LINUXTALKS.CO
TalksНаше сообщество

виртуальная частная сеть через lte от МТС

 

L


0

1

помогите настроить open(виртуальная частна сеть)
через wifi работает, через мобильный интернет не работает. Коннект вроде есть и телефон показывает, что получил адрес 10.8.0.2, но ничего не работает и не пингуется с телефона, пробовал менять tun-mtu ставил 600, 1000 и 1400, нет результата

ps: надеюсь, что тут можно обсуждать виртуальные частные сети

вот конфиги и логи:

конфиг сервера:

cipher AES-256-GCM
data-ciphers AES-256-GCM
keepalive 10 500

topology subnet
proto tcp
port 443
dev tun
server 10.8.0.0 255.255.255.0
tun-mtu 1400
#mssfix 1000

allow-compression no

ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
tls-auth /etc/openvpn/easy-rsa/ta.key 0


push "redirect-gateway def1 bypass-dhcp"
#push "dhcp-option DNS 8.8.8.8"
#push "compress lz4-v2"
persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
log-append  /var/log/openvpn/openvpn.log

verb 3

script-security 2

up "/etc/openvpn/ipt-nat.sh up"
down "/etc/openvpn/ipt-nat.sh down"

конфиг с телефона

client
proto tcp
remote 123.123.123.123 443
dev tun
tun-mtu 1400
nobind
cipher AES-256-GCM
verb 3
pull
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
*
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
*
-----END OpenVPN Static key V1-----
</tls-auth>

лог с сервера:

2025-10-07 15:41:36 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2025-10-07 15:41:36 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2025-10-07 15:41:36 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
2025-10-07 15:41:36 TCP connection established with [AF_INET]213.87.136.31:52804
2025-10-07 15:41:36 213.87.136.31:52804 TLS: Initial packet from [AF_INET]213.87.136.31:52804, sid=41714b61 2a769e9e
2025-10-07 15:42:20 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2025-10-07 15:42:20 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2025-10-07 15:42:20 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
2025-10-07 15:42:20 TCP connection established with [AF_INET]213.87.136.31:49708
2025-10-07 15:42:20 213.87.136.31:49708 TLS: Initial packet from [AF_INET]213.87.136.31:49708, sid=cfbd55f2 10251e0f
2025-10-07 15:42:21 213.87.136.31:49708 VERIFY OK: depth=1, CN=Easy-RSA CA
2025-10-07 15:42:21 213.87.136.31:49708 VERIFY OK: depth=0, CN=ivan-phone
2025-10-07 15:42:21 213.87.136.31:49708 peer info: IV_VER=3.11.1
2025-10-07 15:42:21 213.87.136.31:49708 peer info: IV_PLAT=android
2025-10-07 15:42:21 213.87.136.31:49708 peer info: IV_NCP=2
2025-10-07 15:42:21 213.87.136.31:49708 peer info: IV_TCPNL=1
2025-10-07 15:42:21 213.87.136.31:49708 peer info: IV_PROTO=8094
2025-10-07 15:42:21 213.87.136.31:49708 peer info: IV_MTU=1600
2025-10-07 15:42:21 213.87.136.31:49708 peer info: IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
2025-10-07 15:42:21 213.87.136.31:49708 peer info: IV_AUTO_SESS=1
2025-10-07 15:42:21 213.87.136.31:49708 peer info: IV_GUI_VER=net.openvpn.connect.android_3.7.1-10568
2025-10-07 15:42:21 213.87.136.31:49708 peer info: IV_SSO=webauth,crtext
2025-10-07 15:42:21 213.87.136.31:49708 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1451', remote='link-mtu 1423'
2025-10-07 15:42:22 213.87.136.31:49708 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2025-10-07 15:42:22 213.87.136.31:49708 [ivan-phone] Peer Connection Initiated with [AF_INET]213.87.136.31:49708
2025-10-07 15:42:22 ivan-phone/213.87.136.31:49708 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
2025-10-07 15:42:22 ivan-phone/213.87.136.31:49708 MULTI: Learn: 10.8.0.3 -> ivan-phone/213.87.136.31:49708
2025-10-07 15:42:22 ivan-phone/213.87.136.31:49708 MULTI: primary virtual IP for ivan-phone/213.87.136.31:49708: 10.8.0.3
2025-10-07 15:42:22 ivan-phone/213.87.136.31:49708 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2025-10-07 15:42:22 ivan-phone/213.87.136.31:49708 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2025-10-07 15:42:22 ivan-phone/213.87.136.31:49708 SENT CONTROL [ivan-phone]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 500,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
2025-10-07 15:42:22 ivan-phone/213.87.136.31:49708 PUSH: Received control message: 'PUSH_REQUEST'
2025-10-07 15:42:36 213.87.136.31:52804 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2025-10-07 15:42:36 213.87.136.31:52804 TLS Error: TLS handshake failed
2025-10-07 15:42:36 213.87.136.31:52804 Fatal TLS error (check_tls_errors_co), restarting
2025-10-07 15:42:36 213.87.136.31:52804 SIGUSR1[soft,tls-error] received, client-instance restarting

лог с телефона:

[окт. 07, 2025, 18:33:23] PROTOCOL OPTIONS:
  key-derivation: OpenVPN PRF
  control channel: tls-auth enabled
  data channel: cipher AES-256-GCM, peer-id 0


[окт. 07, 2025, 18:33:23] EVENT: ASSIGN_IP

[окт. 07, 2025, 18:33:23] Connected via tun

[окт. 07, 2025, 18:33:23] fixed mssfix=1360

[окт. 07, 2025, 18:33:23] EVENT: CONNECTED info='123.123.123.123:443 (123.123.123.123) via /TCP on tun/10.8.0.2/ gw=[10.8.0.1/] mtu=(default)' trans=TO_CONNECTED

[окт. 07, 2025, 18:41:27] EVENT: CANCELLED

[окт. 07, 2025, 18:41:27] EVENT: DISCONNECTED

[окт. 07, 2025, 18:41:27] Tunnel bytes per CPU second: 0

[окт. 07, 2025, 18:41:27] ----- OpenVPN Stop -----

[окт. 07, 2025, 18:41:27] EVENT: CORE_THREAD_DONE

[окт. 07, 2025, 18:41:35] ----- OpenVPN Start -----

[окт. 07, 2025, 18:41:35] EVENT: CORE_THREAD_ACTIVE

[окт. 07, 2025, 18:41:35] OpenVPN core 3.11.1(3.git::fbda4753:RelWithDebInfo) android arm64 64-bit PT_PROXY

[окт. 07, 2025, 18:41:35] Frame=512/2112/512 mssfix-ctrl=1250

[окт. 07, 2025, 18:41:35] EVENT: RESOLVE

[окт. 07, 2025, 18:41:35] Contacting 123.123.123.123:443 via TCP

[окт. 07, 2025, 18:41:35] EVENT: WAIT

[окт. 07, 2025, 18:41:35] Connecting to [123.123.123.123]:443 (123.123.123.123) via TCP

[окт. 07, 2025, 18:41:36] EVENT: CONNECTING

[окт. 07, 2025, 18:41:36] Tunnel Options:V4,dev-type tun,link-mtu 1423,tun-mtu 1400,proto TCPv4_CLIENT,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client

[окт. 07, 2025, 18:41:36] Creds: UsernameEmpty/PasswordEmpty

[окт. 07, 2025, 18:41:36] Sending Peer Info:
IV_VER=3.11.1
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=8094
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.7.1-10568
IV_SSO=webauth,crtext


[окт. 07, 2025, 18:42:16] Session invalidated: KEEPALIVE_TIMEOUT

[окт. 07, 2025, 18:42:16] Client terminated, restarting in 2000 ms...

[окт. 07, 2025, 18:42:18] EVENT: RECONNECTING

[окт. 07, 2025, 18:42:18] Contacting 123.123.123.123:443 via TCP

[окт. 07, 2025, 18:42:18] EVENT: RESOLVE

[окт. 07, 2025, 18:42:18] EVENT: WAIT

[окт. 07, 2025, 18:42:19] Connecting to [123.123.123.123]:443 (123.123.123.123) via TCP

[окт. 07, 2025, 18:42:19] EVENT: CONNECTING

[окт. 07, 2025, 18:42:19] Tunnel Options:V4,dev-type tun,link-mtu 1423,tun-mtu 1400,proto TCPv4_CLIENT,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client

[окт. 07, 2025, 18:42:19] Creds: UsernameEmpty/PasswordEmpty

[окт. 07, 2025, 18:42:19] Sending Peer Info:
IV_VER=3.11.1
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=8094
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.7.1-10568
IV_SSO=webauth,crtext


[окт. 07, 2025, 18:42:21] SSL Handshake: peer certificate: CN=server, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD


[окт. 07, 2025, 18:42:21] Session is ACTIVE

[окт. 07, 2025, 18:42:21] Sending PUSH_REQUEST to server...

[окт. 07, 2025, 18:42:21] EVENT: GET_CONFIG

[окт. 07, 2025, 18:42:21] OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [route-gateway] [10.8.0.1]
2 [topology] [subnet]
3 [ping] [10]
4 [ping-restart] [500]
5 [ifconfig] [10.8.0.3] [255.255.255.0]
6 [peer-id] [0]
7 [cipher] [AES-256-GCM]
8 [block-ipv6]
9 [block-ipv4]


[окт. 07, 2025, 18:42:21] PROTOCOL OPTIONS:
  key-derivation: OpenVPN PRF
  control channel: tls-auth enabled
  data channel: cipher AES-256-GCM, peer-id 0


[окт. 07, 2025, 18:42:21] EVENT: ASSIGN_IP

[окт. 07, 2025, 18:42:21] Connected via tun

[окт. 07, 2025, 18:42:21] fixed mssfix=1360

[окт. 07, 2025, 18:42:21] EVENT: CONNECTED info='123.123.123.123:443 (123.123.123.123) via /TCP on tun/10.8.0.3/ gw=[10.8.0.1/] mtu=(default)'
★★★

Обсуждать можно, работать не будет. Либо пускай внутри обфускатора, либо у меня заводилось с tls-crypt-v2 но сейчас уже пофиксить могли

Anoxemian
★★★
Anonymous / Unknown (EE)
Закрыто добавление комментариев для недавно зарегистрированных пользователей (со score < 50)
Наше сообщество