192.168.2.1 debian 10.1.1.1 ------ 10.1.1.2 mk 192.168.88.1
debian - openvpn-server
mk 5.14 - openvpnp-client
10.15.32.0/24 - openvpn-network
openvpn-server config:
port 1194
proto tcp
dev tun0
ca keys/ca.crt
cert keys/gw1.crt
key keys/gw1.key
dh keys/dh1024.pem
server 10.15.32.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
client-config-dir /etc/openvpn/ccd
push "route 192.168.2.1 255.255.255.0"
route 192.168.88.0 255.255.255.0
keepalive 10 120
cipher none
user nobody
group nogroup
persist-key
persist-tun
log /var/log/openvpn/openvpn.log
status /var/log/openvpn/vpngate-status.log
verb 3
client-config-dir /etc/openvpn/ccd:
ifconfig-push 10.15.32.2 10.15.32.1
iroute 192.168.88.0 255.255.255.0
openvpnp-client config:
name="ovpn-out1" mac-address=02:8C:22:0A:E9:4C max-mtu=1500
connect-to=10.1.1.1 port=1194 mode=ip user="nobody" password=""
profile=default certificate=cert2 auth=none cipher=aes256
add-default-route=no
result:
openvpn-server ifconfig tun0:
inet addr:10.15.32.1 P-t-P:10.15.32.2 Mask:255.255.255.255
openvpn-client ip address print:
10.15.32.38/32 10.15.32.37 ovpn-out1
openvpn-server route -n | grep tun0:
10.15.32.0 10.15.32.2 255.255.255.0 UG 0 0 0 tun0
10.15.32.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.88.0 10.15.32.2 255.255.255.0 UG 0 0 0 tun0
openvpn-client ip route print:
0 ADS 10.15.32.0/24 10.15.32.37 0
1 ADC 10.15.32.37/32 10.15.32.38 ovpn-out1 0
2 ADC 10.1.1.0/24 10.1.1.2 ether1-gateway 0
3 ADS 192.168.2.0/24 10.15.32.37 1
4 ADC 192.168.88.0/24 192.168.88.1 ether2-master-l... 0
problems:
from client:
/tool traceroute 192.168.2.1
# ADDRESS RT1 RT2 RT3 STATUS
1 192.168.2.1 1ms 1ms 1ms
/tool traceroute 192.168.2.1 src-address=192.168.88.1
# ADDRESS RT1 RT2 RT3 STATUS
1 0.0.0.0 0ms 0ms 0ms
from server:
traceroute to 192.168.88.1 (192.168.88.1), 30 hops max, 60 byte packets
1 * * *
I think routes and client ip - problem cause.
Why client recive ip 10.15.32.38!? (server config: ifconfig-push 10.15.32.2 10.15.32.1)
openvpn-client has ip 10.15.32.38 and openvpn-server ip 10.15.32.1
but routes on client for 192.168.2.0/24 run over 10.15.32.38. But 10.15.32.38 is missing!
and routes on server for 192.168.88.0/24 run over 10.15.32.2. But 10.15.32.2 is missing!
what am I doing wrong?
Tue Feb 4 16:33:17 2014 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013
Tue Feb 4 16:33:17 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Feb 4 16:33:17 2014 Diffie-Hellman initialized with 1024 bit key
Tue Feb 4 16:33:17 2014 ******* WARNING *******: null cipher specified, no encryption will be used
Tue Feb 4 16:33:17 2014 TLS-Auth MTU parms [ L:1527 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Feb 4 16:33:17 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Feb 4 16:33:17 2014 ROUTE default_gateway=10.1.1.254
Tue Feb 4 16:33:17 2014 TUN/TAP device tun0 opened
Tue Feb 4 16:33:17 2014 TUN/TAP TX queue length set to 100
Tue Feb 4 16:33:17 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Feb 4 16:33:17 2014 /sbin/ifconfig tun0 10.15.32.1 pointopoint 10.15.32.2 mtu 1500
Tue Feb 4 16:33:17 2014 /sbin/route add -net 192.168.88.0 netmask 255.255.255.0 gw 10.15.32.2
Tue Feb 4 16:33:17 2014 /sbin/route add -net 10.15.32.0 netmask 255.255.255.0 gw 10.15.32.2
Tue Feb 4 16:33:17 2014 Data Channel MTU parms [ L:1527 D:1450 EF:27 EB:4 ET:0 EL:0 AF:14/27 ]
Tue Feb 4 16:33:17 2014 GID set to nogroup
Tue Feb 4 16:33:17 2014 UID set to nobody
Tue Feb 4 16:33:17 2014 Listening for incoming TCP connection on [undef]
Tue Feb 4 16:33:17 2014 TCPv4_SERVER link local (bound): [undef]
Tue Feb 4 16:33:17 2014 TCPv4_SERVER link remote: [undef]
Tue Feb 4 16:33:17 2014 MULTI: multi_init called, r=256 v=256
Tue Feb 4 16:33:17 2014 IFCONFIG POOL: base=10.15.32.4 size=62, ipv6=0
Tue Feb 4 16:33:17 2014 ifconfig_pool_read(), in='okro,10.15.32.36', TODO: IPv6
Tue Feb 4 16:33:17 2014 succeeded -> ifconfig_pool_set()
Tue Feb 4 16:33:17 2014 IFCONFIG POOL LIST
Tue Feb 4 16:33:17 2014 okro,10.15.32.36
Tue Feb 4 16:33:17 2014 MULTI: TCP INIT maxclients=1024 maxevents=1028
Tue Feb 4 16:33:17 2014 Initialization Sequence Completed
Tue Feb 4 16:33:22 2014 MULTI: multi_create_instance called
Tue Feb 4 16:33:22 2014 Re-using SSL/TLS context
Tue Feb 4 16:33:22 2014 Control Channel MTU parms [ L:1527 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Feb 4 16:33:22 2014 Data Channel MTU parms [ L:1527 D:1450 EF:27 EB:4 ET:0 EL:0 AF:14/27 ]
Tue Feb 4 16:33:22 2014 Local Options hash (VER=V4): '77aaccdd'
Tue Feb 4 16:33:22 2014 Expected Remote Options hash (VER=V4): 'ddaf1b30'
Tue Feb 4 16:33:22 2014 TCP connection established with [AF_INET]10.1.1.2:55307
Tue Feb 4 16:33:22 2014 TCPv4_SERVER link local: [undef]
Tue Feb 4 16:33:22 2014 TCPv4_SERVER link remote: [AF_INET]10.1.1.2:55307
Tue Feb 4 16:33:22 2014 10.1.1.2:55307 TLS: Initial packet from [AF_INET]10.1.1.2:55307, sid=acffdbca 776cf4f4
Tue Feb 4 16:33:23 2014 10.1.1.2:55307 VERIFY OK: depth=1, /C=US/ST=AK/L=LA/O=LA/OU=dep28/CN=gw-frpc.local/name=gw-frpc.local/emailAddress=mitay@local
Tue Feb 4 16:33:23 2014 10.1.1.2:55307 VERIFY OK: depth=0, /C=US/ST=AK/L=LA/O=LA/OU=dep28/CN=okro/name=okrouter/emailAddress=mitay@local
Tue Feb 4 16:33:23 2014 10.1.1.2:55307 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1527', remote='link-mtu 1539'
Tue Feb 4 16:33:23 2014 10.1.1.2:55307 WARNING: 'cipher' is used inconsistently, local='cipher [null-cipher]', remote='cipher AES-256-CBC'
Tue Feb 4 16:33:23 2014 10.1.1.2:55307 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
Tue Feb 4 16:33:23 2014 10.1.1.2:55307 WARNING: 'keysize' is used inconsistently, local='keysize 0', remote='keysize 256'
Tue Feb 4 16:33:23 2014 10.1.1.2:55307 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 4 16:33:23 2014 10.1.1.2:55307 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 4 16:33:23 2014 10.1.1.2:55307 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Feb 4 16:33:23 2014 10.1.1.2:55307 [okro] Peer Connection Initiated with [AF_INET]10.1.1.2:55307
Tue Feb 4 16:33:23 2014 okro/10.1.1.2:55307 MULTI_sva: pool returned IPv4=10.15.32.38, IPv6=a803:73b7:100:0:1c0a:75b7:e836:2eb9
Tue Feb 4 16:33:23 2014 okro/10.1.1.2:55307 MULTI: Learn: 10.15.32.38 -> okro/10.1.1.2:55307
Tue Feb 4 16:33:23 2014 okro/10.1.1.2:55307 MULTI: primary virtual IP for okro/10.1.1.2:55307: 10.15.32.38
Tue Feb 4 16:33:23 2014 okro/10.1.1.2:55307 PUSH: Received control message: 'PUSH_REQUEST'
Tue Feb 4 16:33:23 2014 okro/10.1.1.2:55307 send_push_reply(): safe_cap=960
Tue Feb 4 16:33:23 2014 okro/10.1.1.2:55307 SENT CONTROL [okro]: 'PUSH_REPLY,route 192.168.2.1 255.255.255.0,route 10.15.32.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.15.32.38 10.15.32.37' (status=1)
Tue Feb 4 17:33:23 2014 okro/10.1.1.2:55307 TLS: soft reset sec=0 bytes=29706/0 pkts=730/0
Tue Feb 4 17:33:23 2014 okro/10.1.1.2:55307 VERIFY OK: depth=1, /C=US/ST=AK/L=LA/O=LA/OU=dep28/CN=gw-frpc.local/name=gw-frpc.local/emailAddress=mitay@local
Tue Feb 4 17:33:23 2014 okro/10.1.1.2:55307 VERIFY OK: depth=0, /C=US/ST=AK/L=LA/O=LA/OU=dep28/CN=okro/name=okrouter/emailAddress=mitay@local
Tue Feb 4 17:33:23 2014 okro/10.1.1.2:55307 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 4 17:33:23 2014 okro/10.1.1.2:55307 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 4 17:33:23 2014 okro/10.1.1.2:55307 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA