Господа, добрый вечер!
Настраиваю OpenVPN клиент на своём Keenetic Extra. Что-то голову сломал - не могу понять в чём дело. Стоит свой Ubuntu 16.04 со сконфигурированный OpenVPN сервером, телефон и ноут цепляются без вопросов через OpenVPN приложения, а вот роутер ведёт себя странно. Подскажите пожалуйста, в чем может быть проблема. Забавно то, что соединение как будто происходит, в UI написано, что соединение установлено, написан по идее внутренний адрес роутера, но на деле ping этого адреса с машины-сервера 100% packet loss:
Вот конфигурация клиента:
client
dev tun
proto tcp
remote 168.63.78.151 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
cipher AES-128-CBC
auth SHA256
key-direction 1
<tls-auth>
</tls-auth>
<ca>
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
Вот лог с роутера:
Dec 22 23:07:56 OpenVPN0
OpenVPN 2.4.6 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD]
Dec 22 23:07:56 OpenVPN0
library versions: OpenSSL 1.1.1a 20 Nov 2018, LZO 2.10
Dec 22 23:07:56 OpenVPN0
Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 22 23:07:56 OpenVPN0
Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 22 23:07:56 OpenVPN0
Socket Buffers: R=[87380->87380] S=[16384->16384]
Dec 22 23:07:56 OpenVPN0
Attempting to establish TCP connection with [AF_INET]168.63.78.151:443 [nonblock]
Dec 22 23:07:57 OpenVPN0
TCP connection established with [AF_INET]168.63.78.151:443
Dec 22 23:07:57 OpenVPN0
TCP_CLIENT link local: (not bound)
Dec 22 23:07:57 OpenVPN0
TCP_CLIENT link remote: [AF_INET]168.63.78.151:443
Dec 22 23:07:57 OpenVPN0
NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Dec 22 23:07:57 OpenVPN0
TLS: Initial packet from [AF_INET]168.63.78.151:443, sid=75da2256 3936274e
Dec 22 23:07:58 OpenVPN0
VERIFY SCRIPT OK: depth=1, C=UK, ST=UK, L=London, O=m, OU=m, CN=m CA, name=server, emailAddress=m@m.com
Dec 22 23:07:58 OpenVPN0
VERIFY OK: depth=1, C=UK, ST=UK, L=London, O=m, OU=m, CN=m CA, name=server, emailAddress=m@m.com
Dec 22 23:07:58 OpenVPN0
VERIFY KU OK
Dec 22 23:07:58 OpenVPN0
Validating certificate extended key usage
Dec 22 23:07:58 OpenVPN0
++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Dec 22 23:07:58 OpenVPN0
VERIFY EKU OK
Dec 22 23:07:58 OpenVPN0
VERIFY SCRIPT OK: depth=0, C=UK, ST=UK, L=London, O=m, OU=m, CN=m, name=server, emailAddress=m@m.com
Dec 22 23:07:58 OpenVPN0
VERIFY OK: depth=0, C=UK, ST=UK, L=London, O=m, OU=m, CN=m, name=server, emailAddress=m@m.com
Dec 22 23:07:59 OpenVPN0
Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Dec 22 23:07:59 OpenVPN0
[matteraiserver] Peer Connection Initiated with [AF_INET]168.63.78.151:443
Dec 22 23:07:59 ndm
Network::Interface::OpenVpn: "OpenVPN0": connecting via ISP (FastEthernet0/Vlan2).
Dec 22 23:07:59 ndm
Network::Interface::OpenVpn: "OpenVPN0": added host route to remote endpoint 168.63.78.151 via 188.243.88.1.
Dec 22 23:08:00 OpenVPN0
SENT CONTROL [matteraiserver]: 'PUSH_REQUEST' (status=1)
Dec 22 23:08:00 OpenVPN0
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.14 10.8.0.13'
Dec 22 23:08:00 OpenVPN0
OPTIONS IMPORT: timers and/or timeouts modified
Dec 22 23:08:00 OpenVPN0
OPTIONS IMPORT: --ifconfig/up options modified
Dec 22 23:08:00 OpenVPN0
OPTIONS IMPORT: route options modified
Dec 22 23:08:00 OpenVPN0
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Dec 22 23:08:00 OpenVPN0
Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 22 23:08:00 OpenVPN0
Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 22 23:08:00 OpenVPN0
Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 22 23:08:00 OpenVPN0
Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 22 23:08:00 OpenVPN0
TUN/TAP device tun0 opened
Dec 22 23:08:00 OpenVPN0
TUN/TAP TX queue length set to 100
Dec 22 23:08:00 OpenVPN0
do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Dec 22 23:08:00 ndm
Network::Interface::IP: "OpenVPN0": IP address is 10.8.0.14/32.
Dec 22 23:08:00 ndm
Network::Interface::OpenVpn: "OpenVPN0": TUN peer address is 10.8.0.13.
Dec 22 23:08:00 ndm
Network::Interface::OpenVpn: "OpenVPN0": added host route to peer 10.8.0.13 via 10.8.0.14.
Dec 22 23:08:00 ndm
Network::Interface::OpenVpn: "OpenVPN0": install accepted default route via 10.8.0.14.
Dec 22 23:08:00 ndm
Network::Interface::OpenVpn: "OpenVPN0": install accepted route to 10.8.0.1/255.255.255.255 via 10.8.0.14.
Dec 22 23:08:01 ndm
Network::Interface::OpenVpn: "OpenVPN0": adding nameserver 208.67.222.222.
Dec 22 23:08:01 ndm
Dns::Manager: name server 208.67.222.222 added, domain (default).
Dec 22 23:08:01 ndm
Network::RoutingTable: gateway 10.8.0.13 is unreachable via OpenVPN0.
Dec 22 23:08:01 ndm
Network::Interface::OpenVpn: "OpenVPN0": failed to add a nameserver route.
Dec 22 23:08:01 ndm
Network::Interface::OpenVpn: "OpenVPN0": adding nameserver 208.67.220.220.
Dec 22 23:08:01 ndm
Dns::Manager: name server 208.67.220.220 added, domain (default).
Dec 22 23:08:01 ndm
Network::RoutingTable: gateway 10.8.0.13 is unreachable via OpenVPN0.
Dec 22 23:08:01 ndm
Network::Interface::OpenVpn: "OpenVPN0": failed to add a nameserver route.
Dec 22 23:08:01 OpenVPN0
GID set to nobody
Dec 22 23:08:01 OpenVPN0
UID set to nobody
Dec 22 23:08:01 OpenVPN0
Initialization Sequence Completed
А, и еще. Забавно то, что сервис Whatismyip выдаёт правильный IP, как будто бы я подключен! Но при этом в linkedin не зайти, например. А на телефоне и ноутбуке порядок.
Буду вам очень благодарен за терпение, даже если вопрос был. Я прочитал бОльшую часть темы, и честно говоря не нашел ответа, хотя попробовал разные предлагаемые решения.