Hallo liebes Forum,
ich bin gerade dabei auf meinem vServer auf KVM-basis OpenVPN zu installieren. Der VPN läuft, ich kann mich verbinden, bekomme eine IP, etc. Alles läuft soweit. Nun möchte ich allerdings den gesamten Internettraffic über den VPN routen und habe die Einstellungen nach dem OpenVPN How-To vorgenommen.
Wenn ich mich nun mit dem VPN Server verbinde, komme ich leider nicht mehr ins Internet. Der VPN Server kann ich noch anpingen, Webseiten z.B. aufrufen geht nicht mehr. Anbei die server.conf und client.conf, sowie ein Auszug aus dem Logfile. Ich verstehe wirklich nicht, warum es nicht geht und bin für jeden Tipp dankbar.
Vielen Dank im Voraus!
Lieben Gruß,
Moritz
Der Code-Block zerhaut alles in eine Zeile, daher habe ich die Files als Anhang beigefügt.
Server.conf
Code
port 1194proto udpdev tunca ca.crtcert server.crtkey server.keydh dh1024.pemserver 10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txtpush "redirect-gateway def1"client-to-clientkeepalive 10 120comp-lzouser nobodygroup nogrouppersist-keypersist-tunstatus openvpn-status.loglog openvpn.logverb 3Client.conf
Code
clientdev tun
proto udpremote xxx 1194resolv-retry infinitenobinduser nobodygroup nogrouppersist-keypersist-tunca ca.crtcert MacBookPro.crtkey MacBookPro.keyns-cert-type servercomp-lzoverb 3pullLogfile
Code
Wed Jun 26 20:49:22 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 4 2013Wed Jun 26 20:49:22 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executablesWed Jun 26 20:49:22 2013 Diffie-Hellman initialized with 1024 bit keyWed Jun 26 20:49:22 2013 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]Wed Jun 26 20:49:22 2013 Socket Buffers: R=[229376->131072] S=[229376->131072]Wed Jun 26 20:49:22 2013 ROUTE default_gateway=37.221.192.1Wed Jun 26 20:49:22 2013 TUN/TAP device tun0 openedWed Jun 26 20:49:22 2013 TUN/TAP TX queue length set to 100Wed Jun 26 20:49:22 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0Wed Jun 26 20:49:22 2013 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500Wed Jun 26 20:49:22 2013 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2Wed Jun 26 20:49:22 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]Wed Jun 26 20:49:22 2013 GID set to nogroupWed Jun 26 20:49:22 2013 UID set to nobodyWed Jun 26 20:49:22 2013 UDPv4 link local (bound): [undef]Wed Jun 26 20:49:22 2013 UDPv4 link remote: [undef]Wed Jun 26 20:49:22 2013 MULTI: multi_init called, r=256 v=256Wed Jun 26 20:49:22 2013 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0Wed Jun 26 20:49:22 2013 ifconfig_pool_read(), in='MacBookPro,10.8.0.4', TODO: IPv6Wed Jun 26 20:49:22 2013 succeeded -> ifconfig_pool_set()Wed Jun 26 20:49:22 2013 IFCONFIG POOL LISTWed Jun 26 20:49:22 2013 MacBookPro,10.8.0.4Wed Jun 26 20:49:22 2013 Initialization Sequence CompletedWed Jun 26 20:49:26 2013 MULTI: multi_create_instance calledWed Jun 26 20:49:26 2013 95.117.125.128:57707 Re-using SSL/TLS contextWed Jun 26 20:49:26 2013 95.117.125.128:57707 LZO compression initializedWed Jun 26 20:49:26 2013 95.117.125.128:57707 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]Wed Jun 26 20:49:26 2013 95.117.125.128:57707 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]Wed Jun 26 20:49:26 2013 95.117.125.128:57707 Local Options hash (VER=V4): '530fdded'Wed Jun 26 20:49:26 2013 95.117.125.128:57707 Expected Remote Options hash (VER=V4): '41690919'Wed Jun 26 20:49:26 2013 95.117.125.128:57707 TLS: Initial packet from [AF_INET]95.117.125.128:57707, sid=55564610 0e455ec4Wed Jun 26 20:49:27 2013 95.117.125.128:57707 VERIFY OK: depth=1, /C=xxWed Jun 26 20:49:27 2013 95.117.125.128:57707 VERIFY OK: depth=0, /C=xxWed Jun 26 20:49:27 2013 95.117.125.128:57707 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit keyWed Jun 26 20:49:27 2013 95.117.125.128:57707 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authenticationWed Jun 26 20:49:27 2013 95.117.125.128:57707 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit keyWed Jun 26 20:49:27 2013 95.117.125.128:57707 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authenticationWed Jun 26 20:49:27 2013 95.117.125.128:57707 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSAWed Jun 26 20:49:27 2013 95.117.125.128:57707 [MacBookPro] Peer Connection Initiated with [AF_INET]95.117.125.128:57707Wed Jun 26 20:49:27 2013 MacBookPro/95.117.125.128:57707 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=1::1f00:0:a27f:0Wed Jun 26 20:49:27 2013 MacBookPro/95.117.125.128:57707 MULTI: Learn: 10.8.0.6 -> MacBookPro/95.117.125.128:57707Wed Jun 26 20:49:27 2013 MacBookPro/95.117.125.128:57707 MULTI: primary virtual IP for MacBookPro/95.117.125.128:57707: 10.8.0.6Wed Jun 26 20:49:29 2013 MacBookPro/95.117.125.128:57707 PUSH: Received control message: 'PUSH_REQUEST'Wed Jun 26 20:49:29 2013 MacBookPro/95.117.125.128:57707 send_push_reply(): safe_cap=960Wed Jun 26 20:49:29 2013 MacBookPro/95.117.125.128:57707 SENT CONTROL [MacBookPro]: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
