Настройка OpenVPN на VPS с виртуализацией OpenVZ

Kub

Мой дом здесь!
Регистрация
5 Июн 2009
Сообщения
624
Реакции
485
Есть VPS, система debian-6.0-i386-minimal 32-битная, виртуализация OpenVZ. TUN/TAP включен. OpenVPN устанавливал по этим руководствам
Настройка OpenVPN шлюза в интернет на Debian, который на OpenVZ Для просмотра ссылки Войди или Зарегистрируйся
Теплый и ламповый VPN Для просмотра ссылки Войди или Зарегистрируйся
Установка OpenVPN на CentOS 6.4 Для просмотра ссылки Войди или Зарегистрируйся

Установил OpenVPN, сервер запустился, сетевой интерфейс tun0 создался. Но выделенного IP у VPS нет, есть только внутренний адрес 10.0.1.95 на который проброшены порты с общего IP адреса. Пока есть 3 порта проброшенные на общий IP адрес. Один порт для подключения по SSH и ещё два порта:
Web serwer port (80) : 1685
Extra port: 1695
Для OpenVPN я прописывал порт TCP 1695
Iptables на VPS отключен из-за угрозы безопасности основному узлу. Я писал хостеру и мне ответили вот что:

Iptables отключен из-за угрозы безопасности основному узлу. Вам нужно передать трафик непосредственно через VPN без NAT.

OpenVPN установил, подключение устанавливается, но выхода в интернет нет, сайты не загружаются. Я предпологаю что это потому что не настроена маршрутезация на сервере. По руководству нужно выполнить вот эти команды:

Код:
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to IP_АДРЕС_ВАШЕГО_СЕРВЕРА
iptables -A FORWARD -i venet0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun0 -o venet0 -j ACCEPT

но так как Iptables отключен, мне их выполнить не удалось.

Сейчас в server.conf прописано вот что:

Код:
local 10.0.1.95
port 1695
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
mute 20
[/spoil]

Вот что прописано в клиентском конфигурационном файле myvpnconfig.ovpn

Код:
client
remote 95.128.47.39 1695
proto tcp
dev tun
push "redirect-gateway def1"
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-client
comp-lzo
verb 4
mute 20

Сетевые интерфейсы VPS

[spoil=ifconfig]
Код:
root@vps93:~# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:719 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:116681 (113.9 KiB)  TX bytes:0 (0.0 B)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:966 errors:0 dropped:0 overruns:0 frame:0
          TX packets:972 errors:0 dropped:719 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:225258 (219.9 KiB)  TX bytes:120433 (117.6 KiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.0.1.95  P-t-P:10.0.1.95  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1


Код:
root@vps93:~# netstat -npl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name
tcp        0      0 127.0.0.1:53            0.0.0.0:*              LISTEN      1332/dnsmasq
tcp        0      0 10.8.0.1:53            0.0.0.0:*              LISTEN      1332/dnsmasq
tcp        0      0 0.0.0.0:22              0.0.0.0:*              LISTEN      1321/sshd
tcp        0      0 10.0.1.95:1695          0.0.0.0:*              LISTEN      1315/openvpn
tcp6      0      0 :::22                  :::*                    LISTEN      1321/sshd
udp        0      0 127.0.0.1:53            0.0.0.0:*                          1332/dnsmasq
udp        0      0 10.8.0.1:53            0.0.0.0:*                          1332/dnsmasq
Active UNIX domain sockets (only servers)
Proto RefCnt Flags      Type      State        I-Node  PID/Program name    Path
 
Последнее редактирование:
Лог с сервера после трёх подключений

Код:
Tue Jan  7 12:09:55 2014 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jun  6 2013
Tue Jan  7 12:09:55 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan  7 12:09:55 2014 Diffie-Hellman initialized with 1024 bit key
Tue Jan  7 12:09:55 2014 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Tue Jan  7 12:09:55 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Jan  7 12:09:55 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan  7 12:09:55 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan  7 12:09:55 2014 TLS-Auth MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan  7 12:09:55 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Jan  7 12:09:55 2014 ROUTE: default_gateway=UNDEF
Tue Jan  7 12:09:55 2014 TUN/TAP device tun0 opened
Tue Jan  7 12:09:55 2014 TUN/TAP TX queue length set to 100
Tue Jan  7 12:09:55 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Tue Jan  7 12:09:55 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Tue Jan  7 12:09:55 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan  7 12:09:55 2014 GID set to nogroup
Tue Jan  7 12:09:55 2014 UID set to nobody
Tue Jan  7 12:09:55 2014 Listening for incoming TCP connection on [AF_INET]10.0.1.95:1695
Tue Jan  7 12:09:55 2014 TCPv4_SERVER link local (bound): [AF_INET]10.0.1.95:1695
Tue Jan  7 12:09:55 2014 TCPv4_SERVER link remote: [undef]
Tue Jan  7 12:09:55 2014 MULTI: multi_init called, r=256 v=256
Tue Jan  7 12:09:55 2014 IFCONFIG POOL: base=10.8.0.4 size=62
Tue Jan  7 12:09:55 2014 IFCONFIG POOL LIST
Tue Jan  7 12:09:55 2014 client,10.8.0.4
Tue Jan  7 12:09:55 2014 MULTI: TCP INIT maxclients=1024 maxevents=1028
Tue Jan  7 12:09:55 2014 Initialization Sequence Completed
Tue Jan  7 12:16:23 2014 MULTI: multi_create_instance called
Tue Jan  7 12:16:23 2014 Re-using SSL/TLS context
Tue Jan  7 12:16:23 2014 LZO compression initialized
Tue Jan  7 12:16:23 2014 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan  7 12:16:23 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan  7 12:16:23 2014 Local Options hash (VER=V4): 'bd577cd1'
Tue Jan  7 12:16:23 2014 Expected Remote Options hash (VER=V4): 'ee93268d'
Tue Jan  7 12:16:23 2014 TCP connection established with [AF_INET]95.128.47.39:6402
Tue Jan  7 12:16:23 2014 TCPv4_SERVER link local: [undef]
Tue Jan  7 12:16:23 2014 TCPv4_SERVER link remote: [AF_INET]95.128.47.39:6402
Tue Jan  7 12:16:23 2014 95.128.47.39:6402 TLS: Initial packet from [AF_INET]95.128.47.39:6402, sid=85fa5342 6eca6951
Tue Jan  7 12:16:26 2014 95.128.47.39:6402 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Jan  7 12:16:26 2014 95.128.47.39:6402 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=client/emailAddress=me@myhost.mydomain
Tue Jan  7 12:16:27 2014 95.128.47.39:6402 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan  7 12:16:27 2014 95.128.47.39:6402 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan  7 12:16:27 2014 95.128.47.39:6402 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan  7 12:16:27 2014 95.128.47.39:6402 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan  7 12:16:27 2014 95.128.47.39:6402 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan  7 12:16:27 2014 95.128.47.39:6402 [client] Peer Connection Initiated with [AF_INET]95.128.47.39:6402
Tue Jan  7 12:16:27 2014 client/95.128.47.39:6402 MULTI: Learn: 10.8.0.6 -> client/95.128.47.39:6402
Tue Jan  7 12:16:27 2014 client/95.128.47.39:6402 MULTI: primary virtual IP for client/95.128.47.39:6402: 10.8.0.6
Tue Jan  7 12:16:30 2014 client/95.128.47.39:6402 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan  7 12:16:30 2014 client/95.128.47.39:6402 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Tue Jan  7 12:18:14 2014 client/95.128.47.39:6402 Connection reset, restarting [-1]
Tue Jan  7 12:18:14 2014 client/95.128.47.39:6402 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Jan  7 12:18:14 2014 TCP/UDP: Closing socket
Tue Jan  7 12:21:39 2014 MULTI: multi_create_instance called
Tue Jan  7 12:21:39 2014 Re-using SSL/TLS context
Tue Jan  7 12:21:39 2014 LZO compression initialized
Tue Jan  7 12:21:39 2014 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan  7 12:21:39 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan  7 12:21:39 2014 Local Options hash (VER=V4): 'bd577cd1'
Tue Jan  7 12:21:39 2014 Expected Remote Options hash (VER=V4): 'ee93268d'
Tue Jan  7 12:21:39 2014 TCP connection established with [AF_INET]95.128.47.39:19524
Tue Jan  7 12:21:39 2014 TCPv4_SERVER link local: [undef]
Tue Jan  7 12:21:39 2014 TCPv4_SERVER link remote: [AF_INET]95.128.47.39:19524
Tue Jan  7 12:21:39 2014 95.128.47.39:19524 TLS: Initial packet from [AF_INET]95.128.47.39:19524, sid=16384c26 b520f69a
Tue Jan  7 12:21:42 2014 95.128.47.39:19524 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Jan  7 12:21:42 2014 95.128.47.39:19524 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=client/emailAddress=me@myhost.mydomain
Tue Jan  7 12:21:43 2014 95.128.47.39:19524 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan  7 12:21:43 2014 95.128.47.39:19524 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan  7 12:21:43 2014 95.128.47.39:19524 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan  7 12:21:43 2014 95.128.47.39:19524 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan  7 12:21:44 2014 95.128.47.39:19524 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan  7 12:21:44 2014 95.128.47.39:19524 [client] Peer Connection Initiated with [AF_INET]95.128.47.39:19524
Tue Jan  7 12:21:44 2014 client/95.128.47.39:19524 MULTI: Learn: 10.8.0.6 -> client/95.128.47.39:19524
Tue Jan  7 12:21:44 2014 client/95.128.47.39:19524 MULTI: primary virtual IP for client/95.128.47.39:19524: 10.8.0.6
Tue Jan  7 12:21:46 2014 client/95.128.47.39:19524 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan  7 12:21:46 2014 client/95.128.47.39:19524 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Tue Jan  7 12:23:01 2014 client/95.128.47.39:19524 Connection reset, restarting [-1]
Tue Jan  7 12:23:01 2014 client/95.128.47.39:19524 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Jan  7 12:23:01 2014 TCP/UDP: Closing socket
Tue Jan  7 12:25:17 2014 MULTI: multi_create_instance called
Tue Jan  7 12:25:17 2014 Re-using SSL/TLS context
Tue Jan  7 12:25:17 2014 LZO compression initialized
Tue Jan  7 12:25:17 2014 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan  7 12:25:17 2014 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan  7 12:25:17 2014 Local Options hash (VER=V4): 'bd577cd1'
Tue Jan  7 12:25:17 2014 Expected Remote Options hash (VER=V4): 'ee93268d'
Tue Jan  7 12:25:17 2014 TCP connection established with [AF_INET]95.128.47.39:1156
Tue Jan  7 12:25:17 2014 TCPv4_SERVER link local: [undef]
Tue Jan  7 12:25:17 2014 TCPv4_SERVER link remote: [AF_INET]95.128.47.39:1156
Tue Jan  7 12:25:17 2014 95.128.47.39:1156 TLS: Initial packet from [AF_INET]95.128.47.39:1156, sid=6dfea81e 5d80c464
Tue Jan  7 12:25:20 2014 95.128.47.39:1156 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=server/emailAddress=me@myhost.mydomain
Tue Jan  7 12:25:20 2014 95.128.47.39:1156 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=server/CN=client/emailAddress=me@myhost.mydomain
Tue Jan  7 12:25:21 2014 95.128.47.39:1156 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan  7 12:25:21 2014 95.128.47.39:1156 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan  7 12:25:21 2014 95.128.47.39:1156 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan  7 12:25:21 2014 95.128.47.39:1156 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan  7 12:25:22 2014 95.128.47.39:1156 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan  7 12:25:22 2014 95.128.47.39:1156 [client] Peer Connection Initiated with [AF_INET]95.128.47.39:1156
Tue Jan  7 12:25:22 2014 client/95.128.47.39:1156 MULTI: Learn: 10.8.0.6 -> client/95.128.47.39:1156
Tue Jan  7 12:25:22 2014 client/95.128.47.39:1156 MULTI: primary virtual IP for client/95.128.47.39:1156: 10.8.0.6
Tue Jan  7 12:25:24 2014 client/95.128.47.39:1156 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan  7 12:25:24 2014 client/95.128.47.39:1156 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Tue Jan  7 12:26:57 2014 client/95.128.47.39:1156 Connection reset, restarting [-1]
Tue Jan  7 12:26:57 2014 client/95.128.47.39:1156 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Jan  7 12:26:57 2014 TCP/UDP: Closing socket
 
Лог из Windows 7 из которой я подключался

Код:
Tue Jan 07 16:26:04 2014 us=716484 Current Parameter Settings:
Tue Jan 07 16:26:04 2014 us=717484  config = 'myvpnconfig.ovpn'
Tue Jan 07 16:26:04 2014 us=717484  mode = 0
Tue Jan 07 16:26:04 2014 us=717484  show_ciphers = DISABLED
Tue Jan 07 16:26:04 2014 us=717484  show_digests = DISABLED
Tue Jan 07 16:26:04 2014 us=717484  show_engines = DISABLED
Tue Jan 07 16:26:04 2014 us=717484  genkey = DISABLED
Tue Jan 07 16:26:04 2014 us=717484  key_pass_file = '[UNDEF]'
Tue Jan 07 16:26:04 2014 us=717484  show_tls_ciphers = DISABLED
Tue Jan 07 16:26:04 2014 us=717484 Connection profiles [default]:
Tue Jan 07 16:26:04 2014 us=717484  proto = tcp-client
Tue Jan 07 16:26:04 2014 us=717484  local = '[UNDEF]'
Tue Jan 07 16:26:04 2014 us=717484  local_port = 0
Tue Jan 07 16:26:04 2014 us=717484  remote = '95.128.47.39'
Tue Jan 07 16:26:04 2014 us=717484  remote_port = 1695
Tue Jan 07 16:26:04 2014 us=717484  remote_float = DISABLED
Tue Jan 07 16:26:04 2014 us=717484  bind_defined = DISABLED
Tue Jan 07 16:26:04 2014 us=717484  bind_local = DISABLED
Tue Jan 07 16:26:04 2014 us=717484  connect_retry_seconds = 5
Tue Jan 07 16:26:04 2014 us=717484  connect_timeout = 10
Tue Jan 07 16:26:04 2014 us=717484 NOTE: --mute triggered...
Tue Jan 07 16:26:04 2014 us=717484 266 variation(s) on previous 20 message(s) suppressed by --mute
Tue Jan 07 16:26:04 2014 us=717484 OpenVPN 2.3.1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Enter Management Password:
Tue Jan 07 16:26:04 2014 us=721484 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jan 07 16:26:04 2014 us=722484 Need hold release from management interface, waiting...
Tue Jan 07 16:26:05 2014 us=195511 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jan 07 16:26:05 2014 us=295517 MANAGEMENT: CMD 'state on'
Tue Jan 07 16:26:05 2014 us=295517 MANAGEMENT: CMD 'log all on'
Tue Jan 07 16:26:05 2014 us=327519 MANAGEMENT: CMD 'hold off'
Tue Jan 07 16:26:05 2014 us=328519 MANAGEMENT: CMD 'hold release'
Tue Jan 07 16:26:05 2014 us=329519 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 07 16:26:05 2014 us=565532 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Jan 07 16:26:05 2014 us=565532 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 07 16:26:05 2014 us=565532 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 07 16:26:05 2014 us=565532 LZO compression initialized
Tue Jan 07 16:26:05 2014 us=565532 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jan 07 16:26:05 2014 us=565532 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jan 07 16:26:05 2014 us=565532 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 07 16:26:05 2014 us=565532 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Jan 07 16:26:05 2014 us=565532 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Jan 07 16:26:05 2014 us=565532 Local Options hash (VER=V4): 'ee93268d'
Tue Jan 07 16:26:05 2014 us=565532 Expected Remote Options hash (VER=V4): 'bd577cd1'
Tue Jan 07 16:26:05 2014 us=565532 Attempting to establish TCP connection with [AF_INET]95.128.47.39:1695
Tue Jan 07 16:26:05 2014 us=565532 MANAGEMENT: >STATE:1389101165,TCP_CONNECT,,,
Tue Jan 07 16:26:05 2014 us=645537 TCP connection established with [AF_INET]95.128.47.39:1695
Tue Jan 07 16:26:05 2014 us=645537 TCPv4_CLIENT link local: [undef]
Tue Jan 07 16:26:05 2014 us=646537 TCPv4_CLIENT link remote: [AF_INET]95.128.47.39:1695
Tue Jan 07 16:26:05 2014 us=646537 MANAGEMENT: >STATE:1389101165,WAIT,,,
Tue Jan 07 16:26:05 2014 us=727542 MANAGEMENT: >STATE:1389101165,AUTH,,,
Tue Jan 07 16:26:05 2014 us=727542 TLS: Initial packet from [AF_INET]95.128.47.39:1695, sid=c162ce50 fd110e15
Tue Jan 07 16:26:07 2014 us=254629 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=server, CN=server, emailAddress=me@myhost.mydomain
Tue Jan 07 16:26:07 2014 us=254629 Validating certificate key usage
Tue Jan 07 16:26:07 2014 us=254629 ++ Certificate has key usage  00a0, expects 00a0
Tue Jan 07 16:26:07 2014 us=254629 VERIFY KU OK
Tue Jan 07 16:26:07 2014 us=254629 Validating certificate extended key usage
Tue Jan 07 16:26:07 2014 us=254629 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jan 07 16:26:07 2014 us=254629 VERIFY EKU OK
Tue Jan 07 16:26:07 2014 us=254629 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=server, CN=server, emailAddress=me@myhost.mydomain
Tue Jan 07 16:26:10 2014 us=315804 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 07 16:26:10 2014 us=315804 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 07 16:26:10 2014 us=315804 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 07 16:26:10 2014 us=315804 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 07 16:26:10 2014 us=315804 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 07 16:26:10 2014 us=315804 [server] Peer Connection Initiated with [AF_INET]95.128.47.39:1695
Tue Jan 07 16:26:11 2014 us=566876 MANAGEMENT: >STATE:1389101171,GET_CONFIG,,,
Tue Jan 07 16:26:12 2014 us=817947 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Jan 07 16:26:13 2014 us=175968 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Jan 07 16:26:13 2014 us=175968 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 07 16:26:13 2014 us=175968 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jan 07 16:26:13 2014 us=175968 OPTIONS IMPORT: route options modified
Tue Jan 07 16:26:13 2014 us=175968 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jan 07 16:26:13 2014 us=192969 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jan 07 16:26:13 2014 us=192969 MANAGEMENT: >STATE:1389101173,ASSIGN_IP,,10.8.0.6,
Tue Jan 07 16:26:13 2014 us=192969 open_tun, tt->ipv6=0
Tue Jan 07 16:26:13 2014 us=194969 TAP-WIN32 device [Подключение по локальной сети 3] opened: \\.\Global\{9C0AA20A-8AE2-46D5-8AB7-8FE1F7513947}.tap
Tue Jan 07 16:26:13 2014 us=194969 TAP-Windows Driver Version 9.9
Tue Jan 07 16:26:13 2014 us=194969 TAP-Windows MTU=1500
Tue Jan 07 16:26:13 2014 us=197969 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {9C0AA20A-8AE2-46D5-8AB7-8FE1F7513947} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Jan 07 16:26:13 2014 us=197969 DHCP option string: 06080808 08080808 0404
Tue Jan 07 16:26:13 2014 us=197969 Successful ARP Flush on interface [17] {9C0AA20A-8AE2-46D5-8AB7-8FE1F7513947}
Tue Jan 07 16:26:18 2014 us=455270 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Tue Jan 07 16:26:18 2014 us=455270 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 07 16:26:23 2014 us=774574 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Jan 07 16:26:23 2014 us=774574 C:\Windows\system32\route.exe ADD 95.128.47.39 MASK 255.255.255.255 192.168.1.1
Tue Jan 07 16:26:23 2014 us=777574 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jan 07 16:26:23 2014 us=777574 Route addition via IPAPI succeeded [adaptive]
Tue Jan 07 16:26:23 2014 us=777574 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jan 07 16:26:23 2014 us=781574 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Jan 07 16:26:23 2014 us=781574 Route addition via IPAPI succeeded [adaptive]
Tue Jan 07 16:26:23 2014 us=781574 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jan 07 16:26:23 2014 us=784574 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Jan 07 16:26:23 2014 us=784574 Route addition via IPAPI succeeded [adaptive]
Tue Jan 07 16:26:23 2014 us=784574 MANAGEMENT: >STATE:1389101183,ADD_ROUTES,,,
Tue Jan 07 16:26:23 2014 us=784574 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Tue Jan 07 16:26:23 2014 us=788575 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Jan 07 16:26:23 2014 us=788575 Route addition via IPAPI succeeded [adaptive]
Tue Jan 07 16:26:23 2014 us=788575 Initialization Sequence Completed
Tue Jan 07 16:26:23 2014 us=788575 MANAGEMENT: >STATE:1389101183,CONNECTED,SUCCESS,10.8.0.6,95.128.47.39
Tue Jan 07 16:27:45 2014 us=843268 TCP/UDP: Closing socket
Tue Jan 07 16:27:45 2014 us=843268 C:\Windows\system32\route.exe DELETE 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Tue Jan 07 16:27:45 2014 us=846268 Route deletion via IPAPI succeeded [adaptive]
Tue Jan 07 16:27:45 2014 us=847268 C:\Windows\system32\route.exe DELETE 95.128.47.39 MASK 255.255.255.255 192.168.1.1
Tue Jan 07 16:27:45 2014 us=849268 Route deletion via IPAPI succeeded [adaptive]
Tue Jan 07 16:27:45 2014 us=850268 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jan 07 16:27:45 2014 us=852268 Route deletion via IPAPI succeeded [adaptive]
Tue Jan 07 16:27:45 2014 us=853268 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jan 07 16:27:45 2014 us=856269 Route deletion via IPAPI succeeded [adaptive]
Tue Jan 07 16:27:45 2014 us=856269 Closing TUN/TAP interface
Tue Jan 07 16:27:45 2014 us=856269 SIGTERM[hard,] received, process exiting
Tue Jan 07 16:27:45 2014 us=856269 MANAGEMENT: >STATE:1389101265,EXITING,SIGTERM,,

IP адрес интерфейса при подключении к VPN всегда 10.8.0.6

85154fc69a2e.png



Сейчас клиентские ключи у меня такие:

bc1adf6aa76c.png


Как настроить маршрутизацию чтобы подключение заработало? Подключение устанавливается, но выхода в интернет нет, сайты не загружаются.
 
Последнее редактирование:
echo 1 > /proc/sys/net/ipv4/ip_forward
 
  • Нравится
Реакции: Kub
Спасибо, но не помогло. Я в файле /etc/sysctl.conf раскомментировал строку
Код:
net.ipv4.ip_forward=1
и перезагружался.
Сейчас ещё попробовал
Код:
echo 1 > /proc/sys/net/ipv4/ip_forward
Подключаюсь к серверу, но сайты не грузятся и не пингуется ничего.
 
Так, а чего говорит tcpdump на интерфейсе? Покажите еще ifconfig.
 
tcpdump на интерфейсе tun0 ничего не говорит. Пробовал так при подключении

Код:
root@vps93:~# tcpdump -i tun0 host 10.0.1.95
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes

Но ничего не показывает.

ifconfig
Код:
root@vps93:~# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:719 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:116681 (113.9 KiB)  TX bytes:0 (0.0 B)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:966 errors:0 dropped:0 overruns:0 frame:0
          TX packets:972 errors:0 dropped:719 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:225258 (219.9 KiB)  TX bytes:120433 (117.6 KiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.0.1.95  P-t-P:10.0.1.95  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
 
Посмотрите просто трафик на интерфейсе tun0, без указания IP.
 
Если IP не указавать
Код:
root@vps93:~# tcpdump -i tun0
получилось вот что при подключении к VPN и загрузки этих сайтов
Для просмотра ссылки Войди или Зарегистрируйся
Для просмотра ссылки Войди или Зарегистрируйся
Для просмотра ссылки Войди или Зарегистрируйся

Код:
root@vps93:~# tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
20:54:26.217550 IP 10.8.0.6.61578 > ip-119-164.powernet.bg.60224: UDP, length 287
20:54:29.069376 IP 10.8.0.6.61578 > ctel-78-157-17-81.cabletel.com.mk.6803: UDP, length 317
20:54:32.378070 IP 10.8.0.6.61578 > b3e9bfaa.virtua.com.br.54104: UDP, length 287
20:54:33.738702 IP 10.8.0.6.61578 > 95.76.24.158.15956: UDP, length 287
20:54:35.268167 IP 10.8.0.6.61578 > 109.169.166.109.27265: UDP, length 287
20:54:35.708354 IP 10.8.0.6.61578 > brndmb0239w-ds01-51-161.dynamic.mtsallstream.net.50880: UDP, length 287
20:54:40.336111 IP 10.8.0.6.61578 > 92-249-240-110.pool.digikabel.hu.12605: UDP, length 106
20:54:40.464043 IP 10.8.0.6.61578 > c-50-190-82-106.hsd1.md.comcast.net.61047: UDP, length 106
20:54:40.464101 IP 10.8.0.6.61578 > CPE78cd8ecda938-CM78cd8ecda935.cpe.net.cable.rogers.com.45904: UDP, length 106
20:54:40.464119 IP 10.8.0.6.61578 > ctel-78-157-17-81.cabletel.com.mk.6803: UDP, length 106
20:54:42.160255 IP 10.8.0.6.60643 > google-public-dns-a.google.com.domain: 42041+ A? dnl-01.geo.kaspersky.com. (42)
20:54:42.285222 IP 10.8.0.6.12877 > 81.19.104.129.https: Flags [S], seq 1679421618, win 8192, options [mss 1366,nop,wscale 2,sackOK,TS val 4531721 ecr 0], length 0
20:54:42.442085 IP 10.8.0.6.61578 > 178-117-81-81.access.telenet.be.38814: UDP, length 106
20:54:42.442232 IP 10.8.0.6.61578 > dynamicip-176-213-17-81.pppoe.nn.ertelecom.ru.14019: UDP, length 106
20:54:42.442262 IP 10.8.0.6.61578 > dynamic-213-198-207-164.adsl.eunet.rs.21546: UDP, length 106
20:54:42.442283 IP 10.8.0.6.61578 > catv-89-133-47-96.catv.broadband.hu.17387: UDP, length 106
20:54:43.545685 IP 10.8.0.6.54163 > google-public-dns-a.google.com.domain: 57270+ A? whoer.net. (27)
20:54:43.545706 IP 10.8.0.6.60643 > google-public-dns-b.google.com.domain: 42041+ A? dnl-01.geo.kaspersky.com. (42)
20:54:43.545729 IP 10.8.0.6.60643 > google-public-dns-a.google.com.domain: 42041+ A? dnl-01.geo.kaspersky.com. (42)
20:54:44.708330 IP 10.8.0.6.54163 > google-public-dns-b.google.com.domain: 57270+ A? whoer.net. (27)
20:54:44.708366 IP 10.8.0.6.54163 > google-public-dns-a.google.com.domain: 57270+ A? whoer.net. (27)
20:54:44.708389 IP 10.8.0.6.60643 > google-public-dns-b.google.com.domain: 42041+ A? dnl-01.geo.kaspersky.com. (42)
20:54:44.708408 IP 10.8.0.6.60643 > google-public-dns-a.google.com.domain: 42041+ A? dnl-01.geo.kaspersky.com. (42)
20:54:46.102092 IP 10.8.0.6.54163 > google-public-dns-b.google.com.domain: 57270+ A? whoer.net. (27)
20:54:46.102171 IP 10.8.0.6.54163 > google-public-dns-a.google.com.domain: 57270+ A? whoer.net. (27)
20:54:46.102232 IP 10.8.0.6.12877 > 81.19.104.129.https: Flags [S], seq 1679421618, win 8192, options [mss 1366,nop,wscale 2,sackOK,TS val 4532021 ecr 0], length 0
20:54:46.239889 IP 10.8.0.6.60643 > google-public-dns-a.google.com.domain: 42041+ A? dnl-01.geo.kaspersky.com. (42)
20:54:46.239915 IP 10.8.0.6.60643 > google-public-dns-b.google.com.domain: 42041+ A? dnl-01.geo.kaspersky.com. (42)
20:54:46.240005 IP 10.8.0.6.61578 > client.yota.ru.61347: UDP, length 285
20:54:47.089908 IP 10.8.0.6.60264 > google-public-dns-a.google.com.domain: 10002+ A? 2ip.ru. (24)
20:54:48.175194 IP 10.8.0.6.54163 > google-public-dns-a.google.com.domain: 57270+ A? whoer.net. (27)
20:54:48.175222 IP 10.8.0.6.54163 > google-public-dns-b.google.com.domain: 57270+ A? whoer.net. (27)
20:54:48.175240 IP 10.8.0.6.63273 > google-public-dns-a.google.com.domain: 25813+ A? www.myip.ru. (29)
20:54:48.175256 IP 10.8.0.6.60264 > google-public-dns-b.google.com.domain: 10002+ A? 2ip.ru. (24)
20:54:48.175272 IP 10.8.0.6.60264 > google-public-dns-a.google.com.domain: 10002+ A? 2ip.ru. (24)
20:54:48.305364 IP 10.8.0.6.63273 > google-public-dns-b.google.com.domain: 25813+ A? www.myip.ru. (29)
20:54:48.305502 IP 10.8.0.6.63273 > google-public-dns-a.google.com.domain: 25813+ A? www.myip.ru. (29)
20:54:49.269930 IP 10.8.0.6.60264 > google-public-dns-b.google.com.domain: 10002+ A? 2ip.ru. (24)
20:54:49.269962 IP 10.8.0.6.60264 > google-public-dns-a.google.com.domain: 10002+ A? 2ip.ru. (24)
20:54:58.449573 IP 10.8.0.6.54388 > google-public-dns-a.google.com.domain: 31280+ A? dnl-02.geo.kaspersky.com. (42)
20:54:58.449602 IP 10.8.0.6.54388 > google-public-dns-b.google.com.domain: 31280+ A? dnl-02.geo.kaspersky.com. (42)
20:55:03.379583 IP 10.8.0.6.62692 > google-public-dns-b.google.com.domain: 34114+ A? dns.msftncsi.com. (34)
20:55:05.349278 IP 10.8.0.6.53901 > google-public-dns-a.google.com.domain: 60461+ A? whoer.net. (27)
20:55:05.436922 IP 10.8.0.6.53901 > google-public-dns-b.google.com.domain: 60461+ A? whoer.net. (27)
20:55:05.436971 IP 10.8.0.6.62692 > google-public-dns-a.google.com.domain: 34114+ A? dns.msftncsi.com. (34)
20:55:05.436998 IP 10.8.0.6.62692 > google-public-dns-b.google.com.domain: 34114+ A? dns.msftncsi.com. (34)
20:55:06.068260 IP 10.8.0.6.61578 > dynamic-adsl-94-39-217-29.clienti.tiscali.it.52833: UDP, length 287
20:55:06.164780 IP 10.8.0.6.54463 > google-public-dns-b.google.com.domain: 48180+ A? dnl-03.geo.kaspersky.com. (42)
20:55:06.622559 IP 10.8.0.6.61578 > 78.250.144.181.9266: UDP, length 287
20:55:07.166115 IP 10.8.0.6.54463 > google-public-dns-a.google.com.domain: 48180+ A? dnl-03.geo.kaspersky.com. (42)
20:55:07.249626 IP 10.8.0.6.54463 > google-public-dns-b.google.com.domain: 48180+ A? dnl-03.geo.kaspersky.com. (42)
20:55:08.165214 IP 10.8.0.6.54463 > google-public-dns-a.google.com.domain: 48180+ A? dnl-03.geo.kaspersky.com. (42)
20:55:08.252283 IP 10.8.0.6.54463 > google-public-dns-b.google.com.domain: 48180+ A? dnl-03.geo.kaspersky.com. (42)
20:55:08.522950 IP 10.8.0.6.61578 > 175.42.124.78.rev.sfr.net.62441: UDP, length 317
20:55:08.877955 IP 10.8.0.6.61578 > blk-142-28-58.eastlink.ca.35153: UDP, length 287
20:55:09.380207 IP 10.8.0.6.62692 > google-public-dns-a.google.com.domain: 34114+ A? dns.msftncsi.com. (34)
20:55:09.469624 IP 10.8.0.6.62692 > google-public-dns-b.google.com.domain: 34114+ A? dns.msftncsi.com. (34)
20:55:10.165696 IP 10.8.0.6.54463 > google-public-dns-a.google.com.domain: 48180+ A? dnl-03.geo.kaspersky.com. (42)
20:55:10.461223 IP 10.8.0.6.54463 > google-public-dns-b.google.com.domain: 48180+ A? dnl-03.geo.kaspersky.com. (42)
20:55:14.165194 IP 10.8.0.6.54463 > google-public-dns-a.google.com.domain: 48180+ A? dnl-03.geo.kaspersky.com. (42)
20:55:14.460750 IP 10.8.0.6.54463 > google-public-dns-b.google.com.domain: 48180+ A? dnl-03.geo.kaspersky.com. (42)
20:55:18.164794 IP 10.8.0.6.53797 > google-public-dns-a.google.com.domain: 496+ A? dnl-04.geo.kaspersky.com. (42)
20:55:18.663887 IP 10.8.0.6.61578 > 189-105-52-210.user.veloxzone.com.br.15739: UDP, length 287
20:55:19.268132 IP 10.8.0.6.62047 > google-public-dns-a.google.com.domain: 35460+ A? whoer.net. (27)
20:55:19.268167 IP 10.8.0.6.53797 > google-public-dns-b.google.com.domain: 496+ A? dnl-04.geo.kaspersky.com. (42)
20:55:19.268190 IP 10.8.0.6.53797 > google-public-dns-a.google.com.domain: 496+ A? dnl-04.geo.kaspersky.com. (42)
20:55:19.959766 IP 10.8.0.6.62047 > google-public-dns-b.google.com.domain: 35460+ A? whoer.net. (27)
20:55:20.084793 IP 10.8.0.6.62047 > google-public-dns-a.google.com.domain: 35460+ A? whoer.net. (27)
20:55:20.581821 IP 10.8.0.6.53797 > google-public-dns-b.google.com.domain: 496+ A? dnl-04.geo.kaspersky.com. (42)
20:55:20.581851 IP 10.8.0.6.53797 > google-public-dns-a.google.com.domain: 496+ A? dnl-04.geo.kaspersky.com. (42)
20:55:21.189194 IP 10.8.0.6.62047 > google-public-dns-b.google.com.domain: 35460+ A? whoer.net. (27)
20:55:21.189275 IP 10.8.0.6.62047 > google-public-dns-a.google.com.domain: 35460+ A? whoer.net. (27)
20:55:21.189371 IP 10.8.0.6.60328 > google-public-dns-a.google.com.domain: 8758+ A? 2ip.ru. (24)
20:55:21.189417 IP 10.8.0.6.61578 > 114.108.237.73.11659: UDP, length 287
20:55:21.999765 IP 10.8.0.6.60328 > google-public-dns-b.google.com.domain: 8758+ A? 2ip.ru. (24)
20:55:22.798047 IP 10.8.0.6.60328 > google-public-dns-a.google.com.domain: 8758+ A? 2ip.ru. (24)
20:55:22.798082 IP 10.8.0.6.53797 > google-public-dns-a.google.com.domain: 496+ A? dnl-04.geo.kaspersky.com. (42)
20:55:22.798102 IP 10.8.0.6.53797 > google-public-dns-b.google.com.domain: 496+ A? dnl-04.geo.kaspersky.com. (42)
20:55:22.798126 IP 10.8.0.6.61578 > 105.158.219.92.51413: UDP, length 285
20:55:22.798164 IP 10.8.0.6.60111 > google-public-dns-a.google.com.domain: 53131+ A? www.myip.ru. (29)
20:55:22.959043 IP 10.8.0.6.62047 > google-public-dns-a.google.com.domain: 35460+ A? whoer.net. (27)
20:55:23.664531 IP 10.8.0.6.62047 > google-public-dns-b.google.com.domain: 35460+ A? whoer.net. (27)
20:55:23.664571 IP 10.8.0.6.60328 > google-public-dns-b.google.com.domain: 8758+ A? 2ip.ru. (24)
20:55:23.664604 IP 10.8.0.6.60328 > google-public-dns-a.google.com.domain: 8758+ A? 2ip.ru. (24)
20:55:23.664637 IP 10.8.0.6.61578 > 162-204-111-69.lightspeed.rcsntx.sbcglobal.net.47836: UDP, length 287
20:55:23.664683 IP 10.8.0.6.60111 > google-public-dns-b.google.com.domain: 53131+ A? www.myip.ru. (29)
20:55:23.664710 IP 10.8.0.6.60111 > google-public-dns-a.google.com.domain: 53131+ A? www.myip.ru. (29)
20:55:25.050324 IP 10.8.0.6.60111 > google-public-dns-b.google.com.domain: 53131+ A? www.myip.ru. (29)
20:55:25.050368 IP 10.8.0.6.60111 > google-public-dns-a.google.com.domain: 53131+ A? www.myip.ru. (29)
20:55:25.182814 IP 10.8.0.6.61578 > 128.gprs.mts.ru.55835: UDP, length 889
20:55:25.182889 IP 10.8.0.6.60328 > google-public-dns-a.google.com.domain: 8758+ A? 2ip.ru. (24)
20:55:25.182905 IP 10.8.0.6.60328 > google-public-dns-b.google.com.domain: 8758+ A? 2ip.ru. (24)
20:55:26.165723 IP 10.8.0.6.53797 > google-public-dns-a.google.com.domain: 496+ A? dnl-04.geo.kaspersky.com. (42)
20:55:26.280063 IP 10.8.0.6.53797 > google-public-dns-b.google.com.domain: 496+ A? dnl-04.geo.kaspersky.com. (42)
20:55:26.609091 IP 10.8.0.6.60111 > google-public-dns-a.google.com.domain: 53131+ A? www.myip.ru. (29)
20:55:27.133023 IP 10.8.0.6.60111 > google-public-dns-b.google.com.domain: 53131+ A? www.myip.ru. (29)
20:55:27.133059 IP 10.8.0.6.62047 > google-public-dns-a.google.com.domain: 35460+ A? whoer.net. (27)
20:55:27.133085 IP 10.8.0.6.62047 > google-public-dns-b.google.com.domain: 35460+ A? whoer.net. (27)
20:55:27.522987 IP 10.8.0.6.61578 > net-2-40-151-210.cust.dsl.teletu.it.52818: UDP, length 287
 
Последнее редактирование:
Продолжение
Код:
20:55:27.802812 IP 10.8.0.6.61578 > 213.5.128.16.23477: UDP, length 287
20:55:28.999940 IP 10.8.0.6.60328 > google-public-dns-a.google.com.domain: 8758+ A? 2ip.ru. (24)
20:55:29.400522 IP 10.8.0.6.60328 > google-public-dns-b.google.com.domain: 8758+ A? 2ip.ru. (24)
20:55:30.202120 IP 10.8.0.6.59357 > google-public-dns-b.google.com.domain: 32064+ A? dnl-05.geo.kaspersky.com. (42)
20:55:31.812323 IP 10.8.0.6.60111 > google-public-dns-a.google.com.domain: 53131+ A? www.myip.ru. (29)
20:55:35.020760 IP 10.8.0.6.59357 > google-public-dns-a.google.com.domain: 32064+ A? dnl-05.geo.kaspersky.com. (42)
20:55:35.020905 IP 10.8.0.6.59357 > google-public-dns-b.google.com.domain: 32064+ A? dnl-05.geo.kaspersky.com. (42)
20:55:35.020922 IP 10.8.0.6.59357 > google-public-dns-a.google.com.domain: 32064+ A? dnl-05.geo.kaspersky.com. (42)
20:55:35.021028 IP 10.8.0.6.59357 > google-public-dns-b.google.com.domain: 32064+ A? dnl-05.geo.kaspersky.com. (42)
20:55:35.104509 IP 10.8.0.6.61578 > ppp005055091224.access.hol.gr.60688: UDP, length 287
20:55:35.322778 IP 10.8.0.6.61578 > host-92-23-57-121.as13285.net.10076: UDP, length 287
20:55:38.164882 IP 10.8.0.6.59357 > google-public-dns-b.google.com.domain: 32064+ A? dnl-05.geo.kaspersky.com. (42)
20:55:40.345697 IP 10.8.0.6.61578 > 92-249-240-110.pool.digikabel.hu.12605: UDP, length 106
20:55:40.429642 IP 10.8.0.6.61578 > c-50-190-82-106.hsd1.md.comcast.net.61047: UDP, length 106
20:55:40.429710 IP 10.8.0.6.61578 > CPE78cd8ecda938-CM78cd8ecda935.cpe.net.cable.rogers.com.45904: UDP, length 106
20:55:40.429753 IP 10.8.0.6.61578 > ctel-78-157-17-81.cabletel.com.mk.6803: UDP, length 106
20:55:42.165240 IP 10.8.0.6.65046 > google-public-dns-a.google.com.domain: 60111+ A? dnl-06.geo.kaspersky.com. (42)
20:55:42.346051 IP 10.8.0.6.61578 > 178-117-81-81.access.telenet.be.38814: UDP, length 106
20:55:42.434550 IP 10.8.0.6.61578 > dynamicip-176-213-17-81.pppoe.nn.ertelecom.ru.14019: UDP, length 106
20:55:42.434581 IP 10.8.0.6.61578 > dynamic-213-198-207-164.adsl.eunet.rs.21546: UDP, length 106
20:55:42.434668 IP 10.8.0.6.61578 > catv-89-133-47-96.catv.broadband.hu.17387: UDP, length 106
20:55:43.164909 IP 10.8.0.6.65046 > google-public-dns-b.google.com.domain: 60111+ A? dnl-06.geo.kaspersky.com. (42)
20:55:43.244897 IP 10.8.0.6.65046 > google-public-dns-a.google.com.domain: 60111+ A? dnl-06.geo.kaspersky.com. (42)
20:55:44.164945 IP 10.8.0.6.65046 > google-public-dns-b.google.com.domain: 60111+ A? dnl-06.geo.kaspersky.com. (42)
20:55:44.245121 IP 10.8.0.6.65046 > google-public-dns-a.google.com.domain: 60111+ A? dnl-06.geo.kaspersky.com. (42)
20:55:46.165227 IP 10.8.0.6.65046 > google-public-dns-a.google.com.domain: 60111+ A? dnl-06.geo.kaspersky.com. (42)
20:55:46.244894 IP 10.8.0.6.65046 > google-public-dns-b.google.com.domain: 60111+ A? dnl-06.geo.kaspersky.com. (42)
20:55:49.093070 IP 10.8.0.6.61578 > 184-77-124-233.los.clearwire-wmx.net.22627: UDP, length 287
20:55:50.165176 IP 10.8.0.6.65046 > google-public-dns-a.google.com.domain: 60111+ A? dnl-06.geo.kaspersky.com. (42)
20:55:50.244836 IP 10.8.0.6.65046 > google-public-dns-b.google.com.domain: 60111+ A? dnl-06.geo.kaspersky.com. (42)
20:55:52.868250 IP 10.8.0.6.61578 > ppp-2-84-55-190.home.otenet.gr.13164: UDP, length 287
20:55:54.969020 IP 10.8.0.6.62422 > google-public-dns-b.google.com.domain: 19002+ A? dnl-07.geo.kaspersky.com. (42)
20:55:55.164895 IP 10.8.0.6.62422 > google-public-dns-a.google.com.domain: 19002+ A? dnl-07.geo.kaspersky.com. (42)
20:55:55.470694 IP 10.8.0.6.62422 > google-public-dns-b.google.com.domain: 19002+ A? dnl-07.geo.kaspersky.com. (42)
20:55:55.470803 IP 10.8.0.6.61578 > 5x165x186x184.dynamic.penza.ertelecom.ru.15320: UDP, length 287
20:55:56.164825 IP 10.8.0.6.62422 > google-public-dns-a.google.com.domain: 19002+ A? dnl-07.geo.kaspersky.com. (42)
20:55:56.661324 IP 10.8.0.6.62422 > google-public-dns-b.google.com.domain: 19002+ A? dnl-07.geo.kaspersky.com. (42)
20:55:58.165190 IP 10.8.0.6.62422 > google-public-dns-a.google.com.domain: 19002+ A? dnl-07.geo.kaspersky.com. (42)
20:55:58.570965 IP 10.8.0.6.62422 > google-public-dns-b.google.com.domain: 19002+ A? dnl-07.geo.kaspersky.com. (42)
138 packets captured
175 packets received by filter
36 packets dropped by kernel

Если IP указывать,
Код:
tcpdump -i tun0 host 10.0.1.95
то пакеты тоже стали захватываться. Может просто подвисло что-то когда я проверял.
 
Последнее редактирование:
Назад
Сверху