Помогите настроить openvpn+obfsproxy
Добавлено: 14 окт 2016, 01:43
Здраствуйте форумчане! Помогите разобраться с проблемой! Имею удаленный сервер VPS с внешним IP, с openvpn + obfsproxy. openvpn в рабочем состоянии, но вот трафик не хочет идти через obfsproxy. Задача провести трафик openvpn для маскировки. Часто езжу в китай, не имею возможности работать, т.к. все блокировано в т.ч.и openvpn
вот такие правила прописал
это client.conf
это server.conf
это выхлоп 443 порт
это выхлоп 1194 порт
это лог openvpn c сервера
это лог клиента на винде
вот такие правила прописал
Код: Выделить всё
iptables -A INPUT -i ens3 -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ens3 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.48.9.0/24 -o ens3 -j MASQUERADE
iptables -A OUTPUT -o tun0 -j ACCEPTКод: Выделить всё
client
dev tun
dev-type tun
proto tcp
setenv PUSH_PEER_INFO
remote 185.14.28.203 443
resolv-retry infinite
nobind
comp-lzo no
ca ca.crt
cert admin.crt
key admin.key
dh dh2048.pem
cipher AES-256-CBC
remote-cert-tls server
tun-mtu 500
sndbuf 1048576
rcvbuf 1048576
tls-client
tls-auth ta.key 1
ns-cert-type server
keepalive 10 120
persist-key
persist-tun
verb 3
script-security 2Код: Выделить всё
[list]port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
tls-auth ta.key 0
cipher AES-256-CBC
tun-mtu 1500
server 10.48.9.0 255.255.255.0
daemon
ifconfig-pool-persist /etc/openvpn/tmp/ipp.txt
client-config-dir ccd
push "route 10.48.9.0 255.255.255.0"
keepalive 5 30
comp-lzo no
#user nobody
#group nobody
persist-key
persist-tun
status /etc/openvpn/log/openvpn-status.log
status /etc/openvpn/log/tcp-server-tcp.log
log /etc/openvpn/log/openvpn.log
verb 5
script-security 3
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"[/list]Код: Выделить всё
[list]23:35:31.912115 IP ip-228.pool-228.ms-dpc03.cpx.ru.17251 > abcdef.net.https: Flags [S], seq 3964491900, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:35:31.912224 IP abcdef.net.https > ip-228.pool-228.ms-dpc03.cpx.ru.17251: Flags [S.], seq 173196175, ack 3964491901, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
23:35:31.954529 IP ip-228.pool-228.ms-dpc03.cpx.ru.17251 > abcdef.net.https: Flags [.], ack 1, win 65535, length 0
23:35:31.963907 IP abcdef.net.https > ip-228.pool-228.ms-dpc03.cpx.ru.17251: Flags [P.], seq 1:2893, ack 1, win 229, length 2892
23:35:32.013608 IP ip-228.pool-228.ms-dpc03.cpx.ru.17251 > abcdef.net.https: Flags [.], ack 2893, win 65535, length 0
23:35:32.915020 IP ip-228.pool-228.ms-dpc03.cpx.ru.17251 > abcdef.net.https: Flags [R.], seq 1, ack 2893, win 0, length 0
23:35:37.955967 IP ip-228.pool-228.ms-dpc03.cpx.ru.27643 > abcdef.net.https: Flags [S], seq 3664854665, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:35:37.956046 IP abcdef.net.https > ip-228.pool-228.ms-dpc03.cpx.ru.27643: Flags [S.], seq 3654461060, ack 3664854666, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
23:35:37.998238 IP ip-228.pool-228.ms-dpc03.cpx.ru.27643 > abcdef.net.https: Flags [.], ack 1, win 65535, length 0
23:35:38.010450 IP abcdef.net.https > ip-228.pool-228.ms-dpc03.cpx.ru.27643: Flags [P.], seq 1:2131, ack 1, win 229, length 2130
23:35:38.053267 IP ip-228.pool-228.ms-dpc03.cpx.ru.27643 > abcdef.net.https: Flags [.], ack 2131, win 65535, length 0
23:35:38.958852 IP ip-228.pool-228.ms-dpc03.cpx.ru.27643 > abcdef.net.https: Flags [R.], seq 1, ack 2131, win 0, length 0
23:35:43.991390 IP ip-228.pool-228.ms-dpc03.cpx.ru.10926 > abcdef.net.https: Flags [S], seq 4050089391, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
23:35:43.991506 IP abcdef.net.https > ip-228.pool-228.ms-dpc03.cpx.ru.10926: Flags [S.], seq 1745602613, ack 4050089392, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
23:35:44.036447 IP ip-228.pool-228.ms-dpc03.cpx.ru.10926 > abcdef.net.https: Flags [.], ack 1, win 65535, length 0[/list]Код: Выделить всё
[list]23:34:13.818821 IP localhost.60678 > localhost.openvpn: Flags [S], seq 99085980, win 43690, options [mss 65495,sackOK,TS val 31726933 ecr 0,nop,wscale 7], length 0
23:34:13.818845 IP localhost.openvpn > localhost.60678: Flags [S.], seq 2317335044, ack 99085981, win 43690, options [mss 65495,sackOK,TS val 31726933 ecr 31726933,nop,wscale 7], length 0
23:34:13.818861 IP localhost.60678 > localhost.openvpn: Flags [.], ack 1, win 342, options [nop,nop,TS val 31726933 ecr 31726933], length 0
23:34:14.781217 IP localhost.60678 > localhost.openvpn: Flags [F.], seq 1, ack 1, win 342, options [nop,nop,TS val 31727174 ecr 31726933], length 0
23:34:14.781574 IP localhost.openvpn > localhost.60678: Flags [F.], seq 1, ack 2, win 342, options [nop,nop,TS val 31727174 ecr 31727174], length 0
23:34:14.781602 IP localhost.60678 > localhost.openvpn: Flags [.], ack 2, win 342, options [nop,nop,TS val 31727174 ecr 31727174], length 0
23:34:19.888759 IP localhost.60680 > localhost.openvpn: Flags [S], seq 411593577, win 43690, options [mss 65495,sackOK,TS val 31728451 ecr 0,nop,wscale 7], length 0
23:34:19.888786 IP localhost.openvpn > localhost.60680: Flags [S.], seq 392839067, ack 411593578, win 43690, options [mss 65495,sackOK,TS val 31728451 ecr 31728451,nop,wscale 7], length 0
23:34:19.888814 IP localhost.60680 > localhost.openvpn: Flags [.], ack 1, win 342, options [nop,nop,TS val 31728451 ecr 31728451], length 0
23:34:20.848362 IP localhost.60680 > localhost.openvpn: Flags [F.], seq 1, ack 1, win 342, options [nop,nop,TS val 31728690 ecr 31728451], length 0
23:34:20.848538 IP localhost.openvpn > localhost.60680: Flags [.], ack 2, win 342, options [nop,nop,TS val 31728691 ecr 31728690], length 0
23:34:20.848993 IP localhost.openvpn > localhost.60680: Flags [F.], seq 1, ack 2, win 342, options [nop,nop,TS val 31728691 ecr 31728690], length 0
23:34:20.849029 IP localhost.60680 > localhost.openvpn: Flags [.], ack 2, win 342, options [nop,nop,TS val 31728691 ecr 31728691], length 0
23:34:25.952132 IP localhost.60682 > localhost.openvpn: Flags [S], seq 1096491333, win 43690, options [mss 65495,sackOK,TS val 31729966 ecr 0,nop,wscale 7], length 0
23:34:25.952151 IP localhost.openvpn > localhost.60682: Flags [S.], seq 482676487, ack 1096491334, win 43690, options [mss 65495,sackOK,TS val 31729966 ecr 31729966,nop,wscale 7], length 0
23:34:25.952167 IP localhost.60682 > localhost.openvpn: Flags [.], ack 1, win 342, options [nop,nop,TS val 31729966 ecr 31729966], length 0
23:34:26.910580 IP localhost.60682 > localhost.openvpn: Flags [F.], seq 1, ack 1, win 342, options [nop,nop,TS val 31730206 ecr 31729966], length 0
23:34:26.911006 IP localhost.openvpn > localhost.60682: Flags [F.], seq 1, ack 2, win 342, options [nop,nop,TS val 31730206 ecr 31730206], length 0
23:34:26.911036 IP localhost.60682 > localhost.openvpn: Flags [.], ack 2, win 342, options [nop,nop,TS val 31730206 ecr 31730206], length 0[/list]Код: Выделить всё
[list]Thu Oct 13 23:50:10 2016 us=278616 Current Parameter Settings:
Thu Oct 13 23:50:10 2016 us=278709 config = '/etc/openvpn/server.conf'
Thu Oct 13 23:50:10 2016 us=278749 mode = 1
Thu Oct 13 23:50:10 2016 us=278766 persist_config = DISABLED
Thu Oct 13 23:50:10 2016 us=278776 persist_mode = 1
Thu Oct 13 23:50:10 2016 us=278786 show_ciphers = DISABLED
Thu Oct 13 23:50:10 2016 us=278802 show_digests = DISABLED
Thu Oct 13 23:50:10 2016 us=278820 show_engines = DISABLED
Thu Oct 13 23:50:10 2016 us=278838 genkey = DISABLED
Thu Oct 13 23:50:10 2016 us=278856 key_pass_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=278868 show_tls_ciphers = DISABLED
Thu Oct 13 23:50:10 2016 us=278878 Connection profiles [default]:
Thu Oct 13 23:50:10 2016 us=278888 proto = tcp-server
Thu Oct 13 23:50:10 2016 us=278898 local = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=278907 local_port = 1194
Thu Oct 13 23:50:10 2016 us=278917 remote = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=278927 remote_port = 1194
Thu Oct 13 23:50:10 2016 us=278940 remote_float = DISABLED
Thu Oct 13 23:50:10 2016 us=278950 bind_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=278959 bind_local = ENABLED
Thu Oct 13 23:50:10 2016 us=278968 connect_retry_seconds = 5
Thu Oct 13 23:50:10 2016 us=278978 connect_timeout = 10
Thu Oct 13 23:50:10 2016 us=278987 connect_retry_max = 0
Thu Oct 13 23:50:10 2016 us=278996 xormethod = 0
Thu Oct 13 23:50:10 2016 us=279005 xormask = ''
Thu Oct 13 23:50:10 2016 us=279015 xormasklen = 1
Thu Oct 13 23:50:10 2016 us=279024 socks_proxy_server = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279034 socks_proxy_port = 0
Thu Oct 13 23:50:10 2016 us=279052 socks_proxy_retry = DISABLED
Thu Oct 13 23:50:10 2016 us=279071 tun_mtu = 1500
Thu Oct 13 23:50:10 2016 us=279089 tun_mtu_defined = ENABLED
Thu Oct 13 23:50:10 2016 us=279109 link_mtu = 1500
Thu Oct 13 23:50:10 2016 us=279128 link_mtu_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=279147 tun_mtu_extra = 0
Thu Oct 13 23:50:10 2016 us=279166 tun_mtu_extra_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=279185 mtu_discover_type = -1
Thu Oct 13 23:50:10 2016 us=279204 fragment = 0
Thu Oct 13 23:50:10 2016 us=279224 mssfix = 1432
Thu Oct 13 23:50:10 2016 us=279245 explicit_exit_notification = 0
Thu Oct 13 23:50:10 2016 us=279264 Connection profiles END
Thu Oct 13 23:50:10 2016 us=279284 remote_random = DISABLED
Thu Oct 13 23:50:10 2016 us=279303 ipchange = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279322 dev = 'tun'
Thu Oct 13 23:50:10 2016 us=279341 dev_type = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279366 dev_node = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279388 lladdr = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279406 topology = 1
Thu Oct 13 23:50:10 2016 us=279426 tun_ipv6 = DISABLED
Thu Oct 13 23:50:10 2016 us=279445 ifconfig_local = '10.48.9.1'
Thu Oct 13 23:50:10 2016 us=279465 ifconfig_remote_netmask = '10.48.9.2'
Thu Oct 13 23:50:10 2016 us=279484 ifconfig_noexec = DISABLED
Thu Oct 13 23:50:10 2016 us=279503 ifconfig_nowarn = DISABLED
Thu Oct 13 23:50:10 2016 us=279520 ifconfig_ipv6_local = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279538 ifconfig_ipv6_netbits = 0
Thu Oct 13 23:50:10 2016 us=279555 ifconfig_ipv6_remote = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279574 shaper = 0
Thu Oct 13 23:50:10 2016 us=279589 mtu_test = 0
Thu Oct 13 23:50:10 2016 us=279605 mlock = DISABLED
Thu Oct 13 23:50:10 2016 us=279621 keepalive_ping = 5
Thu Oct 13 23:50:10 2016 us=279637 keepalive_timeout = 30
Thu Oct 13 23:50:10 2016 us=279652 inactivity_timeout = 0
Thu Oct 13 23:50:10 2016 us=279669 ping_send_timeout = 5
Thu Oct 13 23:50:10 2016 us=279685 ping_rec_timeout = 60
Thu Oct 13 23:50:10 2016 us=279702 ping_rec_timeout_action = 2
Thu Oct 13 23:50:10 2016 us=279732 ping_timer_remote = DISABLED
Thu Oct 13 23:50:10 2016 us=279754 remap_sigusr1 = 0
Thu Oct 13 23:50:10 2016 us=279775 persist_tun = ENABLED
Thu Oct 13 23:50:10 2016 us=279796 persist_local_ip = DISABLED
Thu Oct 13 23:50:10 2016 us=279816 persist_remote_ip = DISABLED
Thu Oct 13 23:50:10 2016 us=279846 persist_key = ENABLED
Thu Oct 13 23:50:10 2016 us=279866 passtos = DISABLED
Thu Oct 13 23:50:10 2016 us=279881 resolve_retry_seconds = 1000000000
Thu Oct 13 23:50:10 2016 us=279890 username = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279899 groupname = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279908 chroot_dir = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279917 cd_dir = '/etc/openvpn'
Thu Oct 13 23:50:10 2016 us=279927 writepid = '/run/openvpn/server.pid'
Thu Oct 13 23:50:10 2016 us=279936 up_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279945 down_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=279954 down_pre = DISABLED
Thu Oct 13 23:50:10 2016 us=280002 up_restart = DISABLED
Thu Oct 13 23:50:10 2016 us=280015 up_delay = DISABLED
Thu Oct 13 23:50:10 2016 us=280024 daemon = ENABLED
Thu Oct 13 23:50:10 2016 us=280033 inetd = 0
Thu Oct 13 23:50:10 2016 us=280042 log = ENABLED
Thu Oct 13 23:50:10 2016 us=280052 suppress_timestamps = DISABLED
Thu Oct 13 23:50:10 2016 us=280061 nice = 0
Thu Oct 13 23:50:10 2016 us=280070 verbosity = 5
Thu Oct 13 23:50:10 2016 us=280079 mute = 0
Thu Oct 13 23:50:10 2016 us=280089 gremlin = 0
Thu Oct 13 23:50:10 2016 us=280098 status_file = '/etc/openvpn/log/tcp-server-tcp.log'
Thu Oct 13 23:50:10 2016 us=280108 status_file_version = 1
Thu Oct 13 23:50:10 2016 us=280117 status_file_update_freq = 10
Thu Oct 13 23:50:10 2016 us=280126 occ = ENABLED
Thu Oct 13 23:50:10 2016 us=280135 rcvbuf = 0
Thu Oct 13 23:50:10 2016 us=280144 sndbuf = 0
Thu Oct 13 23:50:10 2016 us=280153 mark = 0
Thu Oct 13 23:50:10 2016 us=280162 sockflags = 0
Thu Oct 13 23:50:10 2016 us=280171 fast_io = DISABLED
Thu Oct 13 23:50:10 2016 us=280180 lzo = 1
Thu Oct 13 23:50:10 2016 us=280190 route_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280199 route_default_gateway = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280208 route_default_metric = 0
Thu Oct 13 23:50:10 2016 us=280218 route_noexec = DISABLED
Thu Oct 13 23:50:10 2016 us=280227 route_delay = 0
Thu Oct 13 23:50:10 2016 us=280236 route_delay_window = 30
Thu Oct 13 23:50:10 2016 us=280245 route_delay_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=280255 route_nopull = DISABLED
Thu Oct 13 23:50:10 2016 us=280264 route_gateway_via_dhcp = DISABLED
Thu Oct 13 23:50:10 2016 us=280273 max_routes = 100
Thu Oct 13 23:50:10 2016 us=280283 allow_pull_fqdn = DISABLED
Thu Oct 13 23:50:10 2016 us=280293 route 10.48.9.0/255.255.255.0/nil/nil
Thu Oct 13 23:50:10 2016 us=280303 management_addr = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280312 management_port = 0
Thu Oct 13 23:50:10 2016 us=280321 management_user_pass = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280331 management_log_history_cache = 250
Thu Oct 13 23:50:10 2016 us=280340 management_echo_buffer_size = 100
Thu Oct 13 23:50:10 2016 us=280349 management_write_peer_info_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280359 management_client_user = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280368 management_client_group = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280377 management_flags = 0
Thu Oct 13 23:50:10 2016 us=280387 shared_secret_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280397 key_direction = 1
Thu Oct 13 23:50:10 2016 us=280406 ciphername_defined = ENABLED
Thu Oct 13 23:50:10 2016 us=280416 ciphername = 'AES-256-CBC'
Thu Oct 13 23:50:10 2016 us=280425 authname_defined = ENABLED
Thu Oct 13 23:50:10 2016 us=280434 authname = 'SHA1'
Thu Oct 13 23:50:10 2016 us=280443 prng_hash = 'SHA1'
Thu Oct 13 23:50:10 2016 us=280452 prng_nonce_secret_len = 16
Thu Oct 13 23:50:10 2016 us=280526 keysize = 0
Thu Oct 13 23:50:10 2016 us=280545 engine = DISABLED
Thu Oct 13 23:50:10 2016 us=280554 replay = ENABLED
Thu Oct 13 23:50:10 2016 us=280564 mute_replay_warnings = DISABLED
Thu Oct 13 23:50:10 2016 us=280573 replay_window = 64
Thu Oct 13 23:50:10 2016 us=280582 replay_time = 15
Thu Oct 13 23:50:10 2016 us=280600 packet_id_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280617 use_iv = ENABLED
Thu Oct 13 23:50:10 2016 us=280648 test_crypto = DISABLED
Thu Oct 13 23:50:10 2016 us=280670 tls_server = ENABLED
Thu Oct 13 23:50:10 2016 us=280689 tls_client = DISABLED
Thu Oct 13 23:50:10 2016 us=280705 key_method = 2
Thu Oct 13 23:50:10 2016 us=280715 ca_file = 'ca.crt'
Thu Oct 13 23:50:10 2016 us=280734 ca_path = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280745 dh_file = 'dh2048.pem'
Thu Oct 13 23:50:10 2016 us=280754 cert_file = 'server.crt'
Thu Oct 13 23:50:10 2016 us=280763 extra_certs_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280773 priv_key_file = 'server.key'
Thu Oct 13 23:50:10 2016 us=280783 pkcs12_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280792 cipher_list = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280801 tls_verify = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280811 tls_export_cert = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280820 verify_x509_type = 0
Thu Oct 13 23:50:10 2016 us=280829 verify_x509_name = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280838 crl_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=280848 ns_cert_type = 0
Thu Oct 13 23:50:10 2016 us=280857 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280866 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280875 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280884 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280893 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280903 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280912 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280921 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280930 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280939 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280949 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280958 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280967 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280976 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280985 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=280994 remote_cert_ku[i] = 0
Thu Oct 13 23:50:10 2016 us=281003 remote_cert_eku = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281012 ssl_flags = 0
Thu Oct 13 23:50:10 2016 us=281022 tls_timeout = 2
Thu Oct 13 23:50:10 2016 us=281031 renegotiate_bytes = 0
Thu Oct 13 23:50:10 2016 us=281040 renegotiate_packets = 0
Thu Oct 13 23:50:10 2016 us=281049 renegotiate_seconds = 3600
Thu Oct 13 23:50:10 2016 us=281058 handshake_window = 60
Thu Oct 13 23:50:10 2016 us=281067 transition_window = 3600
Thu Oct 13 23:50:10 2016 us=281077 single_session = DISABLED
Thu Oct 13 23:50:10 2016 us=281086 push_peer_info = DISABLED
Thu Oct 13 23:50:10 2016 us=281095 tls_exit = DISABLED
Thu Oct 13 23:50:10 2016 us=281104 tls_auth_file = 'ta.key'
Thu Oct 13 23:50:10 2016 us=281115 server_network = 10.48.9.0
Thu Oct 13 23:50:10 2016 us=281126 server_netmask = 255.255.255.0
Thu Oct 13 23:50:10 2016 us=281144 server_network_ipv6 = ::
Thu Oct 13 23:50:10 2016 us=281154 server_netbits_ipv6 = 0
Thu Oct 13 23:50:10 2016 us=281164 server_bridge_ip = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281174 server_bridge_netmask = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281184 server_bridge_pool_start = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281194 server_bridge_pool_end = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281204 push_entry = 'route 10.48.9.0 255.255.255.0'
Thu Oct 13 23:50:10 2016 us=281214 push_entry = 'redirect-gateway def1 bypass-dhcp'
Thu Oct 13 23:50:10 2016 us=281223 push_entry = 'dhcp-option DNS 8.8.8.8'
Thu Oct 13 23:50:10 2016 us=281232 push_entry = 'route 10.48.9.1'
Thu Oct 13 23:50:10 2016 us=281242 push_entry = 'topology net30'
Thu Oct 13 23:50:10 2016 us=281251 push_entry = 'ping 5'
Thu Oct 13 23:50:10 2016 us=281260 push_entry = 'ping-restart 30'
Thu Oct 13 23:50:10 2016 us=281269 ifconfig_pool_defined = ENABLED
Thu Oct 13 23:50:10 2016 us=281280 ifconfig_pool_start = 10.48.9.4
Thu Oct 13 23:50:10 2016 us=281290 ifconfig_pool_end = 10.48.9.251
Thu Oct 13 23:50:10 2016 us=281300 ifconfig_pool_netmask = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281309 ifconfig_pool_persist_filename = '/etc/openvpn/tmp/ipp.txt'
Thu Oct 13 23:50:10 2016 us=281326 ifconfig_pool_persist_refresh_freq = 600
Thu Oct 13 23:50:10 2016 us=281337 ifconfig_ipv6_pool_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=281347 ifconfig_ipv6_pool_base = ::
Thu Oct 13 23:50:10 2016 us=281356 ifconfig_ipv6_pool_netbits = 0
Thu Oct 13 23:50:10 2016 us=281365 n_bcast_buf = 256
Thu Oct 13 23:50:10 2016 us=281375 tcp_queue_limit = 64
Thu Oct 13 23:50:10 2016 us=281384 real_hash_size = 256
Thu Oct 13 23:50:10 2016 us=281394 virtual_hash_size = 256
Thu Oct 13 23:50:10 2016 us=281412 client_connect_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281430 learn_address_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281449 client_disconnect_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281468 client_config_dir = 'ccd'
Thu Oct 13 23:50:10 2016 us=281486 ccd_exclusive = DISABLED
Thu Oct 13 23:50:10 2016 us=281504 tmp_dir = '/tmp'
Thu Oct 13 23:50:10 2016 us=281519 push_ifconfig_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=281529 push_ifconfig_local = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281540 push_ifconfig_remote_netmask = 0.0.0.0
Thu Oct 13 23:50:10 2016 us=281549 push_ifconfig_ipv6_defined = DISABLED
Thu Oct 13 23:50:10 2016 us=281560 push_ifconfig_ipv6_local = ::/0
Thu Oct 13 23:50:10 2016 us=281575 push_ifconfig_ipv6_remote = ::
Thu Oct 13 23:50:10 2016 us=281587 enable_c2c = DISABLED
Thu Oct 13 23:50:10 2016 us=281596 duplicate_cn = DISABLED
Thu Oct 13 23:50:10 2016 us=281607 cf_max = 0
Thu Oct 13 23:50:10 2016 us=281625 cf_per = 0
Thu Oct 13 23:50:10 2016 us=281645 max_clients = 1024
Thu Oct 13 23:50:10 2016 us=281663 max_routes_per_client = 256
Thu Oct 13 23:50:10 2016 us=281680 auth_user_pass_verify_script = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281692 auth_user_pass_verify_script_via_file = DISABLED
Thu Oct 13 23:50:10 2016 us=281701 port_share_host = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281710 port_share_port = 0
Thu Oct 13 23:50:10 2016 us=281743 client = DISABLED
Thu Oct 13 23:50:10 2016 us=281757 pull = DISABLED
Thu Oct 13 23:50:10 2016 us=281766 auth_user_pass_file = '[UNDEF]'
Thu Oct 13 23:50:10 2016 us=281777 OpenVPN 2.3.12 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 12 2016
Thu Oct 13 23:50:10 2016 us=281800 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Thu Oct 13 23:50:10 2016 us=284205 Diffie-Hellman initialized with 2048 bit key
Thu Oct 13 23:50:10 2016 us=285981 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Oct 13 23:50:10 2016 us=286016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 13 23:50:10 2016 us=286031 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 13 23:50:10 2016 us=286053 TLS-Auth MTU parms [ L:1560 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Thu Oct 13 23:50:10 2016 us=286083 Socket Buffers: R=[87380->87380] S=[16384->16384]
Thu Oct 13 23:50:10 2016 us=286188 ROUTE_GATEWAY xx.xx.28.1/255.255.252.0 IFACE=ens3 HWADDR=52:54:00:c0:3b:c5
Thu Oct 13 23:50:10 2016 us=287439 TUN/TAP device tun0 opened
Thu Oct 13 23:50:10 2016 us=287471 TUN/TAP TX queue length set to 100
Thu Oct 13 23:50:10 2016 us=287492 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Oct 13 23:50:10 2016 us=287520 /sbin/ifconfig tun0 10.48.9.1 pointopoint 10.48.9.2 mtu 1500
Thu Oct 13 23:50:10 2016 us=289099 /sbin/route add -net 10.48.9.0 netmask 255.255.255.0 gw 10.48.9.2
Thu Oct 13 23:50:10 2016 us=289972 Data Channel MTU parms [ L:1560 D:1432 EF:60 EB:143 ET:0 EL:3 AF:3/1 ]
Thu Oct 13 23:50:10 2016 us=290021 Listening for incoming TCP connection on [undef]
Thu Oct 13 23:50:10 2016 us=290063 TCPv4_SERVER link local (bound): [undef]
Thu Oct 13 23:50:10 2016 us=290085 TCPv4_SERVER link remote: [undef]
Thu Oct 13 23:50:10 2016 us=290108 MULTI: multi_init called, r=256 v=256
Thu Oct 13 23:50:10 2016 us=290144 IFCONFIG POOL: base=10.48.9.4 size=62, ipv6=0
Thu Oct 13 23:50:10 2016 us=290164 ifconfig_pool_read(), in='admin,10.48.9.4', TODO: IPv6
Thu Oct 13 23:50:10 2016 us=290189 succeeded -> ifconfig_pool_set()
Thu Oct 13 23:50:10 2016 us=290239 IFCONFIG POOL LIST
Thu Oct 13 23:50:10 2016 us=290249 admin,10.48.9.4
Thu Oct 13 23:50:10 2016 us=290295 MULTI: TCP INIT maxclients=1024 maxevents=1028
Thu Oct 13 23:50:10 2016 us=290323 Initialization Sequence Completed
Thu Oct 13 23:50:16 2016 us=917416 MULTI: multi_create_instance called
Thu Oct 13 23:50:16 2016 us=917472 Re-using SSL/TLS context
Thu Oct 13 23:50:16 2016 us=917522 LZO compression initialized
Thu Oct 13 23:50:16 2016 us=917630 Control Channel MTU parms [ L:1560 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Thu Oct 13 23:50:16 2016 us=917670 Data Channel MTU parms [ L:1560 D:1432 EF:60 EB:143 ET:0 EL:3 AF:3/1 ]
Thu Oct 13 23:50:16 2016 us=917702 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Oct 13 23:50:16 2016 us=917713 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Oct 13 23:50:16 2016 us=917733 Local Options hash (VER=V4): '9915e4a2'
Thu Oct 13 23:50:16 2016 us=917748 Expected Remote Options hash (VER=V4): '2f2c6498'
Thu Oct 13 23:50:16 2016 us=917780 TCP connection established with [AF_INET]127.0.0.1:60708
Thu Oct 13 23:50:16 2016 us=917794 TCPv4_SERVER link local: [undef]
Thu Oct 13 23:50:16 2016 us=917805 TCPv4_SERVER link remote: [AF_INET]127.0.0.1:60708
Thu Oct 13 23:50:17 2016 us=841868 127.0.0.1:60708 Connection reset, restarting [0]
Thu Oct 13 23:50:17 2016 us=841931 127.0.0.1:60708 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Oct 13 23:50:17 2016 us=842027 TCP/UDP: Closing socket[/list]Код: Выделить всё
[list]Fri Oct 14 00:33:17 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Oct 14 00:33:17 2016 Need hold release from management interface, waiting...
Fri Oct 14 00:33:18 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Oct 14 00:33:18 2016 MANAGEMENT: CMD 'state on'
Fri Oct 14 00:33:18 2016 MANAGEMENT: CMD 'log all on'
Fri Oct 14 00:33:18 2016 MANAGEMENT: CMD 'hold off'
Fri Oct 14 00:33:18 2016 MANAGEMENT: CMD 'hold release'
Fri Oct 14 00:33:18 2016 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Oct 14 00:33:18 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 14 00:33:18 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 14 00:33:18 2016 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 500)
Fri Oct 14 00:33:18 2016 Socket Buffers: R=[8192->1048576] S=[8192->1048576]
Fri Oct 14 00:33:18 2016 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:443 [nonblock]
Fri Oct 14 00:33:18 2016 MANAGEMENT: >STATE:1476394398,TCP_CONNECT,,,
Fri Oct 14 00:33:19 2016 TCP connection established with [AF_INET]xx.xx.xx.xx:443
Fri Oct 14 00:33:19 2016 TCPv4_CLIENT link local: [undef]
Fri Oct 14 00:33:19 2016 TCPv4_CLIENT link remote: [AF_INET]xx.xx.xx.xx:443
Fri Oct 14 00:33:19 2016 MANAGEMENT: >STATE:1476394399,WAIT,,,
Fri Oct 14 00:33:19 2016 WARNING: Bad encapsulated packet length from peer (22542), which must be > 0 and <= 563 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Fri Oct 14 00:33:19 2016 Connection reset, restarting [0]
Fri Oct 14 00:33:19 2016 SIGUSR1[soft,connection-reset] received, process restarting
Fri Oct 14 00:33:19 2016 MANAGEMENT: >STATE:1476394399,RECONNECTING,connection-reset,,
Fri Oct 14 00:33:19 2016 Restart pause, 5 second(s)
Fri Oct 14 00:33:24 2016 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 500)
Fri Oct 14 00:33:24 2016 Socket Buffers: R=[8192->1048576] S=[8192->1048576]
Fri Oct 14 00:33:24 2016 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:443 [nonblock]
Fri Oct 14 00:33:24 2016 MANAGEMENT: >STATE:1476394404,TCP_CONNECT,,,
Fri Oct 14 00:33:25 2016 TCP connection established with [AF_INET]xx.xx.xx.xx:443
Fri Oct 14 00:33:25 2016 TCPv4_CLIENT link local: [undef]
Fri Oct 14 00:33:25 2016 TCPv4_CLIENT link remote: [AF_INET]xx.xx.xx.xx:443
Fri Oct 14 00:33:25 2016 MANAGEMENT: >STATE:1476394405,WAIT,,,
Fri Oct 14 00:33:25 2016 WARNING: Bad encapsulated packet length from peer (61836), which must be > 0 and <= 563 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Fri Oct 14 00:33:25 2016 Connection reset, restarting [0]
Fri Oct 14 00:33:25 2016 SIGUSR1[soft,connection-reset] received, process restarting
Fri Oct 14 00:33:25 2016 MANAGEMENT: >STATE:1476394405,RECONNECTING,connection-reset,,
Fri Oct 14 00:33:25 2016 Restart pause, 5 second(s)
Fri Oct 14 00:33:26 2016 SIGTERM[hard,init_instance] received, process exiting
Fri Oct 14 00:33:26 2016 MANAGEMENT: >STATE:1476394406,EXITING,init_instance,,[/list]