Essa pergunta pode ser comum para os usuários do OpenVPN, mas estou muito frustrado, pois todas as soluções falharam. Eu tentei quase todas as soluções que pude ver na Internet para este problema. Eu configurei um OpenVPN no servidor vps NAT CentOS7. Então eu instalei o OpenVPN GUI no meu laptop (Windows7). No começo estava tudo bem: conectado e o endereço IP alterado. Mas alguns momentos depois, novamente desmascarado, de volta ao IP real. Eu tentei estes:
Compatibilidade - clique com o botão direito no OpenVPN GUI, execute este programa no modo de compatibilidade → tentei quase todos. Endereço IP alterado para quase um minuto, novamente alterado automaticamente para original.
Desativar IPv6 - Vá para Painel de Controle → Rede e Internet → Conexões de Rede → clique com o botão direito do mouse em Windows adapter v9 → e desative IPv6. Não está funcionando.
redirect-gateway def - Edite o arquivo config.ovpn no servidor, adicione push "redirect-gateway def1" e edite o arquivo cliente config.ovpn no Windows7 e adicione redirect-gateway def1 . Ainda nada funcionou.
Eu estou sem noção. Aqui está o arquivo de log do cliente:
Thu Aug 24 23:55:03 2017 OpenVPN 2.4.3 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
Thu Aug 24 23:55:03 2017 Windows version 6.1 (Windows 7) 32bit
Thu Aug 24 23:55:03 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Thu Aug 24 23:55:03 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Aug 24 23:55:03 2017 Need hold release from management interface, waiting...
Thu Aug 24 23:55:03 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Aug 24 23:55:04 2017 MANAGEMENT: CMD 'state on'
Thu Aug 24 23:55:04 2017 MANAGEMENT: CMD 'log all on'
Thu Aug 24 23:55:04 2017 MANAGEMENT: CMD 'echo all on'
Thu Aug 24 23:55:04 2017 MANAGEMENT: CMD 'hold off'
Thu Aug 24 23:55:04 2017 MANAGEMENT: CMD 'hold release'
Thu Aug 24 23:55:05 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 24 23:55:05 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 24 23:55:05 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]104.152.190.126:17600
Thu Aug 24 23:55:05 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 24 23:55:05 2017 UDP link local: (not bound)
Thu Aug 24 23:55:05 2017 UDP link remote: [AF_INET]104.152.190.126:17600
Thu Aug 24 23:55:05 2017 MANAGEMENT: >STATE:1503597305,WAIT,,,,,,
Thu Aug 24 23:55:05 2017 MANAGEMENT: >STATE:1503597305,AUTH,,,,,,
Thu Aug 24 23:55:05 2017 TLS: Initial packet from [AF_INET]104.152.190.126:17600, sid=d06722a6 e92e9a3e
Thu Aug 24 23:55:05 2017 VERIFY OK: depth=1, CN=ChangeMe
Thu Aug 24 23:55:05 2017 VERIFY KU OK
Thu Aug 24 23:55:05 2017 Validating certificate extended key usage
Thu Aug 24 23:55:05 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Aug 24 23:55:05 2017 VERIFY EKU OK
Thu Aug 24 23:55:05 2017 VERIFY OK: depth=0, CN=server
Thu Aug 24 23:55:06 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Aug 24 23:55:06 2017 [server] Peer Connection Initiated with [AF_INET]104.152.190.126:17600
Thu Aug 24 23:55:07 2017 MANAGEMENT: >STATE:1503597307,GET_CONFIG,,,,,,
Thu Aug 24 23:55:07 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Aug 24 23:55:07 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Thu Aug 24 23:55:07 2017 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 24 23:55:07 2017 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 24 23:55:07 2017 OPTIONS IMPORT: route options modified
Thu Aug 24 23:55:07 2017 OPTIONS IMPORT: route-related options modified
Thu Aug 24 23:55:07 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 24 23:55:07 2017 OPTIONS IMPORT: peer-id set
Thu Aug 24 23:55:07 2017 OPTIONS IMPORT: adjusting link_mtu to 1625
Thu Aug 24 23:55:07 2017 OPTIONS IMPORT: data channel crypto options modified
Thu Aug 24 23:55:07 2017 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Aug 24 23:55:07 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Aug 24 23:55:07 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Aug 24 23:55:07 2017 interactive service msg_channel=0
Thu Aug 24 23:55:07 2017 ROUTE_GATEWAY 10.211.52.95/255.255.255.255 I=40 HWADDR=00:00:00:00:00:00
Thu Aug 24 23:55:07 2017 open_tun
Thu Aug 24 23:55:07 2017 TAP-WIN32 device [Local Area Connection 2] opened: \.\Global\{7A6A15EB-2846-4F03-8F06-E5B7B16FE4B7}.tap
Thu Aug 24 23:55:07 2017 TAP-Windows Driver Version 9.21
Thu Aug 24 23:55:07 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
Thu Aug 24 23:55:07 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {7A6A15EB-2846-4F03-8F06-E5B7B16FE4B7} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Thu Aug 24 23:55:07 2017 Successful ARP Flush on interface [14] {7A6A15EB-2846-4F03-8F06-E5B7B16FE4B7}
Thu Aug 24 23:55:07 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Aug 24 23:55:07 2017 MANAGEMENT: >STATE:1503597307,ASSIGN_IP,,10.8.0.2,,,,
Thu Aug 24 23:55:07 2017 Block_DNS: WFP engine opened
Thu Aug 24 23:55:08 2017 Block_DNS: Using existing sublayer
Thu Aug 24 23:55:08 2017 Block_DNS: Added permit filters for exe_path
Thu Aug 24 23:55:08 2017 Block_DNS: Added block filters for all interfaces
Thu Aug 24 23:55:08 2017 Block_DNS: Added permit filters for TAP interface
Thu Aug 24 23:55:13 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Thu Aug 24 23:55:13 2017 C:\Windows\system32\route.exe ADD 104.152.190.126 MASK 255.255.255.255 10.211.52.95
Thu Aug 24 23:55:13 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Aug 24 23:55:13 2017 Route addition via IPAPI succeeded [adaptive]
Thu Aug 24 23:55:13 2017 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
Thu Aug 24 23:55:13 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=3 and dwForwardType=4
Thu Aug 24 23:55:13 2017 Route addition via IPAPI succeeded [adaptive]
Thu Aug 24 23:55:13 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
Thu Aug 24 23:55:13 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=3 and dwForwardType=4
Thu Aug 24 23:55:13 2017 Route addition via IPAPI succeeded [adaptive]
Thu Aug 24 23:55:13 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Aug 24 23:55:13 2017 Initialization Sequence Completed
Thu Aug 24 23:55:13 2017 MANAGEMENT: >STATE:1503597313,CONNECTED,SUCCESS,10.8.0.2,104.152.190.126,17600,,
Aqui está o código do arquivo de configuração:
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 104.152.190.126 17600
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
redirect-gateway def1
<ca>
Aqui está o arquivo de configuração do servidor:
port 17600
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
Tags networking vpn openvpn