Мой план состоит в том, чтобы подключиться через туннель (через Интернет) телефона Android к моей локальной сети дома. Я установил сервер OpenVPN за локальной сетью (маршрутизатором) (IP-адрес 192.168.1.3). Еще есть мой ноутбук. Порт 1194 UDP на моем роутере открыт. Вот мои конфиги:
Сервер:
local 192.168.1.3
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/open_ipp.txt
keepalive 10 120
tls-auth /etc/openvpn/easy_rsa/keys/ta.key 0
cipher AES-256-CBC
comp-lzo
max-clients 10
persist-key
persist-tun
status /var/log/openvpn_status.log
verb 3
push "route 192.168.1.0 255.255.255.0"
Android:
client
dev tun
remote my ip in the world 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.rt
cert android.crt
key android.key
tls-auth ta.key 1
ns-cert-type server
cipher AES-256-CBC
comp-lzo yes
verb 3
mute 20
Здесь у вас есть кое-что из системного журнала с сервера Ubuntu, когда я запускаю openvpn deamon:
Sep 19 13:35:48 Pavillion ovpn-server[2737]: /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
Sep 19 13:35:48 Pavillion NetworkManager[751]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)
Sep 19 13:35:48 Pavillion ovpn-server[2737]: SIGTERM[hard,] received, process exiting
Sep 19 13:35:48 Pavillion ovpn-server[3146]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Sep 19 13:35:48 Pavillion ovpn-server[3146]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sep 19 13:35:48 Pavillion ovpn-server[3146]: Diffie-Hellman initialized with 2048 bit key
Sep 19 13:35:48 Pavillion ovpn-server[3146]: Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
Sep 19 13:35:48 Pavillion ovpn-server[3146]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 19 13:35:48 Pavillion ovpn-server[3146]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 19 13:35:48 Pavillion ovpn-server[3146]: Socket Buffers: R=[212992->131072] S=[212992->131072]
Sep 19 13:35:48 Pavillion ovpn-server[3146]: ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlan0 HWADDR=00:21:5d:b2:4f:88
Sep 19 13:35:48 Pavillion ovpn-server[3146]: TUN/TAP device tun0 opened
Sep 19 13:35:48 Pavillion ovpn-server[3146]: TUN/TAP TX queue length set to 100
Sep 19 13:35:48 Pavillion ovpn-server[3146]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sep 19 13:35:48 Pavillion ovpn-server[3146]: /sbin/ip link set dev tun0 up mtu 1500
Sep 19 13:35:48 Pavillion NetworkManager[751]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Sep 19 13:35:48 Pavillion NetworkManager[751]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Sep 19 13:35:48 Pavillion NetworkManager[751]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...
Sep 19 13:35:48 Pavillion ovpn-server[3146]: /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sep 19 13:35:48 Pavillion ovpn-server[3146]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sep 19 13:35:48 Pavillion ovpn-server[3152]: UDPv4 link local (bound): [AF_INET]192.168.1.3:1194
Sep 19 13:35:48 Pavillion ovpn-server[3152]: UDPv4 link remote: [undef]
Sep 19 13:35:48 Pavillion ovpn-server[3152]: MULTI: multi_init called, r=256 v=256
Sep 19 13:35:48 Pavillion ovpn-server[3152]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sep 19 13:35:48 Pavillion ovpn-server[3152]: IFCONFIG POOL LIST
Sep 19 13:35:48 Pavillion ovpn-server[3152]: Initialization Sequence Completed
Это предупреждение выглядит некрасиво, но инициализация завершена. Также я помещаю в свой роутер статический маршрут:
пункт назначения: 10.8.0.0
маска подсети: 255.255.255.0
шлюз: 192.168.1.3
Мой ноутбук внутри Lan может пинговать 10.8.0.1. Пожалуйста, помогите мне :-( Ты мой последний шанс ...