Всем привет!
Создаю несколько подключений через OpenVPN, первое подключение tun0 работает, но все последующие нет.
Буду очень благодарен за любую помощь.
Конфиг клиента:
client
auth-user-pass
ping 5
dev tun
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ns-cert-type server
verb 3
;mute 20
route-metric 1
proto tcp
ping-exit 90
<ca>
</ca>
<cert>
</cert>
<key>
</key>
remote --
script-security 2
route-noexec
route-up /vpn/sh/route_up.sh
Где route_up.sh:
#!/bin/sh
ip route add default via $route_vpn_gateway dev $dev table 20
ip rule add from $ifconfig_local table 20
ip rule add to $route_vpn_gateway table 20
ip route flush cache
exit 0
Создание первого подключения:
openvpn /vpn/tcp/Bulgaria.Sofia.TCP.ovpnOpenVPN 2.3.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jul 8 2015
library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Socket Buffers: R=[87380->131072] S=[16384->131072]
Attempting to establish TCP connection with [AF_INET]195.88.74.142:443 [nonblock]
TCP connection established with [AF_INET]195.88.74.142:443
TCPv4_CLIENT link local: [undef]
TCPv4_CLIENT link remote: [AF_INET]195.88.74.142:443
TLS: Initial packet from [AF_INET]195.88.74.142:443, sid=6a6cebd5 d9d3c45e
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
VERIFY OK: depth=1, C=GB, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=hidemyass.com, name=HMA, emailAddress=info@privax.com
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, C=GB, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=server, emailAddress=info@privax.com
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
[server] Peer Connection Initiated with [AF_INET]195.88.74.142:443
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.200.0.1,dhcp-option DNS 10.200.0.1,redirect-gateway def1,ifconfig-ipv6 2001:db8:123::2/64 2001:db8:123::1,route-ipv6 2000::/3 2001:db8:123::1,explicit-exit-notify 2,ifconfig 10.200.1.153 255.255.252.0'
OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
ROUTE_GATEWAY 148.251.195.65/255.255.255.192 IFACE=eth0 HWADDR=44:8a:5b:d4:4b:a6
ROUTE6: default_gateway=UNDEF
TUN/TAP device tun0 opened
TUN/TAP TX queue length set to 100
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=1
/sbin/ip link set dev tun0 up mtu 1500
/sbin/ip addr add dev tun0 10.200.1.153/22 broadcast 10.200.3.255
tun0 : 10.200.1.153 -> gw: 10.200.0.1
Создание второго подключения:
openvpn /vpn/tcp/Australia.NewSouthWales.Sydney_LOC1S1.TCP.ovpnOpenVPN 2.3.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jul 8 2015
library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Socket Buffers: R=[87380->131072] S=[16384->131072]
Attempting to establish TCP connection with [AF_INET]203.31.216.1:443 [nonblock]
TCP connection established with [AF_INET]203.31.216.1:443
TCPv4_CLIENT link local: [undef]
TCPv4_CLIENT link remote: [AF_INET]203.31.216.1:443
TLS: Initial packet from [AF_INET]203.31.216.1:443, sid=1eea6148 24c02fad
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
VERIFY OK: depth=1, C=GB, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=hidemyass.com, name=HMA, emailAddress=info@privax.com
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, C=GB, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=server, emailAddress=info@privax.com
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
[server] Peer Connection Initiated with [AF_INET]203.31.216.1:443
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.200.0.1,dhcp-option DNS 10.200.0.1,redirect-gateway def1,ifconfig-ipv6 2001:db8:123::2/64 2001:db8:123::1,route-ipv6 2000::/3 2001:db8:123::1,explicit-exit-notify 2,ifconfig 10.200.1.204 255.255.252.0'
OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
ROUTE_GATEWAY 148.251.195.65/255.255.255.192 IFACE=eth0 HWADDR=44:8a:5b:d4:4b:a6
ROUTE6: default_gateway=UNDEF
TUN/TAP device tun1 opened
TUN/TAP TX queue length set to 100
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=1
/sbin/ip link set dev tun1 up mtu 1500
/sbin/ip addr add dev tun1 10.200.1.204/22 broadcast 10.200.3.255
tun1 : 10.200.1.204 -> gw: 10.200.0.1
ifconfig:
eth0 Link encap:Ethernet HWaddr 44:8a:5b:d4:4b:a6
inet addr:-- Bcast:148.251.195.127 Mask:255.255.255.192
inet6 addr: -- Scope:Link
inet6 addr: -- Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:154671 errors:0 dropped:0 overruns:0 frame:0
TX packets:77470 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:23461403 (23.4 MB) TX bytes:15198824 (15.1 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:6440 errors:0 dropped:0 overruns:0 frame:0
TX packets:6440 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1196056 (1.1 MB) TX bytes:1196056 (1.1 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.200.1.153 P-t-P:10.200.1.153 Mask:255.255.252.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:716 errors:0 dropped:0 overruns:0 frame:0
TX packets:716 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:39166 (39.1 KB) TX bytes:29802 (29.8 KB)
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.200.1.204 P-t-P:10.200.1.204 Mask:255.255.252.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:558 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:37680 (37.6 KB) TX bytes:0 (0.0 B)
tun0 работает:
curl --verbose --interface tun0 http://icanhazip.com
* Rebuilt URL to: http://icanhazip.com/
* Trying 2001:19f0:5c00:9b63::182...
* Trying 2001:19f0:6400:8b28::23...
* Trying 45.32.200.23...
* Local Interface tun0 is ip 10.200.1.153 using address family 2
* Local port: 0
* Connected to icanhazip.com (45.32.200.23) port 80 (#0)
> GET / HTTP/1.1
> Host: icanhazip.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Wed, 16 Mar 2016 13:11:15 GMT
< Content-Type: text/plain; charset=UTF-8
< Content-Length: 14
< Connection: close
< X-RTFM: Learn about this site at http://bit.ly/icanhazip-faq and don't abuse the service
< X-BECOME-A-RACKER: If you're reading this, apply here: http://rackertalent.com/
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
<
195.88.75.183
* Closing connection 0
tun1 не работает:
curl --verbose --interface tun1 http://icanhazip.com
* Rebuilt URL to: http://icanhazip.com/
* Trying 2001:19f0:6400:8b28::23...
* Trying 2001:19f0:5c00:9b63::182...
* Trying 45.32.200.23...
* Local Interface tun1 is ip 10.200.1.204 using address family 2
* Local port: 0
* connect to 45.32.200.23 port 80 failed: Connection timed out
* Trying 104.238.162.182...
* Local Interface tun1 is ip 10.200.1.204 using address family 2
* Local port: 0
* After 86400ms connect time, move on!
* connect to 104.238.162.182 port 80 failed: Connection timed out
* Failed to connect to icanhazip.com port 80: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to icanhazip.com port 80: Connection timed out
Простой
Простой
