O OpenVPN abre o dispositivo tun, mas não faz isso, portanto, não pode adicionar a rota depois. Este comando não faz o dispositivo subir
/sbin/ifconfig tun0 172.31.0.6 pointopoint 172.31.0.5 mtu 1500
Funciona bem, se eu subir o dispositivo manualmente pelo comando ip link ou
ifconfig tun0 up
Mas preciso adicionar todas as rotas sozinho. Como posso executar sem tarefas manualmente? Aqui está meu cliente conf. O mesmo conf funciona bem no windows. Agradeço por qualquer ajuda
dev tun
proto tcp
remote x.x.x.x 1194
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
auth-user-pass
verb 3
Aqui está o meu log:
Tue Aug 7 11:25:00 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Aug 7 11:25:00 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Tue Aug 7 11:25:00 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Aug 7 11:25:00 2018 Attempting to establish TCP connection with [AF_INET]x.x.x.x:1194 [nonblock]
Tue Aug 7 11:25:01 2018 TCP connection established with [AF_INET]x.x.x.x:1194
Tue Aug 7 11:25:01 2018 TCP_CLIENT link local: (not bound)
Tue Aug 7 11:25:01 2018 TCP_CLIENT link remote: [AF_INET]x.x.x.x:1194
Tue Aug 7 11:25:01 2018 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=8188f10d 67197c08
Tue Aug 7 11:25:01 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 7 11:25:01 2018 VERIFY OK: depth=1, C=DE, O=xx, CN=x.x.x.x
Tue Aug 7 11:25:01 2018 VERIFY OK: depth=0, C=DE, O=xx, CN=x.x.x.x
Tue Aug 7 11:25:01 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Aug 7 11:25:01 2018 [x.x.x.x] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Tue Aug 7 11:25:03 2018 SENT CONTROL [x.x.x.x]: 'PUSH_REQUEST' (status=1)
Tue Aug 7 11:25:03 2018 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 172.31.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 172.31.0.6 172.31.0.5'
Tue Aug 7 11:25:03 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 7 11:25:03 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 7 11:25:03 2018 OPTIONS IMPORT: route options modified
Tue Aug 7 11:25:03 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Aug 7 11:25:03 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 7 11:25:03 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Aug 7 11:25:03 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 7 11:25:03 2018 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp2s0 HWADDR=1c:1b:0d:09:5f:af
Tue Aug 7 11:25:03 2018 TUN/TAP device tun0 opened
Tue Aug 7 11:25:03 2018 TUN/TAP TX queue length set to 100
Tue Aug 7 11:25:03 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Aug 7 11:25:03 2018 /sbin/ifconfig tun0 172.31.0.6 pointopoint 172.31.0.5 mtu 1500
Tue Aug 7 11:25:03 2018 /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.31.0.5
SIOCADDRT: Network is unreachable
Tue Aug 7 11:25:03 2018 ERROR: Linux route add command failed: external program exited with error status: 7
Tue Aug 7 11:25:03 2018 /sbin/route add -net 172.31.0.0 netmask 255.255.255.0 gw 172.31.0.5
SIOCADDRT: Network is unreachable
Tue Aug 7 11:25:03 2018 ERROR: Linux route add command failed: external program exited with error status: 7
Tue Aug 7 11:25:03 2018 Initialization Sequence Completed
Tags networking vpn openvpn ifconfig linux