OpenVPN. Маршрутизация.
Добавлено: 22 июл 2007, 02:35
Ламерский вопрос, но я что-то запарился .. (наверное спать хочу)
Настроил OpenVPN, всё вообщем-то хорошо ... но не могу направить весь трафик через туннель.
openvpn client.conf
Всё портит NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
cat client.conf:
ip route show (до подключения к vpn)
eth0 - ADSL модем, ecth1 - локалка, ppp0 - работающий инет.
ip route show (с vpn)
10.168.168.x - пингуются.
Как бы это весь трафик пустить через туннель ? Спасибо.
Настроил OpenVPN, всё вообщем-то хорошо ... но не могу направить весь трафик через туннель.
openvpn client.conf
Код: Выделить всё
Sun Jul 22 02:23:18 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Mar 2 2007
Sun Jul 22 02:23:18 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Jul 22 02:23:18 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Enter Private Key Password:
Sun Jul 22 02:23:39 2007 WARNING: file 'userkey.pem' is group or others accessible
Sun Jul 22 02:23:39 2007 Control Channel MTU parms [ L:1575 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Jul 22 02:23:39 2007 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 ET:32 EL:0 ]
Sun Jul 22 02:23:39 2007 Local Options hash (VER=V4): '10f35004'
Sun Jul 22 02:23:39 2007 Expected Remote Options hash (VER=V4): 'a917298a'
Sun Jul 22 02:23:39 2007 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sun Jul 22 02:23:39 2007 Attempting to establish TCP connection with 69.56.135.2:1194
Sun Jul 22 02:23:39 2007 TCP connection established with 69.56.135.2:1194
Sun Jul 22 02:23:39 2007 TCPv4_CLIENT link local: [undef]
Sun Jul 22 02:23:39 2007 TCPv4_CLIENT link remote: 69.56.135.2:1194
Sun Jul 22 02:23:40 2007 TLS: Initial packet from 69.56.135.2:1194, sid=4a8e213b abc75b67
Sun Jul 22 02:23:43 2007 VERIFY OK: depth=1, /C=RU/ST=noState/L=noCity/O=Vpn_Service/OU=Root_CA/CN=vpnservice.ru/emailAddress=support@vpnservice.ru
Sun Jul 22 02:23:43 2007 VERIFY OK: depth=0, /C=RU/ST=noState/O=vpnservice.ru/OU=vpnservice.ru/ovpnd/CN=OpenVPN/emailAddress=support@vpnservice.ru
Sun Jul 22 02:23:50 2007 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1575', remote='link-mtu 1525'
Sun Jul 22 02:23:50 2007 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1482'
Sun Jul 22 02:23:50 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jul 22 02:23:50 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 22 02:23:50 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jul 22 02:23:50 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 22 02:23:50 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Jul 22 02:23:50 2007 [OpenVPN] Peer Connection Initiated with 69.56.135.2:1194
Sun Jul 22 02:23:51 2007 SENT CONTROL [OpenVPN]: 'PUSH_REQUEST' (status=1)
Sun Jul 22 02:23:51 2007 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.168.168.1,route-delay 5,redirect-gateway,route-method exe,dhcp-option DNS 10.168.168.1,ping 20,ping-restart 90,ifconfig 10.168.168.94 255.255.255.0'
Sun Jul 22 02:23:51 2007 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jul 22 02:23:51 2007 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jul 22 02:23:51 2007 OPTIONS IMPORT: route options modified
Sun Jul 22 02:23:51 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jul 22 02:23:51 2007 TUN/TAP device tap0 opened
Sun Jul 22 02:23:51 2007 ifconfig tap0 10.168.168.94 netmask 255.255.255.0 mtu 1500 broadcast 10.168.168.255
Sun Jul 22 02:23:56 2007 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Sun Jul 22 02:23:56 2007 GID set to nogroup
Sun Jul 22 02:23:56 2007 UID set to nobody
Sun Jul 22 02:23:56 2007 Initialization Sequence CompletedВсё портит NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
cat client.conf:
Код: Выделить всё
client
dev tap
proto tcp
remote vpnservice.ru 1194
nobind
user nobody
group nogroup
persist-key
persist-tun
ca userca.pem
cert usercert.pem
key userkey.pem
verb 3
redirect-gatewayКод: Выделить всё
213.184.225.12 dev ppp0 proto kernel scope link src 91.149.132.28
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
169.254.0.0/16 dev eth1 proto kernel scope link src 169.254.9.1
169.254.0.0/16 dev eth0 scope link metric 1000
default dev ppp0 scope link
ip route show (с vpn)
Код: Выделить всё
213.184.225.12 dev ppp0 proto kernel scope link src 91.149.132.28
10.168.168.0/24 dev tap0 proto kernel scope link src 10.168.168.94
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
169.254.0.0/16 dev eth1 proto kernel scope link src 169.254.9.1
169.254.0.0/16 dev eth0 scope link metric 1000
default dev ppp0 scope link
Как бы это весь трафик пустить через туннель ? Спасибо.
Может сервер у них был перегружен ... попробую попозже.