Impossível navegar na internet com VPN no OpenBSD

1

Estou usando o OpenBSD 5.7-amd64 com os últimos patches aplicados.

Eu baixei e instalei o OpenVPN (versão do pacote: openvpn-2.3.6.tgz) disponível para o OpenBSD 5.7 usando o seguinte comando:

sudo pkg_add -vi openvpn

Eu mudo para o diretório onde meus arquivos .ovpn estão localizados:

cd openvpn-configs

Eu escolho um arquivo ovpn, digito uk.ovpn e digite o seguinte comando:

sudo openvpn uk.ovpn

Linhas passam pelo meu terminal e finalmente a mensagem:

Initialization Sequence Completed

indica que estou conectado ao servidor do Reino Unido.

Eu inicio o Firefox e digito um URL.

Nada aparece no navegador.

Eu abro outro terminal e digito:

ping microsoft.com

Não há pings gravados.

O que está acontecendo?

Em resposta ao pedido de mjturner para mais informações, abaixo estão detalhes adicionais.

Por favor, note que o firewall pf básico fornecido pelo OpenBSD durante a instalação do sistema operacional é ativado por padrão. Além disso, durante a instalação do sistema operacional, quando perguntado se deveria configurar / ativar o IPv6, eu respondi "Não".

Detalhes do registro da conexão VPN:

Tue Jul 14 00:00:17 2015 OpenVPN 2.3.6 x86_64-unknown-openbsd5.7 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Mar  7 2015
Tue Jul 14 00:00:17 2015 library versions: LibreSSL 2.1, LZO 2.08
Tue Jul 14 00:00:17 2015 WARNING: file 'auth.txt' is group or others accessible
Tue Jul 14 00:00:17 2015 Socket Buffers: R=[41600->65536] S=[9216->65536]
Tue Jul 14 00:00:17 2015 UDPv4 link local: [undef]
Tue Jul 14 00:00:17 2015 UDPv4 link remote: [AF_INET]111.222.333.444:443
Tue Jul 14 00:00:19 2015 TLS: Initial packet from [AF_INET]111.222.333.444:443, sid=16-alphanumeric-string
Tue Jul 14 00:00:19 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 14 00:00:20 2015 VERIFY OK: depth=1, [particulars of commercial VPN service provider]
Tue Jul 14 00:00:20 2015 Validating certificate key usage
Tue Jul 14 00:00:20 2015 ++ Certificate has key usage  00a0, expects 00a0
Tue Jul 14 00:00:20 2015 VERIFY KU OK
Tue Jul 14 00:00:20 2015 Validating certificate extended key usage
Tue Jul 14 00:00:20 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 14 00:00:20 2015 VERIFY EKU OK
Tue Jul 14 00:00:20 2015 VERIFY OK: depth=0, [particulars of commercial VPN service provider]
Tue Jul 14 00:00:21 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 14 00:00:21 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 14 00:00:21 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 14 00:00:21 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 14 00:00:21 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jul 14 00:00:21 2015 [VPN-UK] Peer Connection Initiated with [AF_INET]111.222.333.444:443
Tue Jul 14 00:00:23 2015 SENT CONTROL [VPN-UK]: 'PUSH_REQUEST' (status=1)
Tue Jul 14 00:00:24 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.9.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.9.0.6 10.9.0.5'
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: route options modified
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 14 00:00:24 2015 ROUTE_GATEWAY 192.168.220.1
Tue Jul 14 00:00:24 2015 TUN/TAP device /dev/tun0 opened
Tue Jul 14 00:00:24 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jul 14 00:00:24 2015 /sbin/ifconfig tun0 10.9.0.6 10.9.0.5 mtu 1500 netmask 255.255.255.255 up -link0
Tue Jul 14 00:00:26 2015 /sbin/route add -net 111.222.333.444 192.168.220.1 -netmask 255.255.255.255
add net 111.222.333.444: gateway 192.168.220.1
Tue Jul 14 00:00:26 2015 /sbin/route add -net 0.0.0.0 10.9.0.5 -netmask 128.0.0.0
add net 0.0.0.0: gateway 10.9.0.5
Tue Jul 14 00:00:26 2015 /sbin/route add -net 128.0.0.0 10.9.0.5 -netmask 128.0.0.0
add net 128.0.0.0: gateway 10.9.0.5
Tue Jul 14 00:00:26 2015 /sbin/route add -net 10.9.0.1 10.9.0.5 -netmask 255.255.255.255
add net 10.9.0.1: gateway 10.9.0.5
Tue Jul 14 00:00:26 2015 Initialization Sequence Completed

Detalhes de ifconfig -a quando a conexão VPN está ativada:

$ ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
    priority: 0
    groups: lo
    inet6 xx11::1%lo0 prefixlen 64 scopeid 0x3
    inet6 ::1 prefixlen 128
    inet 127.0.0.1 netmask 0xff000000
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    lladdr [MAC address of network card]
    priority: 0
    groups: egress
    media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
    status: active
    inet 192.168.220.176 netmask 0xffffff00 broadcast 192.168.220.255
enc0: flags=0<>
    priority: 0
    groups: enc
    status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33144
    priority: 0
    groups: pflog
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
    priority: 0
    groups: tun
    status: active
    inet 10.9.0.6 --> 10.9.0.5 netmask 0xffffffff

Detalhes de netstat -nr -f inet quando a conexão VPN está ativada:

$ netstat -nr -f inet
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
0/1                10.9.0.5           UGS        0        0     -     8 tun0 
default            192.168.220.1      UGS        1      137     -     8 re0  
10.9.0.1/32        10.9.0.5           UGS        0        0     -     8 tun0 
10.9.0.5           10.9.0.6           UH         3        0     -     4 tun0 
10.9.0.6           10.9.0.6           UHl        0        0     -     1 lo0  
111.222.333.444/32 192.168.220.1      UGS        0        0     -     8 re0  
127/8              127.0.0.1          UGRS       0        0 32768     8 lo0  
127.0.0.1          127.0.0.1          UHl        1        4 32768     1 lo0  
128/1              10.9.0.5           UGS        0        0     -     8 tun0 
192.168.220/24     link#1             UC         1        0     -     4 re0  
192.168.220.1      [MAC-router]       UHLc       2        0     -     4 re0  
192.168.220.176    [MAC-network card] UHLl       0        0     -     1 lo0  
192.168.220.255    link#1             UHLb       0        0     -     1 re0  
224/4              link#1             UCS        0        0     -     8 re0

Detalhes de dig quando a conexão VPN está ativada:

$ dig +short microsoft.com
;; connection timed out; no servers could be reached
$
    
por virvegto 13.07.2015 / 20:11

0 respostas