openvpn 的问提

gentookid · n00b Joined: 26 Feb 2009 Posts: 4

openvpn 能连上，也能ping通，但是不能同过server转发
server.conf

port 1194
proto tcp
dev tun
ca privatenet/ca.crt
cert privatenet/server.crt
key privatenet/server.key
dh privatenet/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 210
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

client.conf
client
dev tun
proto tcp
remote A.B.C.D 1194
resolv-retry infinite
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
redirect-gateway

连上openvpn前
WINDOW IPCONFIG /ALL
Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.

C:\Documents and Settings\zen>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : sinking
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter 本地连接:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethe
rnet NIC
Physical Address. . . . . . . . . : 00-10-5C-B4-8B-CE
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.119
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : 2009年3月4日 16:01:40
Lease Expires . . . . . . . . . . : 2009年3月5日 16:01:40

Ethernet adapter {3F30A323-A5EA-4B4C-9F8C-F36054DE7050}:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : TAP-Win32 Adapter V8 - 数据包计划程
序微型端口
Physical Address. . . . . . . . . : 00-FF-3F-30-A3-23

连上openvpn后
Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.

C:\Documents and Settings\zen>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : sinking
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter 本地连接:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethe
rnet NIC
Physical Address. . . . . . . . . : 00-10-5C-B4-8B-CE
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.119
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : 2009年3月4日 16:01:40
Lease Expires . . . . . . . . . . : 2009年3月5日 16:01:40

Ethernet adapter {3F30A323-A5EA-4B4C-9F8C-F36054DE7050}:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V8 - 数据包计划程
序微型端口
Physical Address. . . . . . . . . : 00-FF-3F-30-A3-23
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.8.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 10.8.0.5
DHCP Server . . . . . . . . . . . : 10.8.0.5
Lease Obtained. . . . . . . . . . : 2009年3月4日 17:34:05
Lease Expires . . . . . . . . . . : 2010年3月4日 17:34:05

openvpn 连接log
Wed Mar 04 17:33:46 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Wed Mar 04 17:33:46 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Mar 04 17:33:46 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Mar 04 17:33:46 2009 LZO compression initialized
Wed Mar 04 17:33:46 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Mar 04 17:33:46 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar 04 17:33:46 2009 Local Options hash (VER=V4): '69109d17'
Wed Mar 04 17:33:46 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Wed Mar 04 17:33:46 2009 Attempting to establish TCP connection with A.B.C.D:1194
Wed Mar 04 17:33:46 2009 TCP connection established with A.B.C.D:1194
Wed Mar 04 17:33:46 2009 TCPv4_CLIENT link local: [undef]
Wed Mar 04 17:33:46 2009 TCPv4_CLIENT link remote: A.B.C.D:1194
Wed Mar 04 17:33:46 2009 TLS: Initial packet from:A.B.C.D:1194, sid=0592cea4 6cf317d3
Wed Mar 04 17:33:50 2009 VERIFY OK: depth=1, /C=CN/ST=ZJ/L=SX/O=VPNSEED/CN=VPNSEED-CA/emailAddress=X@gmail.com
Wed Mar 04 17:33:50 2009 VERIFY OK: depth=0, /C=CN/ST=ZJ/L=SX/O=VPNSEED/CN=server/emailAddress=X@gmail.com
Wed Mar 04 17:33:55 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 04 17:33:55 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 04 17:33:55 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 04 17:33:55 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 04 17:33:55 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 04 17:33:55 2009 [server] Peer Connection Initiated with A.B.C.D:1194
Wed Mar 04 17:33:56 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Mar 04 17:33:57 2009 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 210,ifconfig 10.8.0.6 10.8.0.5'
Wed Mar 04 17:33:57 2009 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:2: topology (2.0.9)
Wed Mar 04 17:33:57 2009 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 04 17:33:57 2009 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 04 17:33:57 2009 OPTIONS IMPORT: route options modified
Wed Mar 04 17:33:58 2009 TAP-WIN32 device [NULL] opened: \\.\Global\{3F30A323-A5EA-4B4C-9F8C-F36054DE7050}.tap
Wed Mar 04 17:33:58 2009 TAP-Win32 Driver Version 8.4
Wed Mar 04 17:33:58 2009 TAP-Win32 MTU=1500
Wed Mar 04 17:33:58 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {3F30A323-A5EA-4B4C-9F8C-F36054DE7050} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Wed Mar 04 17:33:58 2009 Successful ARP Flush on interface [3] {3F30A323-A5EA-4B4C-9F8C-F36054DE7050}
Wed Mar 04 17:33:58 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Wed Mar 04 17:33:58 2009 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 04 17:33:59 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Wed Mar 04 17:33:59 2009 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 04 17:34:00 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Wed Mar 04 17:34:00 2009 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 04 17:34:01 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Wed Mar 04 17:34:01 2009 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 04 17:34:03 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Wed Mar 04 17:34:03 2009 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 04 17:34:04 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Wed Mar 04 17:34:04 2009 Route: Waiting for TUN/TAP interface to come up...
Wed Mar 04 17:34:05 2009 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Wed Mar 04 17:34:05 2009 route ADD A.B.C.D MASK 255.255.255.255 192.168.1.1
Wed Mar 04 17:34:05 2009 Route addition via IPAPI succeeded
Wed Mar 04 17:34:05 2009 route DELETE 0.0.0.0 MASK 0.0.0.0 192.168.1.1
Wed Mar 04 17:34:05 2009 Route deletion via IPAPI succeeded
Wed Mar 04 17:34:05 2009 route ADD 0.0.0.0 MASK 0.0.0.0 10.8.0.5
Wed Mar 04 17:34:05 2009 Route addition via IPAPI succeeded
Wed Mar 04 17:34:05 2009 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed Mar 04 17:34:05 2009 Route addition via IPAPI succeeded
Wed Mar 04 17:34:05 2009 Initialization Sequence Completed