Estou tentando se conectar a um servidor VPN.
Eu tenho o client.ovpn do administrador do meu sistema.
Ao executar: sudo openvpn --config client.ovpn
, estou recebendo Initialization Sequence Completed
após alguns segundos, mas minha conexão não está funcionando. tentando - ping google.com
não produz resposta.
Em uma máquina macOSX com o Tunnelblick instalado e o mesmo arquivo client.ovpn, tudo está funcionando perfeitamente.
Estou sentindo falta de algo?
Adicionando registros para sudo openvpn --config client.ovpn
:
OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Enter Auth Username: *****
Enter Auth Password: ********************
Control Channel Authentication: tls-auth using INLINE static key file
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[212992->200000] S=[212992->200000]
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]52.204.89.71:1194
Server poll timeout, restarting
SIGUSR1[soft,server_poll] received, process restarting
Control Channel Authentication: tls-auth using INLINE static key file
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[212992->200000] S=[212992->200000]
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]52.204.89.71:1194
Server poll timeout, restarting
SIGUSR1[soft,server_poll] received, process restarting
Control Channel Authentication: tls-auth using INLINE static key file
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[87380->200000] S=[16384->200000]
Attempting to establish TCP connection with [AF_INET]52.204.89.71:443 [nonblock]
TCP connection established with [AF_INET]52.204.89.71:443
TCPv4_CLIENT link local: [undef]
TCPv4_CLIENT link remote: [AF_INET]52.204.89.71:443
TLS: Initial packet from [AF_INET]52.204.89.71:443, sid=06674f4e bf6e2a84
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
VERIFY OK: depth=1, CN=OpenVPN CA
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, CN=OpenVPN Server
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
[OpenVPN Server] Peer Connection Initiated with [AF_INET]52.204.89.71:443
SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,socket-flags TCP_NODELAY,auth-token SESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.224.1,dhcp-option DNS 10.0.0.2,register-dns,block-ipv6,ifconfig 172.27.227.61 255.255.248.0'
Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.3.10)
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
OPTIONS IMPORT: LZO parms modified
OPTIONS IMPORT: --socket-flags option modified
Socket flags: TCP_NODELAY=1 succeeded
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
ROUTE_GATEWAY 192.168.1.99/255.255.255.0 IFACE=wlp4s0 HWADDR=60:f6:77:31:df:9e
TUN/TAP device tun0 opened
TUN/TAP TX queue length set to 100
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
/sbin/ip link set dev tun0 up mtu 1500
/sbin/ip addr add dev tun0 172.27.227.61/21 broadcast 172.27.231.255
ROUTE remote_host is NOT LOCAL
/sbin/ip route add 52.204.89.71/32 via 192.168.1.99
/sbin/ip route add 0.0.0.0/1 via 172.27.224.1
/sbin/ip route add 128.0.0.0/1 via 172.27.224.1
Initialization Sequence Completed
editar:
Meu client.ovpn
é assim:
Iv'e remove \ altera os detalhes do privet
# Automatically generated OpenVPN client config file
# Generated on Mon Jan 22 15:15:18 2018 by openvpnas2
# Note: this config file contains inline private keys
# and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=My_Name
# Define the profile name of this particular configuration file
# [email protected]
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=vpn.server.com:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc.
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 443 tcp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----