Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVpn и внутренняя сеть

    Scheduled Pinned Locked Moved Russian
    3 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      imar
      last edited by

      Не могу зайти с внешней машины на внутреннею.

      настройки клиента

      
client
   dev tun
   proto udp
   remote 104.10.10.10 1194   
   ping 10
   resolv-retry infinite
   nobind
   cipher AES-128-CBC
   persist-key
   persist-tun
   ca ACert.crt   
   cert ACertOne.crt 
   key ACertOne.key 
   comp-lzo
   pull
   verb 3


      Wed Jul 06 22:58:04 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26
 2011
Wed Jul 06 22:58:04 2011 WARNING: No server certificate verification method has
been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 06 22:58:04 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Wed Jul 06 22:58:04 2011 LZO compression initialized
Wed Jul 06 22:58:04 2011 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Wed Jul 06 22:58:04 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jul 06 22:58:04 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:
0 EL:0 AF:3/1 ]
Wed Jul 06 22:58:04 2011 Local Options hash (VER=V4): '66096c33'
Wed Jul 06 22:58:04 2011 Expected Remote Options hash (VER=V4): '691e95c7'
Wed Jul 06 22:58:04 2011 UDPv4 link local: [undef]
Wed Jul 06 22:58:04 2011 UDPv4 link remote: 104.10.10.10:1194
Wed Jul 06 22:58:04 2011 TLS: Initial packet from 104.10.10.10:1194, sid=794cad
5f 5b48af7b
Wed Jul 06 22:58:04 2011 VERIFY OK: depth=1, /C=RU/ST=noy/L=noy
/O=as/emailAddress=it@rfzo.ru/CN=as-ca
Wed Jul 06 22:58:04 2011 VERIFY OK: depth=0, /C=RU/ST=noy/L=noy
/O=as/emailAddress=it@rfzo.ru/CN=asOne-ca
Wed Jul 06 22:58:04 2011 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized
with 128 bit key
Wed Jul 06 22:58:04 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
 for HMAC authentication
Wed Jul 06 22:58:04 2011 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized
with 128 bit key
Wed Jul 06 22:58:04 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
 for HMAC authentication
Wed Jul 06 22:58:04 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
56-SHA, 2048 bit RSA
Wed Jul 06 22:58:04 2011 [asOne-ca] Peer Connection Initiated with 104.10.10.10:1194
Wed Jul 06 22:58:07 2011 SENT CONTROL [asOne-ca]: 'PUSH_REQUEST' (status=1)
Wed Jul 06 22:58:07 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.1
68.1.0 255.255.255.0,route 192.168.1.145,topology net30,ping 10,ping-restart 60,
ifconfig 192.168.1.150 192.168.1.149'
Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: route options modified
Wed Jul 06 22:58:07 2011 WARNING: potential TUN/TAP adapter subnet conflict betw
een local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.150/255.255.
255.255]
Wed Jul 06 22:58:07 2011 ROUTE default_gateway=192.168.1.1
Wed Jul 06 22:58:07 2011 TAP-WIN32 device [╧юфъы■ўхэшх яю ыюъры№эющ ёхЄш 4] open
ed: \\.\Global\{F48946F3-676C-4267-AADB-3C23778D0982}.tap
Wed Jul 06 22:58:07 2011 TAP-Win32 Driver Version 9.8
Wed Jul 06 22:58:07 2011 TAP-Win32 MTU=1500
Wed Jul 06 22:58:07 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
92.168.1.150/255.255.255.252 on interface {F48946F3-676C-4267-AADB-3C23778D0982}
 [DHCP-serv: 192.168.1.149, lease-time: 31536000]
Wed Jul 06 22:58:07 2011 Successful ARP Flush on interface [24] {F48946F3-676C-4
267-AADB-3C23778D0982}
Wed Jul 06 22:58:12 2011 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Wed Jul 06 22:58:12 2011 WARNING: potential route subnet conflict between local
LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Wed Jul 06 22:58:12 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.
255.255.0 192.168.1.149
Wed Jul 06 22:58:12 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMet
ric1=30 and dwForwardType=4
Wed Jul 06 22:58:12 2011 Route addition via IPAPI succeeded [adaptive]
Wed Jul 06 22:58:12 2011 WARNING: potential route subnet conflict between local
LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.145/255.255.255.255]
Wed Jul 06 22:58:12 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.145 MASK 25
5.255.255.255 192.168.1.149
Wed Jul 06 22:58:12 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMet
ric1=30 and dwForwardType=4
Wed Jul 06 22:58:12 2011 Route addition via IPAPI succeeded [adaptive]
Wed Jul 06 22:58:12 2011 Initialization Sequence Completed

      Если у кого есть идеи прошу помочь…

      1.jpg
      1.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • G
        glamourok
        last edited by

        У тя конфликт локальной сети и сети Openvpn, попробуй из другой сети выдавать ip.
        Ну там 172.16.x.x или 10.x.x.x

        1 Reply Last reply Reply Quote 0
        • I
          imar
          last edited by

          разобрался, в правила фаера надо было дать разрешение на tcp\udp трафик

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.