Назад | Перейти на главную страницу

Ошибка при попытке подключиться к моему серверу openVPN

Server.conf

local 10.23.7.11
port 443
proto tcp
dev tun0
ca keys/ca.crt
cert keys/issued/vpn-server.crt
key keys/private/vpn-server.key  # This file should be kept secret
dh keys/dh.pem
ifconfig-pool-persist ipp.txt
route 10.8.0.0 255.255.255.0
cipher AES-256-CBC
max-clients 2
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append  /var/log/openvpn/openvpn.log
verb 6
mute 20

Client.ovpn

client
dev tun0
proto tcp
ca /home/centos/openvpn/keys/ca.crt
cert /home/centos/openvpn/keys/client1.crt
key /home/centos/openvpn/keys/client1.key
remote 10.8.0.1
port 443
persist-key
persist-tun
cipher AES-256-CBC
verb 7

ip ro сервер

default via 10.0.2.2 dev eth0 proto dhcp metric 100
default via 10.23.0.1 dev eth1 proto dhcp metric 101
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 100
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
10.23.0.0/20 dev eth1 proto kernel scope link src 10.23.7.11 metric 101
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev docker_gwbridge proto kernel scope link src 172.18.0.1

ip ro клиент

default via 10.6.216.1 dev eth0
10.6.192.0/21 dev eth0 proto static scope link
10.6.216.0/21 dev eth0 proto kernel scope link src 10.6.221.18
169.254.169.254 via 10.6.217.60 dev eth0 proto static
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev docker_gwbridge proto kernel scope link src 172.18.0.1

вывод клиента при подключении

Fri May  8 15:32:52 2020 us=10392 OpenVPN 2.4.8 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2019
Fri May  8 15:32:52 2020 us=10482 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Fri May  8 15:32:52 2020 us=10768 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May  8 15:32:52 2020 us=11910 PRNG init md=SHA1 size=36
Fri May  8 15:32:52 2020 us=12035 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri May  8 15:32:52 2020 us=12127 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri May  8 15:32:52 2020 us=12147 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri May  8 15:32:52 2020 us=12195 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri May  8 15:32:52 2020 us=12214 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Fri May  8 15:32:52 2020 us=12248 MTU DYNAMIC mtu=1450, flags=2, 1623 -> 1450
Fri May  8 15:32:52 2020 us=12299 RESOLVE_REMOTE flags=0x0101 phase=1 rrs=0 sig=-1 status=0
Fri May  8 15:32:52 2020 us=12585 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Fri May  8 15:32:52 2020 us=12627 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
Fri May  8 15:32:52 2020 us=12672 calc_options_string_link_mtu: link-mtu 1623 -> 1559
Fri May  8 15:32:52 2020 us=12713 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
Fri May  8 15:32:52 2020 us=12735 calc_options_string_link_mtu: link-mtu 1623 -> 1559
Fri May  8 15:32:52 2020 us=12754 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Fri May  8 15:32:52 2020 us=12772 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Fri May  8 15:32:52 2020 us=12866 TCP/UDP: Preserving recently used remote address: [AF_INET]10.8.0.1:443
Fri May  8 15:32:52 2020 us=12938 Socket Buffers: R=[87380->87380] S=[16384->16384]
Fri May  8 15:32:52 2020 us=12986 Attempting to establish TCP connection with [AF_INET]10.8.0.1:443 [nonblock]
Fri May  8 15:32:53 2020 us=13337 TCP connection established with [AF_INET]10.8.0.1:443
Fri May  8 15:32:53 2020 us=13434 TCP_CLIENT link local: (not bound)
Fri May  8 15:32:53 2020 us=13517 TCP_CLIENT link remote: [AF_INET]10.8.0.1:443
Fri May  8 15:32:53 2020 us=13700 TLS Warning: no data channel send key available:  [key#0 state=S_INITIAL id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000]
Fri May  8 15:32:53 2020 us=13752 SENT PING
Fri May  8 15:32:53 2020 us=14002 TCP_CLIENT WRITE [14] to [AF_INET]10.8.0.1:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri May  8 15:32:53 2020 us=92710 Connection reset, restarting [0]
Fri May  8 15:32:53 2020 us=92838 PID packet_id_free
Fri May  8 15:32:53 2020 us=92948 PID packet_id_free
Fri May  8 15:32:53 2020 us=92976 PID packet_id_free
Fri May  8 15:32:53 2020 us=93000 PID packet_id_free
Fri May  8 15:32:53 2020 us=93034 PID packet_id_free
Fri May  8 15:32:53 2020 us=93059 PID packet_id_free
Fri May  8 15:32:53 2020 us=93082 PID packet_id_free
Fri May  8 15:32:53 2020 us=93105 PID packet_id_free
Fri May  8 15:32:53 2020 us=93130 TCP/UDP: Closing socket
Fri May  8 15:32:53 2020 us=93200 PID packet_id_free
Fri May  8 15:32:53 2020 us=93232 SIGUSR1[soft,connection-reset] received, process restarting
Fri May  8 15:32:53 2020 us=93286 Restart pause, 5 second(s)

И вывод сервера в journalctl

8795   local = '10.23.7.11'
8801   local_port = '443'
8807   remote = '[UNDEF]'
8813   remote_port = '443'
8819   remote_float = DISABLED
8825   bind_defined = DISABLED
8831 NOTE: --mute triggered...
8841 271 variation(s) on previous 20 message(s) suppressed by --mute
8850 OpenVPN 2.4.8 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2019
8862 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Flexible Tunneling Application On server.
0013 Diffie-Hellman initialized with 2048 bit key
0959 TLS-Auth MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
1198 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=52:54:00:8a:fe:e6
1582 TUN/TAP device tun0 opened
1620 TUN/TAP TX queue length set to 100
1632 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
1663 /sbin/ip link set dev tun0 up mtu 1500
4937 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
9632 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
0581 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2

1452 ERROR: Linux route add command failed: external program exited with error status: 2
1480 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
1904 Could not determine IPv4/IPv6 protocol. Using AF_INET
2153 Socket Buffers: R=[87380->87380] S=[16384->16384]
2268 Listening for incoming TCP connection on [AF_INET]10.23.7.11:443
2280 TCPv4_SERVER link local (bound): [AF_INET]10.23.7.11:443
2288 TCPv4_SERVER link remote: [AF_UNSPEC]
2299 GID set to nobody
2310 UID set to nobody
2324 MULTI: multi_init called, r=256 v=256
2346 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
2360 IFCONFIG POOL LIST
2372 MULTI: TCP INIT maxclients=2 maxevents=6
2464 Initialization Sequence Completed

Я думаю, что основная проблема заключается в «ОШИБКА: сбой команды добавления маршрута в Linux: внешняя программа завершилась со статусом ошибки: 2». Я читал много форумов, где обсуждалась такая же ошибка, но ничего не помогло.