4. OpenVpn и внутренняя сеть

OpenVpn и внутренняя сеть

  • I

    Не могу зайти с внешней машины на внутреннею.

    настройки клиента

    
client
   dev tun
   proto udp
   remote 104.10.10.10 1194   
   ping 10
   resolv-retry infinite
   nobind
   cipher AES-128-CBC
   persist-key
   persist-tun
   ca ACert.crt   
   cert ACertOne.crt 
   key ACertOne.key 
   comp-lzo
   pull
   verb 3


    Wed Jul 06 22:58:04 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26
 2011
Wed Jul 06 22:58:04 2011 WARNING: No server certificate verification method has
been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 06 22:58:04 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Wed Jul 06 22:58:04 2011 LZO compression initialized
Wed Jul 06 22:58:04 2011 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Wed Jul 06 22:58:04 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jul 06 22:58:04 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:
0 EL:0 AF:3/1 ]
Wed Jul 06 22:58:04 2011 Local Options hash (VER=V4): '66096c33'
Wed Jul 06 22:58:04 2011 Expected Remote Options hash (VER=V4): '691e95c7'
Wed Jul 06 22:58:04 2011 UDPv4 link local: [undef]
Wed Jul 06 22:58:04 2011 UDPv4 link remote: 104.10.10.10:1194
Wed Jul 06 22:58:04 2011 TLS: Initial packet from 104.10.10.10:1194, sid=794cad
5f 5b48af7b
Wed Jul 06 22:58:04 2011 VERIFY OK: depth=1, /C=RU/ST=noy/L=noy
/O=as/emailAddress=it@rfzo.ru/CN=as-ca
Wed Jul 06 22:58:04 2011 VERIFY OK: depth=0, /C=RU/ST=noy/L=noy
/O=as/emailAddress=it@rfzo.ru/CN=asOne-ca
Wed Jul 06 22:58:04 2011 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized
with 128 bit key
Wed Jul 06 22:58:04 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
 for HMAC authentication
Wed Jul 06 22:58:04 2011 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized
with 128 bit key
Wed Jul 06 22:58:04 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
 for HMAC authentication
Wed Jul 06 22:58:04 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
56-SHA, 2048 bit RSA
Wed Jul 06 22:58:04 2011 [asOne-ca] Peer Connection Initiated with 104.10.10.10:1194
Wed Jul 06 22:58:07 2011 SENT CONTROL [asOne-ca]: 'PUSH_REQUEST' (status=1)
Wed Jul 06 22:58:07 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.1
68.1.0 255.255.255.0,route 192.168.1.145,topology net30,ping 10,ping-restart 60,
ifconfig 192.168.1.150 192.168.1.149'
Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: route options modified
Wed Jul 06 22:58:07 2011 WARNING: potential TUN/TAP adapter subnet conflict betw
een local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.150/255.255.
255.255]
Wed Jul 06 22:58:07 2011 ROUTE default_gateway=192.168.1.1
Wed Jul 06 22:58:07 2011 TAP-WIN32 device [╧юфъы■ўхэшх яю ыюъры№эющ ёхЄш 4] open
ed: \\.\Global\{F48946F3-676C-4267-AADB-3C23778D0982}.tap
Wed Jul 06 22:58:07 2011 TAP-Win32 Driver Version 9.8
Wed Jul 06 22:58:07 2011 TAP-Win32 MTU=1500
Wed Jul 06 22:58:07 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
92.168.1.150/255.255.255.252 on interface {F48946F3-676C-4267-AADB-3C23778D0982}
 [DHCP-serv: 192.168.1.149, lease-time: 31536000]
Wed Jul 06 22:58:07 2011 Successful ARP Flush on interface [24] {F48946F3-676C-4
267-AADB-3C23778D0982}
Wed Jul 06 22:58:12 2011 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Wed Jul 06 22:58:12 2011 WARNING: potential route subnet conflict between local
LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Wed Jul 06 22:58:12 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.
255.255.0 192.168.1.149
Wed Jul 06 22:58:12 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMet
ric1=30 and dwForwardType=4
Wed Jul 06 22:58:12 2011 Route addition via IPAPI succeeded [adaptive]
Wed Jul 06 22:58:12 2011 WARNING: potential route subnet conflict between local
LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.145/255.255.255.255]
Wed Jul 06 22:58:12 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.145 MASK 25
5.255.255.255 192.168.1.149
Wed Jul 06 22:58:12 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMet
ric1=30 and dwForwardType=4
Wed Jul 06 22:58:12 2011 Route addition via IPAPI succeeded [adaptive]
Wed Jul 06 22:58:12 2011 Initialization Sequence Completed

    Если у кого есть идеи прошу помочь…


    0
  • G

    У тя конфликт локальной сети и сети Openvpn, попробуй из другой сети выдавать ip.
    Ну там 172.16.x.x или 10.x.x.x

    0
  • I

    разобрался, в правила фаера надо было дать разрешение на tcp\udp трафик

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy