VPS sai do alcance depois de se conectar a uma VPN (OpenVPN)


Eu tenho dois servidores privados virtuais e gostaria de fazê-los funcionar em uma rede usando o OpenVPN. Ambos são máquinas Debian.

Configuração do servidor:

port 11194
proto udp6 # I know using udp6 instead of udp here is unnecessary
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS"
push "dhcp-option DNS"
keepalive 10 120
cipher AES-128-CBC
user nobody
group nogroup
status openvpn-status.log
log-append  openvpn.log
verb 3

Configuração do cliente:

port 11194
remote 86.xx.xx.190
cipher AES-128-CBC
dev tap
proto udp
verb 2
keysize 128
key-direction 1
log-append openvpn.log
[ca here]
[cert here]
[key here]

Eu posso conectar ao servidor em um cliente Windows sem problemas, a conexão funciona muito bem. No entanto, quando estou tentando conectar-me através do meu VPS secundário:

openvpn --config /path/to/cfg.ovpn

A sessão ssh termina e todo o servidor fica fora de alcance e não está mais disponível em seu endereço IP público. Então eu tenho que fazer uma reinicialização forçada através do meu painel de gerenciamento de nuvem para parar a conexão ruim. O que estou fazendo errado aqui?

Aqui está o arquivo de log do cliente:

Fri May  5 09:48:52 2017 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Fri May  5 09:48:52 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Fri May  5 09:48:52 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May  5 09:48:52 2017 UDPv4 link local: [undef]
Fri May  5 09:48:52 2017 UDPv4 link remote: [AF_INET]86.xx.xx.190:11194
Fri May  5 09:48:53 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, [email protected]
Fri May  5 09:48:53 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, [email protected]
Fri May  5 09:48:53 2017 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 0'
Fri May  5 09:48:53 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:48:53 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:48:53 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:48:53 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:48:53 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri May  5 09:48:53 2017 [server] Peer Connection Initiated with [AF_INET]86.xx.xx.190:11194
Fri May  5 09:48:55 2017 TUN/TAP device tap0 opened
Fri May  5 09:48:55 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May  5 09:48:55 2017 /sbin/ip link set dev tap0 up mtu 1500
Fri May  5 09:48:55 2017 /sbin/ip addr add dev tap0 broadcast
Fri May  5 09:48:55 2017 Initialization Sequence Completed
Fri May  5 09:49:17 2017 event_wait : Interrupted system call (code=4)
Fri May  5 09:49:17 2017 Closing TUN/TAP interface
Fri May  5 09:49:17 2017 /sbin/ip addr del dev tap0
Fri May  5 09:49:17 2017 SIGHUP[hard,] received, process restarting
Fri May  5 09:49:17 2017 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Fri May  5 09:49:17 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Fri May  5 09:49:19 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May  5 09:49:19 2017 UDPv4 link local: [undef]
Fri May  5 09:49:19 2017 UDPv4 link remote: [AF_INET]86.xx.xx.190:11194
Fri May  5 09:49:19 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, [email protected]
Fri May  5 09:49:19 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, [email protected]
Fri May  5 09:49:20 2017 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 0'
Fri May  5 09:49:20 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:49:20 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:49:20 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:49:20 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:49:20 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri May  5 09:49:20 2017 [server] Peer Connection Initiated with [AF_INET]86.xx.xx.190:11194
Fri May  5 09:49:22 2017 TUN/TAP device tap0 opened
Fri May  5 09:49:22 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May  5 09:49:22 2017 /sbin/ip link set dev tap0 up mtu 1500
Fri May  5 09:49:22 2017 /sbin/ip addr add dev tap0 broadcast
Fri May  5 09:49:22 2017 Initialization Sequence Completed
por vane41 05.05.2017 / 10:09

1 resposta


Remover da configuração o parâmetro

push "redirect-gateway def1"

Este parâmetro redireciona todo o tráfego através do túnel VPN

por 05.05.2017 / 12:03
