[soft,ping-restart] received, process restarting
Sep 30 01:04:16 kernel: Interface tun0 doesn't exist
Sep 30 01:04:18 openvpn[1559]: Control Channel Authentication: using '/jffs/configs/openvpn/ta.key' as a OpenVPN static key file
Sep 30 01:04:18 openvpn[1559]: UDPv4 link local (bound): [undef]
Sep 30 01:04:18 openvpn[1559]: UDPv4 link remote: [AF_INET] xxx.yyy.zzz.ttt:1194
Sep 30 01:04:18 openvpn[1559]: [vps] Peer Connection Initiated with [AF_INET]xxx.yyy.zzz.ttt:1194
Sep 30 01:04:20 openvpn[1559]: TUN/TAP device tun0 opened
Sep 30 01:04:20 openvpn[1559]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sep 30 01:04:20 openvpn[1559]: /usr/sbin/ip link set dev tun0 up mtu 1500
Sep 30 01:04:20 openvpn[1559]: /usr/sbin/ip addr add dev tun0 local 172.22.0.2 peer 172.22.0.1
Sep 30 01:04:20 openvpn[1559]: Initialization Sequence Completed

**AndreyPopov** · 30-09-2014, 08:05

Originally Posted by lokus

....
Sep 30 01:04:16 openvpn[1559]: [vps] Inactivity timeout (--ping-restart), restarting

íåïîíÿòíî ÷åé ñåðâåð, íî èç-çà íåàêòèâíîé ñåññèè îí îáðûâàåò ñîåäèíåíèå.

íàäî â íàñòðîéêàõ ãëÿíóòü, ÷òîáû îòêëþ÷èòü òàéìåð íåàêòèâíîñòè.

**lokus** · 30-09-2014, 11:24

Originally Posted by AndreyPopov

íåïîíÿòíî ÷åé ñåðâåð, íî èç-çà íåàêòèâíîé ñåññèè îí îáðûâàåò ñîåäèíåíèå.

íàäî â íàñòðîéêàõ ãëÿíóòü, ÷òîáû îòêëþ÷èòü òàéìåð íåàêòèâíîñòè.

À êàêèì õîñòåðîì VPS Âû ïîëüçóåòåñü?

**AndreyPopov** · 30-09-2014, 11:46

Originally Posted by lokus

À êàêèì õîñòåðîì VPS Âû ïîëüçóåòåñü?

ÿ PPTP ïîëüçóþ èç ðîóòåðîâ.

**lokus** · 30-09-2014, 12:34

À ãäå-òî òóò íà ôîðóìå ìåëüêàëî ïðî VPS çà $10/year.
Íî ñåé÷àñ íå ìîãó íàéòè. Êòî-íèáóäü ïîëüçóåòñÿ òàêèì?

**ryzhov_al** · 30-09-2014, 12:43

Originally Posted by lokus

À ãäå-òî òóò íà ôîðóìå ìåëüêàëî ïðî VPS çà $10/year.
Íî ñåé÷àñ íå ìîãó íàéòè. Êòî-íèáóäü ïîëüçóåòñÿ òàêèì?

Ìîæåò çäåñü ìåëüêàëî? ß ïîëüçóþñü àêöèîííûì ïðåäëîæåíèåì BlueVM. Ïðèçíàòüñÿ, âðàãó íå ïîæåëàåøü.

**lokus** · 30-09-2014, 13:48

Originally Posted by ryzhov_al

Ìîæåò çäåñü ìåëüêàëî? ß ïîëüçóþñü àêöèîííûì ïðåäëîæåíèåì BlueVM. Ïðèçíàòüñÿ, âðàãó íå ïîæåëàåøü.

Äà, òî÷íî, èìåííî òàì.
Ñåé÷àñ íàøåë åùå íåñêîëüêî ïðåäëîæåíèé:
"Ñåêðåòíûå òàðèôû" îò EOMY.NET è åùå äâà àãðåããàòîðà: lowendstock è lowendbox.
Ñêëîíÿþñü ê eomy ò.ê. æèâîé ðóññêîÿçû÷íûé ôîðóì ðåøàåò)
Õîòÿ íà lowendstock ìîæíî íàéòè è áîëåå êðóòûå â ïëàíå ïàðàìåòðîâ ïðåäëîæåíèÿ, ïîèñê óäîáíûé.

Ïî ïîâîäó ðàáîòû OpenVPN ó ìåíÿ ñ VPS îò reg.ru íàáëþäàåòñÿ èíòåðåñíîå äåëî:
Íå èñïîëüçóþ îñîáî òóííåëü, ïîòîì ïûòàþñü ïèíãàíóòü ñåðâåðíûé tun IP, ïèíã íå ïðîõîäèò, è êàê ðàç â ýòîò ìîìåíò â ëîãå ïîÿâëÿåòñÿ:
Sep 30 15:34:08 openvpn[1632]: [reg-ru-vps] Inactivity timeout (--ping-restart), restarting
Sep 30 15:34:08 openvpn[1632]: SIGUSR1[soft,ping-restart] received, process restarting
ïîòîì 4 ðàçà òàêàÿ îøèáêà:
Sep 30 15:37:14 openvpn[1632]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sep 30 15:37:14 openvpn[1632]: TLS Error: TLS handshake failed
è ïîòîì ñîåäèíåíèå âîññòàíàâëèâàåòñÿ...
íà ñåðâåðå óìåíüøèë äî keepalive 5 60, íà êëèåíòå äîáàâèë pull...
Ïîñìîòðèì ÷òî òåïåðü ïîëó÷èòñÿ...
Êàêèå åùå ìûñëè åñòü?...

**lokus** · 03-10-2014, 12:27

Âîò òîëüêî VPN íå ðàáîòàåò. Êîíôèã ñòàíäàðòíûé, ïðîâåðåííûé íà CentOS, ñî ñòàòè÷åñêèì êëþ÷åì.
Îøèáêà êîòîðóþ âûäàåò êëèåíò ïðè êîííåêòå:

Connection reset by peer (WSAECONNRESET) (code=10054)

Õîòÿ áûâàåò ÷òî è âîîáùå íè÷åãî íå âûäàåò. â ðîóòåðå ïðîïèñàë:

iptables -I INPUT -p udp --dport 1194 -j ACCEPT

ñåðâåð çàïóñêàþ òàê:

openvpn --daemon --cd /jffs/configs/openvpn --config tun0.conf

Ìîæåò ýòî áûòü èç çà òîãî ÷òî êðèâî ïðîøèëîñü?...

OpenVPN êîòîðûé â ïðîøèâêå îí æå ìîæåò áûòü è ñåðâåðîì è êëèåíòîì, äà?..
Â ëîãàõ â web-èíòåðôåéñå íè îäíîãî óïîìèíàíèÿ ïðî OpenVPN
Âêëþ÷èë â êîíôèãå OpenVPN management-èíòåðôåéñ.
Ïîäêëþ÷àþñü ê íåìó, äåëàþ log on. Êîííåê÷óñü ñ êëèåíòà, âèæó:

SUCCESS: real-time log notification set to ON
>LOG:1412336440,I,Peer Connection Initiated with [AF_INET]ìîé_àéïè:1194
>LOG:1412336440,I,Initialization Sequence Completed

Êëèåíò ïðè ýòîì ìîë÷èò íàãëóõî.

P.S. Ïðîáëåìó ðåøèë ïðîïèñûâàíèåì â êîíôèã ñåðâåðà ñòðî÷êè

local 192.168.1.1

Íà CentOS ðàáîòàëî áåç ýòîãî... Íàâåðíîå ïîòîìó ÷òî òàì áûë òîëüêî 1 èíòåðôåéñ. Âîçìîæíî êîìó òî áóäåò ïîëåçíî.

**lokus** · 06-10-2014, 14:58

Øóò ñ íèì ñ VPN. Ïî÷åìó ïðàâèëà íå ðàáîòàþò:

PHP Code:


iptables -t nat -I PREROUTING -d 10.39.252.2 -j DNAT --to-destination 89.20.155.0

iptables -t nat -I POSTROUTING -s 89.20.155.0 -j SNAT --to-source 10.39.252.2

Â ëîêàëêå SIP-àäàïòîð êîòîðûé ðàíüøå íà 10.39.252.2 ðåãèñòðèðîâàëñÿ, à òåïåðü
ñåòè 10/8 íåò è íóæíî ðåãèñòðèðîâàòüñÿ íà 89.20.155.0. ×òî ÿ äåëàþ íå òàê?

Ñåé÷àñ îáíàðóæèë, ÷òî åñëè íà ðîóòåðå âûäåëèòü ïîðò äëÿ iptv è òóäà ïîäêëþ÷èòü sip-àäàïòîð,
òî îí óñïåøíî ðåãèñòðèðóåòñÿ. Íî òàê èñïîëüçîâàòü íå âàðèàíò, áî íóæíî åùå íà àñòåðèñêå
êàê-òî çàðåãàòüñÿ, à áåç èíåòà íå âûéäåò...
Åñòü êàêèå-íèáóäü èäåè êàê âñåòàêè çàñòàâèòü ýòó øòóêó ðàáîòàòü?

**megajok** · 27-12-2014, 20:40

Ãîñïîäà, êòî â òåìå, ïîäñêàæèòå, ïëèç, â êàêóþ ñòîðîíó êîïàòü:
ïðè ñîåäèíåíèè êàíàëà ÷åðåç openvpn íåò äîñòóïà íà êëèåíò, ñåòü çà êëèåíòîì âèäíà è äîñòóïíà, ñàì êëèåíò ïèíãóåòñÿ, íî êðîìå ïèíãà íè îäèí ïðîòîêîë íå ðàáîòàåò (ssh, http, samba, ftp, telnet è ò. ä.). Íà ïðîøèâêàõ 5066 è ñòàðøå âñå ðàáîòàåò, íî ýòè ïðîøèâêè åùå íå ïîääåðæèâàþò ìîäåìû wcdma (â ÷àñòíîñòè zte mf823). ×òî ìîæåò ðåçàòü âñå ïàêåòû, êðîìå icmp? iptables íàñòðîåíû.

**mapkyl** · 16-03-2015, 17:28

Originally Posted by megajok

Ãîñïîäà, êòî â òåìå, ïîäñêàæèòå, ïëèç, â êàêóþ ñòîðîíó êîïàòü:
ïðè ñîåäèíåíèè êàíàëà ÷åðåç openvpn íåò äîñòóïà íà êëèåíò, ñåòü çà êëèåíòîì âèäíà è äîñòóïíà, ñàì êëèåíò ïèíãóåòñÿ, íî êðîìå ïèíãà íè îäèí ïðîòîêîë íå ðàáîòàåò (ssh, http, samba, ftp, telnet è ò. ä.). Íà ïðîøèâêàõ 5066 è ñòàðøå âñå ðàáîòàåò, íî ýòè ïðîøèâêè åùå íå ïîääåðæèâàþò ìîäåìû wcdma (â ÷àñòíîñòè zte mf823). ×òî ìîæåò ðåçàòü âñå ïàêåòû, êðîìå icmp? iptables íàñòðîåíû.

Èññëåäóþ â òî÷íîñòè ýòó æå ïðîáëåìó. Ïðîÿâëÿåòñÿ â íåâîçìîæíîñòè óñòàíîâèòü TCP-ñîåäèíåíèå (÷òî ssh, ÷òî telnet, ÷òî mysql). Ïîêà êàæåòñÿ ÷òî ïðîáëåìà íà ñòîðîíå êëèåíòà (ó ìåíÿ OpenVPN ìåæäó äâóìÿ ðîóòåðàìè ñ ìåñòíîé ïðîøèâêîé). Ñ ðîóòåðà-VPN êëèåíòà óõîäÿò ïàêåòû íà óñòàíîâêó ñîåäèíåíèÿ (ôëàã SYN), ñåðâåð îòâå÷àåò (SYN,ACK), à êëèåíò ìîë÷èò. Ñåðâåð ïîâòîðÿåò SYN,ACK. È òóò êëèåíò âìåñòî ACK øëåò íîâûé SYN, è òàê ïî êðóãó. Ping ïðè ýòîì õîäèò áåç ïðîáëåì. Ñåòü çà êëèåíòîì ïðè ýòîì áåç ïðîáëåì. Òîëüêî íà ñàìîì ðîóòåðå VPN-êëèåíòå òàê.
Îáíîâëåíèå ïàêåòîâ entware ñèòóàöèþ íå èçìåíèëî, openvpn 2.3.6-3 îò 24 ôåâðàëÿ - ïîëåò òàêîé æå.

Ñâåæóþ ïîïðîáóþ, ñïàñèáî

**mapkyl** · 20-03-2015, 18:12

Originally Posted by mapkyl

Ñâåæóþ ïîïðîáóþ, ñïàñèáî

à îòêàòèòüñÿ â èòîãå ïðèøëîñü íà 5000. Äàæå íà 5100 íå ðàáîòàåò, íå ãîâîðÿ óæå î ïîñëåäíåé 5650. C 5000 âñ¸ ðàáîòàåò áåç èçìåíåíèÿ äðóãèõ íàñòðîåê - íå ìåíÿë íè iptables íè openvpn.

Thread: Íàñòðîéêà êëèåíòà è ñåðâåðà OpenVPN íà ðîóòåðå

Thread Tools

Rate This Thread

Display

Äîñòóï ê MAN ïðîâàéäåðà ñî ñòîðîíû ñåðâåðà, êîãäà ðîóòåð âûñòóïàåò OpenVPN êëèåíòîì.

OpenVPN íà RT-N16

OpenVPN

openvpn íà ïðîøèâêàõ ñâåæåå 5066

Similar Threads

Íàñòðîéêà ðîóòåðà â ðåæèìå êëèåíòà Wi-Fi (WDS)

Óñòàíîâêà è íàñòðîéêà DLNA ñåðâåðà äëÿ TV

Èñïîëüçîâàíèå âåá-ñåðâåðà CMS íà ðîóòåðå

Transmission - óñòàíîâêà è íàñòðîéêà òîððåíò-êëèåíòà

Óñòàíîâêà è íàñòðîéêà DC++ êëèåíòà Shakespeer

Tags for this Thread

Posting Permissions