Здравствуйте уважаемые,
Вот уже несколько недель не могу настроить VPN сеть :(
Сервер: Windows Server 2008 R2 Enterprise 64x
На Сервере стоит: Kerio Control (7.2.1 build 3301)
p.s. пока что на все доступ открыт, и никаких ограничений.
p.p.s. на самом Kerio Control есть VPN Сервер (порт 444 SSL-VPN), но минус в том что он слушает порт по UDP 4090.
Интерфейсы на сервере:
192.168.1.2 255.255.255.0 Модем (в режиме Bridge, подключается к и-нету по PPPoE)
192.168.4.5 255.255.255.0 Локальная сеть
172.27.180.1 255.255.255.0 Kerio VPN
Конфигурация сервера OpenVPN
dev tun
proto tcp-server
port 443
tls-server
server 192.168.97.0 255.255.255.0
push "redirect-gateway 192.168.97.1"
push "dhcp-option DNS 192.168.97.1"
comp-lzo
client-to-client
client-config-dir ccd
ifconfig-pool-persist ipp.txt
dh dh1024.pem
ca ca.crt
cert server.crt
key server.key
persist-tun
persist-key
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
keepalive 10 120
status openvpn-status.log
verb 3
Sat Nov 16 14:45:04 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Sat Nov 16 14:45:04 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Nov 16 14:45:04 2013 Need hold release from management interface, waiting...
Sat Nov 16 14:45:05 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Nov 16 14:45:05 2013 MANAGEMENT: CMD 'state on'
Sat Nov 16 14:45:05 2013 MANAGEMENT: CMD 'log all on'
Sat Nov 16 14:45:05 2013 MANAGEMENT: CMD 'hold off'
Sat Nov 16 14:45:05 2013 MANAGEMENT: CMD 'hold release'
Sat Nov 16 14:45:05 2013 Diffie-Hellman initialized with 1024 bit key
Sat Nov 16 14:45:05 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Nov 16 14:45:05 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov 16 14:45:05 2013 MANAGEMENT: >STATE:1384595105,ASSIGN_IP,,192.168.97.1,
Sat Nov 16 14:45:05 2013 open_tun, tt->ipv6=0
Sat Nov 16 14:45:05 2013 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{B054DE9B-60FB-4DB4-A244-99002DA87E07}.tap
Sat Nov 16 14:45:05 2013 TAP-Windows Driver Version 9.9
Sat Nov 16 14:45:05 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.97.1/255.255.255.252 on interface {B054DE9B-60FB-4DB4-A244-99002DA87E07} [DHCP-serv: 192.168.97.2, lease-time: 31536000]
Sat Nov 16 14:45:05 2013 Sleeping for 10 seconds...
Sat Nov 16 14:45:15 2013 Successful ARP Flush on interface [75] {B054DE9B-60FB-4DB4-A244-99002DA87E07}
Sat Nov 16 14:45:15 2013 MANAGEMENT: >STATE:1384595115,ADD_ROUTES,,,
Sat Nov 16 14:45:15 2013 C:\Windows\system32\route.exe ADD 192.168.97.0 MASK 255.255.255.0 192.168.97.2
Sat Nov 16 14:45:15 2013 ROUTE: route addition failed using CreateIpForwardEntry: Yoio iauaeo o?a nouanoaoao. [status=5010 if_index=75]
Sat Nov 16 14:45:15 2013 Route addition via IPAPI failed [adaptive]
Sat Nov 16 14:45:15 2013 Route addition fallback to route.exe
Sat Nov 16 14:45:15 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Nov 16 14:45:15 2013 Listening for incoming TCP connection on [undef]
Sat Nov 16 14:45:15 2013 TCPv4_SERVER link local (bound): [undef]
Sat Nov 16 14:45:15 2013 TCPv4_SERVER link remote: [undef]
Sat Nov 16 14:45:15 2013 MULTI: multi_init called, r=256 v=256
Sat Nov 16 14:45:15 2013 IFCONFIG POOL: base=192.168.97.4 size=62, ipv6=0
Sat Nov 16 14:45:15 2013 ifconfig_pool_read(), in='VAIO,192.168.97.4', TODO: IPv6
Sat Nov 16 14:45:15 2013 succeeded -> ifconfig_pool_set()
Sat Nov 16 14:45:15 2013 ifconfig_pool_read(), in='S2,192.168.97.8', TODO: IPv6
Sat Nov 16 14:45:15 2013 succeeded -> ifconfig_pool_set()
Sat Nov 16 14:45:15 2013 ifconfig_pool_read(), in='nexus,192.168.97.12', TODO: IPv6
Sat Nov 16 14:45:15 2013 succeeded -> ifconfig_pool_set()
Sat Nov 16 14:45:15 2013 IFCONFIG POOL LIST
Sat Nov 16 14:45:15 2013 VAIO,192.168.97.4
Sat Nov 16 14:45:15 2013 S2,192.168.97.8
Sat Nov 16 14:45:15 2013 nexus,192.168.97.12
Sat Nov 16 14:45:15 2013 MULTI: TCP INIT maxclients=60 maxevents=64
Sat Nov 16 14:45:15 2013 Initialization Sequence Completed
Sat Nov 16 14:45:15 2013 MANAGEMENT: >STATE:1384595115,CONNECTED,SUCCESS,192.168.97.1,
Sat Nov 16 14:45:15 2013 TCP connection established with [AF_INET]192.168.4.73:6420
Sat Nov 16 14:45:15 2013 192.168.4.73:6420 TLS: Initial packet from [AF_INET]192.168.4.73:6420, sid=c7846c1b 22aec965
Sat Nov 16 14:45:16 2013 192.168.4.73:6420 VERIFY OK: depth=1, C=UZ, ST=Tas, L=Tashkent, O=Name, OU=Name, CN=VAIO, name=Name, emailAddress=Name@Name.uz
Sat Nov 16 14:45:16 2013 192.168.4.73:6420 VERIFY OK: depth=0, C=UZ, ST=Tas, L=Tashkent, O=Name, OU=Name, CN=VAIO, name=Name, emailAddress=Name@Name.uz
Sat Nov 16 14:45:16 2013 192.168.4.73:6420 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 16 14:45:16 2013 192.168.4.73:6420 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 16 14:45:16 2013 192.168.4.73:6420 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 16 14:45:16 2013 192.168.4.73:6420 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 16 14:45:16 2013 192.168.4.73:6420 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Nov 16 14:45:16 2013 192.168.4.73:6420 [VAIO] Peer Connection Initiated with [AF_INET]192.168.4.73:6420
Sat Nov 16 14:45:16 2013 VAIO/192.168.4.73:6420 MULTI_sva: pool returned IPv4=192.168.97.6, IPv6=(Not enabled)
Sat Nov 16 14:45:16 2013 VAIO/192.168.4.73:6420 MULTI: Learn: 192.168.97.6 -> VAIO/192.168.4.73:6420
Sat Nov 16 14:45:16 2013 VAIO/192.168.4.73:6420 MULTI: primary virtual IP for VAIO/192.168.4.73:6420: 192.168.97.6
Sat Nov 16 14:45:18 2013 VAIO/192.168.4.73:6420 PUSH: Received control message: 'PUSH_REQUEST'
Sat Nov 16 14:45:18 2013 VAIO/192.168.4.73:6420 send_push_reply(): safe_cap=940
Sat Nov 16 14:45:18 2013 VAIO/192.168.4.73:6420 SENT CONTROL [VAIO]: 'PUSH_REPLY,redirect-gateway 192.168.97.1,dhcp-option DNS 192.168.97.1,route 192.168.97.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.97.6 192.168.97.5' (status=1)
Sat Nov 16 14:45:51 2013 VAIO/192.168.4.73:6420 read TCPv4_SERVER: Connection timed out (WSAETIMEDOUT) (code=10060)
Sat Nov 16 14:45:51 2013 VAIO/192.168.4.73:6420 Connection reset, restarting [-1]
Sat Nov 16 14:45:51 2013 VAIO/192.168.4.73:6420 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sat Nov 16 14:45:57 2013 TCP connection established with [AF_INET]192.168.4.73:6562
Sat Nov 16 14:45:57 2013 192.168.4.73:6562 TLS: Initial packet from [AF_INET]192.168.4.73:6562, sid=c525ba6a 34dd1150
Sat Nov 16 14:45:57 2013 192.168.4.73:6562 VERIFY OK: depth=1, C=UZ, ST=Tas, L=Tashkent, O=Name, OU=Name, CN=VAIO, name=Name, emailAddress=Name@Name.uz
Sat Nov 16 14:45:57 2013 192.168.4.73:6562 VERIFY OK: depth=0, C=UZ, ST=Tas, L=Tashkent, O=Name, OU=Name, CN=VAIO, name=Name, emailAddress=Name@Name.uz
Sat Nov 16 14:45:57 2013 192.168.4.73:6562 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 16 14:45:57 2013 192.168.4.73:6562 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 16 14:45:57 2013 192.168.4.73:6562 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 16 14:45:57 2013 192.168.4.73:6562 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 16 14:45:57 2013 192.168.4.73:6562 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Nov 16 14:45:57 2013 192.168.4.73:6562 [VAIO] Peer Connection Initiated with [AF_INET]192.168.4.73:6562
Sat Nov 16 14:45:57 2013 VAIO/192.168.4.73:6562 MULTI_sva: pool returned IPv4=192.168.97.6, IPv6=(Not enabled)
Sat Nov 16 14:45:57 2013 VAIO/192.168.4.73:6562 MULTI: Learn: 192.168.97.6 -> VAIO/192.168.4.73:6562
Sat Nov 16 14:45:57 2013 VAIO/192.168.4.73:6562 MULTI: primary virtual IP for VAIO/192.168.4.73:6562: 192.168.97.6
Sat Nov 16 14:46:00 2013 VAIO/192.168.4.73:6562 PUSH: Received control message: 'PUSH_REQUEST'
Sat Nov 16 14:46:00 2013 VAIO/192.168.4.73:6562 send_push_reply(): safe_cap=940
Sat Nov 16 14:46:00 2013 VAIO/192.168.4.73:6562 SENT CONTROL [VAIO]: 'PUSH_REPLY,redirect-gateway 192.168.97.1,dhcp-option DNS 192.168.97.1,route 192.168.97.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.97.6 192.168.97.5' (status=1)
dev tun
proto tcp
remote адресмоегосервера 443
pull
push "redirect-gateway 192.168.97.1"
route-delay 3
client
tls-client
ns-cert-type server
ca ca.crt
cert VAIO.crt
key VAIO.key
comp-lzo
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping-restart 60
ping 10
status openvpn-log.log
verb 3
Options error: unknown --redirect-gateway flag 192.168.97.1