OpenVpn и внутренняя сеть



  • Не могу зайти с внешней машины на внутреннею.

    настройки клиента

    
    client
       dev tun
       proto udp
       remote 104.10.10.10 1194   
       ping 10
       resolv-retry infinite
       nobind
       cipher AES-128-CBC
       persist-key
       persist-tun
       ca ACert.crt   
       cert ACertOne.crt 
       key ACertOne.key 
       comp-lzo
       pull
       verb 3
    
    
    Wed Jul 06 22:58:04 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26
     2011
    Wed Jul 06 22:58:04 2011 WARNING: No server certificate verification method has
    been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Wed Jul 06 22:58:04 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
    her to call user-defined scripts or executables
    Wed Jul 06 22:58:04 2011 LZO compression initialized
    Wed Jul 06 22:58:04 2011 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:
    0 EL:0 ]
    Wed Jul 06 22:58:04 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Wed Jul 06 22:58:04 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:
    0 EL:0 AF:3/1 ]
    Wed Jul 06 22:58:04 2011 Local Options hash (VER=V4): '66096c33'
    Wed Jul 06 22:58:04 2011 Expected Remote Options hash (VER=V4): '691e95c7'
    Wed Jul 06 22:58:04 2011 UDPv4 link local: [undef]
    Wed Jul 06 22:58:04 2011 UDPv4 link remote: 104.10.10.10:1194
    Wed Jul 06 22:58:04 2011 TLS: Initial packet from 104.10.10.10:1194, sid=794cad
    5f 5b48af7b
    Wed Jul 06 22:58:04 2011 VERIFY OK: depth=1, /C=RU/ST=noy/L=noy
    /O=as/emailAddress=it@rfzo.ru/CN=as-ca
    Wed Jul 06 22:58:04 2011 VERIFY OK: depth=0, /C=RU/ST=noy/L=noy
    /O=as/emailAddress=it@rfzo.ru/CN=asOne-ca
    Wed Jul 06 22:58:04 2011 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized
    with 128 bit key
    Wed Jul 06 22:58:04 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
     for HMAC authentication
    Wed Jul 06 22:58:04 2011 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized
    with 128 bit key
    Wed Jul 06 22:58:04 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
     for HMAC authentication
    Wed Jul 06 22:58:04 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
    56-SHA, 2048 bit RSA
    Wed Jul 06 22:58:04 2011 [asOne-ca] Peer Connection Initiated with 104.10.10.10:1194
    Wed Jul 06 22:58:07 2011 SENT CONTROL [asOne-ca]: 'PUSH_REQUEST' (status=1)
    Wed Jul 06 22:58:07 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.1
    68.1.0 255.255.255.0,route 192.168.1.145,topology net30,ping 10,ping-restart 60,
    ifconfig 192.168.1.150 192.168.1.149'
    Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: timers and/or timeouts modified
    Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: --ifconfig/up options modified
    Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: route options modified
    Wed Jul 06 22:58:07 2011 WARNING: potential TUN/TAP adapter subnet conflict betw
    een local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.150/255.255.
    255.255]
    Wed Jul 06 22:58:07 2011 ROUTE default_gateway=192.168.1.1
    Wed Jul 06 22:58:07 2011 TAP-WIN32 device [╧юфъы■ўхэшх яю ыюъры№эющ ёхЄш 4] open
    ed: \\.\Global\{F48946F3-676C-4267-AADB-3C23778D0982}.tap
    Wed Jul 06 22:58:07 2011 TAP-Win32 Driver Version 9.8
    Wed Jul 06 22:58:07 2011 TAP-Win32 MTU=1500
    Wed Jul 06 22:58:07 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
    92.168.1.150/255.255.255.252 on interface {F48946F3-676C-4267-AADB-3C23778D0982}
     [DHCP-serv: 192.168.1.149, lease-time: 31536000]
    Wed Jul 06 22:58:07 2011 Successful ARP Flush on interface [24] {F48946F3-676C-4
    267-AADB-3C23778D0982}
    Wed Jul 06 22:58:12 2011 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
    Wed Jul 06 22:58:12 2011 WARNING: potential route subnet conflict between local
    LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
    Wed Jul 06 22:58:12 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.
    255.255.0 192.168.1.149
    Wed Jul 06 22:58:12 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMet
    ric1=30 and dwForwardType=4
    Wed Jul 06 22:58:12 2011 Route addition via IPAPI succeeded [adaptive]
    Wed Jul 06 22:58:12 2011 WARNING: potential route subnet conflict between local
    LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.145/255.255.255.255]
    Wed Jul 06 22:58:12 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.145 MASK 25
    5.255.255.255 192.168.1.149
    Wed Jul 06 22:58:12 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMet
    ric1=30 and dwForwardType=4
    Wed Jul 06 22:58:12 2011 Route addition via IPAPI succeeded [adaptive]
    Wed Jul 06 22:58:12 2011 Initialization Sequence Completed
    
    

    Если у кого есть идеи прошу помочь…




  • У тя конфликт локальной сети и сети Openvpn, попробуй из другой сети выдавать ip.
    Ну там 172.16.x.x или 10.x.x.x



  • разобрался, в правила фаера надо было дать разрешение на tcp\udp трафик


Locked