Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVpn и внутренняя сеть

    Russian
    2
    3
    2159
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      imar last edited by

      Не могу зайти с внешней машины на внутреннею.

      настройки клиента

      
      client
         dev tun
         proto udp
         remote 104.10.10.10 1194   
         ping 10
         resolv-retry infinite
         nobind
         cipher AES-128-CBC
         persist-key
         persist-tun
         ca ACert.crt   
         cert ACertOne.crt 
         key ACertOne.key 
         comp-lzo
         pull
         verb 3
      
      
      Wed Jul 06 22:58:04 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26
       2011
      Wed Jul 06 22:58:04 2011 WARNING: No server certificate verification method has
      been enabled.  See http://openvpn.net/howto.html#mitm for more info.
      Wed Jul 06 22:58:04 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
      her to call user-defined scripts or executables
      Wed Jul 06 22:58:04 2011 LZO compression initialized
      Wed Jul 06 22:58:04 2011 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:
      0 EL:0 ]
      Wed Jul 06 22:58:04 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
      Wed Jul 06 22:58:04 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:
      0 EL:0 AF:3/1 ]
      Wed Jul 06 22:58:04 2011 Local Options hash (VER=V4): '66096c33'
      Wed Jul 06 22:58:04 2011 Expected Remote Options hash (VER=V4): '691e95c7'
      Wed Jul 06 22:58:04 2011 UDPv4 link local: [undef]
      Wed Jul 06 22:58:04 2011 UDPv4 link remote: 104.10.10.10:1194
      Wed Jul 06 22:58:04 2011 TLS: Initial packet from 104.10.10.10:1194, sid=794cad
      5f 5b48af7b
      Wed Jul 06 22:58:04 2011 VERIFY OK: depth=1, /C=RU/ST=noy/L=noy
      /O=as/emailAddress=it@rfzo.ru/CN=as-ca
      Wed Jul 06 22:58:04 2011 VERIFY OK: depth=0, /C=RU/ST=noy/L=noy
      /O=as/emailAddress=it@rfzo.ru/CN=asOne-ca
      Wed Jul 06 22:58:04 2011 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized
      with 128 bit key
      Wed Jul 06 22:58:04 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
       for HMAC authentication
      Wed Jul 06 22:58:04 2011 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized
      with 128 bit key
      Wed Jul 06 22:58:04 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
       for HMAC authentication
      Wed Jul 06 22:58:04 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
      56-SHA, 2048 bit RSA
      Wed Jul 06 22:58:04 2011 [asOne-ca] Peer Connection Initiated with 104.10.10.10:1194
      Wed Jul 06 22:58:07 2011 SENT CONTROL [asOne-ca]: 'PUSH_REQUEST' (status=1)
      Wed Jul 06 22:58:07 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.1
      68.1.0 255.255.255.0,route 192.168.1.145,topology net30,ping 10,ping-restart 60,
      ifconfig 192.168.1.150 192.168.1.149'
      Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: timers and/or timeouts modified
      Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: --ifconfig/up options modified
      Wed Jul 06 22:58:07 2011 OPTIONS IMPORT: route options modified
      Wed Jul 06 22:58:07 2011 WARNING: potential TUN/TAP adapter subnet conflict betw
      een local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.150/255.255.
      255.255]
      Wed Jul 06 22:58:07 2011 ROUTE default_gateway=192.168.1.1
      Wed Jul 06 22:58:07 2011 TAP-WIN32 device [╧юфъы■ўхэшх яю ыюъры№эющ ёхЄш 4] open
      ed: \\.\Global\{F48946F3-676C-4267-AADB-3C23778D0982}.tap
      Wed Jul 06 22:58:07 2011 TAP-Win32 Driver Version 9.8
      Wed Jul 06 22:58:07 2011 TAP-Win32 MTU=1500
      Wed Jul 06 22:58:07 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
      92.168.1.150/255.255.255.252 on interface {F48946F3-676C-4267-AADB-3C23778D0982}
       [DHCP-serv: 192.168.1.149, lease-time: 31536000]
      Wed Jul 06 22:58:07 2011 Successful ARP Flush on interface [24] {F48946F3-676C-4
      267-AADB-3C23778D0982}
      Wed Jul 06 22:58:12 2011 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
      Wed Jul 06 22:58:12 2011 WARNING: potential route subnet conflict between local
      LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
      Wed Jul 06 22:58:12 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.
      255.255.0 192.168.1.149
      Wed Jul 06 22:58:12 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMet
      ric1=30 and dwForwardType=4
      Wed Jul 06 22:58:12 2011 Route addition via IPAPI succeeded [adaptive]
      Wed Jul 06 22:58:12 2011 WARNING: potential route subnet conflict between local
      LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.145/255.255.255.255]
      Wed Jul 06 22:58:12 2011 C:\WINDOWS\system32\route.exe ADD 192.168.1.145 MASK 25
      5.255.255.255 192.168.1.149
      Wed Jul 06 22:58:12 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMet
      ric1=30 and dwForwardType=4
      Wed Jul 06 22:58:12 2011 Route addition via IPAPI succeeded [adaptive]
      Wed Jul 06 22:58:12 2011 Initialization Sequence Completed
      
      

      Если у кого есть идеи прошу помочь…


      1 Reply Last reply Reply Quote 0
      • G
        glamourok last edited by

        У тя конфликт локальной сети и сети Openvpn, попробуй из другой сети выдавать ip.
        Ну там 172.16.x.x или 10.x.x.x

        1 Reply Last reply Reply Quote 0
        • I
          imar last edited by

          разобрался, в правила фаера надо было дать разрешение на tcp\udp трафик

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy