[РЕШЕНО] OpenVPN Клиент не запускает /sbin/ip

Здравствуйте! делаю на vps-ке себе vpn сервер. Раньше все на ура получалось, но сейчас что-то застопорилось :(((
Сервер - debian9 x86
Клиент - arch самый свежий.

Конфиг сервера

local xxx.xxx.xxx.xxx
port 1194
proto udp4
dev tun
ca keys/ca.crt
cert keys/vpnserver.crt
key keys/vpnserver.key
dh keys/dh.pem
tls-auth keys/ta.key 0
topology subnet
server 172.16.10.0 255.255.255.0
route 172.16.10.0 255.255.255.0
push "dhcp-option DNS 172.16.10.1"

ifconfig-pool-persist ipp.txt
keepalive 10 120
max-clients 32
client-to-client
persist-key
persist-tun
#status /var/log/openvpn/openvpn-status.log
#log-append /var/log/openvpn/openvpn.log
verb 3
mute 20
#daemon
mode server
tls-server
comp-lzo

Конфиг клиента

tls-client

dev tun
proto udp4
remote xxx.xxx.xxx.xxx 1194

resolv-retry infinite

persist-key
persist-tun

ca /etc/openvpn/client/keys/ca.crt
cert /etc/openvpn/client/keys/home.crt
key /etc/openvpn/client/keys/home.key
tls-auth /etc/openvpn/client/keys/ta.key 1
dh keys/dh.pem
#remote-cert-tls server

cipher AES-128-CBC
comp-lzo

verb 3

#log-append /var/log/openvpn/openvpn_client.log
#status /var/log/openvpn/status_client.log

Лог сервера


user@vps52263:/etc/openvpn/server$ Wed Jan  9 12:21:39 2019 OpenVPN 2.4.0 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Wed Jan  9 12:21:39 2019 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Wed Jan  9 12:21:39 2019 Diffie-Hellman initialized with 2048 bit key
Wed Jan  9 12:21:39 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan  9 12:21:39 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan  9 12:21:39 2019 ROUTE_GATEWAY xxx.xxx.xxx.xxx/255.255.255.224 IFACE=eth0 HWADDR=00:16:3c:b3:9e:18
Wed Jan  9 12:21:39 2019 TUN/TAP device tun0 opened
Wed Jan  9 12:21:39 2019 TUN/TAP TX queue length set to 100
Wed Jan  9 12:21:39 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jan  9 12:21:39 2019 /sbin/ip link set dev tun0 up mtu 1500
Wed Jan  9 12:21:39 2019 /sbin/ip addr add dev tun0 172.16.10.1/24 broadcast 172.16.10.255
Wed Jan  9 12:21:39 2019 /sbin/ip route add 172.16.10.0/24 via 172.16.10.2
RTNETLINK answers: File exists
Wed Jan  9 12:21:39 2019 ERROR: Linux route add command failed: external program exited with error status: 2
Wed Jan  9 12:21:39 2019 Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Jan  9 12:21:39 2019 UDPv4 link local (bound): [AF_INET][undef]:1488
Wed Jan  9 12:21:39 2019 UDPv4 link remote: [AF_UNSPEC]
Wed Jan  9 12:21:39 2019 MULTI: multi_init called, r=256 v=256
Wed Jan  9 12:21:39 2019 IFCONFIG POOL: base=172.16.10.2 size=252, ipv6=0
Wed Jan  9 12:21:39 2019 IFCONFIG POOL LIST
Wed Jan  9 12:21:39 2019 Initialization Sequence Completed
Wed Jan  9 12:21:57 2019 46.158.141.90:1194 TLS: Initial packet from [AF_INET]46.158.141.90:1194, sid=2e855b64 09ac4522
Wed Jan  9 12:21:57 2019 46.158.141.90:1194 VERIFY OK: depth=1, CN=Easy-RSA CA
Wed Jan  9 12:21:57 2019 46.158.141.90:1194 VERIFY OK: depth=0, CN=home
Wed Jan  9 12:21:58 2019 46.158.141.90:1194 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
Wed Jan  9 12:21:58 2019 46.158.141.90:1194 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-128-CBC'
Wed Jan  9 12:21:58 2019 46.158.141.90:1194 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Jan  9 12:21:58 2019 46.158.141.90:1194 [home] Peer Connection Initiated with [AF_INET]46.158.141.90:1194
Wed Jan  9 12:21:58 2019 home/46.158.141.90:1194 MULTI_sva: pool returned IPv4=172.16.10.2, IPv6=(Not enabled)
Wed Jan  9 12:21:58 2019 home/46.158.141.90:1194 MULTI: Learn: 172.16.10.2 -> home/46.158.141.90:1194
Wed Jan  9 12:21:58 2019 home/46.158.141.90:1194 MULTI: primary virtual IP for home/46.158.141.90:1194: 172.16.10.2


Лог клиента

Wed Jan  9 20:34:26 2019 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
Wed Jan  9 20:34:26 2019 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Wed Jan  9 20:34:26 2019 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Wed Jan  9 20:34:26 2019 library versions: OpenSSL 1.1.1a  20 Nov 2018, LZO 2.10
Wed Jan  9 20:34:26 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jan  9 20:34:26 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan  9 20:34:26 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan  9 20:34:26 2019 TUN/TAP device tun0 opened
Wed Jan  9 20:34:26 2019 TUN/TAP TX queue length set to 100
Wed Jan  9 20:34:26 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.141.25.133:1488
Wed Jan  9 20:34:26 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Jan  9 20:34:26 2019 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Jan  9 20:34:26 2019 UDPv4 link remote: [AF_INET]185.141.25.133:1488
Wed Jan  9 20:34:26 2019 TLS: Initial packet from [AF_INET]185.141.25.133:1488, sid=038ea26c e19f0b00
Wed Jan  9 20:34:27 2019 VERIFY OK: depth=1, CN=Easy-RSA CA
Wed Jan  9 20:34:27 2019 VERIFY OK: depth=0, CN=vpnserver
Wed Jan  9 20:34:27 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Wed Jan  9 20:34:27 2019 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Wed Jan  9 20:34:27 2019 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Jan  9 20:34:27 2019 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan  9 20:34:27 2019 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Jan  9 20:34:27 2019 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan  9 20:34:27 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Jan  9 20:34:27 2019 [vpnserver] Peer Connection Initiated with [AF_INET]185.141.25.133:1488
Wed Jan  9 20:34:28 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jan  9 20:34:28 2019 Initialization Sequence Completed
^CWed Jan  9 20:37:46 2019 event_wait : Interrupted system call (code=4)
Wed Jan  9 20:37:46 2019 Closing TUN/TAP interface
Wed Jan  9 20:37:46 2019 SIGINT[hard,] received, process exiting


Клиент даже не получает команду на присвоение IP, tun0 появляется, но в статусе DOWN.
На Windows 10 все срабатывает, ip присваивается.
а разве в арче все бинари не свалили в /usr/bin давным давно ?
Это я к примеру, по логам видно что он вообще ничего не запускает. Я уже разобрался, почему-то когда ставишь tls-client то не работает, ставишь просто client - работает. Хотя на сервере прописано tls-server o_0
У вас временные зоны не совпадают.
Please check to make sure that time is synchronized on both client and server with the same NTP servers, and for future logs reports, include the server logs from the same time as the client logs, so there is a good comparison for each side. (Different timezones should not matter, so long as the OS and NTP are working with thier respective time zones.)'
Ошибки в тексте-неповторимый стиль автора©
Точно, спасибо! А это анонимности не повредит - сервер к примеру китайский, а время на нем нашенское? Браузер будет крутиться на виртуалке с временной зоной сервера, чтоб не было палева
 
Зарегистрироваться или войдите чтобы оставить сообщение.