[Вопросы по интеграции OpenVPN в NDMS]

В 05.09.2017 в 15:03, Le ecureuil сказал:

Примерно понятна ситуация, будем воспроизводить и чинить.

Обновился, перезагрузился по 2 раза (в свитчах рабочие компы, не всегда могу перегрузить), все законнектились, спасибо за работу!

[Вопросы по интеграции OpenVPN в NDMS]

2 минуты назад, ICMP сказал:

ca ca.crt

cert server.crt

key server.key

dh dh.pem

а это зачем?

[Вопросы по интеграции OpenVPN в NDMS]

17 часов назад, Le ecureuil сказал:

Везде нужны self-test, иначе ничего непонятно. Я даже слова ccd не понял.

С тестами очень сложно, т.к. удаленка и в работе. Постараюсь сговориться оставить их без связи на сколь-то времени и забрав роутер попробовать повторить у себя и снять self-test.

Про ccd: сорри за столь глобальное сокращение это клиентские настройки, которые с сервера -  client-config-dir c:/openvpn/config/ccd

self-test.txt

[Вопросы по интеграции OpenVPN в NDMS]

В 30.08.2017 в 22:21, Lordmaster сказал:

iroute 192.168.178.0 255.255.255.128

 

С данными настройками все работает.

При таких настройках у вас проходит пинг на ИП клиента, на ИП за клиентом или нужно в межсетевой экран добавить правило? У меня только при добавлении правила работает, иначе ни пинга, ни радмина, ни веб роутера не работают.

[Вопросы по интеграции OpenVPN в NDMS]

В 30.08.2017 в 08:32, Сергей Молоков сказал:

В 25.08.2017 в 14:50, Le ecureuil сказал:

В следующем draft должно стать получше, проверьте.

Здравствуйте!

Спасибо!!! После обновления все четыре роутера законнектились. Пойду куплю еще парочку

Здравствуйте!

Сегодня перезагрузил сервер OVPN. Клиенты, которые коннектятся через ISP (6 штук), переконнектились нормально. Имеется еще 3 клиента (два Keenetic III и один Keenetic DSL) c коннектом через PPPoE соединение. Те два, что на Keenetic III не законнектились. Позвонил и попросил перезагрузить роутеры. Один подключился, второй с пяти попыток нет. Приехал посмотреть, show ip route - шлюза нет, подсети OVPN нет. Прописал ip route default PPPoE, подключился к интернету. Через некоторое время появился маршрут OVPN сети и шлюз сменился через OpenVPN0. Лог скопировать изначально не смог, т.к. вин ХР c эксплорером, веб интерфейса не показывает, портабельный хром или фаерфокс загрузить дорого, нужно вести флешкой.

У этого клиента в ccd:

# маршруты до сервера OVPN

push "route xxx.xxx.xxx.xxx 255.255.255.255 192.168.221.1"
push "route yyy.yyy.yyy.yyy 255.255.255.255 192.168.221.1"
iroute 192.168.221.0 255.255.255.0

в настройках OpenVPN соединения стоит галочка получать маршруты, но ни в вебе в статических маршрутах ни в show ip route этих маршрутов нет. А на Keenetic DSL в вебе и в таблице маршрутизации эти маршруты есть, но в ccd клиента их нет, от куда они взялись и почему их нет в первом случае?

[Вопросы по интеграции OpenVPN в NDMS]

В 25.08.2017 в 14:50, Le ecureuil сказал:

В следующем draft должно стать получше, проверьте.

Здравствуйте!

Спасибо!!! После обновления все четыре роутера законнектились. Пойду куплю еще парочку

[Вопросы по интеграции OpenVPN в NDMS]

При перезагрузке кинетика (клиент) или перезапуске сервиса сервера под виндой (переконнект клиента), клиент теряет шлюза, так происходит не всегда,

10 перезагрузок кинетика, три удачно, 7 - шлюза нет.

конфиг клиента:

Цитата

remote 10.2.9.84
port 1194
proto udp
dev tun

route-method exe
route-delay 3    
client
tls-client
ns-cert-type server
keepalive 10 120
comp-lzo
persist-key
persist-tun
redirect-gateway def1
key-direction 1

<tls-auth>
</tls-auth>
<dh>
</dh>
<pkcs12>
</pkcs12>

удачный коннект:

Цитата

Aug 23 16:55:58OpenVPN0OpenVPN 2.4.3 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD]
Aug 23 16:55:58OpenVPN0library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Aug 23 16:55:58OpenVPN0WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Aug 23 16:55:58OpenVPN0TCP/UDP: Preserving recently used remote address: [AF_INET]10.2.9.84:1194
Aug 23 16:55:58OpenVPN0UDP link local (bound): [AF_INET][undef]:1194
Aug 23 16:55:58OpenVPN0UDP link remote: [AF_INET]10.2.9.84:1194
Aug 23 16:55:58OpenVPN0NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Aug 23 16:55:58ndhcpcFastEthernet0/Vlan2: received OFFER for 10.2.63.18 from 10.2.0.1.
Aug 23 16:55:58ndhcpcFastEthernet0/Vlan2: received ACK for 10.2.63.18 from 10.2.0.1.
Aug 23 16:55:58ndmDhcp::Client: configuring interface ISP.
Aug 23 16:55:58ndmNetwork::Interface::IP: "FastEthernet0/Vlan2": IP address is 10.2.63.18/16.
Aug 23 16:55:58ndmDhcp::Client: obtained IP address 10.2.63.18/16.
Aug 23 16:55:58ndmDhcp::Client: interface "ISP" is global, priority 700.
Aug 23 16:55:58ndmDhcp::Client: no default routes received.
Aug 23 16:55:58ndmDhcp::Client: adding name server 10.2.1.2.
Aug 23 16:55:58ndmDns::Manager: name server 10.2.1.2 added, domain (default).
Aug 23 16:55:58ndmDhcp::Client: adding route 10.3.0.0/255.255.0.0/10.2.0.1.
Aug 23 16:55:58ndmDhcp::Client: adding route 10.3.0.0/255.255.0.0/10.2.0.1.
Aug 23 16:56:00OpenVPN0TLS Error: local/remote TLS keys are out of sync: [AF_INET]10.2.9.84:1194 [0]
Aug 23 16:56:00OpenVPN0[ServerVPN] Peer Connection Initiated with [AF_INET]10.2.9.84:1194
Aug 23 16:56:00ndmNetwork::Interface::OpenVpn: "OpenVPN0": added host route to remote endpoint 10.2.9.84 via ISP.
Aug 23 16:56:01OpenVPN0TUN/TAP device tun0 opened
Aug 23 16:56:01OpenVPN0do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Aug 23 16:56:01ndmkernel: ADDRCONF(NETDEV_CHANGE): ovpn_br0: link becomes ready
Aug 23 16:56:01ndmNetwork::Interface::IP: "OpenVPN0": IP address is 192.168.0.28/24.
Aug 23 16:56:04ndmNetwork::Interface::OpenVpn: "OpenVPN0": install accepted default route via 192.168.0.1.
Aug 23 16:56:04OpenVPN0GID set to nobody
Aug 23 16:56:04OpenVPN0UID set to nobody
Aug 23 16:56:04OpenVPN0Initialization Sequence Completed

не удачный коннект:

Цитата

Aug 24 08:14:36OpenVPN0SIGINT[hard,init_instance] received, process exiting
Aug 24 08:14:38OpenVPN0OpenVPN 2.4.3 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD]
Aug 24 08:14:38OpenVPN0library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Aug 24 08:14:38OpenVPN0WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Aug 24 08:14:38OpenVPN0TCP/UDP: Preserving recently used remote address: [AF_INET]10.2.9.84:1194
Aug 24 08:14:38OpenVPN0UDP link local (bound): [AF_INET][undef]:1194
Aug 24 08:14:38OpenVPN0UDP link remote: [AF_INET]10.2.9.84:1194
Aug 24 08:14:38OpenVPN0NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Aug 24 08:14:38OpenVPN0[ServerVPN] Peer Connection Initiated with [AF_INET]10.2.9.84:1194
Aug 24 08:14:38ndmNetwork::Interface::OpenVpn: "OpenVPN0": added host route to remote endpoint 10.2.9.84 via ISP.
Aug 24 08:15:00OpenVPN0TUN/TAP device tun0 opened
Aug 24 08:15:00OpenVPN0do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Aug 24 08:15:00ndmNetwork::Interface::IP: "OpenVPN0": IP address is 192.168.0.28/24.
Aug 24 08:15:04OpenVPN0NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Aug 24 08:15:04OpenVPN0GID set to nobody
Aug 24 08:15:04OpenVPN0UID set to nobody
Aug 24 08:15:04OpenVPN0Initialization Sequence Completed

Прошу помочь, что я делаю не правильно?

Спасибо!

[Вопросы по интеграции OpenVPN в NDMS]

Здравствуйте!

Для использования OVPN обязательно ли в компонентах устанавливать клиент PPPoE, который не будет использоваться?

На Keenetic II, не установлен клиент PPPoE, 

но имеется возможность создать соединение OVPN (хоть это единственный вариант, но по умолчанию он не выбран):

На Keenetic III, Extra II, Lite II невозможно создать OVPN соединение, если установлен только клиент Open VPN, если установить еще клиента PPPoE (другие не пробовал), тогда возможно.

У меня с Keenetic II глюк или так и должно быть (кажется логичным, не устанавливать компоненты, которые не используешь)?

[Вопросы по интеграции OpenVPN в NDMS]

3 минуты назад, Александр Рыжов сказал:

USB-носитель ещё не был готов

о каком USB-носителе вы сейчас говорите? Когда ovpn был на entware на флешке, все замечательно работало,

сейчас без флешки, c компонентой из прошивки, ovpn не стартовал без key-direction 1

или я вас не понял?

[Вопросы по интеграции OpenVPN в NDMS]

22 часа назад, r13 сказал:

в дополнение есть  usb

Я вас понял, спасибо за информацию! Мне нужен усб и так как я использую PPPoE видимо мой вариант Keenetic 3.

[Вопросы по интеграции OpenVPN в NDMS]

22 часа назад, Funeral_YAR сказал:

работает

единственная загвоздка была с tls-auth

вместо tls-auth /opt/etc/config/ta.key 1

key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>

Спасибо! 

key-direction 1 это то, чего мне не хватало, решилось сразу 2 проблемы, невозможность коннекта, ошибку показывал выше и автостарт OVPN-а!

Позже буду смотреть, как обстоят дела дальше.

17 часов назад, spirkaa сказал:

С таким конфигом "OpenVPN в прошивке" не запускается. При этом клиент из opkg работает отлично.

было все как у вас, попробуйте как говорит spirkaa

[Вопросы по интеграции OpenVPN в NDMS]

Нужно докупить пару кинетиков, на которых будет по витой в WAN провайдер, PPPoE для этого подключения,

OpenVPN и пара, тройка компов по витой в LAN, ВайФай не будет использоваться. Кому отдать предпочтение

Кинетик 3 или Экстра 2?

Спасибо!

[Вопросы по интеграции OpenVPN в NDMS]

1 час назад, Le ecureuil сказал:

> interface OpenVPN0 debug

сделал, в журнале ничего не изменилось, перезагрузил роутер, ovpn не стартует (что нужно докрутить, чтобы при загрузке он сам стартовал?).

нажал применить в конфигураторе ovpn-а, в логе все как раньше (перезагрузка не отключает дебаг?)

в прикрепленном файле, до 16:30 загрузка роутера, далее события после нажатия кнопки применить.

client.txt

[Вопросы по интеграции OpenVPN в NDMS]

В 04.07.2017 в 15:24, Le ecureuil сказал:

Неплохо бы включить verb 5 в обоих случаях (на клиенте и на сервере) и выдать сюда полный лог с обоих. Похоже на MITM или на отсутствующий ciphersuite.

сервер:

Tue Jul 11 10:41:05 2017 us=989149 Current Parameter Settings:
Tue Jul 11 10:41:05 2017 us=989149   config = 'c:\openvpn\config\servervpn.ovpn'
Tue Jul 11 10:41:05 2017 us=989149   mode = 1
Tue Jul 11 10:41:05 2017 us=989149   show_ciphers = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   show_digests = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   show_engines = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   genkey = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   key_pass_file = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=989149   show_tls_ciphers = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   connect_retry_max = 0
Tue Jul 11 10:41:05 2017 us=989149 Connection profiles [0]:
Tue Jul 11 10:41:05 2017 us=989149   proto = udp4
Tue Jul 11 10:41:05 2017 us=989149   local = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=989149   local_port = '1194'
Tue Jul 11 10:41:05 2017 us=989149   remote = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=989149   remote_port = '1194'
Tue Jul 11 10:41:05 2017 us=989149   remote_float = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   bind_defined = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   bind_local = ENABLED
Tue Jul 11 10:41:05 2017 us=989149   bind_ipv6_only = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   connect_retry_seconds = 5
Tue Jul 11 10:41:05 2017 us=989149   connect_timeout = 120
Tue Jul 11 10:41:05 2017 us=989149   socks_proxy_server = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=989149   socks_proxy_port = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=989149   tun_mtu = 1500
Tue Jul 11 10:41:05 2017 us=989149   tun_mtu_defined = ENABLED
Tue Jul 11 10:41:05 2017 us=989149   link_mtu = 1500
Tue Jul 11 10:41:05 2017 us=989149   link_mtu_defined = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   tun_mtu_extra = 0
Tue Jul 11 10:41:05 2017 us=989149   tun_mtu_extra_defined = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   mtu_discover_type = -1
Tue Jul 11 10:41:05 2017 us=989149   fragment = 0
Tue Jul 11 10:41:05 2017 us=989149   mssfix = 1450
Tue Jul 11 10:41:05 2017 us=989149   explicit_exit_notification = 0
Tue Jul 11 10:41:05 2017 us=989149 Connection profiles END
Tue Jul 11 10:41:05 2017 us=989149   remote_random = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   ipchange = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=989149   dev = 'tun'
Tue Jul 11 10:41:05 2017 us=989149   dev_type = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=989149   dev_node = 'OpenVPN'
Tue Jul 11 10:41:05 2017 us=989149   lladdr = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=989149   topology = 3
Tue Jul 11 10:41:05 2017 us=989149   ifconfig_local = '192.168.0.1'
Tue Jul 11 10:41:05 2017 us=989149   ifconfig_remote_netmask = '255.255.255.0'
Tue Jul 11 10:41:05 2017 us=989149   ifconfig_noexec = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   ifconfig_nowarn = DISABLED
Tue Jul 11 10:41:05 2017 us=989149   ifconfig_ipv6_local = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=989149   ifconfig_ipv6_netbits = 0
Tue Jul 11 10:41:05 2017 us=989149   ifconfig_ipv6_remote = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=989149   shaper = 0
Tue Jul 11 10:41:05 2017 us=990150   mtu_test = 0
Tue Jul 11 10:41:05 2017 us=990150   mlock = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   keepalive_ping = 10
Tue Jul 11 10:41:05 2017 us=990150   keepalive_timeout = 120
Tue Jul 11 10:41:05 2017 us=990150   inactivity_timeout = 0
Tue Jul 11 10:41:05 2017 us=990150   ping_send_timeout = 10
Tue Jul 11 10:41:05 2017 us=990150   ping_rec_timeout = 240
Tue Jul 11 10:41:05 2017 us=990150   ping_rec_timeout_action = 2
Tue Jul 11 10:41:05 2017 us=990150   ping_timer_remote = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   remap_sigusr1 = 0
Tue Jul 11 10:41:05 2017 us=990150   persist_tun = ENABLED
Tue Jul 11 10:41:05 2017 us=990150   persist_local_ip = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   persist_remote_ip = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   persist_key = ENABLED
Tue Jul 11 10:41:05 2017 us=990150   passtos = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   resolve_retry_seconds = 1000000000
Tue Jul 11 10:41:05 2017 us=990150   resolve_in_advance = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   username = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   groupname = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   chroot_dir = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   cd_dir = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   writepid = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   up_script = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   down_script = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   down_pre = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   up_restart = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   up_delay = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   daemon = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   inetd = 0
Tue Jul 11 10:41:05 2017 us=990150   log = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   suppress_timestamps = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   machine_readable_output = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   nice = 0
Tue Jul 11 10:41:05 2017 us=990150   verbosity = 5
Tue Jul 11 10:41:05 2017 us=990150   mute = 0
Tue Jul 11 10:41:05 2017 us=990150   gremlin = 0
Tue Jul 11 10:41:05 2017 us=990150   status_file = 'c:/openvpn/log/status.log'
Tue Jul 11 10:41:05 2017 us=990150   status_file_version = 1
Tue Jul 11 10:41:05 2017 us=990150   status_file_update_freq = 60
Tue Jul 11 10:41:05 2017 us=990150   occ = ENABLED
Tue Jul 11 10:41:05 2017 us=990150   rcvbuf = 0
Tue Jul 11 10:41:05 2017 us=990150   sndbuf = 0
Tue Jul 11 10:41:05 2017 us=990150   sockflags = 0
Tue Jul 11 10:41:05 2017 us=990150   fast_io = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   comp.alg = 2
Tue Jul 11 10:41:05 2017 us=990150   comp.flags = 1
Tue Jul 11 10:41:05 2017 us=990150   route_script = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   route_default_gateway = '192.168.0.2'
Tue Jul 11 10:41:05 2017 us=990150   route_default_metric = 0
Tue Jul 11 10:41:05 2017 us=990150   route_noexec = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   route_delay = 5
Tue Jul 11 10:41:05 2017 us=990150   route_delay_window = 30
Tue Jul 11 10:41:05 2017 us=990150   route_delay_defined = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   route_nopull = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   route_gateway_via_dhcp = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   allow_pull_fqdn = DISABLED
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.229.0/255.255.255.0/192.168.0.29/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.228.0/255.255.255.0/192.168.0.28/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.227.0/255.255.255.0/192.168.0.27/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.226.0/255.255.255.0/192.168.0.26/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.225.0/255.255.255.0/192.168.0.25/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.224.0/255.255.255.0/192.168.0.24/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.223.0/255.255.255.0/192.168.0.23/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.222.0/255.255.255.0/192.168.0.22/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.221.0/255.255.255.0/192.168.0.21/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.220.0/255.255.255.0/192.168.0.20/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.219.0/255.255.255.0/192.168.0.19/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.218.0/255.255.255.0/192.168.0.18/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.217.0/255.255.255.0/192.168.0.17/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.216.0/255.255.255.0/192.168.0.16/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.215.0/255.255.255.0/192.168.0.15/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.214.0/255.255.255.0/192.168.0.14/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.213.0/255.255.255.0/192.168.0.13/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.212.0/255.255.255.0/192.168.0.12/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.211.0/255.255.255.0/192.168.0.11/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.210.0/255.255.255.0/192.168.0.10/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.208.0/255.255.255.0/192.168.0.8/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.207.0/255.255.255.0/192.168.0.7/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.206.0/255.255.255.0/192.168.0.6/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.205.0/255.255.255.0/192.168.0.5/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.204.0/255.255.255.0/192.168.0.4/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.203.0/255.255.255.0/192.168.0.3/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   route 192.168.202.0/255.255.255.0/192.168.0.2/default (not set)
Tue Jul 11 10:41:05 2017 us=990150   management_addr = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   management_port = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   management_user_pass = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=990150   management_log_history_cache = 250
Tue Jul 11 10:41:05 2017 us=990150   management_echo_buffer_size = 100
Tue Jul 11 10:41:05 2017 us=991150   management_write_peer_info_file = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   management_client_user = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   management_client_group = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   management_flags = 0
Tue Jul 11 10:41:05 2017 us=991150   shared_secret_file = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   key_direction = 1
Tue Jul 11 10:41:05 2017 us=991150   ciphername = 'BF-CBC'
Tue Jul 11 10:41:05 2017 us=991150   ncp_enabled = ENABLED
Tue Jul 11 10:41:05 2017 us=991150   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Tue Jul 11 10:41:05 2017 us=991150   authname = 'SHA1'
Tue Jul 11 10:41:05 2017 us=991150   prng_hash = 'SHA1'
Tue Jul 11 10:41:05 2017 us=991150   prng_nonce_secret_len = 16
Tue Jul 11 10:41:05 2017 us=991150   keysize = 0
Tue Jul 11 10:41:05 2017 us=991150   engine = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   replay = ENABLED
Tue Jul 11 10:41:05 2017 us=991150   mute_replay_warnings = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   replay_window = 64
Tue Jul 11 10:41:05 2017 us=991150   replay_time = 15
Tue Jul 11 10:41:05 2017 us=991150   packet_id_file = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   use_iv = ENABLED
Tue Jul 11 10:41:05 2017 us=991150   test_crypto = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   tls_server = ENABLED
Tue Jul 11 10:41:05 2017 us=991150   tls_client = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   key_method = 2
Tue Jul 11 10:41:05 2017 us=991150   ca_file = 'c:/openvpn/config/keys/ca.crt'
Tue Jul 11 10:41:05 2017 us=991150   ca_path = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   dh_file = 'c:/openvpn/config/keys/dh1024.pem'
Tue Jul 11 10:41:05 2017 us=991150   cert_file = 'c:/openvpn/config/keys/servervpn.crt'
Tue Jul 11 10:41:05 2017 us=991150   extra_certs_file = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   priv_key_file = 'c:/openvpn/config/keys/servervpn.key'
Tue Jul 11 10:41:05 2017 us=991150   pkcs12_file = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   cryptoapi_cert = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   cipher_list = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   tls_verify = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   tls_export_cert = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   verify_x509_type = 0
Tue Jul 11 10:41:05 2017 us=991150   verify_x509_name = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   crl_file = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   ns_cert_type = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_ku[i] = 0
Tue Jul 11 10:41:05 2017 us=991150   remote_cert_eku = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   ssl_flags = 0
Tue Jul 11 10:41:05 2017 us=991150   tls_timeout = 120
Tue Jul 11 10:41:05 2017 us=991150   renegotiate_bytes = -1
Tue Jul 11 10:41:05 2017 us=991150   renegotiate_packets = 0
Tue Jul 11 10:41:05 2017 us=991150   renegotiate_seconds = 3600
Tue Jul 11 10:41:05 2017 us=991150   handshake_window = 60
Tue Jul 11 10:41:05 2017 us=991150   transition_window = 3600
Tue Jul 11 10:41:05 2017 us=991150   single_session = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   push_peer_info = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   tls_exit = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   tls_auth_file = 'c:/openvpn/config/keys/ta.key'
Tue Jul 11 10:41:05 2017 us=991150   tls_crypt_file = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_protected_authentication = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_private_mode = 00000000
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=991150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_cert_private = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_pin_cache_period = -1
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_id = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=992150   pkcs11_id_management = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   server_network = 192.168.0.0
Tue Jul 11 10:41:05 2017 us=992150   server_netmask = 255.255.255.0
Tue Jul 11 10:41:05 2017 us=992150   server_network_ipv6 = ::
Tue Jul 11 10:41:05 2017 us=992150   server_netbits_ipv6 = 0
Tue Jul 11 10:41:05 2017 us=992150   server_bridge_ip = 0.0.0.0
Tue Jul 11 10:41:05 2017 us=992150   server_bridge_netmask = 0.0.0.0
Tue Jul 11 10:41:05 2017 us=992150   server_bridge_pool_start = 0.0.0.0
Tue Jul 11 10:41:05 2017 us=992150   server_bridge_pool_end = 0.0.0.0
Tue Jul 11 10:41:05 2017 us=992150   push_entry = 'route-gateway 192.168.0.1'
Tue Jul 11 10:41:05 2017 us=992150   push_entry = 'topology subnet'
Tue Jul 11 10:41:05 2017 us=992150   push_entry = 'ping 10'
Tue Jul 11 10:41:05 2017 us=992150   push_entry = 'ping-restart 120'
Tue Jul 11 10:41:05 2017 us=992150   ifconfig_pool_defined = ENABLED
Tue Jul 11 10:41:05 2017 us=992150   ifconfig_pool_start = 192.168.0.2
Tue Jul 11 10:41:05 2017 us=992150   ifconfig_pool_end = 192.168.0.253
Tue Jul 11 10:41:05 2017 us=992150   ifconfig_pool_netmask = 255.255.255.0
Tue Jul 11 10:41:05 2017 us=992150   ifconfig_pool_persist_filename = 'c:/openvpn/config/ccd/ipp.txt'
Tue Jul 11 10:41:05 2017 us=992150   ifconfig_pool_persist_refresh_freq = 0
Tue Jul 11 10:41:05 2017 us=992150   ifconfig_ipv6_pool_defined = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   ifconfig_ipv6_pool_base = ::
Tue Jul 11 10:41:05 2017 us=992150   ifconfig_ipv6_pool_netbits = 0
Tue Jul 11 10:41:05 2017 us=992150   n_bcast_buf = 256
Tue Jul 11 10:41:05 2017 us=992150   tcp_queue_limit = 64
Tue Jul 11 10:41:05 2017 us=992150   real_hash_size = 256
Tue Jul 11 10:41:05 2017 us=992150   virtual_hash_size = 256
Tue Jul 11 10:41:05 2017 us=992150   client_connect_script = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=992150   learn_address_script = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=992150   client_disconnect_script = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=992150   client_config_dir = 'c:/openvpn/config/ccd'
Tue Jul 11 10:41:05 2017 us=992150   ccd_exclusive = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   tmp_dir = 'C:\Windows\TEMP\'
Tue Jul 11 10:41:05 2017 us=992150   push_ifconfig_defined = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   push_ifconfig_local = 0.0.0.0
Tue Jul 11 10:41:05 2017 us=992150   push_ifconfig_remote_netmask = 0.0.0.0
Tue Jul 11 10:41:05 2017 us=992150   push_ifconfig_ipv6_defined = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   push_ifconfig_ipv6_local = ::/0
Tue Jul 11 10:41:05 2017 us=992150   push_ifconfig_ipv6_remote = ::
Tue Jul 11 10:41:05 2017 us=992150   enable_c2c = ENABLED
Tue Jul 11 10:41:05 2017 us=992150   duplicate_cn = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   cf_max = 0
Tue Jul 11 10:41:05 2017 us=992150   cf_per = 0
Tue Jul 11 10:41:05 2017 us=992150   max_clients = 1024
Tue Jul 11 10:41:05 2017 us=992150   max_routes_per_client = 256
Tue Jul 11 10:41:05 2017 us=992150   auth_user_pass_verify_script = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=992150   auth_user_pass_verify_script_via_file = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   auth_token_generate = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   auth_token_lifetime = 0
Tue Jul 11 10:41:05 2017 us=992150   client = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   pull = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   auth_user_pass_file = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=992150   show_net_up = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   route_method = 2
Tue Jul 11 10:41:05 2017 us=992150   block_outside_dns = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   ip_win32_defined = ENABLED
Tue Jul 11 10:41:05 2017 us=992150   ip_win32_type = 0
Tue Jul 11 10:41:05 2017 us=992150   dhcp_masq_offset = 0
Tue Jul 11 10:41:05 2017 us=992150   dhcp_lease_time = 31536000
Tue Jul 11 10:41:05 2017 us=992150   tap_sleep = 5
Tue Jul 11 10:41:05 2017 us=992150   dhcp_options = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   dhcp_renew = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   dhcp_pre_release = DISABLED
Tue Jul 11 10:41:05 2017 us=992150   domain = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=992150   netbios_scope = '[UNDEF]'
Tue Jul 11 10:41:05 2017 us=992150   netbios_node_type = 0
Tue Jul 11 10:41:05 2017 us=992150   disable_nbt = DISABLED
Tue Jul 11 10:41:05 2017 us=992150 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 20 2017
Tue Jul 11 10:41:05 2017 us=992150 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jul 11 10:41:05 2017 us=992150 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Tue Jul 11 10:41:06 2017 us=144159 Diffie-Hellman initialized with 1024 bit key
Tue Jul 11 10:41:06 2017 us=145158 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 11 10:41:06 2017 us=145158 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 11 10:41:06 2017 us=145158 TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Tue Jul 11 10:41:06 2017 us=145158 interactive service msg_channel=0
Tue Jul 11 10:41:06 2017 us=146159 ROUTE_GATEWAY 192.168.5.1/255.255.255.0 I=13 HWADDR=00:17:9a:b2:f9:ba
Tue Jul 11 10:41:06 2017 us=147158 open_tun
Tue Jul 11 10:41:06 2017 us=148159 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{A3C5D0FC-40E0-4FC6-AD40-1B9625276F2E}.tap
Tue Jul 11 10:41:06 2017 us=148159 TAP-Windows Driver Version 9.21 
Tue Jul 11 10:41:06 2017 us=148159 TAP-Windows MTU=1500
Tue Jul 11 10:41:06 2017 us=148159 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.0.0/192.168.0.1/255.255.255.0 [SUCCEEDED]
Tue Jul 11 10:41:06 2017 us=148159 Sleeping for 5 seconds...
Tue Jul 11 10:41:11 2017 us=149451 Successful ARP Flush on interface [19] {A3C5D0FC-40E0-4FC6-AD40-1B9625276F2E}
Tue Jul 11 10:41:11 2017 us=149451 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 11 10:41:11 2017 us=149451 ******** NOTE:  Please manually set the IP/netmask of 'OpenVPN' to 192.168.0.1/255.255.255.0 (if it is not already set)
Tue Jul 11 10:41:11 2017 us=149451 C:\Windows\system32\route.exe ADD 192.168.202.0 MASK 255.255.255.0 192.168.0.2
Tue Jul 11 10:41:11 2017 us=163452 C:\Windows\system32\route.exe ADD 192.168.203.0 MASK 255.255.255.0 192.168.0.3
Tue Jul 11 10:41:11 2017 us=177452 C:\Windows\system32\route.exe ADD 192.168.204.0 MASK 255.255.255.0 192.168.0.4
Tue Jul 11 10:41:11 2017 us=190454 C:\Windows\system32\route.exe ADD 192.168.205.0 MASK 255.255.255.0 192.168.0.5
Tue Jul 11 10:41:11 2017 us=204455 C:\Windows\system32\route.exe ADD 192.168.206.0 MASK 255.255.255.0 192.168.0.6
Tue Jul 11 10:41:11 2017 us=217455 C:\Windows\system32\route.exe ADD 192.168.207.0 MASK 255.255.255.0 192.168.0.7
Tue Jul 11 10:41:11 2017 us=231456 C:\Windows\system32\route.exe ADD 192.168.208.0 MASK 255.255.255.0 192.168.0.8
Tue Jul 11 10:41:11 2017 us=245456 C:\Windows\system32\route.exe ADD 192.168.210.0 MASK 255.255.255.0 192.168.0.10
Tue Jul 11 10:41:11 2017 us=258458 C:\Windows\system32\route.exe ADD 192.168.211.0 MASK 255.255.255.0 192.168.0.11
Tue Jul 11 10:41:11 2017 us=272458 C:\Windows\system32\route.exe ADD 192.168.212.0 MASK 255.255.255.0 192.168.0.12
Tue Jul 11 10:41:11 2017 us=287459 C:\Windows\system32\route.exe ADD 192.168.213.0 MASK 255.255.255.0 192.168.0.13
Tue Jul 11 10:41:11 2017 us=301459 C:\Windows\system32\route.exe ADD 192.168.214.0 MASK 255.255.255.0 192.168.0.14
Tue Jul 11 10:41:11 2017 us=314461 C:\Windows\system32\route.exe ADD 192.168.215.0 MASK 255.255.255.0 192.168.0.15
Tue Jul 11 10:41:11 2017 us=328462 C:\Windows\system32\route.exe ADD 192.168.216.0 MASK 255.255.255.0 192.168.0.16
Tue Jul 11 10:41:11 2017 us=342462 C:\Windows\system32\route.exe ADD 192.168.217.0 MASK 255.255.255.0 192.168.0.17
Tue Jul 11 10:41:11 2017 us=355463 C:\Windows\system32\route.exe ADD 192.168.218.0 MASK 255.255.255.0 192.168.0.18
Tue Jul 11 10:41:11 2017 us=369464 C:\Windows\system32\route.exe ADD 192.168.219.0 MASK 255.255.255.0 192.168.0.19
Tue Jul 11 10:41:11 2017 us=384464 C:\Windows\system32\route.exe ADD 192.168.220.0 MASK 255.255.255.0 192.168.0.20
Tue Jul 11 10:41:11 2017 us=397465 C:\Windows\system32\route.exe ADD 192.168.221.0 MASK 255.255.255.0 192.168.0.21
Tue Jul 11 10:41:11 2017 us=411466 C:\Windows\system32\route.exe ADD 192.168.222.0 MASK 255.255.255.0 192.168.0.22
Tue Jul 11 10:41:11 2017 us=425467 C:\Windows\system32\route.exe ADD 192.168.223.0 MASK 255.255.255.0 192.168.0.23
Tue Jul 11 10:41:11 2017 us=439467 C:\Windows\system32\route.exe ADD 192.168.224.0 MASK 255.255.255.0 192.168.0.24
Tue Jul 11 10:41:11 2017 us=452468 C:\Windows\system32\route.exe ADD 192.168.225.0 MASK 255.255.255.0 192.168.0.25
Tue Jul 11 10:41:11 2017 us=467470 C:\Windows\system32\route.exe ADD 192.168.226.0 MASK 255.255.255.0 192.168.0.26
Tue Jul 11 10:41:11 2017 us=480470 C:\Windows\system32\route.exe ADD 192.168.227.0 MASK 255.255.255.0 192.168.0.27
Tue Jul 11 10:41:11 2017 us=496471 C:\Windows\system32\route.exe ADD 192.168.228.0 MASK 255.255.255.0 192.168.0.28
Tue Jul 11 10:41:11 2017 us=509472 C:\Windows\system32\route.exe ADD 192.168.229.0 MASK 255.255.255.0 192.168.0.29
Tue Jul 11 10:41:11 2017 us=523473 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Tue Jul 11 10:41:11 2017 us=524473 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jul 11 10:41:11 2017 us=524473 UDPv4 link local (bound): [AF_INET][undef]:1194
Tue Jul 11 10:41:11 2017 us=524473 UDPv4 link remote: [AF_UNSPEC]
Tue Jul 11 10:41:11 2017 us=524473 MULTI: multi_init called, r=256 v=256
Tue Jul 11 10:41:11 2017 us=524473 IFCONFIG POOL: base=192.168.0.2 size=252, ipv6=0
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN2,192.168.0.2', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN3,192.168.0.3', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN4,192.168.0.4', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN5,192.168.0.5', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN6,192.168.0.6', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN7,192.168.0.7', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN8,192.168.0.8', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN9,192.168.0.9', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN10,192.168.0.10', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN11,192.168.0.11', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN12,192.168.0.12', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN13,192.168.0.13', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN14,192.168.0.14', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN15,192.168.0.15', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=524473 ifconfig_pool_read(), in='ClientVPN16,192.168.0.16', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=524473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN17,192.168.0.17', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN18,192.168.0.18', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN19,192.168.0.19', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN20,192.168.0.20', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN21,192.168.0.21', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN22,192.168.0.22', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN23,192.168.0.23', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN24,192.168.0.24', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN25,192.168.0.25', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN26,192.168.0.26', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN27,192.168.0.27', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN28,192.168.0.28', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN29,192.168.0.29', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 ifconfig_pool_read(), in='ClientVPN30,192.168.0.30', TODO: IPv6
Tue Jul 11 10:41:11 2017 us=525473 succeeded -> ifconfig_pool_set()
Tue Jul 11 10:41:11 2017 us=525473 IFCONFIG POOL LIST
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN2,192.168.0.2
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN3,192.168.0.3
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN4,192.168.0.4
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN5,192.168.0.5
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN6,192.168.0.6
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN7,192.168.0.7
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN8,192.168.0.8
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN9,192.168.0.9
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN10,192.168.0.10
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN11,192.168.0.11
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN12,192.168.0.12
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN13,192.168.0.13
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN14,192.168.0.14
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN15,192.168.0.15
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN16,192.168.0.16
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN17,192.168.0.17
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN18,192.168.0.18
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN19,192.168.0.19
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN20,192.168.0.20
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN21,192.168.0.21
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN22,192.168.0.22
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN23,192.168.0.23
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN24,192.168.0.24
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN25,192.168.0.25
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN26,192.168.0.26
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN27,192.168.0.27
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN28,192.168.0.28
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN29,192.168.0.29
Tue Jul 11 10:41:11 2017 us=525473 ClientVPN30,192.168.0.30
Tue Jul 11 10:41:11 2017 us=525473 Initialization Sequence Completed
Tue Jul 11 10:47:24 2017 us=782275 Authenticate/Decrypt packet error: packet HMAC authentication failed
Tue Jul 11 10:47:24 2017 us=782275 TLS Error: incoming packet authentication failed from [AF_INET]192.168.5.1:1194

клиент:

Jul 11 10:47:24 OpenVPN0 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Jul 11 10:47:24 OpenVPN0 Re-using SSL/TLS context
Jul 11 10:47:24 OpenVPN0 LZO compression initializing
Jul 11 10:47:24 OpenVPN0 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Jul 11 10:47:24 OpenVPN0 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Jul 11 10:47:24 OpenVPN0 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Jul 11 10:47:24 OpenVPN0 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Jul 11 10:47:24 OpenVPN0 TCP/UDP: Preserving recently used remote address: [AF_INET]10.2.9.84:1194
Jul 11 10:47:24 OpenVPN0 Socket Buffers: R=[155648->155648] S=[155648->155648]
Jul 11 10:47:24 OpenVPN0 UDP link local (bound): [AF_INET][undef]:1194
Jul 11 10:47:24 OpenVPN0 UDP link remote: [AF_INET]10.2.9.84:1194
Jul 11 10:48:25 OpenVPN0 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jul 11 10:48:25 OpenVPN0 TLS Error: TLS handshake failed
Jul 11 10:48:25 OpenVPN0 TCP/UDP: Closing socket
Jul 11 10:48:25 OpenVPN0 SIGUSR1[soft,tls-error] received, process restarting
Jul 11 10:48:25 OpenVPN0 Restart pause, 10 second(s)

повторюсь, этот же конфиг клиента, прикрученный к keenetic+entware работает безупречно.

ЗЫ как сделать вставку с полосой прокрутки, чтобы не занимать столько места? Или нужно было файл прикрепить?

[Вопросы по интеграции OpenVPN в NDMS]

В 30.06.2017 в 02:46, Le ecureuil сказал:

Поправлено, появится в следующей сборке.

Здравствуйте!

Обновился, на сегодня лог такой:

Jul 04 09:33:35 OpenVPN0 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Jul 04 09:33:35 OpenVPN0 TCP/UDP: Preserving recently used remote address: [AF_INET]10.2.9.84:1194
Jul 04 09:33:35 OpenVPN0 UDP link local (bound): [AF_INET][undef]:1194
Jul 04 09:33:35 OpenVPN0 UDP link remote: [AF_INET]10.2.9.84:1194
Jul 04 09:34:35 OpenVPN0 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jul 04 09:34:35 OpenVPN0 TLS Error: TLS handshake failed
Jul 04 09:34:35 OpenVPN0 SIGUSR1[soft,tls-error] received, process restarting

лог сервера:

Tue Jul 04 09:33:35 2017 TLS Error: incoming packet authentication failed from [AF_INET]192.168.5.1:1194
Tue Jul 04 09:33:38 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Tue Jul 04 09:33:38 2017 TLS Error: incoming packet authentication failed from [AF_INET]192.168.5.1:1194
Tue Jul 04 09:33:42 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Tue Jul 04 09:33:42 2017 TLS Error: incoming packet authentication failed from [AF_INET]192.168.5.1:1194

что я делаю не так?

Спасибо.

[Вопросы по интеграции OpenVPN в NDMS]

17 часов назад, Le ecureuil сказал:

пришлите инструкцию по созданию ключей и конфига на сервере.

конфиг сервера, батник для генерации ключей и батник который запускает генерацию, передавая имя клиента.

в таком варианте на сегодня работают клиенты под виндой и кинетик + ентваре.

ovpn.7z

[Вопросы по интеграции OpenVPN в NDMS]

В 25.06.2017 в 15:45, Le ecureuil сказал:

Неужели у всех все заработало?

У меня не заработало, повторюсь, чтобы вам не листать выше,

конфиг:

client
proto udp
remote 10.2.9.84 1194
dev tun
nobind
comp-lzo
#ns-cert-type server
tls-client

<tls-auth>
.........
</tls-auth>
<dh>
.........
</dh>
<pkcs12>
.........
</pkcs12>

лог:

Jun 28 10:53:39 OpenVPN0 OpenVPN 2.4.3 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD]
Jun 28 10:53:39 OpenVPN0 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.10
Jun 28 10:53:39 ndm      Service: "OpenVPN": unexpectedly stopped.

На сервере в логе нет попыток подключения.

self-test.txt

[Вопросы по интеграции OpenVPN в NDMS]

10 часов назад, Bluesboy сказал:

Все завелось сразу, скормил конфиг вместе с сертификатами, вот такого вида и все взлетело как надо

Повторил ваш конфиг за исключением удаленного адреса и порта и включенных файлов, у меня включение выглядит так:

<tls-auth>
.....
</tls-auth>
<dh>
.....
</dh>
<pkcs12>
.....
</pkcs12>

Если дело не в этом, может все-таки мне не хватает какой-нибудь компоненты, во вложении те, что у меня сейчас установлены

 

[Вопросы по интеграции OpenVPN в NDMS]

1 час назад, Le ecureuil сказал:

Скиньте ваш конфиг в личку, попробую поразбираться.

скинул

[Вопросы по интеграции OpenVPN в NDMS]

Повторил на Keenetic III, результат тот же.

[Вопросы по интеграции OpenVPN в NDMS]

Перезагрузил роутер, открыл конфиг OVPNа применил ничего не меняя, в журнале следующее:

Jun 15 16:37:15ndmNetwork::Interface::Base: "OpenVPN0": interface is up.
Jun 15 16:37:15ndmNetwork::Interface::Base: "OpenVPN0": description saved.
Jun 15 16:37:15ndmNetwork::Interface::IP: "OpenVPN0": global priority enabled.
Jun 15 16:37:15ndmNetwork::Interface::IP: TCP-MSS adjustment enabled.
Jun 15 16:37:15ndmNetwork::Interface::IP: "OpenVPN0": IP address cleared.
Jun 15 16:37:15ndmNetwork::Interface::Base: "OpenVPN0": schedule cleared.
Jun 15 16:37:15ndmNetwork::Interface::OpenVpn: "OpenVPN0": set connection via any interface.
Jun 15 16:37:16ndmNetwork::Interface::OpenVpn: "OpenVPN0": configuration successfully saved.
Jun 15 16:37:16ndmNetwork::Interface::OpenVpn: "OpenVPN0": enable automatic routes accept via tunnel.
Jun 15 16:37:16ndmCore::ConfigurationSaver: saving configuration...
Jun 15 16:37:46ndmAlarmListener: sending alarm to "Network::Interface::LinkDetector" 30 seconds.
Jun 15 16:37:55ndmEvent::Acceptor: sending "Event::Type::Neighbour" to "Network::Interface::AccessPoint" 30 seconds.
Jun 15 16:38:16ndmAlarmListener: sending alarm to "Network::Interface::LinkDetector" 60 seconds.
Jun 15 16:38:17keenetic_extra nginx(conn: *96) upstream timed out (145: Unknown error) while reading response header from upstream, client: 192.168.211.66
Jun 15 16:38:25ndmEvent::Acceptor: sending "Event::Type::Neighbour" to "Network::Interface::AccessPoint" 60 seconds.
Jun 15 16:38:46ndmAlarmListener: sending alarm to "Network::Interface::LinkDetector" 90 seconds.
Jun 15 16:38:55ndmEvent::Acceptor: sending "Event::Type::Neighbour" to "Network::Interface::AccessPoint" 90 seconds.
Jun 15 16:39:16ndmAlarmListener: sending alarm to "Network::Interface::LinkDetector" 120 seconds.
Jun 15 16:39:25ndmEvent::Acceptor: sending "Event::Type::Neighbour" to "Network::Interface::AccessPoint" 120 seconds.

 

[Вопросы по интеграции OpenVPN в NDMS]

В 14.06.2017 в 15:43, Le ecureuil сказал:

Переведите .p12 файл в base64-форму:

$ openssl base64 -in input.p12

1. Отлично! Спасибо! Конфиг загрузился, в журнале ошибок нет, но подключения тоже нет. Перечитал всю ветку, так и не понял, что нужно, чтобы подключился? Может какие-то компоненты не установил, которые нужны для OpenVPN? Например не сразу нарыл, что если не установить PPPoE то и OpenVPNа не будет.

2. Роутер (Keenetic Extra II) постоянно повисает, закономерности еще не понял, последний раз после загрузки простоял с час, все хорошо, потом открыл конфиг OVPN и применил без изменений, в журнале полезли предупреждения (позже повторю и покажу их) и при попытке переключиться на другую закладку повис. Перед этим, роутер был сброшен на заводские настройки, изменен локальный IP, задан пароль и залит конфиг OVPN. Больше ничего не настраивалось.

[Вопросы по интеграции OpenVPN в NDMS]

19 часов назад, Le ecureuil сказал:

Вставляйте в тело конфига содержимое clientvpn11.p12 внутрь тегов <pkcs12></pkcs12>.

Здравствуйте!

такой получился конфиг:

remote 10.2.9.84
port 1194
proto udp
dev tun
route-method exe
route-delay 3
client
tls-client
ns-cert-type server
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 4

<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
1f1d18875c3bc7dac1652f6475681dd9
2951c918675974cc9915f913269e49bf
451131bab72a2aa148a6ed86d974cdbe
f0b3425ab0a588301e54a9ea5ff8dffd
6539ef7aa34f2237375c85a46cf07970
b673c646a7fceed4fd179ddbaa3aea52
910f8a481a95494e3ecc0e046d253380
a64281682ee71658e876a6a139a6e456
d70a8a05cd7cca9660ede617d772c4f8
923d9130e07b179da1a4136e71910cb5
049b016744d7923d5669a240aa2d4bf6
e9564459826d89316f677c7823ae608a
1e8dbde98b45a29d9dee25beeeea9bcd
5d1f14f80c3bc0e0f5ca3fdf6d2eb4e9
a2b087cc36e7582a018f4688b4806178
452a850a66e33730671f8bb02ffe963e
-----END OpenVPN Static key V1-----
</tls-auth>
<dh>
-----BEGIN DH PARAMETERS-----
MIGHAoGBANtvB/QMdIVgZOm1MnJC1At+GdJAO4CgmctrePs2+w4Pyl3xYg5sXBsn
gzKCHpiAtaMS7ukOmiP6sNpZwuuyj1bkWJI/IuKm+DmFjtv2EUcTRaIbxDbirbjC
Db9vJ4bCfARtW4eUbwuE0Yc8eLcJK4uT6J/BO94L+ChCt3wD2XtjAgEC
-----END DH PARAMETERS-----
</dh>
<pkcs12>
0‚H66yH50H49H510‚H66?H54	*†H†ч
H49H55H49 ‚H660H52‚H66,0‚H66(0‚�'H54	*†H†ч
H49H55H54 ‚�I560‚�I52H50H49 0‚�
H54	*†H†ч
H49H55H490I67H54
*†H†ч
H49�H49H540H69H52�ZI57З  Ь�CH50H50� Ђ‚H55а�ИЪI66B€‘”ҐUI52вrI70щЮ`пыaЉ[6g0I57¤ p) ѓT.К\@књ5аСЗ[•n"BщH$$IGФH54™y8alH66і
8ћЯ2УЮёҐk_ёaX¶8M.Ѕв&e№I69ћI57гR№‚]&–€цN»И/тЫ“‘RI51Н‡H70Чv%ИuH518I54›H55ЏЖЧZ€3C[µbЂ'�|ѕЭ<т2MI50CМI51M�ѓд_§L,\Т|H50"~сЊ'¬H53єЙYСТв#(kЅњF·ЛшI52H55гЄH49�OСмЎdшлH54I50aI65
(зЁ€dНЇ±7‚FGџ I57Іб©H55Ѕf•«[i¦2тGH533ЗОJy4їЛј=I51С`м‹яШ	lNдЄ9o¶МмІЖS9ҐэEҐЕb =Ц=P&иц–,ђі<нНIH52*0­LЬH50ёСH50І/X­-РЌрп‘@ЕЊzH49Z®ѓVП)сHOH55$_9	ms·Щr‹I67H69фI51m=H51HH55hRІ:Ю#F^H66яBH66кгwџaЦ	H53ШхфнZџGЇ~I65Qс ЯуЛґI51ѓ$Ч±TfМ@PRЖщжp{t]H50Жp\иЅИҐI54qЫќќЯH53ЖGкb
У7·e‘ДлulѕI69еБkU(ХКҐИH55OH54u<=Ь…њ¬„I66.Uk?.іC_I49ъµів–bЙ&MР’jеEІI50�*X–nп‚ „Ъ>‰‚BzС еИ~¤?‡BќxI52PфўzH55ѓ]5#—Ґё!H51R™5…zЧяКнЎI66Я\%M“�#j{YзїI48iщm…±I660^H66џ|ЗYвЈ¬ТйI66Ё-чЅ4№ЁH55†%hf#K�дЛk)
E1ч±U I52ъI56Q[p±ѕF„™ЦP°ZLH505фК7Dј®dпщUа ЮГУЦnDкWэЖАcґI526H49ҐE›�12a4аI81в`
ІцmMЙћ’}©I50H70к–Ґй�bСй<ыjУВУ3I52бъТЮдЏ*ъFю«I70бзrZЗNhPЌ‘®C—pКI51h@6ъI54&UёjL„иtH51tЋжл5fI49
чJ€,+wc5
ie~ЯH50I49GH52ЋЅw]Н¤ЪCIњUU„H660t™‹3?ў&шТъI53т»И‹д4f™!– k‚I56z\›gц­»М"±H53”тBЅЊ6b¦4‹hIићї"/-¤I52±аrjаБd­k'э‹юP§Ѕ(ЕЇ5o)19‹/…(шH55РЮ—Uп„”yљМSyµqdgЌЃE·Ф8№r4¦«ЁBI51бЊЭ®GгOYI50rх~Д6gЊ+I54hI70©eM»ЈдyH54H55'Вkэ]ьEI53т¦V№у=I66ЋH69bО‹(¬ohщQ9H51H690}°„(ВИжI55H69pиХ[є€ћОИZH700­a±мH66D4I688H52*ЪzSHЫI56’b|uд;°“%Л?ЯH52>H70ШЪБЅSQXNб.гЖЎR›єL
µ!%E{�ЦaI67ќОЯ§
дCI56)§щБ�I55ч‚I660Ы�H52ъЙћ+7H52 S"ћ®H66№ЦXд±ћ2nTµѕ¤AQ™zїKтйаS¦ЇyЭАБ‡юXИлI70I69СXI35їWWl¦МС(іK¶”І!аЫH518ЖH54I69H70_�·®H51d¤ТH54ЬOLћ-®Ѕ”;
¬BНэ”Ы-Є}CѕКU1I65‚		Zі:H53пC¤mнНhџH49аш>I53b+й^,ҐСJРЛw@Шtх?Дµ1�PrI56O·КцEвіwґКmВ–°~©jQJ�тN*dЏЄБI48I67I65Ыbz=o7ХІ:+ "H51‹I56	)H69с_A8‡хЕp#2рj@-pvH69и:э€Орфє0om�I49I66°x;Ґш[3H50ЇUH53ВВ§ЏVXј]Гџ–s%a/ЅtРьI70КЄ7•rH70o|чстгѓЅ<чK…�H51H516'іIwЙыѕWжMH70@�I57Х”БЗќI51АЌЧѕщ—n°bЁуЄ®H70[3В•ч4™ЧqЁC`ўI56FфdІЌ6±>MЌ»ё3—8щъiЭZ$Йs(э:SY'2ШWQШ%пЦПКW4€X?I54є$зБЃчVm‰A‘’I56ЊЯ¶НЉ”>фCH51I70ЁЁI50_»·фУ.·H53Эч›H51ОqnКЇЯxSFАH49dћ?ММ„
гЁ@уСCH70 fЫ±€�YЫ¦H53n¬9…яГ¦'ф СЬ	:®Ъ/
I66Б	ТІЉюH70[фїI69H51H49Ф{~охI56`›m¦ю_	дI69rbцO—чЮГ�І‘п8I69аФц€I69C§LЊѓ—yьIgXв?QH55I49=$vQaH70·I70єЉ"'Мs?%zH49‚рх7-8ќLwўж§ЛбИјю!Ей#�/=Fў(Ї±�5чд‘TґечЧ�7•§“:”к$·I69УѓJ!Ь]г;4#±‹«умђд§y7•mбH51H69ХµgЋH—но)ЏіАрI51“®С%}fSЯ­в¶i¬JloхЧѕЁѕL+3±'w¬cp‚Њёи—УKч#ЅV][GSI53ЄЎ™I67-S‰”H51I55б†MА¦L»\џћOA$xI54H54`ТiЌухыГI66[нїр H54Xх5†ФYH55РbI488“,rЩI57Г.њgYЕH54	,Cп•љ{8Tg�}“H50>™¶гmVI70ќ°H49k}яЅ &чle“C#чєе‘ЊѕAH55дЪяы6ҐJ@~ґvMI70­I521!ёђH51kЛfЇ@OyРРхl–ђ†©ђјЁ–ФтI53дЯl{ЮМЩI56ж<2_Wы/щjЃз!9К.+{ж]g…юI700ў©I56H49Јм»юЂgI·[§HЁшWP|ШWЊ1lOјЇHмћЫЦЉ°кГH692G	‰є(Ш?ЄЊю)RG{;ґЃXіїЏйdX;†
¬~ДTOC&ХИшLЖќod9±#H49]CЈЙkY6иЬfюkўэзЕ›€�јP№ЧzТҐ·WнQ	>ш[I65ЭwI67xЉ­/7/cv0‚H50щH54	*†H†ч
H49H55H49 ‚H50кH52‚H50ж0‚H50в0‚H50ЮH54H66*†H†ч
H49�
H49H50 ‚H50¦0‚H20ў0I67H54
*†H†ч
H49�H49H510H69H52�I49€оЄ
т\QH50H50� H52‚H50Ђфх©†|I672°q1мѓJ“юБZоE=•�N¬“чy®!№H50I69шФI18¬м€\­&й"FыhЪI66Љ©KО8%
Г%dўОУkH69ЃљkѕI54�=ЊМ

єI68ЁаМ8R™АcI52NҐI57¤ЏэыЇvт `H49f¦B§7lI50uЅФII562H55_I52cюnI54|я›џXI48H70ъ¦Nъбр№o»Р:{H70w:@h1_{3Ыi}уzЇІЁa#|eH667БH55“™I69�QЗэtґС™CЄ’Щјуе’єЏћI52?ґ‹ОКЦЭґsг+`]I57Ю[ЂЩIа%:I66ФЗH55ь#I69mН…¶fOєґAw†P>I54\¦ђrI55эI52Шs­њ‘“ I49VuI65лH66эЭъkыeC: T‰Ї й„	I48€џЈаehм§)zI67H66YЦФяњЂҐIЗcИ-»§hhl±A!kFлKI67–Џtў
I53ю °I52I49JЅђ“";БLэMvэOйI50#©сЛ�ЁЯ*¤RI48ХЪарI53H«фэG:Гb`ЎХ?I54ьЇ8шOъзH49ШїпцkњQ>х1I515‰зЪ!В8ќЭI56К¬и<ХI50?63EYХїosГзџl I57МB;ЃДI57ХbC\s#�в„Ш1џjПwb¦a‘Ѓ\дЈ}И–oH51ќI56›„‹I50ZXЖА­pўxvЁ ЭИtdКR!›еµь7G�yпH54|H70I55LэЁJ€I56»Ш‘lуvt
у—Л5«n*~БI676Я|чсхxѓ–•ЅрЈРU&Ь#дH69ЬМЯЙH50lJI57j;нЫҐ Ч§ўlI535ЧH70\@H55фм#…ЮF}{>&H70µўҐ“ нО»I567ГH50p¶H
щyqКd§@:H69„Lt‡ЃI69ЃH55I57I66Xz�Њ„І·I57I55H54С�I49I48Ф UЫGI50Ёџcе—ѓ¤H55:як›н4Ћ…РпI56I53¤я¬	­Иm1%0#H54	*†H†ч
H49	I531I54H52I52j~�]‹6,5H505"NґГsL#I56®о010!0	H54H53+H69H51H50I65H53 H52I52�Ѕ=ЕЛЄaH66qAьe{у?abА<гH52�e7ф/SS4»H50H50� 
</pkcs12>

а это лог:

Jun 14 11:29:14 OpenVPN0 OpenVPN 2.4.2 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD]
Jun 14 11:29:14 OpenVPN0 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.10
Jun 14 11:29:14 OpenVPN0 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Jun 14 11:29:14 OpenVPN0 OpenSSL: error:0D07207B:lib(13):func(114):reason(123)
Jun 14 11:29:14 OpenVPN0 Error reading inline PKCS#12 file
Jun 14 11:29:14 OpenVPN0 Exiting due to fatal error
Jun 14 11:29:14 ndm      Service: "OpenVPN": unexpectedly stopped.

в конфиге заменил:

ns-cert-type server

на:

remote-cert-tls server

правильно ли я понял предупреждение в логе?

и что я сделал не правильно с PKCS#12?

Спасибо за помощь!

[Вопросы по интеграции OpenVPN в NDMS]

В 10.06.2017 в 20:43, KorDen сказал:

Вариант 2, более правильный: засунуть содержимое crt и key в ovpn: Открываем все файлы на редактирование в блокноте, смотрим в ovpn, какой файл указан в директиве ca (например ca serverca.crt). Удаляем эту строчку, вместо этого помещаем содержимое нужного файла в <ca> </ca> в конце ovpn файла. Аналогично делаем для key (<key>) и cert (<cert>).

Использую такой конфиг:

remote 10.2.9.84
port 1194
proto udp
dev tun

pkcs12 /opt/etc/openvpn/keys/clientvpn11.p12
dh /opt/etc/openvpn/keys/dh1024.pem
tls-auth /opt/etc/openvpn/keys/ta.key 1
status /opt/etc/openvpn/status.log
log /opt/etc/openvpn/openvpn.log

route-method exe
route-delay 3	

client
tls-client

ns-cert-type server

keepalive 10 120
comp-lzo

persist-key
persist-tun

verb 3

как быть с pkcs12?