OpenVPN - [55] :: В помощь системному администратору

Конфигурация OpenVPN сервер на базе Мандривы2011 и удаленный клиент WinXP OpenVPN GUI

за сервером сетка 192.168.0.0 255.255.255.0

сервер запускается:
OpenVPN 2.2.1 i586-mandriva-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jul 8 2011
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
WARNING: file 'keys/baden/baden2.key' is group or others accessible
TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
TUN/TAP device tun0 opened
/sbin/ip link set dev tun0 up mtu 1500
/sbin/ip addr add dev tun0 local 192.168.10.1 peer 192.168.10.2
Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
GID set to nogroup
UID set to nobody
UDPv4 link local (bound): [undef]:1194
UDPv4 link remote: [undef]
Initialization Sequence Completed

клиент запускается:
OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
LZO compression initialized
Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Local Options hash (VER=V4): '94012f71'
Expected Remote Options hash (VER=V4): 'f2dba00b'
UDPv4 link local: [undef]
UDPv4 link remote: xx.xx.xx.xx:1194
VERIFY OK: depth=1, /C=US/ST=NY/L=New_York/O=Baden/emailAddress=xxxxxxxxx@baden.ua
VERIFY OK: depth=0, /C=US/ST=NY/L=New_York/O=Baden/OU=Office/CN=baden2/emailAddress=xxxxxxxxx@baden.ua
Data Channel Encrypt: Cipher 'DES-CBC' initialized with 64 bit key
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'DES-CBC' initialized with 64 bit key
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[baden2] Peer Connection Initiated with xx.xx.xx.xx:1194
Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: topology (2.0.9)
TAP-WIN32 device [Local Area Connection 13] opened: \\.\Global\{F2FF00D7-D945-4C4B-A1A1-33FE9A1F007C}.tap
TAP-Win32 MTU=1500
Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.10.6/255.255.255.252 on interface {F2FF00D7-D945-4C4B-A1A1-33FE9A1F007C} [DHCP-serv: 192.168.10.5, lease-time: 31536000]
Successful ARP Flush on interface [131077] {F2FF00D7-D945-4C4B-A1A1-33FE9A1F007C}
Warning: route gateway is not reachable on any active network adapters: 192.168.10.5
Initialization Sequence Completed

на сервере стоит shorewall
в zones стоит
road ipv4
в interfaces
road tun+
в tunnels стоит
openvpnserver:1194 net 0.0.0.0/0
в policy стоит
road loc ACCEPT
road $FW ACCEPT

в итоге с клиента пингую только его самого - 192.168.10.6 и 192.168.10.2, больше ничего не пингуется

что не так?

Модерирует : lynx, Crash_Master, dg, emx, ShriEkeR
Версия для печати • Подписаться • Добавить в закладки
Страницы: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138