Организация OpenVPN каналов...

bellic писал(а): ↑
19 дек 2022, 23:53
после включения Маршрутизации

Меня всегда умиляло в Вынь-де

- их специфическая загадочная терминология ... и что они под этим в каждом случае подразумевают.
Насколько умиляло ... что в конечном итоге я решил навсегда расстаться с Вынь-дой ... лет 19 назад.

В отношении TCP/IP сети (которая всегда была чужеродной для Вынь-ды ... с её NETBEUI, CIFS и SMB всякой хернёй

) - есть единственный свод документов регламентирующий поведение сети TCP/IP, и это набор документов RFC.
А проще и быстрее "разложить по полочкам" что там и как должно работать - это взять книжку У.Р.Стивенса - W. Richard Stevens' Home Page:

...
TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols, Addison-Wesley, 1996.
TCP/IP Illustrated, Volume 2: The Implementation, Addison-Wesley, 1995.
TCP/IP Illustrated, Volume 1: The Protocols, Addison-Wesley, 1994.
...

Как мне кажется, в мире за все годы, не было написано ничего лучше по TCP/IP.

Olej писал(а): ↑
20 дек 2022, 01:24
Как мне кажется, в мире за все годы, не было написано ничего лучше по TCP/IP.

Есть русские переводы:
https://www.books.ru/books/protokoly-tc ... 77/?show=1

У. Ричард Стивенс
Протоколы TCP/IP. В подлиннике
ISBN: 5-94157-300-6 672 страницы февраль 2003 BHV-СПб

https://www.books.ru/books/protokoly-tc ... 26/?show=1

У. Ричард Стивенс
Протоколы TCP/IP. Практическое руководство
ISBN: 5-7940-0093-7 672 страницы май 2004 Невский Диалект

Такую книгу просто нужно положить на рабочий стол под рукой.
Найти в продаже - вряд ли ... разве что на развалах букинистов.
Но она массово выкладывалась в Интернет свободно...

P.S. Да вот же

TCP/IP Illustrated, 2nd Edition - скачать: download/file.php?id=1546

bellic

А может быть всеж какого либо маршрута не хватает в таблице маршрутизации, или какой не правильный???

bellic

Есть возможность собрать макет основных узлов вышеуказанной сети, использовав в качестве Сервера OpenVPN комп на Windows10Pro и AstraLinuxSE..))

: Схема OpenVPN_3.jpg (53.06 КБ) 429 просмотров

Ставлю VMware на ПК Сервер и экспортирую в нее уже готовую VM c AstraLinuxSE 1.7..

Установил OpenVPN...
Подсунул подкорректированный конфиг для Сервера...
Стартанул сервер... Интерфейс 10.8.0.1 поднялся...
На клиенте тоже немного подправил конфиг, и о чудо - "Поднялся" канальчик 10.8.0.2 <=====> 10.8.0.1

Пингуется 10.8.0.1
Пингуется внутренний адрес интерфейса Сервера (он там 192.168.50.10), но меня удивило, что TRACERT прыгнул сразу на него, минуя 10.8.0.1

Ладно.. сейчас важно другое!
Пинг на внутренний адрес (любой на выбор: 192.168.50.5 - Windows10Pro или 192.168.50.1 - Роутер) пока не идет...
Видимо потому что не включен на Астре Форвардинг!?...

Код: Выделить всё

root@astra:/home/user# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

Ошибаемся!!! - Форвардинг я не включал... Возможно OpenVPN сам его включил???
Сейчас гляну на Оригинале Клона Астры (Там не устанавливалось ничего!)

Подтверждаю - на Оригинале:

Код: Выделить всё

root@astra:/home/user# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

На сегодня - достаточно!!!
Завтра буду разбираться с МАРШРУТАМИ и МАРШРУТИЗАЦИЕЙ!

bellic писал(а): ↑
20 дек 2022, 07:32
А может быть всеж какого либо маршрута не хватает в таблице маршрутизации, или какой не правильный???

Маршрутизация (роутинг) и форвардинг (транзитная передача) - вещи разные и, отчасти, независимые. И то и другое должно быть настроено правильно.

bellic писал(а): ↑
20 дек 2022, 10:35
Возможно OpenVPN сам его включил???

Может и включает...

bellic

На сегодня - достаточно!!!
Завтра буду разбираться с МАРШРУТАМИ и МАРШРУТИЗАЦИЕЙ!

bellic

Не дождался завтра... попробовал прописать маршруты.. неудачно!
В общем - та же песня, что и на Виндовом Сервере!!!

bellic

Да, еще вот такая ошибка в логе:

Код: Выделить всё

Tue Dec 20 20:36:50 2022 Andrey/192.168.0.99:59967 AEAD Decrypt error: bad packet ID (may be a replay): [ #448 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

Сейчас правда еще заметил, что время на машинах разное.. ((
Исправил..

В общем вот такой лог с ошибками имеем:

Код: Выделить всё

Tue Dec 20 17:50:55 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Dec 20 17:50:55 2022 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Tue Dec 20 17:50:55 2022 Diffie-Hellman initialized with 2048 bit key
Tue Dec 20 17:50:55 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 20 17:50:55 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 20 17:50:55 2022 TUN/TAP device tun0 opened
Tue Dec 20 17:50:55 2022 TUN/TAP TX queue length set to 100
Tue Dec 20 17:50:55 2022 /sbin/ip link set dev tun0 up mtu 1500
Tue Dec 20 17:50:55 2022 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Tue Dec 20 17:50:55 2022 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Dec 20 17:50:55 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Dec 20 17:50:55 2022 UDPv4 link local (bound): [AF_INET]192.168.50.10:1195
Tue Dec 20 17:50:55 2022 UDPv4 link remote: [AF_UNSPEC]
Tue Dec 20 17:50:55 2022 MULTI: multi_init called, r=256 v=256
Tue Dec 20 17:50:55 2022 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Tue Dec 20 17:50:55 2022 ifconfig_pool_read(), in='Andrey,10.8.0.2', TODO: IPv6
Tue Dec 20 17:50:55 2022 succeeded -> ifconfig_pool_set()
Tue Dec 20 17:50:55 2022 IFCONFIG POOL LIST
Tue Dec 20 17:50:55 2022 Andrey,10.8.0.2
Tue Dec 20 17:50:55 2022 Initialization Sequence Completed
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 TLS: Initial packet from [AF_INET]192.168.0.99:52557, sid=4d0e8c3b e3e31347
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #5 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 VERIFY OK: depth=1, CN=Andrey
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 VERIFY OK: depth=0, CN=Andrey
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_VER=2.5.7
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_PLAT=win
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_PROTO=6
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_NCP=2
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_LZ4=1
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_LZ4v2=1
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_LZO=1
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_COMP_STUB=1
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_COMP_STUBv2=1
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_TCPNL=1
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_GUI_VER=OpenVPN_GUI_11
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 peer info: IV_SSO=openurl,crtext
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #6 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #8 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #9 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Tue Dec 20 17:51:43 2022 192.168.0.99:52557 [Andrey] Peer Connection Initiated with [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:43 2022 Andrey/192.168.0.99:52557 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Tue Dec 20 17:51:43 2022 Andrey/192.168.0.99:52557 MULTI: Learn: 10.8.0.2 -> Andrey/192.168.0.99:52557
Tue Dec 20 17:51:43 2022 Andrey/192.168.0.99:52557 MULTI: primary virtual IP for Andrey/192.168.0.99:52557: 10.8.0.2
Tue Dec 20 17:51:43 2022 Andrey/192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #10 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:43 2022 Andrey/192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:44 2022 Andrey/192.168.0.99:52557 PUSH: Received control message: 'PUSH_REQUEST'
Tue Dec 20 17:51:44 2022 Andrey/192.168.0.99:52557 SENT CONTROL [Andrey]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Tue Dec 20 17:51:44 2022 Andrey/192.168.0.99:52557 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Dec 20 17:51:44 2022 Andrey/192.168.0.99:52557 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Dec 20 17:51:44 2022 Andrey/192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #11 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:44 2022 Andrey/192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:44 2022 Andrey/192.168.0.99:52557 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #12 / time = (1671547903) Tue Dec 20 17:51:43 2022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:44 2022 Andrey/192.168.0.99:52557 TLS Error: incoming packet authentication failed from [AF_INET]192.168.0.99:52557
Tue Dec 20 17:51:44 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:48 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #2 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:49 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #3 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:49 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #4 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:50 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #5 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:51 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #6 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:52 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #7 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:53 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #8 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:54 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #9 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:54 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #10 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:55 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #11 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:56 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #12 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:57 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #13 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:58 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #14 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:59 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #15 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:51:59 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #16 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:00 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #17 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:01 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #18 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:02 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #19 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:03 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #20 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:04 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #21 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:04 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #22 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:05 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #23 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:06 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #24 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:07 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #25 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:08 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #26 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:09 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #27 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:09 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #28 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:10 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #29 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:11 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #30 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:12 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #31 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:13 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #32 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:14 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #33 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:14 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #34 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:15 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #35 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:16 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #36 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:16 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #37 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:17 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #38 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:17 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #39 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:18 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #40 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:18 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #41 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:19 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #42 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:19 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #43 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:19 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #44 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:20 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #45 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:21 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #46 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:22 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #47 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:23 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #48 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:24 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #49 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:24 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #50 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:25 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #51 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:26 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #52 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:27 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #53 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:28 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #54 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:29 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #55 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:29 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #56 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Dec 20 17:52:30 2022 Andrey/192.168.0.99:52557 AEAD Decrypt error: bad packet ID (may be a replay): [ #57 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

Не хило однако!!!...

Собственно говоря мне сейчас разбор ошибок делать нет смысла, ибо OpenVPN-канал таки организуется...

И еще - ошибки могут лезть в первую очередь из-за разности версий Сервера OpenVPN(2.4.7) и Клиента OpenVPN(2.5.8)!
Конфиги были созданы для версий 2.5.8, поэтому в 2.4.7 могут быть не реализованы некоторые возможности!
...

bellic

Запусти сегодня AstraLinux со своим OpenVPN-сервером на борту и о чудо! - Ошибок НОЛЬ и лог чист как слеза!

Код: Выделить всё

Wed Dec 21 09:30:26 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Wed Dec 21 09:30:26 2022 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Wed Dec 21 09:30:26 2022 Diffie-Hellman initialized with 2048 bit key
Wed Dec 21 09:30:26 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 21 09:30:26 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 21 09:30:26 2022 TUN/TAP device tun0 opened
Wed Dec 21 09:30:26 2022 TUN/TAP TX queue length set to 100
Wed Dec 21 09:30:26 2022 /sbin/ip link set dev tun0 up mtu 1500
Wed Dec 21 09:30:26 2022 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Wed Dec 21 09:30:26 2022 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Dec 21 09:30:26 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Dec 21 09:30:26 2022 UDPv4 link local (bound): [AF_INET]192.168.50.10:1195
Wed Dec 21 09:30:26 2022 UDPv4 link remote: [AF_UNSPEC]
Wed Dec 21 09:30:26 2022 MULTI: multi_init called, r=256 v=256
Wed Dec 21 09:30:26 2022 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Wed Dec 21 09:30:26 2022 ifconfig_pool_read(), in='Andrey,10.8.0.2', TODO: IPv6
Wed Dec 21 09:30:26 2022 succeeded -> ifconfig_pool_set()
Wed Dec 21 09:30:26 2022 IFCONFIG POOL LIST
Wed Dec 21 09:30:26 2022 Andrey,10.8.0.2
Wed Dec 21 09:30:26 2022 Initialization Sequence Completed

Это я вчера подкорректировал время на Астре...

Linux-ru

Организация OpenVPN каналов...

Re: Организация OpenVPN каналов...

Re: Организация OpenVPN каналов...

Re: Организация OpenVPN каналов...

Re: Организация OpenVPN каналов...

Re: Организация OpenVPN каналов...

Re: Организация OpenVPN каналов...

Re: Организация OpenVPN каналов...

Re: Организация OpenVPN каналов...

Re: Организация OpenVPN каналов...

Re: Организация OpenVPN каналов...

Кто сейчас на конференции