OpenVPN entre Manjaro Linux e Windows Server 2016, VPN estabelece, mas nenhum tráfego está sendo roteado através de

Question

OpenVPN entre Manjaro Linux e Windows Server 2016, VPN estabelece, mas nenhum tráfego está sendo roteado através de

0

Eu tenho um Windows Server em casa, que é o servidor OpenVPN neste cenário. Meu cliente é um Manjaro Linux (Arch Distro) na versão mais recente. Eu queria uma VPN simples, mais empurrando opções de DNS. O endereço de rede doméstica do meu servidor é 192.168.69.200 e o intervalo de endereços da conexão OpenVPN é 10.69.0.0/24. As opções de DNS não estão sendo enviadas para o meu resolv.conf (mas isso é um problema do NetworkManager). A rota para 192.168.69.0/24 é adicionada com sucesso e o dispositivo tun é criado e atribuído ao endereço IP correto. No entanto, quando eu tento ping 192.168.69.200, nada. Aqui está a configuração do meu servidor:

port 1194
proto udp
dev tun
ca ca.crt
cert muxi-at.crt
key muxi-at.key
dh dh2048.pem
topology subnet
server 10.69.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.69.0 255.255.255.0"
push "dhcp-option DNS 192.168.69.200"
push "dhcp-option DOMAIN muxi.at"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
explicit-exit-notify 1

Aqui está a configuração do meu cliente:

client
dev tun
proto udp
remote muxi.at 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert johann-pad.crt
key johann-pad.key
remote-cert-tls server
cipher AES-256-CBC
verb 4

E agora algumas saídas de log para arredondar tudo:

Servidor:

Mon Jul 30 10:11:45 2018 us=238102 Current Parameter Settings:
Mon Jul 30 10:11:45 2018 us=238102   config = 'server.ovpn'
Mon Jul 30 10:11:45 2018 us=238102   mode = 1
Mon Jul 30 10:11:45 2018 us=238102   show_ciphers = DISABLED
Mon Jul 30 10:11:45 2018 us=238102   show_digests = DISABLED
Mon Jul 30 10:11:45 2018 us=238102   show_engines = DISABLED
Mon Jul 30 10:11:45 2018 us=238102   genkey = DISABLED
Mon Jul 30 10:11:45 2018 us=238102   key_pass_file = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=238102   show_tls_ciphers = DISABLED
Mon Jul 30 10:11:45 2018 us=238102   connect_retry_max = 0
Mon Jul 30 10:11:45 2018 us=238102 Connection profiles [0]:
Mon Jul 30 10:11:45 2018 us=238102   proto = udp
Mon Jul 30 10:11:45 2018 us=238102   local = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=238102   local_port = '1194'
Mon Jul 30 10:11:45 2018 us=238102   remote = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=239101   remote_port = '1194'
Mon Jul 30 10:11:45 2018 us=239101   remote_float = DISABLED
Mon Jul 30 10:11:45 2018 us=239101   bind_defined = DISABLED
Mon Jul 30 10:11:45 2018 us=239101   bind_local = ENABLED
Mon Jul 30 10:11:45 2018 us=239101   bind_ipv6_only = DISABLED
Mon Jul 30 10:11:45 2018 us=239101   connect_retry_seconds = 5
Mon Jul 30 10:11:45 2018 us=239101   connect_timeout = 120
Mon Jul 30 10:11:45 2018 us=239101   socks_proxy_server = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=239101   socks_proxy_port = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=239101   tun_mtu = 1500
Mon Jul 30 10:11:45 2018 us=241102   management_client_user = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=241102   management_client_group = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=241102   management_flags = 6
Mon Jul 30 10:11:45 2018 us=241102   shared_secret_file = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=241102   key_direction = not set
Mon Jul 30 10:11:45 2018 us=241102   ciphername = 'AES-256-CBC'
Mon Jul 30 10:11:45 2018 us=241102   ncp_enabled = ENABLED
Mon Jul 30 10:11:45 2018 us=241102   ncp_ciphers = 'AES-256-GCM:AES-128-
Mon Jul 30 10:11:45 2018 us=243102   tls_exit = DISABLED
Mon Jul 30 10:11:45 2018 us=243102   tls_auth_file = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=243102   tls_crypt_file = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=243102   pkcs11_protected_authentication = 
Mon Jul 30 10:11:45 2018 us=244102   server_network = 10.69.0.0
Mon Jul 30 10:11:45 2018 us=244102   server_netmask = 255.255.255.0
Mon Jul 30 10:11:45 2018 us=244102   server_network_ipv6 = ::
Mon Jul 30 10:11:45 2018 us=244102   server_netbits_ipv6 = 0
Mon Jul 30 10:11:45 2018 us=244102   server_bridge_ip = 0.0.0.0
Mon Jul 30 10:11:45 2018 us=244102   server_bridge_netmask = 0.0.0.0
Mon Jul 30 10:11:45 2018 us=244102   server_bridge_pool_start = 0.0.0.0
Mon Jul 30 10:11:45 2018 us=244102   server_bridge_pool_end = 0.0.0.0
Mon Jul 30 10:11:45 2018 us=244102   push_entry = 'route 192.168.69.0 255.255.255.0'
Mon Jul 30 10:11:45 2018 us=244102   push_entry = 'dhcp-option DNS 192.168.69.200'
Mon Jul 30 10:11:45 2018 us=244102   push_entry = 'dhcp-option DOMAIN muxi.at'
Mon Jul 30 10:11:45 2018 us=244102   push_entry = 'route-gateway 10.69.0.1'
Mon Jul 30 10:11:45 2018 us=244102   push_entry = 'topology subnet'
Mon Jul 30 10:11:45 2018 us=244102   push_entry = 'ping 10'
Mon Jul 30 10:11:45 2018 us=244102   push_entry = 'ping-restart 120'
Mon Jul 30 10:11:45 2018 us=245102   ifconfig_pool_defined = ENABLED
Mon Jul 30 10:11:45 2018 us=245102   ifconfig_pool_start = 10.69.0.2
Mon Jul 30 10:11:45 2018 us=245102   ifconfig_pool_end = 10.69.0.253
Mon Jul 30 10:11:45 2018 us=245102   ifconfig_pool_netmask = 255.255.255.0
Mon Jul 30 10:11:45 2018 us=245102   ifconfig_pool_persist_filename = 'ipp.txt'
Mon Jul 30 10:11:45 2018 us=245102   ifconfig_pool_persist_refresh_freq = 600
Mon Jul 30 10:11:45 2018 us=245102   ifconfig_ipv6_pool_defined = DISABLED
Mon Jul 30 10:11:45 2018 us=245102   ifconfig_ipv6_pool_base = ::
Mon Jul 30 10:11:45 2018 us=245102   ifconfig_ipv6_pool_netbits = 0
Mon Jul 30 10:11:45 2018 us=245102   n_bcast_buf = 256
Mon Jul 30 10:11:45 2018 us=245102   tcp_queue_limit = 64
Mon Jul 30 10:11:45 2018 us=245102   real_hash_size = 256
Mon Jul 30 10:11:45 2018 us=245102   virtual_hash_size = 256
Mon Jul 30 10:11:45 2018 us=245102   client_connect_script = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=245102   learn_address_script = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=245102   client_disconnect_script = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=245102   client_config_dir = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=245102   ccd_exclusive = DISABLED
Mon Jul 30 10:11:45 2018 us=245102   tmp_dir = 'C:\Users\ADMINI~1.MUX\AppData\Local\Temp\'
Mon Jul 30 10:11:45 2018 us=245102   push_ifconfig_defined = DISABLED
Mon Jul 30 10:11:45 2018 us=245102   push_ifconfig_local = 0.0.0.0
Mon Jul 30 10:11:45 2018 us=245102   push_ifconfig_remote_netmask = 0.0.0.0
Mon Jul 30 10:11:45 2018 us=245102   push_ifconfig_ipv6_defined = DISABLED
Mon Jul 30 10:11:45 2018 us=245102   push_ifconfig_ipv6_local = ::/0
Mon Jul 30 10:11:45 2018 us=245102   push_ifconfig_ipv6_remote = ::
Mon Jul 30 10:11:45 2018 us=245102   enable_c2c = ENABLED
Mon Jul 30 10:11:45 2018 us=245102   duplicate_cn = DISABLED
Mon Jul 30 10:11:45 2018 us=245102   cf_max = 0
Mon Jul 30 10:11:45 2018 us=245102   cf_per = 0
Mon Jul 30 10:11:45 2018 us=245102   max_clients = 1024
Mon Jul 30 10:11:45 2018 us=245102   max_routes_per_client = 256
Mon Jul 30 10:11:45 2018 us=245102   auth_user_pass_verify_script = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=245102   auth_user_pass_verify_script_via_file = DISABLED
Mon Jul 30 10:11:45 2018 us=245102   auth_token_generate = DISABLED
Mon Jul 30 10:11:45 2018 us=245102   auth_token_lifetime = 0
Mon Jul 30 10:11:45 2018 us=245102   client = DISABLED
Mon Jul 30 10:11:45 2018 us=246102   pull = DISABLED
Mon Jul 30 10:11:45 2018 us=246102   auth_user_pass_file = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=246102   show_net_up = DISABLED
Mon Jul 30 10:11:45 2018 us=246102   route_method = 0
Mon Jul 30 10:11:45 2018 us=246102   block_outside_dns = DISABLED
Mon Jul 30 10:11:45 2018 us=246102   ip_win32_defined = DISABLED
Mon Jul 30 10:11:45 2018 us=246102   ip_win32_type = 3
Mon Jul 30 10:11:45 2018 us=246102   dhcp_masq_offset = 0
Mon Jul 30 10:11:45 2018 us=246102   dhcp_lease_time = 31536000
Mon Jul 30 10:11:45 2018 us=246102   tap_sleep = 10
Mon Jul 30 10:11:45 2018 us=246102   dhcp_options = DISABLED
Mon Jul 30 10:11:45 2018 us=246102   dhcp_renew = DISABLED
Mon Jul 30 10:11:45 2018 us=246102   dhcp_pre_release = DISABLED
Mon Jul 30 10:11:45 2018 us=246102   domain = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=246102   netbios_scope = '[UNDEF]'
Mon Jul 30 10:11:45 2018 us=246102   netbios_node_type = 0
Mon Jul 30 10:11:45 2018 us=246102   disable_nbt = DISABLED
Mon Jul 30 10:11:45 2018 us=246102 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Mon Jul 30 10:11:45 2018 us=246102 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Jul 30 10:11:45 2018 us=246102 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Mon Jul 30 10:11:45 2018 us=248035 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Jul 30 10:11:45 2018 us=248035 Need hold release from management interface, waiting...
Mon Jul 30 10:11:45 2018 us=677305 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Jul 30 10:11:45 2018 us=778947 MANAGEMENT: CMD 'state on'
Mon Jul 30 10:11:45 2018 us=778947 MANAGEMENT: CMD 'log all on'
Mon Jul 30 10:11:46 2018 us=238888 MANAGEMENT: CMD 'echo all on'
Mon Jul 30 10:11:46 2018 us=244887 MANAGEMENT: CMD 'bytecount 5'
Mon Jul 30 10:11:46 2018 us=249887 MANAGEMENT: CMD 'hold off'
Mon Jul 30 10:11:46 2018 us=254887 MANAGEMENT: CMD 'hold release'
Mon Jul 30 10:11:46 2018 us=270889 Diffie-Hellman initialized with 2048 bit key
Mon Jul 30 10:11:46 2018 us=273892 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jul 30 10:11:46 2018 us=274890 interactive service msg_channel=0
Mon Jul 30 10:11:46 2018 us=274890 open_tun
Mon Jul 30 10:11:46 2018 us=278892 TAP-WIN32 device [Ethernet 2] opened: \.\Global\{370D5061-B8FA-492B-823B-51FBAF758728}.tap
Mon Jul 30 10:11:46 2018 us=279889 TAP-Windows Driver Version 9.21 
Mon Jul 30 10:11:46 2018 us=279889 TAP-Windows MTU=1500
Mon Jul 30 10:11:46 2018 us=285893 Set TAP-Windows TUN subnet mode network/local/netmask = 10.69.0.0/10.69.0.1/255.255.255.0 [SUCCEEDED]
Mon Jul 30 10:11:46 2018 us=285893 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.69.0.1/255.255.255.0 on interface {370D5061-B8FA-492B-823B-51FBAF758728} [DHCP-serv: 10.69.0.254, lease-time: 31536000]
Mon Jul 30 10:11:46 2018 us=286889 Sleeping for 10 seconds...
Mon Jul 30 10:11:56 2018 us=292720 Successful ARP Flush on interface [12] {370D5061-B8FA-492B-823B-51FBAF758728}
Mon Jul 30 10:11:56 2018 us=301641 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jul 30 10:11:56 2018 us=301641 MANAGEMENT: >STATE:1532938316,ASSIGN_IP,,10.69.0.1,,,,
Mon Jul 30 10:11:56 2018 us=302641 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Jul 30 10:11:56 2018 us=302641 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Mon Jul 30 10:11:56 2018 us=302641 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Jul 30 10:11:56 2018 us=302641 setsockopt(IPV6_V6ONLY=0)
Mon Jul 30 10:11:56 2018 us=303641 UDPv6 link local (bound): [AF_INET6][undef]:1194
Mon Jul 30 10:11:56 2018 us=303641 UDPv6 link remote: [AF_UNSPEC]
Mon Jul 30 10:11:56 2018 us=303641 MULTI: multi_init called, r=256 v=256
Mon Jul 30 10:11:56 2018 us=303641 IFCONFIG POOL: base=10.69.0.2 size=252, ipv6=0
Mon Jul 30 10:11:56 2018 us=303641 ifconfig_pool_read(), in='johann-pad,10.69.0.2', TODO: IPv6
Mon Jul 30 10:11:56 2018 us=303641 succeeded -> ifconfig_pool_set()
Mon Jul 30 10:11:56 2018 us=304641 IFCONFIG POOL LIST
Mon Jul 30 10:11:56 2018 us=304641 johann-pad,10.69.0.2
Mon Jul 30 10:11:56 2018 us=304641 Initialization Sequence Completed
Mon Jul 30 10:11:56 2018 us=304641 MANAGEMENT: >STATE:1532938316,CONNECTED,SUCCESS,10.69.0.1,,,,
Mon Jul 30 10:16:37 2018 us=659163 MULTI: multi_create_instance called
Mon Jul 30 10:16:37 2018 us=659163 46.125.249.62 Re-using SSL/TLS context
Mon Jul 30 10:16:37 2018 us=659163 46.125.249.62 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jul 30 10:16:37 2018 us=659163 46.125.249.62 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Jul 30 10:16:37 2018 us=660086 46.125.249.62 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Mon Jul 30 10:16:37 2018 us=660086 46.125.249.62 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Mon Jul 30 10:16:37 2018 us=660086 46.125.249.62 TLS: Initial packet from [AF_INET6]::ffff:46.125.249.62:22475, sid=6682eaa3 bc5c637a
Mon Jul 30 10:16:37 2018 us=837153 46.125.249.62 VERIFY OK: depth=1, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=muxi.at, name=Max Maier, emailAddress=kek
Mon Jul 30 10:16:37 2018 us=838153 46.125.249.62 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=johann-pad, name=Max Maier, emailAddress=kek
Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_VER=2.4.6
Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_PLAT=linux
Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_PROTO=2
Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_NCP=2
Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_LZ4=1
Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_LZ4v2=1
Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_LZO=1
Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_COMP_STUB=1
Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_COMP_STUBv2=1
Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_TCPNL=1
Mon Jul 30 10:16:37 2018 us=915237 46.125.249.62 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Jul 30 10:16:37 2018 us=915237 46.125.249.62 [johann-pad] Peer Connection Initiated with [AF_INET6]::ffff:46.125.249.62:22475
Mon Jul 30 10:16:37 2018 us=916156 johann-pad/46.125.249.62 MULTI_sva: pool returned IPv4=10.69.0.2, IPv6=(Not enabled)
Mon Jul 30 10:16:37 2018 us=916156 johann-pad/46.125.249.62 MULTI: Learn: 10.69.0.2 -> johann-pad/46.125.249.62
Mon Jul 30 10:16:37 2018 us=916156 johann-pad/46.125.249.62 MULTI: primary virtual IP for johann-pad/46.125.249.62: 10.69.0.2
Mon Jul 30 10:16:39 2018 us=70985 johann-pad/46.125.249.62 PUSH: Received control message: 'PUSH_REQUEST'
Mon Jul 30 10:16:39 2018 us=70985 johann-pad/46.125.249.62 SENT CONTROL [johann-pad]: 'PUSH_REPLY,route 192.168.69.0 255.255.255.0,dhcp-option DNS 192.168.69.200,dhcp-option DOMAIN muxi.at,route-gateway 10.69.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.69.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Mon Jul 30 10:16:39 2018 us=70985 johann-pad/46.125.249.62 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Jul 30 10:16:39 2018 us=70985 johann-pad/46.125.249.62 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Jul 30 10:16:39 2018 us=71986 johann-pad/46.125.249.62 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 30 10:16:39 2018 us=71986 johann-pad/46.125.249.62 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 30 10:21:25 2018 us=192651 johann-pad/46.125.249.62 [johann-pad] Inactivity timeout (--ping-restart), restarting
Mon Jul 30 10:21:25 2018 us=192651 johann-pad/46.125.249.62 SIGUSR1[soft,ping-restart] received, client-instance restarting
Mon Jul 30 10:22:23 2018 us=681125 MULTI: multi_create_instance called
Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 Re-using SSL/TLS context
Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 TLS: Initial packet from [AF_INET6]::ffff:46.125.249.62:22476, sid=9a4e2a35 85429d9e
Mon Jul 30 10:22:23 2018 us=848831 46.125.249.62 VERIFY OK: depth=1, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=muxi.at, name=Max Maier, emailAddress=kek
Mon Jul 30 10:22:23 2018 us=849830 46.125.249.62 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=johann-pad, name=Max Maier, emailAddress=kek
Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_VER=2.4.6
Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_PLAT=linux
Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_PROTO=2
Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_NCP=2
Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_LZ4=1
Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_LZ4v2=1
Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_LZO=1
Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_COMP_STUB=1
Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_COMP_STUBv2=1
Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_TCPNL=1
Mon Jul 30 10:22:23 2018 us=956686 46.125.249.62 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Jul 30 10:22:23 2018 us=956686 46.125.249.62 [johann-pad] Peer Connection Initiated with [AF_INET6]::ffff:46.125.249.62:22476
Mon Jul 30 10:22:23 2018 us=956686 johann-pad/46.125.249.62 MULTI_sva: pool returned IPv4=10.69.0.2, IPv6=(Not enabled)
Mon Jul 30 10:22:23 2018 us=957683 johann-pad/46.125.249.62 MULTI: Learn: 10.69.0.2 -> johann-pad/46.125.249.62
Mon Jul 30 10:22:23 2018 us=957683 johann-pad/46.125.249.62 MULTI: primary virtual IP for johann-pad/46.125.249.62: 10.69.0.2
Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 PUSH: Received control message: 'PUSH_REQUEST'
Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 SENT CONTROL [johann-pad]: 'PUSH_REPLY,route 192.168.69.0 255.255.255.0,dhcp-option DNS 192.168.69.200,dhcp-option DOMAIN muxi.at,route-gateway 10.69.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.69.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 30 10:23:45 2018 us=469757 MULTI: multi_create_instance called
Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 Re-using SSL/TLS context
Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 TLS: Initial packet from [AF_INET6]::ffff:46.125.249.62:22477, sid=9c33023e 1518749c
Mon Jul 30 10:23:45 2018 us=641242 46.125.249.62 VERIFY OK: depth=1, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=muxi.at, name=Max Maier, emailAddress=kek
Mon Jul 30 10:23:45 2018 us=642243 46.125.249.62 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=johann-pad, name=Max Maier, emailAddress=kek
Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_VER=2.4.6
Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_PLAT=linux
Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_PROTO=2
Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_NCP=2
Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_LZ4=1
Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_LZ4v2=1
Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_LZO=1
Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_COMP_STUB=1
Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_COMP_STUBv2=1
Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_TCPNL=1
Mon Jul 30 10:23:45 2018 us=724308 46.125.249.62 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Jul 30 10:23:45 2018 us=724308 46.125.249.62 [johann-pad] Peer Connection Initiated with [AF_INET6]::ffff:46.125.249.62:22477
Mon Jul 30 10:23:45 2018 us=724308 MULTI: new connection by client 'johann-pad' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Mon Jul 30 10:23:45 2018 us=724308 MULTI_sva: pool returned IPv4=10.69.0.2, IPv6=(Not enabled)
Mon Jul 30 10:23:45 2018 us=724308 MULTI: Learn: 10.69.0.2 -> johann-pad/46.125.249.62
Mon Jul 30 10:23:45 2018 us=725244 MULTI: primary virtual IP for johann-pad/46.125.249.62: 10.69.0.2
Mon Jul 30 10:23:46 2018 us=808942 johann-pad/46.125.249.62 PUSH: Received control message: 'PUSH_REQUEST'
Mon Jul 30 10:23:46 2018 us=808942 johann-pad/46.125.249.62 SENT CONTROL [johann-pad]: 'PUSH_REPLY,route 192.168.69.0 255.255.255.0,dhcp-option DNS 192.168.69.200,dhcp-option DOMAIN muxi.at,route-gateway 10.69.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.69.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
Mon Jul 30 10:23:46 2018 us=808942 johann-pad/46.125.249.62 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Jul 30 10:23:46 2018 us=809861 johann-pad/46.125.249.62 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Jul 30 10:23:46 2018 us=809861 johann-pad/46.125.249.62 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 30 10:23:46 2018 us=809861 johann-pad/46.125.249.62 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Cliente:

Mon Jul 30 10:23:45 2018 WARNING: file 'johann-pad.key' is group or others accessible
Mon Jul 30 10:23:45 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Mon Jul 30 10:23:45 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Mon Jul 30 10:23:45 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]84.113.131.29:1194
Mon Jul 30 10:23:45 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jul 30 10:23:45 2018 UDP link local: (not bound)
Mon Jul 30 10:23:45 2018 UDP link remote: [AF_INET]84.113.131.29:1194
Mon Jul 30 10:23:45 2018 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Jul 30 10:23:45 2018 TLS: Initial packet from [AF_INET]84.113.131.29:1194, sid=5a41de68 a1cf8ed2
Mon Jul 30 10:23:45 2018 VERIFY OK: depth=1, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=muxi.at, name=Max Maier, emailAddress=kek
Mon Jul 30 10:23:45 2018 VERIFY KU OK
Mon Jul 30 10:23:45 2018 Validating certificate extended key usage
Mon Jul 30 10:23:45 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Jul 30 10:23:45 2018 VERIFY EKU OK
Mon Jul 30 10:23:45 2018 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=muxi.at, name=Max Maier, emailAddress=kek
Mon Jul 30 10:23:45 2018 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Jul 30 10:23:45 2018 [muxi.at] Peer Connection Initiated with [AF_INET]84.113.131.29:1194
Mon Jul 30 10:23:46 2018 SENT CONTROL [muxi.at]: 'PUSH_REQUEST' (status=1)
Mon Jul 30 10:23:46 2018 PUSH: Received control message: 'PUSH_REPLY,route 192.168.69.0 255.255.255.0,dhcp-option DNS 192.168.69.200,dhcp-option DOMAIN muxi.at,route-gateway 10.69.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.69.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM'
Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: route options modified
Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: route-related options modified
Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: peer-id set
Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: adjusting link_mtu to 1624
Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: data channel crypto options modified
Mon Jul 30 10:23:46 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Jul 30 10:23:46 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 30 10:23:46 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 30 10:23:46 2018 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 IFACE=wlp5s0 HWADDR=f8:28:19:cc:26:ef
Mon Jul 30 10:23:46 2018 TUN/TAP device tun0 opened
Mon Jul 30 10:23:46 2018 TUN/TAP TX queue length set to 100
Mon Jul 30 10:23:46 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jul 30 10:23:46 2018 /usr/bin/ip link set dev tun0 up mtu 1500
Mon Jul 30 10:23:46 2018 /usr/bin/ip addr add dev tun0 10.69.0.2/24 broadcast 10.69.0.255
Mon Jul 30 10:23:46 2018 /usr/bin/ip route add 192.168.69.0/24 via 10.69.0.1
Mon Jul 30 10:23:46 2018 GID set to nobody
Mon Jul 30 10:23:46 2018 UID set to nobody
Mon Jul 30 10:23:46 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jul 30 10:23:46 2018 Initialization Sequence Completed

Aqui estão algumas saídas de comando

ip a:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 54:e1:ad:91:aa:03 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:d2:90:f1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:d2:90:f1 brd ff:ff:ff:ff:ff:ff
5: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether f8:28:19:cc:26:ef brd ff:ff:ff:ff:ff:ff
    inet 192.168.43.204/24 brd 192.168.43.255 scope global dynamic noprefixroute wlp5s0
       valid_lft 2669sec preferred_lft 2669sec
    inet6 fe80::5993:8ec8:4639:a2a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
14: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.69.0.2/24 brd 10.69.0.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::e15e:1efc:7b76:1902/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

show de rotas ip:

default via 192.168.43.1 dev wlp5s0 proto dhcp metric 600 
10.69.0.0/24 dev tun0 proto kernel scope link src 10.69.0.2 
192.168.43.0/24 dev wlp5s0 proto kernel scope link src 192.168.43.204 metric 600 
192.168.69.0/24 via 10.69.0.1 dev tun0 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

Eu tive que omitir alguma saída dos logs do OpenVPN Server devido ao limite de caracteres, se houver alguma informação importante faltando, por favor me avise. Agradecemos antecipadamente.

networking vpn openvpn linux windows-server

por Max Maier 30.07.2018 / 10:36

0 respostas

Tags networking vpn openvpn linux windows-server

você inseriu muitos argumentos para esta função aninhada se O servidor Nginx está parando sem motivo aparente