[Вопросы по интеграции OpenVPN в NDMS]

7 hours ago, Le ecureuil said:

А на странице соединений не пробовали значение приоритета поставить самым высоким?

Именно с OpenVPN у вас проблем нет.

Да, это я ступил. Действительно заработало с самым высоким приоритетом. 

[Вопросы по интеграции OpenVPN в NDMS]

У меня не работает с таким конфигом (Соединение с сервером происходит, но горит серый значок "ожидание".):

client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
key-direction 1
verb 3

<ca>
</ca>

<cert>
</cert>

<key>
</key>

<tls-auth>
</tls-auth>

server.conf:

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

log:

Aug 06 01:08:15ndmNetwork::Interface::Supplicant: "OpenVPN0": authnentication is unchanged.
Aug 06 01:08:15ndmNetwork::Interface::Base: "OpenVPN0": description saved.
Aug 06 01:08:15ndmNetwork::Interface::IP: "OpenVPN0": IP address cleared.
Aug 06 01:08:15ndmNetwork::Interface::IP: "OpenVPN0": global priority enabled.
Aug 06 01:08:15ndmNetwork::Interface::IP: "OpenVPN0": TCP-MSS adjustment enabled.
Aug 06 01:08:16ndmNetwork::Interface::OpenVpn: "OpenVPN0": configuration successfully saved.
Aug 06 01:08:16ndmNetwork::Interface::OpenVpn: "OpenVPN0": enable automatic routes accept via tunnel.
Aug 06 01:08:16ndmNetwork::Interface::OpenVpn: "OpenVPN0": set connection via ISP.
Aug 06 01:08:16ndmNetwork::Interface::Base: "OpenVPN0": interface is up.
Aug 06 01:08:16ndmNetwork::Interface::Base: "OpenVPN0": schedule cleared.
Aug 06 01:08:16ndmCore::ConfigurationSaver: saving configuration...
Aug 06 01:08:16OpenVPN0event_wait : Interrupted system call (code=4)
Aug 06 01:08:17OpenVPN0Closing TUN/TAP interface
Aug 06 01:08:17OpenVPN0SIGINT[hard,] received, process exiting
Aug 06 01:08:19OpenVPN0OpenVPN 2.4.3 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD]
Aug 06 01:08:19OpenVPN0library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Aug 06 01:08:19OpenVPN0Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Aug 06 01:08:19OpenVPN0Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Aug 06 01:08:19OpenVPN0TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Aug 06 01:08:19OpenVPN0Socket Buffers: R=[155648->155648] S=[155648->155648]
Aug 06 01:08:19OpenVPN0UDP link local: (not bound)
Aug 06 01:08:19OpenVPN0UDP link remote: [AF_INET]x.x.x.x:1194
Aug 06 01:08:19OpenVPN0NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Aug 06 01:08:19OpenVPN0TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=38e6449d c6b08a03
Aug 06 01:08:19OpenVPN0VERIFY SCRIPT OK: depth=1, CN=ChangeMe
Aug 06 01:08:19OpenVPN0VERIFY OK: depth=1, CN=ChangeMe
Aug 06 01:08:19OpenVPN0VERIFY KU OK
Aug 06 01:08:19OpenVPN0Validating certificate extended key usage
Aug 06 01:08:19OpenVPN0++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Aug 06 01:08:19OpenVPN0VERIFY EKU OK
Aug 06 01:08:19OpenVPN0VERIFY SCRIPT OK: depth=0, CN=server
Aug 06 01:08:19OpenVPN0VERIFY OK: depth=0, CN=server
Aug 06 01:08:20ndmCore::ConfigurationSaver: configuration saved.
Aug 06 01:08:21OpenVPN0Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Aug 06 01:08:21OpenVPN0[server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Aug 06 01:08:21ndmNetwork::Interface::OpenVpn: "OpenVPN0": added host route to remote endpoint x.x.x.x via x.x.x.x.
Aug 06 01:08:23OpenVPN0SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Aug 06 01:08:23OpenVPN0PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Aug 06 01:08:23OpenVPN0OPTIONS IMPORT: timers and/or timeouts modified
Aug 06 01:08:23OpenVPN0OPTIONS IMPORT: --ifconfig/up options modified
Aug 06 01:08:23OpenVPN0OPTIONS IMPORT: route options modified
Aug 06 01:08:23OpenVPN0OPTIONS IMPORT: route-related options modified
Aug 06 01:08:23OpenVPN0OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Aug 06 01:08:23OpenVPN0Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 06 01:08:23OpenVPN0Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Aug 06 01:08:23OpenVPN0Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Aug 06 01:08:23OpenVPN0Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Aug 06 01:08:23OpenVPN0TUN/TAP device tun0 opened
Aug 06 01:08:23OpenVPN0TUN/TAP TX queue length set to 100
Aug 06 01:08:23OpenVPN0do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Aug 06 01:08:23ndmNetwork::Interface::IP: "OpenVPN0": IP address is 10.8.0.2/24.
Aug 06 01:08:23ndmNetwork::Interface::OpenVpn: "OpenVPN0": adding nameserver 8.8.8.8.
Aug 06 01:08:23ndmDns::Manager: name server 8.8.8.8 added, domain (default).
Aug 06 01:08:23ndmNetwork::Interface::OpenVpn: "OpenVPN0": add route to nameserver 8.8.8.8 via 0.0.0.0 (OpenVPN0).
Aug 06 01:08:23ndmNetwork::Interface::OpenVpn: "OpenVPN0": adding nameserver 8.8.4.4.
Aug 06 01:08:23ndmDns::Manager: name server 8.8.4.4 added, domain (default).
Aug 06 01:08:23ndmNetwork::Interface::OpenVpn: "OpenVPN0": add route to nameserver 8.8.4.4 via 0.0.0.0 (OpenVPN0).
Aug 06 01:08:23OpenVPN0GID set to nobody
Aug 06 01:08:23OpenVPN0UID set to nobody
Aug 06 01:08:23OpenVPN0Initialization Sequence Completed