OpenVpn

Кто шарит за Ovpn?
Ситуация сложная с плавающей проблемой. В общем как-то странно подключается к бесплатным vpn с аутентификацией паролем. С сертификатами не пробовал. В общем vpn vpnbook и protonvpn оба с бесплатными тарифами. подключается только нормально к vpnbook по tcp remote 80 443 порту и работает нормально, ну может пару раз переподключиться в начале. По udp remote порты 53 25000 подключается, но постоянно переподключается и нет подключения, хотя интерфейс поднимается и ошибок нет.

Initialization Sequence Completed
[server.vpnbook.com] Inactivity timeout (--ping-restart), restarting
2024-03-22 21:17:04 SIGUSR1[soft,ping-restart] received, process restarting
2024-03-22 21:17:04 Restart pause, 1 second(s)
2024-03-22 21:17:05 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2024-03-22 21:17:05 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-03-22 21:17:05 TCP/UDP: Preserving recently used remote address: [AF_INET]144.217.253.149:25000
2024-03-22 21:17:05 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-03-22 21:17:05 UDPv4 link local: (not bound)
2024-03-22 21:17:05 UDPv4 link remote: [AF_INET]144.217.253.149:25000
2024-03-22 21:17:07 TLS: Initial packet from [AF_INET]144.217.253.149:25000, sid=037fd144 bf25e1ee
2024-03-22 21:17:07 VERIFY OK: depth=1, CN=vpnbook.com
2024-03-22 21:17:07 VERIFY OK: depth=0, CN=server.vpnbook.com
2024-03-22 21:17:08 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-03-22 21:17:08 [server.vpnbook.com] Peer Connection Initiated with [AF_INET]144.217.253.149:25000
2024-03-22 21:17:08 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-03-22 21:17:08 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-03-22 21:17:08 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS  213.186.33.99,dhcp-option DNS  91.239.100.100,route 10.10.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.10.0.6 10.10.0.5,peer-id 30,cipher AES-256-GCM'
2024-03-22 21:17:08 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2024-03-22 21:17:08 OPTIONS IMPORT: --ifconfig/up options modified
2024-03-22 21:17:08 OPTIONS IMPORT: route options modified
2024-03-22 21:17:08 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-03-22 21:17:08 Preserving previous TUN/TAP instance: tun2
2024-03-22 21:17:08 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
2024-03-22 21:17:08 net_route_v4_del: 10.10.0.1/32 via 10.10.0.97 dev [NULL] table 0 metric -1
2024-03-22 21:17:08 net_route_v4_del: 144.217.253.149/32 via 192.168.191.209 dev [NULL] table 0 metric -1
2024-03-22 21:17:08 net_route_v4_del: 0.0.0.0/1 via 10.10.0.97 dev [NULL] table 0 metric -1
2024-03-22 21:17:08 net_route_v4_del: 128.0.0.0/1 via 10.10.0.97 dev [NULL] table 0 metric -1
2024-03-22 21:17:08 /home/mio/Документы/SyncDiscsAll/Systems/SyncCloud/VpnConnections/VpnBook/update-systemd-resolved tun2 1500 0 10.10.0.98 10.10.0.97 init
<14>Mar 22 21:17:08 update-systemd-resolved: Link 'tun2' going down
2024-03-22 21:17:08 Closing TUN/TAP interface
2024-03-22 21:17:08 net_addr_ptp_v4_del: 10.10.0.98 dev tun2
2024-03-22 21:17:09 net_route_v4_best_gw query: dst 0.0.0.0
2024-03-22 21:17:09 net_route_v4_best_gw result: via 192.168.191.209 dev wlo1
2024-03-22 21:17:09 ROUTE_GATEWAY 192.168.191.209/255.255.255.0 IFACE=wlo1 HWADDR=f0:9e:4a:3b:18:98
2024-03-22 21:17:09 TUN/TAP device tun2 opened
2024-03-22 21:17:09 net_iface_mtu_set: mtu 1500 for tun2
2024-03-22 21:17:09 net_iface_up: set tun2 up
2024-03-22 21:17:09 net_addr_ptp_v4_add: 10.10.0.6 peer 10.10.0.5 dev tun2
2024-03-22 21:17:09 /home/mio/Документы/SyncDiscsAll/Systems/SyncCloud/VpnConnections/VpnBook/update-systemd-resolved tun2 1500 0 10.10.0.6 10.10.0.5 init
<14>Mar 22 21:17:09 update-systemd-resolved: Link 'tun2' coming up
<14>Mar 22 21:17:09 update-systemd-resolved: Adding DNS Routed Domain DOMAIN-ROUTE
<14>Mar 22 21:17:09 update-systemd-resolved: Adding IPv4 DNS Server 213.186.33.99
<14>Mar 22 21:17:09 update-systemd-resolved: Adding IPv4 DNS Server 91.239.100.100
<14>Mar 22 21:17:09 update-systemd-resolved: SetLinkDNS(134 2 2 4 213 186 33 99 2 4 91 239 100 100)
<14>Mar 22 21:17:09 update-systemd-resolved: SetLinkDomains(134 1 DOMAIN-ROUTE true)
2024-03-22 21:17:09 Data Channel: cipher 'AES-256-GCM', peer-id: 30, compression: 'lzo'
2024-03-22 21:17:09 Timers: ping 5, ping-restart 30
2024-03-22 21:17:11 net_route_v4_add: 144.217.253.149/32 via 192.168.191.209 dev [NULL] table 0 metric -1
2024-03-22 21:17:11 net_route_v4_add: 0.0.0.0/1 via 10.10.0.5 dev [NULL] table 0 metric -1
2024-03-22 21:17:11 net_route_v4_add: 128.0.0.0/1 via 10.10.0.5 dev [NULL] table 0 metric -1
2024-03-22 21:17:11 net_route_v4_add: 10.10.0.1/32 via 10.10.0.5 dev [NULL] table 0 metric -1
2024-03-22 21:17:11 Initialization Sequence Completed

Конфиг системы такой: firewalld зоны везде drop. dnsotls, dnssec настроен через system resolve

Конфиг клиента openvpn такой, но там через PUSH подтягиваются еще дополнительные опции от сервера:


PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS  213.186.33.99,dhcp-option DNS  91.239.100.100,route 10.10.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.10.0.6 10.10.0.5,peer-id 3,cipher AES-256-GCM'


client
dev tun2
proto udp
remote 145.239.255.68 25000
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass /home/mio/Документы/SyncDiscsAll/Systems/SyncCloud/VpnConnections/VpnBook/login.conf
comp-lzo
verb 3
cipher AES-256-CBC
fast-io
pull
route-delay 2
redirect-gateway

script-security 2
setenv PATH /usr/bin
up /home/mio/Документы/SyncDiscsAll/Systems/SyncCloud/VpnConnections/VpnBook/update-systemd-resolved
down /home/mio/Документы/SyncDiscsAll/Systems/SyncCloud/VpnConnections/VpnBook/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE

<ca>
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUJdJ6+6lTiYZBvpl2P40Lgx3BeHowDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLdnBuYm9vay5jb20wHhcNMjMwMjIwMTk0NTM1WhcNMzMw
MjE3MTk0NTM1WjAWMRQwEgYDVQQDDAt2cG5ib29rLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMcVK+hYl6Wl57YxXIVy7Jlgglj42LaC2sUWK3ls
aRcKQfs/ridG6+9dSP1ziCrZ1f5pOLz34gMYXChhUOc/x9rSIRGHao4gHeXmEoGs
twjxA+kRBSv5xqeUgaTKAhdwiV5SvBE8EViWe3rlHLoUbWBQ7Kky/L4cg7u+ma1V
31PgOPhWY3RqZJLBMu3PHCctaaHQyoPLDNDyCz7Zb2Wos+tjIb3YP5GTfkZlnJsN
va0HdSGEyerTQL5fqW2V6IZ4t2Np2kVnJcfEWgJF0Kw1nqoPfKjxM44bR+K1EGGW
ir1rs/RFPg8yFVxd4ZHpqoCo2lXZjc6oP1cwtIswIHb6EbsCAwEAAaOBkDCBjTAd
BgNVHQ4EFgQULgM8Z91cLOSHl6EDF8jalx3piqQwUQYDVR0jBEowSIAULgM8Z91c
LOSHl6EDF8jalx3piqShGqQYMBYxFDASBgNVBAMMC3ZwbmJvb2suY29tghQl0nr7
qVOJhkG+mXY/jQuDHcF4ejAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAT5hsP+dz11oREADNMlTEehXWfoI0aBws5c8noDHoVgnc
BXuI4BREP3k6OsOXedHrAPA4dJXG2e5h33Ljqr5jYbm7TjUVf1yT/r3TDKIJMeJ4
+KFs7tmXy0ejLFORbk8v0wAYMQWM9ealEGePQVjOhJJysEhJfA4u5zdGmJDYkCr+
3cTiig/a53JqpwjjYFVHYPSJkC/nTz6tQOw9crDlZ3j+LLWln0Cy/bdj9oqurnrc
xUtl3+PWM9D1HoBpdGduvQJ4HXfss6OrajukKfDsbDS4njD933vzRd4E36GjOI8Q
1VKIe7kamttHV5HCsoeSYLjdxbXBAY2E0ZhQzpZB7g==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDYDCCAkigAwIBAgIQP/z/mAlVNddzohzjQghcqzANBgkqhkiG9w0BAQsFADAW
MRQwEgYDVQQDDAt2cG5ib29rLmNvbTAeFw0yMzAyMjAyMzMwNDlaFw0zMzAyMTcy
MzMwNDlaMB0xGzAZBgNVBAMMEmNsaWVudC52cG5ib29rLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANPiNyyYH6yLXss6AeHLzJ6/9JfUzVAs7ttq
8OWJRkBjKuEPW3MUVjpMgptm6+zJohM4IdSo/ES6H81sLK4AWiUUOzeOt8xAzgib
NrLss5px0D0Pm+uXH8hGOle386JH5oyOQ6ub2O3ro0TeTF4rg43TF1oOz2AVS/gc
sB3d6AG73otZ4C6/wabiGz4rFO8xl4S4PBKX73Eb7cdSoACc8AIrqcR+PEDHOZYt
1qp4lM87+5ADEXelpe9vLTaoXonIuZElqA9rwFi/KQmPCHsl7eEnmSo1iOg0y3iP
0CRHzv8FkvhhpB9Z3i3TUxq8XvnLtEQ38eD5Dw20WMYPmPShtXMCAwEAAaOBojCB
nzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQKO5Ub8pRCA8iTdRIxUIeMpNX2vzBRBgNV
HSMESjBIgBQuAzxn3Vws5IeXoQMXyNqXHemKpKEapBgwFjEUMBIGA1UEAwwLdnBu
Ym9vay5jb22CFCXSevupU4mGQb6Zdj+NC4MdwXh6MBMGA1UdJQQMMAoGCCsGAQUF
BwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAel1YOAWHWFLH3N41
SCIdQNbkQ18UFBbtZz4bzV6VeCWHNzPtWQ6UIeADpcBp0mngS09qJCQ8PwOBMvFw
MizhDz2Ipz817XtLJuEMQ3Io51LRxPP394mlw46e8KFOh06QI8jnC/QlBH19PI+M
OeQ3Gx6uYK41HHmyu/Z7dUE4c4s2iiHA7UgD98dkrU0rGAv1R/d2xRXqEm4PrwDj
MlC1TY8LrIJd6Ipt00uUfHVAzhX3NKR528azYH3bud5NV+KEiQZSyirUyoMbMQeO
UXh+GEDX5GBPElzQmPOsLete/PMH9Ayg6Gh/sccqwgH7BxjqcVLKXg2S4jL5BUPd
kI3/sg==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDT4jcsmB+si17L
OgHhy8yev/SX1M1QLO7bavDliUZAYyrhD1tzFFY6TIKbZuvsyaITOCHUqPxEuh/N
bCyuAFolFDs3jrfMQM4Imzay7LOacdA9D5vrlx/IRjpXt/OiR+aMjkOrm9jt66NE
3kxeK4ON0xdaDs9gFUv4HLAd3egBu96LWeAuv8Gm4hs+KxTvMZeEuDwSl+9xG+3H
UqAAnPACK6nEfjxAxzmWLdaqeJTPO/uQAxF3paXvby02qF6JyLmRJagPa8BYvykJ
jwh7Je3hJ5kqNYjoNMt4j9AkR87/BZL4YaQfWd4t01MavF75y7REN/Hg+Q8NtFjG
D5j0obVzAgMBAAECggEAAV/BLdfatLq+paC9rGIu9ISYKHfn0PJJpkCeSU7HltlN
yOHZnPhvyrb+TdWwB/wSwf8mMQPbhvKSDDn8XDCCZSUpcSXKyVdOPr4K78QbMhA0
4oB8aV20hg72h+UYfl/q/dRaWf2LvZc+ms66Pg4YL05EI4BfFedtc7Fz7u2meIRl
Wm0b7/QQ10wrR1I7PonZzgnU9diB1cKxptJ06AfJmCGobymjq/A1JsAr/NFnJlmu
yq3n5tcRpfc8K+XsfnpwDQJo3kKwLGIoBmUkGEcHgQhVwOL5+P+3pTYr1bt4cAUp
FxbExqcxW0es//g3x2Z80icUpa4/OvSTAa0XF3J4UQKBgQDv4E/3/r5lULYIksNC
zO1yRp7awv41ZAUpDSglNtWsehnhhUsiVE/Ezmyz4E0qjsW2+EUxUZ990T4ZVK4b
9cEhB/TDBc6PBPd498aIGiiqznWXMdsU2o6xrvkQeWdmXoVjvWTcRWlfAQ+PQBOJ
tJ3wR7ZoHgu0P/yzIzn0eQ+BiQKBgQDiIDgRtlQBw8tZc66OzxWOuJh6M5xUF5zY
S0SLXFWlKVkfGACaerHUlFwZKID39BBifgXO1VOQ6AzalDd2vaIU9CHo2bFpTY7S
EkkcIt9Gpl5o1sjEyJChXBIz+s48XBMXlqFN7AdhX/H6R43g8eS/YlzqSBxkUcAa
V3tt8n+sGwKBgD+aSXnnKNKyWOHjEDUJIzh2sy4sH71GXPvqiid756II6g3bCvX6
RwBW/4meQrezDYebQrV2AAUbUwziYBv3yJKainKfeop/daK0iAaUcQ4BGjrRtFZO
MSG51D5jAmCpVVMB59lj6jGPlXGVOtj7dBk+2oW22cGcacOR5o8E/nCJAoGBALVP
KCXrj8gqea4rt1cCbEKXeIrjPwGePUCgeUFUs8dONAteb31ty5CrtHznoSEvLMQM
UBPbsLmLlmLcXOx0eLVcWqQdiMbqTQ3bY4uP2n8HfsOJFEnUl0MKU/4hp6N2IEjV
mlikW/aTu632Gai3y7Y45E9lqn41nlaAtpMd0YjpAoGBAL8VimbhI7FK7X1vaxXy
tnqLuYddL+hsxXXfcIVNjLVat3L2WN0YKZtbzWD8TW8hbbtnuS8F8REg7YvYjkZJ
t8VO6ZmI7I++borJBNmbWS4gEk85DYnaLI9iw4oF2+Dr0LKKAaUL+Pq67wmvufOn
hTobb/WAAcA75GKmU4jn5Ln2
-----END PRIVATE KEY-----
</key>

Пробовал на манжаро live с флешки загружался все нормально работает с этим конфигом на чистой манжаро, у меня в системе какой-то косяк. Firewalld отрубал, dnsotls и dnssec тоже - без изменений. К Proton vpn иногда подключается по tcp, по udp также нет, в общем все как-то странно и без ошибок. На протоне иногда бывают ошибки Tls auth, но не всегда.
короче у кого такая же проблема, возможно это связано с dnssec и новой версией openvpn 2.6.10 ( т.е. отсутствием совместимых обновлений на сервере ).
 
Зарегистрироваться или войдите чтобы оставить сообщение.