Помогите понять почему не работает OpenVPN клиент на Viva

[sergey_lp]

Всем привет. Настраиваю клиента openVPN. В логах роутера все выглядит вот так

Скрытый текст

Core::Syslog: the system log has been cleared.
Июл 17 00:14:10 ndm
Network::Interface::Base: "OpenVPN0": interface is up.
Июл 17 00:14:10 ndm
Core::System::StartupConfig: saving (http/rci).
Июл 17 00:14:13 OpenVPN0
Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback 'BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Июл 17 00:14:13 OpenVPN0
OpenVPN 2.6_git [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Июл 17 00:14:13 OpenVPN0
library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
Июл 17 00:14:13 OpenVPN0
Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Июл 17 00:14:13 OpenVPN0
Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Июл 17 00:14:13 OpenVPN0
Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Июл 17 00:14:13 OpenVPN0
Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Июл 17 00:14:13 OpenVPN0
Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 headroom:126 payload:1376 tailroom:126 ET:0 ]
Июл 17 00:14:13 OpenVPN0
Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 headroom:136 payload:1736 tailroom:557 ET:0 ]
Июл 17 00:14:13 OpenVPN0
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1585,tun-mtu 1500,proto UDPv4,auth SHA512,keysize 128,key-method 2,tls-client'
Июл 17 00:14:13 OpenVPN0
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1585,tun-mtu 1500,proto UDPv4,auth SHA512,keysize 128,key-method 2,tls-server'
Июл 17 00:14:13 OpenVPN0
Socket Buffers: R=[155648->155648] S=[155648->155648]
Июл 17 00:14:13 OpenVPN0
UDPv4 link local: (not bound)
Июл 17 00:14:13 OpenVPN0
UDPv4 link remote: [AF_INET]+++++IP_ADRESS_OVPN_SERVER:1194
Июл 17 00:14:13 OpenVPN0
NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Июл 17 00:14:13 OpenVPN0
TLS: Initial packet from [AF_INET]+++++IP_ADRESS_OVPN_SERVER:1194, sid=f3fa4901 ce77bef9
Июл 17 00:14:13 OpenVPN0
VERIFY SCRIPT OK: depth=1, CN=Easy-RSA CA
Июл 17 00:14:13 OpenVPN0
VERIFY OK: depth=1, CN=Easy-RSA CA
Июл 17 00:14:13 OpenVPN0
VERIFY KU OK
Июл 17 00:14:13 OpenVPN0
Validating certificate extended key usage
Июл 17 00:14:13 OpenVPN0
++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Июл 17 00:14:13 OpenVPN0
VERIFY EKU OK
Июл 17 00:14:13 OpenVPN0
VERIFY SCRIPT OK: depth=0, CN=server
Июл 17 00:14:13 OpenVPN0
VERIFY OK: depth=0, CN=server
Июл 17 00:14:14 OpenVPN0
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1585', remote='link-mtu 1601'
Июл 17 00:14:14 OpenVPN0
WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Июл 17 00:14:14 OpenVPN0
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Июл 17 00:14:14 OpenVPN0
[server] Peer Connection Initiated with [AF_INET]+++++IP_ADRESS_OVPN_SERVER:1194
Июл 17 00:14:14 ndm
Network::Interface::OpenVpn: "OpenVPN0": connecting via ISP (GigabitEthernet1).
Июл 17 00:14:14 ndm
Network::Interface::OpenVpn: "OpenVPN0": added host route to remote endpoint +++++IP_ADRESS_OVPN_SERVER via 192.168.0.1.
Июл 17 00:14:14 OpenVPN0
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 1.1.1.1,block-outside-dns,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Июл 17 00:14:14 OpenVPN0
Pushed option removed by filter: 'block-outside-dns'
Июл 17 00:14:14 OpenVPN0
OPTIONS IMPORT: timers and/or timeouts modified
Июл 17 00:14:14 OpenVPN0
OPTIONS IMPORT: --ifconfig/up options modified
Июл 17 00:14:14 OpenVPN0
OPTIONS IMPORT: route options modified
Июл 17 00:14:14 OpenVPN0
OPTIONS IMPORT: route-related options modified
Июл 17 00:14:14 OpenVPN0
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Июл 17 00:14:14 OpenVPN0
OPTIONS IMPORT: peer-id set
Июл 17 00:14:14 OpenVPN0
OPTIONS IMPORT: data channel crypto options modified
Июл 17 00:14:14 OpenVPN0
net_route_v4_best_gw query: dst 0.0.0.0
Июл 17 00:14:14 OpenVPN0
net_route_v4_best_gw result: via 192.168.0.1 dev eth3
Июл 17 00:14:14 OpenVPN0
TUN/TAP device tun0 opened
Июл 17 00:14:14 OpenVPN0
do_ifconfig, ipv4=1, ipv6=0
Июл 17 00:14:14 OpenVPN0
net_iface_mtu_set: mtu 1500 for tun0
Июл 17 00:14:14 ndm
Network::Interface::Ip: "OpenVPN0": IP address is 10.8.0.4/24.
Июл 17 00:14:14 OpenVPN0
/tmp/openvpn/OpenVPN0/openvpn-up tun0 1500 0 10.8.0.4 255.255.255.0 init
Июл 17 00:14:14 ndm
Core::System::StartupConfig: configuration saved.
Июл 17 00:14:14 OpenVPN0
net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
Июл 17 00:14:14 OpenVPN0
net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
Июл 17 00:14:14 ndm
Network::Interface::OpenVpn: "OpenVPN0": adding nameserver 8.8.8.8.
Июл 17 00:14:14 ndm
Dns::Manager: name server 8.8.8.8 added, domain (default).
Июл 17 00:14:14 ndm
Network::Interface::OpenVpn: "OpenVPN0": add route to nameserver 8.8.8.8 via 0.0.0.0 (OpenVPN0).
Июл 17 00:14:14 ndm
Network::Interface::OpenVpn: "OpenVPN0": adding nameserver 1.1.1.1.
Июл 17 00:14:14 ndm
Dns::Manager: name server 1.1.1.1 added, domain (default).
Июл 17 00:14:14 ndm
Network::Interface::OpenVpn: "OpenVPN0": add route to nameserver 1.1.1.1 via 0.0.0.0 (OpenVPN0).
Июл 17 00:14:14 OpenVPN0
Data Channel: using negotiated cipher 'AES-256-GCM'
Июл 17 00:14:14 OpenVPN0
Data Channel MTU parms [ mss_fix:1400 max_frag:0 tun_mtu:1500 headroom:136 payload:1736 tailroom:557 ET:0 ]
Июл 17 00:14:14 OpenVPN0
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Июл 17 00:14:14 OpenVPN0
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Июл 17 00:14:14 OpenVPN0
UID set to nobody
Июл 17 00:14:14 OpenVPN0
GID set to nobody
Июл 17 00:14:14 OpenVPN0
Capabilities retained: CAP_NET_ADMIN
Июл 17 00:14:14 OpenVPN0
Initialization Sequence Completed
Июл 17 00:14:15 ndm
Http::Nginx: loaded SSL certificate for "72392cdadbdebbeeb528c4ab.keenetic.io".
Июл 17 00:14:15 ndm
Core::Server: started Session /var/run/ndm.core.socket.
Июл 17 00:14:15 ndm
Core::Session: client disconnected.
Июл 17 00:14:15 ndm
Http::Manager: updated configuration.
Июл 17 00:14:15 ndm
Core::Server: started Session /var/run/ndm.core.socket.
Июл 17 00:14:15 ndm
Core::Session: client disconnected.
Июл 17 00:15:55 ndm
Network::Interface::Base: "OpenVPN0": interface is down.
Июл 17 00:15:55 ndm
Core::System::StartupConfig: saving (http/rci).
Июл 17 00:15:56 ndm
Network::Interface::Ip: "OpenVPN0": IP address cleared.
Июл 17 00:15:56 ndm
Network::Interface::OpenVpn: "OpenVPN0": remove installed accepted routes.
Июл 17 00:15:56 OpenVPN0
event_wait : Interrupted system call (fd=-1,code=4)
Июл 17 00:15:56 OpenVPN0
TCP/UDP: Closing socket
Июл 17 00:15:56 OpenVPN0
net_route_v4_del: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
Июл 17 00:15:56 OpenVPN0
net_route_v4_del: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
Июл 17 00:15:56 OpenVPN0
/tmp/openvpn/OpenVPN0/openvpn-down tun0 1500 0 10.8.0.4 255.255.255.0 init
Июл 17 00:15:56 OpenVPN0
Closing TUN/TAP interface
Июл 17 00:15:56 OpenVPN0
SIGTERM[hard,] received, process exiting
Июл 17 00:15:57 ndm
Http::Nginx: loaded SSL certificate for "72392cdadbdebbeeb528c4ab.keenetic.io".
Июл 17 00:15:57 ndm
Core::Server: started Session /var/run/ndm.core.socket.
Июл 17 00:15:57 ndm
Core::Session: client disconnected.
Июл 17 00:15:57 ndm
Http::Manager: updated configuration.
Июл 17 00:15:57 ndm
Core::Server: started Session /var/run/ndm.core.socket.
Июл 17 00:15:57 ndm
Core::Session: client disconnected.
Июл 17 00:15:59 ndm
Core::System::StartupConfig: configuration saved.

Лог на сервера вот такой:

Скрытый текст

Jul 17 13:15:27 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jul 17 13:15:27 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 17 13:15:27 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jul 17 13:15:27 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 17 13:15:27 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 TLS: Initial packet from [AF_INET]+++++IP_ADRESS_OVPN_SERVER:56251, sid=cff97938 cee9733b
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 CRL: loaded 1 CRLs from file crl.pem
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 VERIFY OK: depth=1, CN=Easy-RSA CA
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 VERIFY OK: depth=0, CN=keenetic
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 peer info: IV_VER=2.6_git
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 peer info: IV_PLAT=linux
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 peer info: IV_TCPNL=1
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 peer info: IV_NCP=2
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 peer info: IV_PROTO=94
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 peer info: IV_LZO_STUB=1
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 peer info: IV_COMP_STUB=1
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 peer info: IV_COMP_STUBv2=1
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1585'
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Jul 17 13:15:28 20230702DGh openvpn[7919]: +++++IP_ADRESS_OVPN_SERVER:56251 [keenetic] Peer Connection Initiated with [AF_INET]+++++IP_ADRESS_OVPN_SERVER:56251
Jul 17 13:15:28 20230702DGh openvpn[7919]: keenetic/+++++IP_ADRESS_OVPN_SERVER:56251 MULTI_sva: pool returned IPv4=10.8.0.4, IPv6=(Not enabled)
Jul 17 13:15:28 20230702DGh openvpn[7919]: keenetic/+++++IP_ADRESS_OVPN_SERVER:56251 MULTI: Learn: 10.8.0.4 -> keenetic/+++++IP_ADRESS_OVPN_SERVER:56251
Jul 17 13:15:28 20230702DGh openvpn[7919]: keenetic/+++++IP_ADRESS_OVPN_SERVER:56251 MULTI: primary virtual IP for keenetic/+++++IP_ADRESS_OVPN_SERVER:56251: 10.8.0.4
Jul 17 13:15:28 20230702DGh openvpn[7919]: keenetic/+++++IP_ADRESS_OVPN_SERVER:56251 Data Channel: using negotiated cipher 'AES-256-GCM'
Jul 17 13:15:28 20230702DGh openvpn[7919]: keenetic/+++++IP_ADRESS_OVPN_SERVER:56251 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 17 13:15:28 20230702DGh openvpn[7919]: keenetic/+++++IP_ADRESS_OVPN_SERVER:56251 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 17 13:15:28 20230702DGh openvpn[7919]: keenetic/+++++IP_ADRESS_OVPN_SERVER:56251 SENT CONTROL [keenetic]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 1.1.1.1,block-outside-dns,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
Jul 17 13:15:28 20230702DGh openvpn[7919]: keenetic/+++++IP_ADRESS_OVPN_SERVER:56251 PUSH: Received control message: 'PUSH_REQUEST'

Вот настройки клиента:

Скрытый текст

client
dev tun
proto udp
remote IP_ADDRESS_OPVN_SERVER 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
pull-filter ignore 'block-outside-dns'
verb 5

абсоютно непонятное поведение которое заканчивается просто отключением клиента и все.

Core::Server: started Session /var/run/ndm.core.socket.
Июл 17 00:14:15 ndm
Core::Session: client disconnected.

Версия прошивки 3.9.8

Подскажите куда смотреть или как подробнее продебажить, потому что ошибок нет.

Edited July 17, 2023 by sergey_lp

[sergey_lp]

4 часа назад, ANDYBOND сказал:

В базу знаний техподдержки. И просто выполнить настройки по инструкции. А непосредственный ответ есть прямо в логах: 

https://help.keenetic.com/hc/ru/articles/4906492423058-Доступ-в-Интернет-через-VPN-провайдера-по-протоколу-OpenVPN

https://www.opennet.ru/opennews/art.shtml?num=53981

Спасибо огромное! Заработало, неделю мучений было и наконец-то все.

Если что, конфиг теперь выглядит у меня вот так:

client
dev tun
proto udp
remote IP_OVPN_SERVER 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
pull-filter ignore 'block-outside-dns'
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
data-ciphers-fallback AES-256-CBC
verb 5

 

Почему-то в логах все тоже самое, сокет создается и клиент дисконектится, но все работает.