URL: https://www.opennet.ru/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID7
Нить номер: 859
[ Назад ]

Исходное сообщение
"не хочет работать опенвпн клиент"

Отправлено visitor , 30-Май-09 20:09 
Здравствуйте.
есть проблема с поднятием впн-соединения по гпрс с помощью опенвпн клиента на WM5.
соединение дооолго устанавливается, но после установления трафика нет.
вот конфиг клиента:
client
dev tun
resolv-retry infinite
nobind
#ca server.crt
<ca>
-----BEGIN CERTIFICATE-----
<CERTIFICATE CODE>
-----END CERTIFICATE-----
</ca>
comp-lzo
verb 3
redirect-gateway
#redirect-gateway def1
proto tcp
remote prx.openvpn.ru 6005
auth-user-pass

вот лог который создает клиент:
Wed May 27 22:44:10 2009 OpenVPN 2.1_rc15e Win32-MSVC++ [SSL] [LZO2] built on Mar 15 2009
Wed May 27 22:44:10 2009 MANAGEMENT: TCP Socket listening on 127.0.0.1:10000
Wed May 27 22:44:10 2009 Need hold release from management interface, waiting...
Wed May 27 22:44:10 2009 MANAGEMENT: Client connected from 127.0.0.1:10000
Wed May 27 22:45:24 2009 Using Windows Connection Manager with destination 'auto' resolving to provider guid {436EF144-B4FB-4863-A041-8F905A62C572} (exclusive)
Wed May 27 22:45:24 2009 Acquisition of Windows Connection Manager provider succeeded...
Wed May 27 22:45:24 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed May 27 22:45:24 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 27 22:45:24 2009 LZO compression initialized
Wed May 27 22:45:24 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed May 27 22:45:24 2009 MANAGEMENT: >STATE:1243453524,RESOLVE,,,
Wed May 27 22:45:24 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 27 22:45:24 2009 Local Options hash (VER=V4): '69109d17'
Wed May 27 22:45:24 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Wed May 27 22:45:24 2009 Attempting to establish TCP connection with 81.177.8.68:6005
Wed May 27 22:45:24 2009 MANAGEMENT: >STATE:1243453524,TCP_CONNECT,,,
Wed May 27 22:45:25 2009 TCP connection established with 81.177.8.68:6005
Wed May 27 22:45:25 2009 Socket Buffers: R=[32768->32768] S=[16384->16384]
Wed May 27 22:45:25 2009 TCPv4_CLIENT link local (bound): [undef]
Wed May 27 22:45:25 2009 TCPv4_CLIENT link remote: 81.177.8.68:6005
Wed May 27 22:45:25 2009 MANAGEMENT: >STATE:1243453525,WAIT,,,
Wed May 27 22:45:25 2009 MANAGEMENT: >STATE:1243453525,AUTH,,,
Wed May 27 22:45:25 2009 TLS: Initial packet from 81.177.8.68:6005, sid=16ee04f2 e71734ac
Wed May 27 22:45:25 2009 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 27 22:45:27 2009 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=adm@host.com
Wed May 27 22:45:27 2009 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=adm@host.com
Wed May 27 22:45:31 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed May 27 22:45:31 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 27 22:45:31 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed May 27 22:45:31 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 27 22:45:31 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed May 27 22:45:31 2009 [server] Peer Connection Initiated with 81.177.8.68:6005
Wed May 27 22:45:32 2009 MANAGEMENT: >STATE:1243453532,GET_CONFIG,,,
Wed May 27 22:45:32 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed May 27 22:45:33 2009 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 4.2.2.2,route 192.168.22.1,topology net30,ping 10,ping-restart 60,ifconfig 192.168.22.65 192.168.22.66'
Wed May 27 22:45:33 2009 OPTIONS IMPORT: timers and/or timeouts modified
Wed May 27 22:45:33 2009 OPTIONS IMPORT: --ifconfig/up options modified
Wed May 27 22:45:33 2009 OPTIONS IMPORT: route options modified
Wed May 27 22:45:33 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed May 27 22:45:33 2009 ROUTE default_gateway=172.20.71.233
Wed May 27 22:45:33 2009 MANAGEMENT: >STATE:1243453533,ASSIGN_IP,,192.168.22.65,
Wed May 27 22:45:33 2009 TAP-WIN32 device [TAP1:] opened: TAP1:
Wed May 27 22:45:33 2009 TAP-Win32 Driver Version 9.4
Wed May 27 22:45:33 2009 TAP-Win32 MTU=1500
Wed May 27 22:45:33 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.22.65/255.255.255.252 on interface TAP1: [DHCP-serv: 192.168.22.66, lease-time: 31536000]
Wed May 27 22:45:33 2009 Successful ARP Flush on interface [3] TAP DEVICE 1
Wed May 27 22:45:38 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Wed May 27 22:45:38 2009 Route: Waiting for TUN/TAP interface to come up...
Wed May 27 22:45:43 2009 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Wed May 27 22:45:43 2009 C:\WINDOWS\system32\route.exe ADD 81.177.8.68 MASK 255.255.255.255 172.20.71.233
Wed May 27 22:45:43 2009 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.   [status=87 if_index=196610]
Wed May 27 22:45:43 2009 Route addition via IPAPI failed [adaptive]
Wed May 27 22:45:43 2009 Route addition fallback to route.exe
Wed May 27 22:45:43 2009 ERROR: Windows route add command failed [adaptive]: external program did not execute -- returned error code -1
Wed May 27 22:45:43 2009 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 172.20.71.233
Wed May 27 22:45:43 2009 Route deletion via IPAPI succeeded [adaptive]
Wed May 27 22:45:43 2009 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 192.168.22.66
Wed May 27 22:45:43 2009 Route addition via IPAPI succeeded [adaptive]
Wed May 27 22:45:43 2009 MANAGEMENT: >STATE:1243453543,ADD_ROUTES,,,
Wed May 27 22:45:43 2009 RESOLVE: Cannot parse IP address:
Wed May 27 22:45:43 2009 C:\WINDOWS\system32\route.exe ADD 192.168.22.1 MASK 255.255.255.255 192.168.22.66
Wed May 27 22:45:43 2009 Route addition via IPAPI succeeded [adaptive]
Wed May 27 22:45:43 2009 Initialization Sequence Completed
Wed May 27 22:45:43 2009 MANAGEMENT: >STATE:1243453543,CONNECTED,SUCCESS,192.168.22.65,81.177.8.68
Wed May 27 22:46:27 2009 write TCPv4_CLIENT: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Wed May 27 22:46:27 2009 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed May 27 22:46:27 2009 Fatal decryption error (process_incoming_link), restarting
Wed May 27 22:46:27 2009 TCP/UDP: Closing socket
Wed May 27 22:46:27 2009 C:\WINDOWS\system32\route.exe DELETE 192.168.22.1 MASK 255.255.255.255 192.168.22.66
Wed May 27 22:46:27 2009 Route deletion via IPAPI succeeded [adaptive]
Wed May 27 22:46:27 2009 C:\WINDOWS\system32\route.exe DELETE 81.177.8.68 MASK 255.255.255.255 172.20.71.233
Wed May 27 22:46:27 2009 ROUTE: route deletion failed using DeleteIpForwardEntry: The parameter is incorrect.  
Wed May 27 22:46:27 2009 Route deletion via IPAPI failed [adaptive]
Wed May 27 22:46:27 2009 Route deletion fallback to route.exe
Wed May 27 22:46:27 2009 ERROR: Windows route delete command failed [adaptive]: external program did not execute -- returned error code -1
Wed May 27 22:46:27 2009 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 192.168.22.66
Wed May 27 22:46:27 2009 Route deletion via IPAPI succeeded [adaptive]
Wed May 27 22:46:27 2009 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 172.20.71.233
Wed May 27 22:46:27 2009 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.   [status=87 if_index=196610]
Wed May 27 22:46:27 2009 Route addition via IPAPI failed [adaptive]
Wed May 27 22:46:27 2009 Route addition fallback to route.exe
Wed May 27 22:46:27 2009 ERROR: Windows route add command failed [adaptive]: external program did not execute -- returned error code -1
Wed May 27 22:46:27 2009 Closing TUN/TAP interface
Wed May 27 22:46:27 2009 SIGUSR1[soft,decryption-error] received, process restarting
Wed May 27 22:46:27 2009 MANAGEMENT: >STATE:1243453587,RECONNECTING,decryption-error,,
Wed May 27 22:46:27 2009 Restart pause, 5 second(s)
Wed May 27 22:46:32 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed May 27 22:46:32 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 27 22:46:32 2009 LZO compression initialized
Wed May 27 22:46:32 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed May 27 22:46:32 2009 MANAGEMENT: >STATE:1243453592,RESOLVE,,,
Wed May 27 22:46:32 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 27 22:46:32 2009 Local Options hash (VER=V4): '69109d17'
Wed May 27 22:46:32 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Wed May 27 22:46:32 2009 Attempting to establish TCP connection with 81.177.8.68:6005
Wed May 27 22:46:32 2009 MANAGEMENT: >STATE:1243453592,TCP_CONNECT,,,
Wed May 27 22:46:32 2009 TCP: connect to 81.177.8.68:6005 failed, will try again in 5 seconds: No Route to Host (WSAEHOSTUNREACH)
Wed May 27 22:46:37 2009 MANAGEMENT: >STATE:1243453597,RESOLVE,,,
Wed May 27 22:46:37 2009 MANAGEMENT: >STATE:1243453597,TCP_CONNECT,,,
Wed May 27 22:46:37 2009 TCP: connect to 81.177.8.68:6005 failed, will try again in 5 seconds: No Route to Host (WSAEHOSTUNREACH)
Wed May 27 22:46:42 2009 MANAGEMENT: >STATE:1243453602,RESOLVE,,,
Wed May 27 22:46:42 2009 MANAGEMENT: >STATE:1243453602,TCP_CONNECT,,,
Wed May 27 22:46:42 2009 TCP: connect to 81.177.8.68:6005 failed, will try again in 5 seconds: No Route to Host (WSAEHOSTUNREACH)
Wed May 27 22:46:47 2009 MANAGEMENT: >STATE:1243453607,RESOLVE,,,
Wed May 27 22:47:40 2009 RESOLVE: Cannot resolve host address: prx.openvpn.ru: [HOST_NOT_FOUND] The specified host is unknown.
Wed May 27 22:47:40 2009 MANAGEMENT: >STATE:1243453660,TCP_CONNECT,,,
Wed May 27 22:47:40 2009 TCP: connect to 81.177.8.68:6005 failed, will try again in 5 seconds: No Route to Host (WSAEHOSTUNREACH)
Wed May 27 22:47:45 2009 MANAGEMENT: >STATE:1243453665,RESOLVE,,,
Wed May 27 22:48:37 2009 RESOLVE: Cannot resolve host address: prx.openvpn.ru: [HOST_NOT_FOUND] The specified host is unknown.
Wed May 27 22:48:37 2009 MANAGEMENT: >STATE:1243453717,TCP_CONNECT,,,
Wed May 27 22:48:58 2009 TCP: connect to 81.177.8.68:6005 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Wed May 27 22:49:03 2009 MANAGEMENT: >STATE:1243453743,RESOLVE,,,
Wed May 27 22:49:34 2009 RESOLVE: Cannot resolve host address: prx.openvpn.ru: [HOST_NOT_FOUND] The specified host is unknown.
Wed May 27 22:49:34 2009 MANAGEMENT: >STATE:1243453774,TCP_CONNECT,,,
Wed May 27 22:49:55 2009 TCP: connect to 81.177.8.68:6005 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Wed May 27 22:50:00 2009 MANAGEMENT: >STATE:1243453800,RESOLVE,,,
Wed May 27 22:50:30 2009 RESOLVE: Cannot resolve host address: prx.openvpn.ru: [HOST_NOT_FOUND] The specified host is unknown.
Wed May 27 22:50:30 2009 MANAGEMENT: >STATE:1243453830,TCP_CONNECT,,,
Wed May 27 22:50:51 2009 TCP: connect to 81.177.8.68:6005 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)

я ка понимаю проблема в

Wed May 27 22:45:43 2009 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.   [status=87 if_index=196610]

в гугле часто встречается решение подобной проблемы для висты.
там рекомедуют добавить в конфиг клиента 2 доп опции:
route-method exe
route-delay 2

их добавление в WM не прокатывает.
она начинает орать что:
"the route-method option is no good; only apapi supported on Pocket-PC"

помогите плиз решить проблему.
Заранее спасибо.


Содержание

Сообщения в этом обсуждении
"не хочет работать опенвпн клиент"
Отправлено XyligaN , 02-Июн-09 11:55 
Конфиги openvpn сервера в студию

Соединение устанавливается долго из-за -->
RESOLVE: Cannot resolve host address: prx.openvpn.ru: [HOST_NOT_FOUND] The specified host is unknown.
Укажи в конфиге ip адрес сервака

Судя по приведённым логам клиента связь не устанавливается вообще.
TCP: connect to 81.177.8.68:6005 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)