Есть оффисная сеть 192.168.0.0/24. Стоит Debian на котором установлен OpenVPN сервер настроенный по шаблону http://www.lissyara.su/?id=1553 выдающий клиентам адреса из сети 192.168.1.0/24 Клиент на WindowsXP. Соединение проходит удачно, но пинговать сервер и др. машины в сети я не могу. Iptables пока не настраивал, роутинг тоже. Подскажите что нужно сделать что бы клиенты могли видеть компьютеры в оффисной сети.Тунельный адрес не пингуется.
Конфиг клиента
remote *.*.*.* 1194
client
proto tcp
dev tun
comp-lzo
verb 3
resolv-retry infinite
persist-key
persist-tun
ca "\\Program Files\\OpenVPN\\crypto\\test_ca.crt"
cert "\\Program Files\\OpenVPN\\crypto\\OpenVPNClient.crt"
key "\\Program Files\\OpenVPN\\crypto\\OpenVPNClient.key"
Лог:
Tue Apr 01 14:12:17 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Tue Apr 01 14:12:17 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Apr 01 14:12:17 2008 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 01 14:12:17 2008 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Apr 01 14:12:17 2008 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Tue Apr 01 14:12:17 2008 Local Options hash (VER=V4): 'db02a8f8'
Tue Apr 01 14:12:17 2008 Expected Remote Options hash (VER=V4): '7e068940'
Tue Apr 01 14:12:17 2008 Attempting to establish TCP connection with 195.49.236.116:1194
Tue Apr 01 14:12:17 2008 TCP connection established with 195.49.236.116:1194
Tue Apr 01 14:12:17 2008 TCPv4_CLIENT link local: [undef]
Tue Apr 01 14:12:17 2008 TCPv4_CLIENT link remote: 195.49.236.116:1194
Tue Apr 01 14:12:17 2008 TLS: Initial packet from 195.49.236.116:1194, sid=4e78f29a 5ac6ac6c
Tue Apr 01 14:12:18 2008 VERIFY OK: depth=1, /C=RU/ST=37/L=Ivanovo/O=Unit2000/CN=NETSERV/emailAddress=anton@unit2000.ru
Tue Apr 01 14:12:18 2008 VERIFY OK: depth=0, /C=RU/ST=37/L=Ivanovo/O=Unit2000/CN=NETSERV/emailAddress=anton@unit2000.ru
Tue Apr 01 14:12:18 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 01 14:12:18 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 01 14:12:18 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 01 14:12:18 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 01 14:12:18 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Apr 01 14:12:18 2008 [NETSERV] Peer Connection Initiated with 195.49.236.116:1194
Tue Apr 01 14:12:19 2008 SENT CONTROL [NETSERV]: 'PUSH_REQUEST' (status=1)
Tue Apr 01 14:12:20 2008 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.1.6 192.168.1.5'
Tue Apr 01 14:12:20 2008 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS] topology (2.0.9)
Tue Apr 01 14:12:20 2008 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 01 14:12:20 2008 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 01 14:12:20 2008 OPTIONS IMPORT: route options modified
Tue Apr 01 14:12:20 2008 TAP-WIN32 device [Подключение по локальной сети 5] opened: \\.\Global\{9FD70361-3559-4D27-B020-23934E724063}.tap
Tue Apr 01 14:12:20 2008 TAP-Win32 Driver Version 8.4
Tue Apr 01 14:12:20 2008 TAP-Win32 MTU=1500
Tue Apr 01 14:12:20 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.1.6/255.255.255.252 on interface {9FD70361-3559-4D27-B020-23934E724063} [DHCP-serv: 192.168.1.5, lease-time: 31536000]
Tue Apr 01 14:12:20 2008 Successful ARP Flush on interface [65541] {9FD70361-3559-4D27-B020-23934E724063}
Tue Apr 01 14:12:20 2008 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Tue Apr 01 14:12:20 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Apr 01 14:12:21 2008 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Tue Apr 01 14:12:21 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Apr 01 14:12:22 2008 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Tue Apr 01 14:12:22 2008 route ADD 192.168.1.0 MASK 255.255.255.0 192.168.1.5
Tue Apr 01 14:12:22 2008 Route addition via IPAPI succeeded
Tue Apr 01 14:12:22 2008 Initialization Sequence Completed
В конфе стоит server 192.168.1.0 255.255.255.0, значит сервер должен взять себе айпи 192.168.1.1, но при соединении из винды я получаю адреса от DHСP 192.168.1.5, если поставить дефалт гэйтвэй, то и шлюз получается с таким адресом.
netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
195.*.*.* 0.0.0.0 255.255.255.248 U 0 0 0 eth2
192.168.1.0 192.168.1.2 255.255.255.0 UG 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 195.*.*.* 0.0.0.0 UG 0 0 0 eth2
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(??) on 02-Апр-08, 16:33 
