OR>> Имеется роутер с белым ip. На нём порт 24560 перепинывается в OR>> локалку на сервер (192.168.1.205) с openvpn. На сервере поднят OR>> openvpn
AV> И где конфиг оного?
=== Вырезка из филе Windows Clipboard === port 1194 proto udp dev tun #user openvpn #group openvpn persist-key persist-tun tls-server tls-timeout 120 dh /etc/openvpn/keys/dh.pem ca /etc/openvpn/keys/ca-root.pem cert /etc/openvpn/keys/server.pem key /etc/openvpn/keys/server.key #crl-verify /etc/openvpn/crl.pem tls-auth /etc/openvpn/keys/ta.key 0 server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt 0 #client-config-dir /etc/openvpn/ccd client-to-client #topology subnet max-clients 2 push "redirect-gateway local def1" #push "redirect-gateway def1" #push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" route 10.8.0.0 255.255.255.0 comp-lzo keepalive 10 120 status /etc/openvpn/log/openvpn-status.log 1 status-version 3 log /etc/openvpn/log/openvpn.log log-append /etc/openvpn/log/openvpn-server.log verb 3 mute 20 script-security 2 === Кончилась врезка ===
� Не хватало, собственно, вот этого.
=== Вырезка из филе Windows Clipboard === /sbin/iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 192.168.1.205 /sbin/iptables -A FORWARD -d 10.8.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT === Кончилась врезка ===
� Добавил. У меня всё заработало. Вот только после перегрузки сервера это слетает. Как эти настройки прописать на постоянно? � И ещё. При штатной, надеюсь перегрузке сервера shutdown -r now
openvpn запускается и подвисает.
=== Вырезка из филе Windows Clipboard === Wed May 20 18:04:24 2015 OpenVPN 2.2.2 x86_64-alt-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Jan 5 2012 Wed May 20 18:04:24 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet. Wed May 20 18:04:24 2015 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Wed May 20 18:04:24 2015 Diffie-Hellman initialized with 2048 bit key Wed May 20 18:04:24 2015 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file Wed May 20 18:04:24 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 20 18:04:24 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 20 18:04:24 2015 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Wed May 20 18:04:24 2015 Socket Buffers: R=[212992->131072] S=[212992->131072] Wed May 20 18:04:24 2015 TCP/UDP: Socket bind failed on local address [undef]:1194: Address already in use Wed May 20 18:04:24 2015 Exiting === Кончилась врезка ===
� Останавливаю и запускаю службу. Получается нормальный запуск, но с ошибкой указанной в предыдущем письме. От чего тоже хотелось бы избавиться.
=== Вырезка из филе Windows Clipboard === Wed May 20 08:52:37 2015 OpenVPN 2.2.2 x86_64-alt-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Jan 5 2012 Wed May 20 08:52:37 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet. Wed May 20 08:52:37 2015 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Wed May 20 08:52:37 2015 Diffie-Hellman initialized with 2048 bit key Wed May 20 08:52:37 2015 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file Wed May 20 08:52:37 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 20 08:52:37 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed May 20 08:52:37 2015 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Wed May 20 08:52:37 2015 Socket Buffers: R=[212992->131072] S=[212992->131072] Wed May 20 08:52:37 2015 ROUTE default_gateway=192.168.1.250 Wed May 20 08:52:37 2015 TUN/TAP device tun0 opened Wed May 20 08:52:37 2015 TUN/TAP TX queue length set to 100 Wed May 20 08:52:37 2015 /sbin/ip link set dev tun0 up mtu 1500 Wed May 20 08:52:37 2015 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2 Wed May 20 08:52:37 2015 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2 Wed May 20 08:52:37 2015 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
>RTNETLINK answers: File exists >Wed May 20 08:52:37 2015 ERROR: Linux route add command failed: external
program exited with error status: 2 Wed May 20 08:52:37 2015 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Wed May 20 08:52:37 2015 chroot to '/var/lib/openvpn' and cd to '/' succeeded Wed May 20 08:52:37 2015 GID set to openvpn Wed May 20 08:52:37 2015 UID set to openvpn Wed May 20 08:52:37 2015 UDPv4 link local (bound): [undef]:1194 Wed May 20 08:52:37 2015 UDPv4 link remote: [undef] Wed May 20 08:52:37 2015 MULTI: multi_init called, r=256 v=256 Wed May 20 08:52:37 2015 IFCONFIG POOL: base=10.8.0.4 size=62 Wed May 20 08:52:37 2015 IFCONFIG POOL LIST Wed May 20 08:52:37 2015 client1,10.8.0.8 Wed May 20 08:52:37 2015 client2,10.8.0.12 Wed May 20 08:52:37 2015 Initialization Sequence Completed === Кончилась врезка ===
� Что я могу еще сказать?.. � Oleg
... AKA oleg(&)redut.info AKA ICQ 28852595 --- GoldED+/W32-MINGW 1.1.5-b20120515 (пока работает) * Origin: --- ...И все на наш редут... --- (2:5000/111)
