Openvpn através do proxy de meias no linux

3

Espero que este seja o lugar correto para postar isso.

Basicamente eu estou tentando executar vpn através de um proxy de meias. Agora isso funciona bem no Windows 7 para mim, mas quando eu tento no Linux ele falha com

Code:
Mon Jun 17 23:26:26 2013 [<redacted>] Inactivity timeout (--ping-restart), restarting
Mon Jun 17 23:26:26 2013 SIGUSR1[soft,ping-restart] received, process restarting
Mon Jun 17 23:26:26 2013 Restart pause, 10 second(s)

Eu testei com o Ubuntu 12.x, 13.xe também com o Debian 7.0. Eu testei com o padrão openvpn 2.2 dos repositórios e compilando 2.3. Mas acabo com o mesmo erro.

Aqui está o meu arquivo de configuração.

client
dev tun0
proto tcp
socks-proxy 127.0.0.1 9050
remote <redacted> 1194
resolv-retry infinite
nobind

auth-user-pass p.auth
auth-retry nointeract

ca [inline]

tls-client
tls-auth [inline]
ns-cert-type server

keepalive 10 30
cipher AES-256-CBC
# tls-ciphers currently disabled due to OpenVPN bug.     
# Will hopefully be re-enabled with version 2.3.2.
#tls-cipher TLSv1:!ADH:!SSLv2:!NULL:!EXPORT:!DES:!LOW:!MEDIUM:@STRENGTH
persist-key
persist-tun
comp-lzo
tun-mtu 1500
mssfix
verb 3

A mensagem de erro completa

Mon Jun 17 23:25:25 2013 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:8c:91:9a
Mon Jun 17 23:25:25 2013 TUN/TAP device tun0 opened
Mon Jun 17 23:25:25 2013 TUN/TAP TX queue length set to 100
Mon Jun 17 23:25:25 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jun 17 23:25:25 2013 /sbin/ifconfig tun0 46.246.35.126 netmask 255.255.255.0 mtu 1500 broadcast 46.246.35.255
Mon Jun 17 23:25:26 2013 /sbin/route add -net 127.0.0.1 netmask 255.255.255.255 gw 192.168.1.1
Mon Jun 17 23:25:26 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 46.246.35.1
Mon Jun 17 23:25:26 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 46.246.35.1
Mon Jun 17 23:25:26 2013 /sbin/route add -net 46.246.35.2 netmask 255.255.255.255 gw 192.168.1.1
Mon Jun 17 23:25:26 2013 Initialization Sequence Completed
Mon Jun 17 23:26:26 2013 [pw.openvpn.ipredator.se] Inactivity timeout (--ping-restart), restarting
Mon Jun 17 23:26:26 2013 SIGUSR1[soft,ping-restart] received, process restarting
Mon Jun 17 23:26:26 2013 Restart pause, 10 second(s)
Mon Jun 17 23:26:36 2013 Socket Buffers: R=[87380->131072] S=[16384->131072]
Mon Jun 17 23:26:36 2013 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9050 [nonblock]
Mon Jun 17 23:26:36 2013 TCP connection established with [AF_INET]127.0.0.1:9050
Mon Jun 17 23:26:41 2013 recv_socks_reply: TCP port read timeout expired: Operation now in progress (errno=115)
Mon Jun 17 23:26:41 2013 /sbin/route del -net 46.246.35.2 netmask 255.255.255.255
Mon Jun 17 23:26:41 2013 /sbin/route del -net 127.0.0.1 netmask 255.255.255.255
Mon Jun 17 23:26:41 2013 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Mon Jun 17 23:26:41 2013 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Mon Jun 17 23:26:41 2013 Closing TUN/TAP interface
Mon Jun 17 23:26:41 2013 /sbin/ifconfig tun0 0.0.0.0
Mon Jun 17 23:26:43 2013 SIGTERM[soft,init_instance] received, process exiting

A tabela de roteamento depois de conectar através de meias.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         46.246.35.1     128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
46.246.35.0     0.0.0.0         255.255.255.0   U     0      0        0 tun0
46.246.35.2     192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
127.0.0.1       192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       46.246.35.1     128.0.0.0       UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

Usar o Linux e as meias é realmente essencial para mim e eu realmente não entendo o assunto. Qualquer ajuda seria muito apreciada, obrigado antecipadamente!

    
por John wess 18.06.2013 / 06:14

1 resposta

1

O seu proxy é um proxy SOCKS5? Ou um proxy SOCKS4?

Acabei de ter exatamente o mesmo problema e acertei no fato de que (embora não documentado), o OpenVPN só suporta um proxy SOCKS5

FWIW, o cabeçalho SOCKS4 é mais longo e, portanto, meu proxy estava aguardando dados adicionais e tempo limite ( TCP port read timeout expired ) quando o OpenVPN estava conectado.

    
por 28.10.2013 / 17:04