Всем привет, подскажите пж: Имеем: OpenVPN сервер на ubuntu server 9.10, Windows клиент 2.1.1 VPN сеть 25.0.0.0
Проблема: если у клиента есть маршрут по умолчанию на сет. карте, к примеру на шлюз, то при подключении ВПН сети он перекрывает шлюз ВПНа и дальше клиент не видит не сервера ни остальных пк в ВПН сети, если шлюз на сет карте убрать - то все отл. работает.
Делал по мануалу и пробовал в винде прописать маршрут route -p add 25.0.0.1 mask 255.255.255.255 25.0.0.4 - все равно не видит.
Проверял еще как: пинговал подключающийся к ВПНу айпи, как только он подключился пинги пошли все ок, как только пошла запись в логах ROUTE default_gateway=192.168.0.110 то коннект пропадает.
Конфиг cервера:
port 1194
proto udp
dev tap
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/digital.crt
key /etc/openvpn/easy-rsa/keys/digital.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 25.0.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Клиент:
client
dev tap
proto udp
remote 192.168.10.10 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client11.crt
key client11.key
comp-lzo
verb 3
Лог подключения:
Fri Jan 08 01:53:27 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Fri Jan 08 01:53:27 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jan 08 01:53:27 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 08 01:53:27 2010 LZO compression initialized
Fri Jan 08 01:53:27 2010 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jan 08 01:53:27 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jan 08 01:53:27 2010 Local Options hash (VER=V4): 'd79ca330'
Fri Jan 08 01:53:27 2010 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Jan 08 01:53:27 2010 Socket Buffers: R=[8192->8192] S=[64512->64512]
Fri Jan 08 01:53:27 2010 UDPv4 link local: [undef]
Fri Jan 08 01:53:27 2010 UDPv4 link remote: 192.168.10.10:1194
Fri Jan 08 01:53:27 2010 TLS: Initial packet from 192.168.10.10:1194, sid=bef8478b b9ffd3e7
Fri Jan 08 01:53:27 2010 VERIFY OK: depth=1, /C=RU/ST=RB/L=Ufa/O=Cifra/OU=oit/CN=Cifra_CA/emailAddress=oit@ufamail.ru
Fri Jan 08 01:53:27 2010 VERIFY OK: depth=0, /C=RU/ST=RB/L=Ufa/O=Cifra/OU=oit/CN=digital/emailAddress=oit@ufamail.ru
Fri Jan 08 01:53:27 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jan 08 01:53:27 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 08 01:53:27 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jan 08 01:53:27 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 08 01:53:27 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 08 01:53:27 2010 [digital] Peer Connection Initiated with 192.168.10.10:1194
Fri Jan 08 01:53:30 2010 SENT CONTROL [digital]: 'PUSH_REQUEST' (status=1)
Fri Jan 08 01:53:30 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route-gateway 25.0.0.1,ping 10,ping-restart 120,ifconfig 25.0.0.4 255.255.255.0'
Fri Jan 08 01:53:30 2010 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jan 08 01:53:30 2010 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jan 08 01:53:30 2010 OPTIONS IMPORT: route options modified
Fri Jan 08 01:53:30 2010 OPTIONS IMPORT: route-related options modified
Fri Jan 08 01:53:30 2010 ROUTE default_gateway=192.168.0.110
Fri Jan 08 01:53:30 2010 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{7E2083F9-5ED7-4699-AB63-88002722DAB4}.tap
Fri Jan 08 01:53:30 2010 TAP-Win32 Driver Version 9.6
Fri Jan 08 01:53:30 2010 TAP-Win32 MTU=1500
Fri Jan 08 01:53:30 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 25.0.0.4/255.255.255.0 on interface {7E2083F9-5ED7-4699-AB63-88002722DAB4} [DHCP-serv: 25.0.0.0, lease-time: 31536000]
Fri Jan 08 01:53:30 2010 Successful ARP Flush on interface [25] {7E2083F9-5ED7-4699-AB63-88002722DAB4}
Fri Jan 08 01:53:35 2010 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Fri Jan 08 01:53:35 2010 C:\WINDOWS\system32\route.exe ADD 192.168.10.10 MASK 255.255.255.255 192.168.0.110
Fri Jan 08 01:53:35 2010 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Jan 08 01:53:35 2010 Route addition via IPAPI succeeded [adaptive]
Fri Jan 08 01:53:35 2010 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 25.0.0.1
Fri Jan 08 01:53:35 2010 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Jan 08 01:53:35 2010 Route addition via IPAPI succeeded [adaptive]
Fri Jan 08 01:53:35 2010 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 25.0.0.1
Fri Jan 08 01:53:35 2010 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Jan 08 01:53:35 2010 Route addition via IPAPI succeeded [adaptive]
Fri Jan 08 01:53:35 2010 Initialization Sequence Completed
Лог с клиента у которого все работает:
Fri Jan 08 00:59:09 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Fri Jan 08 00:59:09 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jan 08 00:59:09 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 08 00:59:10 2010 LZO compression initialized
Fri Jan 08 00:59:10 2010 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jan 08 00:59:10 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jan 08 00:59:10 2010 Local Options hash (VER=V4): 'd79ca330'
Fri Jan 08 00:59:10 2010 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Jan 08 00:59:10 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jan 08 00:59:10 2010 UDPv4 link local: [undef]
Fri Jan 08 00:59:10 2010 UDPv4 link remote: 192.168.10.10:1194
Fri Jan 08 00:59:10 2010 TLS: Initial packet from 192.168.10.10:1194, sid=88dc31a6 41b94b36
Fri Jan 08 00:59:10 2010 VERIFY OK: depth=1, /C=RU/ST=RB/L=Ufa/O=Cifra/OU=oit/CN=Cifra_CA/emailAddress=oit@ufamail.ru
Fri Jan 08 00:59:10 2010 VERIFY OK: depth=0, /C=RU/ST=RB/L=Ufa/O=Cifra/OU=oit/CN=digital/emailAddress=oit@ufamail.ru
Fri Jan 08 00:59:10 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jan 08 00:59:10 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 08 00:59:10 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jan 08 00:59:10 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 08 00:59:10 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 08 00:59:10 2010 [digital] Peer Connection Initiated with 192.168.10.10:1194
Fri Jan 08 00:59:12 2010 SENT CONTROL [digital]: 'PUSH_REQUEST' (status=1)
Fri Jan 08 00:59:12 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route-gateway 25.0.0.1,ping 10,ping-restart 120,ifconfig 25.0.0.2 255.255.255.0'
Fri Jan 08 00:59:12 2010 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jan 08 00:59:12 2010 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jan 08 00:59:12 2010 OPTIONS IMPORT: route options modified
Fri Jan 08 00:59:12 2010 OPTIONS IMPORT: route-related options modified
Fri Jan 08 00:59:12 2010 ROUTE: default_gateway=UNDEF
Fri Jan 08 00:59:12 2010 TAP-WIN32 device [Подключение по локальной сети] opened: \\.\Global\{0BF4A83E-DA0E-4729-A226-A4EB2CCC8B25}.tap
Fri Jan 08 00:59:12 2010 TAP-Win32 Driver Version 9.6
Fri Jan 08 00:59:12 2010 TAP-Win32 MTU=1500
Fri Jan 08 00:59:12 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 25.0.0.2/255.255.255.0 on interface {0BF4A83E-DA0E-4729-A226-A4EB2CCC8B25} [DHCP-serv: 25.0.0.0, lease-time: 31536000]
Fri Jan 08 00:59:12 2010 Successful ARP Flush on interface [4] {0BF4A83E-DA0E-4729-A226-A4EB2CCC8B25}
Fri Jan 08 00:59:17 2010 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Fri Jan 08 00:59:17 2010 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Fri Jan 08 00:59:17 2010 Initialization Sequence Completed
может директива какая не указана в натсройках сервера?
Заранее Благодарю!