OpenVpn и внутренняя сеть
-
Не могу зайти с внешней машины на внутреннею.
настройки клиента
client dev tun proto udp remote 104.10.10.10 1194 ping 10 resolv-retry infinite nobind cipher AES-128-CBC persist-key persist-tun ca ACert.crt cert ACertOne.crt key ACertOne.key comp-lzo pull verb 3
Wed Jul 06 22:58:04 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011 Wed Jul 06 22:58:04 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed Jul 06 22:58:04 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig her to call user-defined scripts or executables Wed Jul 06 22:58:04 2011 LZO compression initialized Wed Jul 06 22:58:04 2011 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET: 0 EL:0 ] Wed Jul 06 22:58:04 2011 Socket Buffers: R=[8192->8192] S=[8192->8192] Wed Jul 06 22:58:04 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET: 0 EL:0 AF:3/1 ] Wed Jul 06 22:58:04 2011 Local Options hash (VER=V4): '66096c33' Wed Jul 06 22:58:04 2011 Expected Remote Options hash (VER=V4): '691e95c7' Wed Jul 06 22:58:04 2011 UDPv4 link local: [undef] Wed Jul 06 22:58:04 2011 UDPv4 link remote: 104.10.10.10:1194 Wed Jul 06 22:58:04 2011 TLS: Initial packet from 104.10.10.10:1194, sid=794cad 5f 5b48af7b Wed Jul 06 22:58:04 2011 VERIFY OK: depth=1, /C=RU/ST=noy/L=noy /O=as/emailAddress=it@rfzo.ru/CN=as-ca Wed Jul 06 22:58:04 2011 VERIFY OK: depth=0, /C=RU/ST=noy/L=noy /O=as/emailAddress=it@rfzo.ru/CN=asOne-ca Wed Jul 06 22:58:04 2011 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Wed Jul 06 22:58:04 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Jul 06 22:58:04 2011 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Wed Jul 06 22:58:04 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Jul 06 22:58:04 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2 56-SHA, 2048 bit RSA Wed Jul 06 22:58:04 2011 [asOne-ca] Peer Connection Initiated with 104.10.10.10:1194 Wed Jul 06 22:58:07 2011 SENT CONTROL [asOne-ca]: 'PUSH_REQUEST' (status=1) Wed Jul 06 22:58:07 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.1 68.1.0 255.255.255.0,route 192.168.1.145,topology net30,ping 10,ping-restart 60, ifconfig 192.168.1.150 192.168.1.149' Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: timers and/or timeouts modified Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: --ifconfig/up options modified Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: route options modified Wed Jul 06 22:58:07 2011 WARNING: potential TUN/TAP adapter subnet conflict betw een local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.150/255.255. 255.255] Wed Jul 06 22:58:07 2011 ROUTE default_gateway=192.168.1.1 Wed Jul 06 22:58:07 2011 TAP-WIN32 device [╧юфъы■ўхэшх яю ыюъры№эющ ёхЄш 4] open ed: \\.\Global\{F48946F3-676C-4267-AADB-3C23778D0982}.tap Wed Jul 06 22:58:07 2011 TAP-Win32 Driver Version 9.8 Wed Jul 06 22:58:07 2011 TAP-Win32 MTU=1500 Wed Jul 06 22:58:07 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1 92.168.1.150/255.255.255.252 on interface {F48946F3-676C-4267-AADB-3C23778D0982} [DHCP-serv: 192.168.1.149, lease-time: 31536000] Wed Jul 06 22:58:07 2011 Successful ARP Flush on interface [24] {F48946F3-676C-4 267-AADB-3C23778D0982} Wed Jul 06 22:58:12 2011 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up Wed Jul 06 22:58:12 2011 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0] Wed Jul 06 22:58:12 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255. 255.255.0 192.168.1.149 Wed Jul 06 22:58:12 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMet ric1=30 and dwForwardType=4 Wed Jul 06 22:58:12 2011 Route addition via IPAPI succeeded [adaptive] Wed Jul 06 22:58:12 2011 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.145/255.255.255.255] Wed Jul 06 22:58:12 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.145 MASK 25 5.255.255.255 192.168.1.149 Wed Jul 06 22:58:12 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMet ric1=30 and dwForwardType=4 Wed Jul 06 22:58:12 2011 Route addition via IPAPI succeeded [adaptive] Wed Jul 06 22:58:12 2011 Initialization Sequence Completed
Если у кого есть идеи прошу помочь…
-
У тя конфликт локальной сети и сети Openvpn, попробуй из другой сети выдавать ip.
Ну там 172.16.x.x или 10.x.x.x -
разобрался, в правила фаера надо было дать разрешение на tcp\udp трафик