Настроил ВПН сервер на FreeBSD 7.1
Ситуация в чем, есть 12 регионов в каждом из них работает по 2-3 человека которым нужен доступ к нескольким сервера внутри сети,
пытаюсь уже месяц построить ВПН из дома с офисом и некак не выходит, сеть офисная вида 192.168.24.0/24
ВПН соеединяеться мне выдаеться Адресс но все останавливаеться на пингах реальной сети...
конфиги:
[RAIN] root@/usr/local/etc/openvpn/ccd%> uname -a FreeBSD RAIN.lan 7.1-RELEASE-p3 FreeBSD 7.1-RELEASE-p3 #0: Wed Mar 18 10:24:20 EET 2009 root@RAIN.lan:/usr/obj/usr/src/sys/RAIN i386
Server: ==========>
Код: Выделить всё
port 2000
proto tcp
dev tun0
# CA
ca /usr/local/etc/openvpn/server/ca.crt
cert /usr/local/etc/openvpn/server/rain.crt
key /usr/local/etc/openvpn/server/rain.key
dh /usr/local/etc/openvpn/server/dh1024.pem
server 10.10.200.0 255.255.255.0
push "route 192.168.24.0 255.255.255.0"
client-config-dir ccd
route 10.10.200.0 255.255.255.252
# TLS
tls-server
tls-auth server/ta.key 0
#
tls-timeout 120
auth MD5 #
cipher BF-CBC
keepalive 10 120
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
Код: Выделить всё
ifconfig-push 10.10.200.2 10.10.200.1
Client Windows XP: ======>
Код: Выделить всё
dev tun
proto tcp
remote somehost.domain.com
port 2000
client
resolv-retry infinite
ca ca.crt
cert win.crt
key win.key
tls-client
tls-auth ta.key 1
auth MD5
cipher BF-CBC
ns-cert-type server
comp-lzo
persist-key
persist-tun
verb 3
Код: Выделить всё
Sat May 23 00:42:03 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat May 23 00:42:03 2009 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat May 23 00:42:03 2009 Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat May 23 00:42:03 2009 Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Sat May 23 00:42:03 2009 LZO compression initialized
Sat May 23 00:42:03 2009 Control Channel MTU parms [ L:1540 D:164 EF:64 EB:0 ET:0 EL:0 ]
Sat May 23 00:42:03 2009 Data Channel MTU parms [ L:1540 D:1450 EF:40 EB:135 ET:0 EL:0 AF:3/1 ]
Sat May 23 00:42:03 2009 Local Options hash (VER=V4): 'e6beeeed'
Sat May 23 00:42:03 2009 Expected Remote Options hash (VER=V4): '9183b24b'
Sat May 23 00:42:03 2009 Attempting to establish TCP connection with 93.127.49.78:2000
Sat May 23 00:42:03 2009 TCP connection established with 93.127.49.78:2000
Sat May 23 00:42:03 2009 TCPv4_CLIENT link local: [undef]
Sat May 23 00:42:03 2009 TCPv4_CLIENT link remote: 93.127.49.78:2000
Sat May 23 00:42:03 2009 TLS: Initial packet from 93.127.49.78:2000, sid=297a3716 8cdcbeda
Sat May 23 00:42:05 2009 VERIFY OK: depth=1, /C=UA/ST=Kv/L=KIEV/O=RG2Q_Team/OU=rain/CN=rain.rg2q.com/emailAddress=alex@rg2q.com
Sat May 23 00:42:05 2009 VERIFY OK: nsCertType=SERVER
Sat May 23 00:42:05 2009 VERIFY OK: depth=0, /C=UA/ST=Kv/O=RG2Q_Team/OU=rain/CN=rain.rg2q.com/emailAddress=alex@rg2q.com
Sat May 23 00:42:08 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat May 23 00:42:08 2009 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Sat May 23 00:42:08 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat May 23 00:42:08 2009 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Sat May 23 00:42:08 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat May 23 00:42:08 2009 [rain.rg2q.com] Peer Connection Initiated with 93.127.49.78:2000
Sat May 23 00:42:09 2009 SENT CONTROL [rain.rg2q.com]: 'PUSH_REQUEST' (status=1)
Sat May 23 00:42:09 2009 PUSH: Received control message: 'PUSH_REPLY,route 192.168.24.0 255.255.255.0,route 10.10.200.1,ping 10,ping-restart 120,ifconfig 10.10.200.6 10.10.200.5'
Sat May 23 00:42:09 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sat May 23 00:42:09 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sat May 23 00:42:09 2009 OPTIONS IMPORT: route options modified
Sat May 23 00:42:09 2009 TAP-WIN32 device [VPN] opened: \\.\Global\{F17E1779-31CF-4E80-A5CC-8286149E2291}.tap
Sat May 23 00:42:09 2009 TAP-Win32 Driver Version 8.4
Sat May 23 00:42:09 2009 TAP-Win32 MTU=1500
Sat May 23 00:42:09 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.10.200.6/255.255.255.252 on interface {F17E1779-31CF-4E80-A5CC-8286149E2291} [DHCP-serv: 10.10.200.5, lease-time: 31536000]
Sat May 23 00:42:09 2009 Successful ARP Flush on interface [2] {F17E1779-31CF-4E80-A5CC-8286149E2291}
Sat May 23 00:42:09 2009 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Sat May 23 00:42:09 2009 Route: Waiting for TUN/TAP interface to come up...
Sat May 23 00:42:10 2009 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Sat May 23 00:42:10 2009 route ADD 192.168.24.0 MASK 255.255.255.0 10.10.200.5
Sat May 23 00:42:10 2009 Route addition via IPAPI succeeded
Sat May 23 00:42:10 2009 route ADD 10.10.200.1 MASK 255.255.255.255 10.10.200.5
Sat May 23 00:42:10 2009 Route addition via IPAPI succeeded
Sat May 23 00:42:10 2009 Initialization Sequence Completed
Код: Выделить всё
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.111.1 UGS 0 41064559 rl0
10.10.200.0/30 10.10.200.2 UGS 0 0 tun0 =>
10.10.200.0/24 10.10.200.2 UGS 0 3 tun0
10.10.200.2 10.10.200.1 UH 2 0 tun0
127.0.0.1 127.0.0.1 UH 0 2473 lo0
192.168.2.0/28 link#1 UC 0 0 ed0
192.168.24.0/24 link#1 UC 0 0 ed0
192.168.24.1 00:10:dc:00:32:a0 UHLW 1 306 ed0 594
192.168.24.2 00:0e:0c:3d:c0:0b UHLW 1 864 ed0 1192
192.168.24.3 00:18:71:ea:70:cf UHLW 1 356 ed0 1100
192.168.24.4 00:00:21:29:52:d6 UHLW 1 7676 lo0
192.168.24.5 00:a1:b0:10:d3:d2 UHLW 1 431 ed0 529
192.168.24.7 00:1f:d0:9f:24:46 UHLW 1 1031971 ed0 1194
192.168.24.8 00:07:e9:52:c0:be UHLW 1 15 ed0 1190
192.168.24.11 00:1a:92:46:0f:fc UHLW 1 1952551 ed0 1199
192.168.100.0/24 link#1 UC 0 0 ed0
192.168.111.0/30 link#2 UC 0 0 rl0
192.168.111.1 00:1a:98:01:23:7e UHLW 2 0 rl0 1141
Код: Выделить всё
Microsoft Windows XP [Версия 5.1.2600]
(С) Корпорация Майкрософт, 1985-2001.
C:\Documents and Settings\User>route print
===========================================================================
Список интерфейсов
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff f1 7e 17 79 ...... TAP-Win32 Adapter V8
0x10004 ...08 00 27 e3 12 20 ...... Intel(R) PRO/1000 MT Desktop Adapter
===========================================================================
===========================================================================
Активные маршруты:
Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика
0.0.0.0 0.0.0.0 10.0.2.2 10.0.2.15 1
10.0.2.0 255.255.255.0 10.0.2.15 10.0.2.15 10
10.0.2.15 255.255.255.255 127.0.0.1 127.0.0.1 10
10.10.200.1 255.255.255.255 10.10.200.5 10.10.200.6 1
10.10.200.4 255.255.255.252 10.10.200.6 10.10.200.6 30
10.10.200.6 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.0.2.15 10.0.2.15 10
10.255.255.255 255.255.255.255 10.10.200.6 10.10.200.6 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.24.0 255.255.255.0 10.10.200.5 10.10.200.6 1
224.0.0.0 240.0.0.0 10.0.2.15 10.0.2.15 10
224.0.0.0 240.0.0.0 10.10.200.6 10.10.200.6 30
255.255.255.255 255.255.255.255 10.0.2.15 10.0.2.15 1
255.255.255.255 255.255.255.255 10.10.200.6 10.10.200.6 1
Основной шлюз: 10.0.2.2
===========================================================================
Постоянные маршруты:
Отсутствует
C:\Documents and Settings\User>
в итоге:
Код: Выделить всё
Microsoft Windows XP [Версия 5.1.2600]
(С) Корпорация Майкрософт, 1985-2001.
C:\Documents and Settings\User>tracert 192.168.24.3
Трассировка маршрута к 192.168.24.3 с максимальным числом прыжков 30
1 26 ms 29 ms 24 ms in-010-200-001.lan [10.10.200.1]
2 * * * Превышен интервал ожидания для запроса.
..................
Что делать уже ума не приложу