<HTML><BODY><p>Здравствуйте! Когда же начнутся выходные! <img title="" src="http://img.mail.ru/ru/btn/kolobki/sad.gif" alt="" border="0" data-mce-src="http://img.mail.ru/ru/btn/kolobki/sad.gif"><br><br>Перевел один из серверов на AltLinux 6.0 Centaurus. Все конфиги перекинул с 4.1. Почти все сервисы, после некоторых плясок, заработали кроме OpenVPN сервера. Сервер запускается, клиенты цепляются, НО, клиенты видят сервер и сеть за ним, а сервер не видит клиентов и, соответственно. и сети за ним. При том, что на старом сервере с Альтом 4.1 таких проблем не наблюдаю. Может кто то увидит мою ошибку свежим взглядом. Оговорюсь заранее, что фаервол, в порядке эксперемента, выключен с обоих сторон, а внешние адреса в конфигах заменены. Форвадинг включен.<br><br>ниже конфиги<br><br>ip a на сервере<br><br><em>[root@localhost ~]# ip a</em><br><em>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN</em><br><em> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</em><br><em> inet 127.0.0.1/8 scope host lo</em><br><em>2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000</em><br><em> link/ether b4:99:ba:a9:08:0c brd ff:ff:ff:ff:ff:ff</em><br><em> inet 172.21.0.1/16 brd 172.21.255.255 scope global eth0</em><br><em>3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000</em><br><em> link/ether b4:99:ba:a9:08:0d brd ff:ff:ff:ff:ff:ff</em><br><em> inet 123.123.123.123/28 brd 123.123.123.122 scope global eth1</em><br><em>5: vpnserver: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100</em><br><em> link/none</em><br><em> inet 172.19.0.1 peer 172.19.0.2/32 scope global vpnserver</em><br><br>таблица маршрутов на сервере<br><em>[root@localhost ~]# route</em><br><em>Kernel IP routing table</em><br><em>Destination Gateway Genmask Flags Metric Ref Use Iface</em><br><em>172.19.0.2 * 255.255.255.255 UH 0 0 0 vpnserver</em><br><em>123.123.123.121 * 255.255.255.240 U 0 0 0 eth1</em><br><em>192.168.2.0 172.19.0.2 255.255.255.0 UG 0 0 0 vpnserver</em><br><em>192.168.1.0 172.19.0.2 255.255.255.0 UG 0 0 0 vpnserver</em><br><em>192.168.17.0 172.19.0.2 255.255.255.0 UG 0 0 0 vpnserver</em><br><em>192.168.16.0 172.19.0.2 255.255.255.0 UG 0 0 0 vpnserver</em><br><em>192.168.15.0 172.19.0.2 255.255.255.0 UG 0 0 0 vpnserver</em><br><em>192.168.14.0 172.19.0.2 255.255.255.0 UG 0 0 0 vpnserver</em><br><em>192.168.12.0 172.19.0.2 255.255.255.0 UG 0 0 0 vpnserver</em><br><em>192.168.11.0 172.19.0.2 255.255.255.0 UG 0 0 0 vpnserver</em><br><em>192.168.10.0 172.19.0.2 255.255.255.0 UG 0 0 0 vpnserver</em><br><em>172.19.0.0 172.19.0.2 255.255.255.0 UG 0 0 0 vpnserver</em><br><em>172.21.0.0 * 255.255.0.0 U 1 0 0 eth0</em><br><em>default 123.123.123.122 0.0.0.0 UG 0 0 0 eth1</em><br><br>конфиг VPN-сервера<br><br><em>[root@localhost ~]# cat /etc/openvpn/server.conf</em><br><em>port 20000</em><br><em>proto udp</em><br><em>dev vpnserver</em><br><em>dev-type tun</em><br><br><em>ca /etc/openvpn/keys/ca.crt</em><br><em>cert /etc/openvpn/keys/server.crt</em><br><em>key /etc/openvpn/keys/server.key # This file should be kept secret</em><br><em>dh /etc/openvpn/keys/dh1024.pem</em><br><br><em>server 172.19.0.0 255.255.255.0</em><br><em>ifconfig-pool-persist ipp.txt</em><br><br><em>push "route 172.21.0.0 255.255.0.0"</em><br><em>client-config-dir /etc/openvpn/ccd</em><br><em>route 192.168.2.0 255.255.255.0 172.19.0.2</em><br><em>route 192.168.11.0 255.255.255.0</em><br><em>route 192.168.10.0 255.255.255.0</em><br><em>route 192.168.12.0 255.255.255.0</em><br><em>route 192.168.14.0 255.255.255.0</em><br><em>route 192.168.15.0 255.255.255.0</em><br><em>route 192.168.16.0 255.255.255.0</em><br><em>route 192.168.17.0 255.255.255.0</em><br><em>route 192.168.1.0 255.255.255.0</em><br><br><em>keepalive 10 60</em><br><em>tls-auth /etc/openvpn/keys/ta.key 0 # This file is secret</em><br><em>comp-lzo</em><br><em>user openvpn</em><br><em>group openvpn</em><br><br><em>persist-key</em><br><em>persist-tun</em><br><em>status /etc/openvpn/client-status.log</em><br><em>verb 3</em><br><br><br>ip a на одном из клиентов<br><br><em>bash-3.1# /sbin/ip a</em><br><em>2: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue</em><br><em> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</em><br><em> inet 127.0.0.1/8 scope host lo</em><br><em>4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000</em><br><em> link/ether 00:1d:60:6d:1f:21 brd ff:ff:ff:ff:ff:ff</em><br><em> inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0</em><br><em>6: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000</em><br><em> link/ether 00:19:5b:71:1d:d1 brd ff:ff:ff:ff:ff:ff</em><br><em> inet 111.111.111.111/30 brd 111.111.111.112 scope global eth1</em><br><em>8: eth2: <BROADCAST,MULTICAST,PROMISC> mtu 1500 qdisc noop qlen 1000</em><br><em> link/ether 00:19:5b:71:20:35 brd ff:ff:ff:ff:ff:ff</em><br><em>1: openvpn: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100</em><br><em> link/[65534]</em><br><em> inet 172.19.0.10 peer 172.19.0.9/32 scope global openvpn</em><br><em>3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue</em><br><em> link/void</em><br><br><br>таблица маршрутов на клиенте<br><br><em>bash-3.1# /sbin/route</em><br><em>Kernel IP routing table</em><br><em>Destination Gateway Genmask Flags Metric Ref Use Iface</em><br><em>172.19.0.1 172.19.0.9 255.255.255.255 UGH 0 0 0 openvpn</em><br><em>172.19.0.9 * 255.255.255.255 UH 0 0 0 openvpn</em><br><em>111.111.110 * 255.255.255.252 U 0 0 0 eth1</em><br><em>192.168.1.0 * 255.255.255.0 U 0 0 0 eth0</em><br><em>172.21.0.0 172.19.0.9 255.255.0.0 UG 0 0 0 openvpn</em><br><em>default 111.111.111.112 0.0.0.0 UG 0 0 0 eth1</em><br><br><br>конфиг OpenVPN на клиенте<br><br><em>client</em><br><em>dev openvpn</em><br><em>dev-type tun</em><br><em>proto udp</em><br><em>remote 123.123.123.123 20000</em><br><em>resolv-retry infinite</em><br><em>nobind</em><br><em>user openvpn</em><br><em>group openvpn</em><br><em>persist-key</em><br><em>persist-tun</em><br><em>ca /etc/openvpn/keys/ca.crt</em><br><em>cert /etc/openvpn/keys/client1.crt</em><br><em>tls-auth /etc/openvpn/keys/ta.key 1</em><br><em>comp-lzo</em><br><em>verb 3</em><br><em>log /etc/openvpn/openvpn.log</em><br><br><br><br></p></BODY></HTML>