Jump to content
Как правильно добавить self-test и прочую отладку в тему
Официальное хранилище ПО в виде файлов

ISP-PPOE - OpenVPN не пускает в сеть за роутером и в интернет

AlexWalex
 Share

Recommended Posts

AlexWalex Newbie

AlexWalex

Posted
Posted (edited)

Всем добрый день.

Может кто сталкивался. 

Имеем: Keenetc Titan получает интернет от провайдера через PPOE с "динамическим" IP. На Kennetic имеется доменное имя типа xxx.keentic.link и локалкой 192.168.100.0. Также поднят OpenVPN сервер 10.100.100.1, работает, клиенты подключаются без проблем, но не могут видеть сеть за роутером и не могут выходить в интернет.

Вопрос, это какая то особенность, что есть выход в сеть через PPOE, то OpenVPN не работает?

Имеется второй сервер, также на Kenetic Titan, только с традиционным подключением, и все работает без проблем. Правда IP "статический", но наверняка не в IP проблема.

Server Config:

Spoiler

cipher AES-128-CBC
dev tun0
tls-server
proto udp4
push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
topology subnet
server 10.100.100.0 255.255.255.0
duplicate-cn
#comp-lzo
#user nobody
#group nogroup
#persist-key
#persist-tun

keepalive 10 120
client-to-client
# Our pre-shared static key

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
; port 1194

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive.  Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection.  For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3


<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>

<dh>
-----BEGIN DH PARAMETERS-----

-----END DH PARAMETERS-----
</dh>

Client Config

Spoiler

#
# Sample OpenVPN configuration file for
# home using a pre-shared static key.
#
# '#' or ';' may be used to delimit comments.

# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun0
proto udp4
client
tls-client
cipher AES-128-CBC
remote xxxx.keenetic.link 1194
redirect-gateway def1
mssfix 1300
#route 0.0.0.0 0.0.0.0
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4

# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
# ifconfig 10.100.100.2 10.100.100.1

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
; port 1195

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive.  Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection.  For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3
 

Подскажите, как победить?

Edited by AlexWalex

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

This site uses cookies. By clicking "I accept" or continuing to browse the site, you authorize their use in accordance with the Privacy Policy.

  I accept