ISP-PPOE - OpenVPN не пускает в сеть за роутером и в интернет

[AlexWalex]

Всем добрый день.

Может кто сталкивался. 

Имеем: Keenetc Titan получает интернет от провайдера через PPOE с "динамическим" IP. На Kennetic имеется доменное имя типа xxx.keentic.link и локалкой 192.168.100.0. Также поднят OpenVPN сервер 10.100.100.1, работает, клиенты подключаются без проблем, но не могут видеть сеть за роутером и не могут выходить в интернет.

Вопрос, это какая то особенность, что есть выход в сеть через PPOE, то OpenVPN не работает?

Имеется второй сервер, также на Kenetic Titan, только с традиционным подключением, и все работает без проблем. Правда IP "статический", но наверняка не в IP проблема.

Server Config:

Spoiler

cipher AES-128-CBC
dev tun0
tls-server
proto udp4
push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
topology subnet
server 10.100.100.0 255.255.255.0
duplicate-cn
#comp-lzo
#user nobody
#group nogroup
#persist-key
#persist-tun

keepalive 10 120
client-to-client
# Our pre-shared static key

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
; port 1194

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive.  Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection.  For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>

<dh>
-----BEGIN DH PARAMETERS-----

-----END DH PARAMETERS-----
</dh>

Client Config

Spoiler

#
# Sample OpenVPN configuration file for
# home using a pre-shared static key.
#
# '#' or ';' may be used to delimit comments.

# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun0
proto udp4
client
tls-client
cipher AES-128-CBC
remote xxxx.keenetic.link 1194
redirect-gateway def1
mssfix 1300
#route 0.0.0.0 0.0.0.0
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4

# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
# ifconfig 10.100.100.2 10.100.100.1

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
; port 1195

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive.  Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection.  For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3
 

Подскажите, как победить?

Изменено 10 мая пользователем AlexWalex