В общем оно заработало, и работало вплоть до момента час назад. Потом внешний интернет пропал, без каких-либо ошибок со стороны openvpn.Конфиг сервера
~~~~~~~~~
local srvIP
port 443
proto tcp
dev tun0
ca /usr/local/etc/openvpn/easy-rsa/keys/ca.crt
cert /usr/local/etc/openvpn/easy-rsa/keys/server.crt
key /usr/local/etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret
dh /usr/local/etc/openvpn/easy-rsa/keys/dh1024.pem
server 172.255.255.0 255.255.255.0
client-config-dir ccd
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
~~~~~~~~~
Файлик ccd/client
~~~~~~~~~
ifconfig-push 172.255.255.2 172.255.255.1
~~~~~~~~~
IPFW
~~~~~~~~~
/sbin/ipfw nat 123 config ip srvIP log
/sbin/ipfw add 10 nat 123 ip from 172.255.255.0/24 to any
/sbin/ipfw add 20 nat 123 ip from any to srvIP
~~~~~~~~~
Конфиг клиента
~~~~~~~~~
client
dev tun
proto tcp
remote srvIP 443
redirect-gateway
route-metric 10
resolv-retry infinite
nobind
dhcp-option DNS 10.0.129.251
dhcp-option DNS 10.0.86.148
dhcp-option DNS 192.168.56.20
dhcp-option WINS 10.0.86.70
dhcp-option WINS 10.0.129.148
route 10.0.0.0 255.0.0.0 192.168.132.78
route 192.168.0.0 255.255.0.0 192.168.132.78
persist-key
persist-tun
ca ca_lh.crt
cert rsnotebook.crt
key rsnotebook.key
comp-lzo
verb 3
~~~~~~~~~
Маршруты без vpn
~~~~~~~~~
IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика
0.0.0.0 0.0.0.0 192.168.132.78 192.168.132.68 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.68.0 255.255.255.0 On-link 192.168.68.1 276
192.168.68.1 255.255.255.255 On-link 192.168.68.1 276
192.168.68.255 255.255.255.255 On-link 192.168.68.1 276
192.168.132.64 255.255.255.240 On-link 192.168.132.68 276
192.168.132.68 255.255.255.255 On-link 192.168.132.68 276
192.168.132.79 255.255.255.255 On-link 192.168.132.68 276
192.168.194.0 255.255.255.0 On-link 192.168.194.1 276
192.168.194.1 255.255.255.255 On-link 192.168.194.1 276
192.168.194.255 255.255.255.255 On-link 192.168.194.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.132.68 276
224.0.0.0 240.0.0.0 On-link 192.168.194.1 276
224.0.0.0 240.0.0.0 On-link 192.168.68.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.132.68 276
255.255.255.255 255.255.255.255 On-link 192.168.194.1 276
255.255.255.255 255.255.255.255 On-link 192.168.68.1 276
===========================================================================
Постоянные маршруты:
Отсутствует
~~~~~~~~~
Маршруты с vpn
~~~~~~~~~
IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика
0.0.0.0 0.0.0.0 172.255.255.1 172.255.255.2 30
10.0.0.0 255.0.0.0 192.168.132.78 192.168.132.68 20
10.1.30.209 255.255.255.255 192.168.132.78 192.168.132.68 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.255.255.0 255.255.255.252 On-link 172.255.255.2 286
172.255.255.2 255.255.255.255 On-link 172.255.255.2 286
172.255.255.3 255.255.255.255 On-link 172.255.255.2 286
192.168.0.0 255.255.0.0 192.168.132.78 192.168.132.68 20
192.168.68.0 255.255.255.0 On-link 192.168.68.1 276
192.168.68.1 255.255.255.255 On-link 192.168.68.1 276
192.168.68.255 255.255.255.255 On-link 192.168.68.1 276
192.168.132.64 255.255.255.240 On-link 192.168.132.68 276
192.168.132.68 255.255.255.255 On-link 192.168.132.68 276
192.168.132.79 255.255.255.255 On-link 192.168.132.68 276
192.168.194.0 255.255.255.0 On-link 192.168.194.1 276
192.168.194.1 255.255.255.255 On-link 192.168.194.1 276
192.168.194.255 255.255.255.255 On-link 192.168.194.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.132.68 276
224.0.0.0 240.0.0.0 On-link 172.255.255.2 286
224.0.0.0 240.0.0.0 On-link 192.168.194.1 276
224.0.0.0 240.0.0.0 On-link 192.168.68.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.132.68 276
255.255.255.255 255.255.255.255 On-link 172.255.255.2 286
255.255.255.255 255.255.255.255 On-link 192.168.194.1 276
255.255.255.255 255.255.255.255 On-link 192.168.68.1 276
===========================================================================
Постоянные маршруты:
Отсутствует
~~~~~~~~~
Лог openvpn при подключении. Как бы я не менял настройки адресации в openvpn - ворнинг остается.
~~~~~~~~~
Fri Jun 24 18:17:39 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Fri Jun 24 18:17:39 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jun 24 18:17:39 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jun 24 18:17:39 2011 LZO compression initialized
Fri Jun 24 18:17:39 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jun 24 18:17:39 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jun 24 18:17:39 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jun 24 18:17:39 2011 Local Options hash (VER=V4): '69109d17'
Fri Jun 24 18:17:39 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri Jun 24 18:17:39 2011 Attempting to establish TCP connection with PROXY:8888
Fri Jun 24 18:17:39 2011 TCP connection established with PROXY:8888
Fri Jun 24 18:17:39 2011 Send to HTTP proxy: 'CONNECT srvIP:443 HTTP/1.0'
Fri Jun 24 18:17:40 2011 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Fri Jun 24 18:17:42 2011 TCPv4_CLIENT link local: [undef]
Fri Jun 24 18:17:42 2011 TCPv4_CLIENT link remote: PROXY:8888
Fri Jun 24 18:17:42 2011 TLS: Initial packet from PROXY:8888, sid=ab60f504 a8cd598b
Fri Jun 24 18:17:42 2011 VERIFY OK: depth=1, /C=RF/ST=Moscow/L=Moscow/O=...
Fri Jun 24 18:17:42 2011 VERIFY OK: depth=0, /C=RF/ST=Moscow/L=Moscow/O=...
Fri Jun 24 18:17:42 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jun 24 18:17:42 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 24 18:17:42 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jun 24 18:17:42 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 24 18:17:42 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jun 24 18:17:42 2011 [server] Peer Connection Initiated with PROXY:8888
Fri Jun 24 18:17:45 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Jun 24 18:17:45 2011 PUSH: Received control message: 'PUSH_REPLY,route 172.255.255.1,topology net30,ping 10,ping-restart 120,ifconfig 172.255.255.2 172.255.255.1'
Fri Jun 24 18:17:45 2011 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jun 24 18:17:45 2011 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jun 24 18:17:45 2011 OPTIONS IMPORT: route options modified
Fri Jun 24 18:17:45 2011 ROUTE default_gateway=192.168.132.78
Fri Jun 24 18:17:45 2011 TAP-WIN32 device [Подключение по локальной сети 3] opened: \\.\Global\{A1C0597A-CFD0-4D56-B40A-0C65C6E268AD}.tap
Fri Jun 24 18:17:45 2011 TAP-Win32 Driver Version 9.8
Fri Jun 24 18:17:45 2011 TAP-Win32 MTU=1500
Fri Jun 24 18:17:45 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.255.255.2/255.255.255.252 on interface {A1C0597A-CFD0-4D56-B40A-0C65C6E268AD} [DHCP-serv: 172.255.255.1, lease-time: 31536000]
Fri Jun 24 18:17:45 2011 Successful ARP Flush on interface [24] {A1C0597A-CFD0-4D56-B40A-0C65C6E268AD}
Fri Jun 24 18:17:50 2011 TEST ROUTES: 4/4 succeeded len=3 ret=1 a=0 u/d=up
Fri Jun 24 18:17:50 2011 C:\WINDOWS\system32\route.exe ADD 10.1.30.209 MASK 255.255.255.255 192.168.132.78
Fri Jun 24 18:17:50 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Jun 24 18:17:50 2011 Route addition via IPAPI succeeded [adaptive]
Fri Jun 24 18:17:50 2011 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 192.168.132.78
Fri Jun 24 18:17:50 2011 Route deletion via IPAPI succeeded [adaptive]
Fri Jun 24 18:17:50 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 172.255.255.1
Fri Jun 24 18:17:51 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Jun 24 18:17:51 2011 Route addition via IPAPI succeeded [adaptive]
Fri Jun 24 18:17:51 2011 C:\WINDOWS\system32\route.exe ADD 10.0.0.0 MASK 255.0.0.0 192.168.132.78 METRIC 10
Fri Jun 24 18:17:51 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Jun 24 18:17:51 2011 Route addition via IPAPI succeeded [adaptive]
Fri Jun 24 18:17:51 2011 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.0.0 192.168.132.78 METRIC 10
Fri Jun 24 18:17:51 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Jun 24 18:17:51 2011 Route addition via IPAPI succeeded [adaptive]
Fri Jun 24 18:17:51 2011 WARNING: potential route subnet conflict between local LAN [172.255.255.0/255.255.255.252] and remote VPN [172.255.255.1/255.255.255.255]
Fri Jun 24 18:17:51 2011 OpenVPN ROUTE: omitted no-op route: 172.255.255.1/255.255.255.255 -> 172.255.255.1
Fri Jun 24 18:17:51 2011 Initialization Sequence Completed
~~~~~~~~~
От клиента до vpn-сервера - ок
~~~~~~~~~
C:\Users\Insane>tracert 172.255.255.1
Трассировка маршрута к 172.255.255.1 с максимальным числом прыжков 30
1 7 ms 6 ms 6 ms 172.255.255.1
Трассировка завершена.
C:\Users\Insane>ping 172.255.255.1
Обмен пакетами с 172.255.255.1 по с 32 байтами данных:
Ответ от 172.255.255.1: число байт=32 время=6мс TTL=64
Ответ от 172.255.255.1: число байт=32 время=7мс TTL=64
Ответ от 172.255.255.1: число байт=32 время=6мс TTL=64
Ответ от 172.255.255.1: число байт=32 время=6мс TTL=64
Статистика Ping для 172.255.255.1:
Пакетов: отправлено = 4, получено = 4, потеряно = 0
(0% потерь)
Приблизительное время приема-передачи в мс:
Минимальное = 6мсек, Максимальное = 7 мсек, Среднее = 6 мсек
~~~~~~~~~
С клиента во внешний мир:
~~~~~~~~~
C:\Users\Insane>tracert ya.ru
Трассировка маршрута к ya.ru [93.158.134.203]
с максимальным числом прыжков 30:
1 * * * Превышен интервал ожидания для запроса.
2 * * * Превышен интервал ожидания для запроса.
3 * * * Превышен интервал ожидания для запроса.
4 * * * Превышен интервал ожидания для запроса.
5 ^C
C:\Users\Insane>ping ya.ru
Обмен пакетами с ya.ru [93.158.134.203] с 32 байтами данных:
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Статистика Ping для 93.158.134.203:
Пакетов: отправлено = 4, получено = 0, потеряно = 4
(100% потерь)
~~~~~~~~~
С сервера к клиенту - ок.
~~~~~~~~~
insane@srv ~ $ traceroute 172.255.255.2
traceroute to 172.255.255.2 (172.255.255.2), 64 hops max, 52 byte packets
1 172.255.255.2 (172.255.255.2) 8.329 ms 6.747 ms 94.526 ms
insane@srv ~ $ ping 172.255.255.2
PING 172.255.255.2 (172.255.255.2): 56 data bytes
64 bytes from 172.255.255.2: icmp_seq=0 ttl=128 time=10.458 ms
64 bytes from 172.255.255.2: icmp_seq=1 ttl=128 time=6.555 ms
64 bytes from 172.255.255.2: icmp_seq=2 ttl=128 time=7.042 ms
64 bytes from 172.255.255.2: icmp_seq=3 ttl=128 time=7.661 ms
64 bytes from 172.255.255.2: icmp_seq=4 ttl=128 time=8.338 ms
64 bytes from 172.255.255.2: icmp_seq=5 ttl=128 time=79.719 ms
64 bytes from 172.255.255.2: icmp_seq=6 ttl=128 time=6.817 ms
^C
--- 172.255.255.2 ping statistics ---
7 packets transmitted, 7 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 6.555/18.084/79.719/25.192 ms
~~~~~~~~~
С сервера во внешний мир - тоже ок
~~~~~~~~~
insane@srv ~ $ traceroute ya.ru
traceroute: Warning: ya.ru has multiple addresses; using 87.250.250.3
traceroute to ya.ru (87.250.250.3), 64 hops max, 52 byte packets
1 wdc-gw.ispsystem.net (188.120.247.254) 0.440 ms 6.347 ms 0.519 ms
2 xe200-40.webdc.ru (92.63.108.89) 0.296 ms 0.296 ms 0.242 ms
3 msk-ix-m9.yandex.net (193.232.244.93) 1.618 ms 2.052 ms 1.501 ms
4 zinc-ugr-vlan803.yandex.net (77.88.56.62) 2.107 ms 2.622 ms 2.466 ms
5 l3-s3600-s1300.yandex.net (213.180.213.75) 2.493 ms 2.435 ms 2.742 ms
6 www.yandex.ru (87.250.250.3) 2.615 ms 2.874 ms 2.981 ms
insane@srv ~ $ ping ya.ru
PING ya.ru (77.88.21.3): 56 data bytes
64 bytes from 77.88.21.3: icmp_seq=0 ttl=59 time=2.363 ms
64 bytes from 77.88.21.3: icmp_seq=1 ttl=59 time=2.435 ms
64 bytes from 77.88.21.3: icmp_seq=2 ttl=59 time=2.728 ms
64 bytes from 77.88.21.3: icmp_seq=3 ttl=59 time=2.831 ms
64 bytes from 77.88.21.3: icmp_seq=4 ttl=59 time=2.336 ms
^C
--- ya.ru ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.336/2.539/2.831/0.202 ms
~~~~~~~~~
Подскажите, плз, что могло сломаться?...
Вариант для распечатки
