Jump to content

vladrnd

Forum Members
  • Content count

    34
  • Joined

  • Last visited

Community Reputation

0 Neutral

About vladrnd

  • Rank
    Member

Equipment

  • Keenetic
    Ultra II

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. vladrnd

    пробовал уже. проблема на одном компе пока замечена. при этом совсем не понятно что не так. Антивирусов / файрволов и прочих SC отключены.
  2. vladrnd

    Win10 Pro 1803 (OS Build 17134.165).
  3. не могу настроить уже продолжительное время на Windows 10. На Windows 7 норма. Июл 11 12:41:17 pptp[18093] Modem hangup Июл 11 12:41:17 pptp[18093] write: Bad file descriptor (9) Июл 11 12:41:17 pptp[18093] Exit. Июл 11 12:41:17 pptpd[18092] CTRL: Reaping child PPP[18093] Июл 11 12:41:17 pptpd[18092] CTRL: Client pppd TERM sending Июл 11 12:41:17 pptpd[18092] CTRL: Client pppd finish wait Июл 11 12:41:17 pptpd[18092] CTRL: Client control connection finished
  4. скинул в приват. 7 день ни ответа ни привета.
  5. причем тут бэкап. это проявляется еще с версии 2.11 и по сей день. т.к. заставить с этих версий работать OpenVPN с пропаданием маршрутов не удалось. Это кстати применимо к халявным OVP серверам на vpngate.net. протестировал на коммерческом сервере (hideme) - таких проблем нет, работает нормально. Остановился пока на PPTP сервисе на Amazon, развернул работает на УРА. Буду пробовать развернуть OpenVPN на днях там же, посмотрим. Может что на клиентской конфигурации прописать дополнительно ? keepalive не помог.
  6. столкнулся с такой проблемой на 2.11.C.1.0-3 с OpenVPN. получаю по DHCP от провайдера белый IP адрес. настроен OpenVPN, установлены свои статические маршруты в него нужного мне траффика. Все бы хорошо, но вот со временем OpenVPN перестает обрабатывать эти маршруты. решается проблема путем выкл / вкл его и тогда все начинает работать исправно. как с этим бороться не понимаю. при первом осмотре VPN активен и получает IP 10.x.x.x адрес, но вот так ли это ... хотелось бы стабильного нормального openVPN. небольшой лог (после выкл / вкл) сервиса OpenVPN Jun 15 13:35:31ndm Network::Interface::Supplicant: "OpenVPN1": authnentication is unchanged. Jun 15 13:35:31ndm Network::Interface::Base: "OpenVPN1": description saved. Jun 15 13:35:31ndm Network::Interface::IP: "OpenVPN1": IP address cleared. Jun 15 13:35:31ndm Network::Interface::IP: "OpenVPN1": global priority unchanged. Jun 15 13:35:31ndm Network::Interface::IP: "OpenVPN1": global priority cleared. Jun 15 13:35:31ndm Network::Interface::IP: "OpenVPN1": TCP-MSS adjustment enabled. Jun 15 13:35:31ndm Network::Interface::OpenVpn: "OpenVPN1": configuration successfully saved. Jun 15 13:35:31ndm Network::Interface::OpenVpn: "OpenVPN1": disable automatic routes accept via tunnel. Jun 15 13:35:31ndm Network::Interface::OpenVpn: "OpenVPN1": set connection via ISP. Jun 15 13:35:31ndm Network::Interface::Base: "OpenVPN1": interface is up. Jun 15 13:35:31ndm Network::Interface::Base: "OpenVPN1": schedule cleared. Jun 15 13:35:31ndm Core::ConfigurationSaver: saving configuration... Jun 15 13:35:32ndm Network::Interface::IP: "OpenVPN1": IP address cleared. Jun 15 13:35:32ndm Network::Interface::OpenVpn: "OpenVPN1": remove installed accepted routes. Jun 15 13:35:32OpenVPN1 event_wait : Interrupted system call (code=4) Jun 15 13:35:32OpenVPN1 Closing TUN/TAP interface Jun 15 13:35:32OpenVPN1 SIGINT[hard,] received, process exiting Jun 15 13:35:35OpenVPN1 OpenVPN 2.4.4 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD] Jun 15 13:35:35OpenVPN1 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 Jun 15 13:35:35OpenVPN1 Socket Buffers: R=[155648->155648] S=[155648->155648] Jun 15 13:35:35OpenVPN1 UDP link local: (not bound) Jun 15 13:35:35OpenVPN1 UDP link remote: [AF_INET]118.216.61.125:1597 Jun 15 13:35:35OpenVPN1 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Jun 15 13:35:35OpenVPN1 TLS: Initial packet from [AF_INET]118.216.61.125:1597, sid=50f97caa 465803f8 Jun 15 13:35:35ndm Core::ConfigurationSaver: configuration saved. Jun 15 13:35:35OpenVPN1 VERIFY SCRIPT OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority Jun 15 13:35:35OpenVPN1 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority Jun 15 13:35:35OpenVPN1 VERIFY SCRIPT OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA Jun 15 13:35:35OpenVPN1 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA Jun 15 13:35:35OpenVPN1 VERIFY SCRIPT OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net Jun 15 13:35:35OpenVPN1 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net Jun 15 13:35:36OpenVPN1 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Jun 15 13:35:36OpenVPN1 [*.opengw.net] Peer Connection Initiated with [AF_INET]118.216.61.125:1597 Jun 15 13:35:36ndm Network::Interface::OpenVpn: "OpenVPN1": added host route to remote endpoint 118.216.61.125 via 188.130.140.1. Jun 15 13:35:37OpenVPN1 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1) Jun 15 13:35:38OpenVPN1 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.253 10.211.1.254,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.254,redirect-gateway def1' Jun 15 13:35:38OpenVPN1 OPTIONS IMPORT: timers and/or timeouts modified Jun 15 13:35:38OpenVPN1 OPTIONS IMPORT: --ifconfig/up options modified Jun 15 13:35:38OpenVPN1 OPTIONS IMPORT: route options modified Jun 15 13:35:38OpenVPN1 OPTIONS IMPORT: route-related options modified Jun 15 13:35:38OpenVPN1 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Jun 15 13:35:38OpenVPN1 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key Jun 15 13:35:38OpenVPN1 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Jun 15 13:35:38OpenVPN1 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key Jun 15 13:35:38OpenVPN1 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Jun 15 13:35:38OpenVPN1 TUN/TAP device tun0 opened Jun 15 13:35:38OpenVPN1 TUN/TAP TX queue length set to 100 Jun 15 13:35:38OpenVPN1 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Jun 15 13:35:38ndm Network::Interface::IP: "OpenVPN1": IP address is 10.211.1.253/32. Jun 15 13:35:38ndm Network::Interface::OpenVpn: "OpenVPN1": TUN peer address is 10.211.1.254. Jun 15 13:35:38ndm Network::Interface::OpenVpn: "OpenVPN1": added host route to peer 10.211.1.254 via 10.211.1.253. Jun 15 13:35:39OpenVPN1 GID set to nobody Jun 15 13:35:39OpenVPN1 UID set to nobody Jun 15 13:35:39OpenVPN1 Initialization Sequence Completed настройки сервер openvpn ############################################################################### # OpenVPN 2.0 Sample Configuration File # for PacketiX VPN / SoftEther VPN Server # # !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!! # # !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!! # # This configuration file is auto-generated. You might use this config file # in order to connect to the PacketiX VPN / SoftEther VPN Server. # However, before you try it, you should review the descriptions of the file # to determine the necessity to modify to suitable for your real environment. # If necessary, you have to modify a little adequately on the file. # For example, the IP address or the hostname as a destination VPN Server # should be confirmed. # # Note that to use OpenVPN 2.0, you have to put the certification file of # the destination VPN Server on the OpenVPN Client computer when you use this # config file. Please refer the below descriptions carefully. ############################################################################### # Specify the type of the layer of the VPN connection. # # To connect to the VPN Server as a "Remote-Access VPN Client PC", # specify 'dev tun'. (Layer-3 IP Routing Mode) # # To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN", # specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode) dev tun ############################################################################### # Specify the underlying protocol beyond the Internet. # Note that this setting must be correspond with the listening setting on # the VPN Server. # # Specify either 'proto tcp' or 'proto udp'. proto udp ############################################################################### # The destination hostname / IP address, and port number of # the target VPN Server. # # You have to specify as 'remote <HOSTNAME> <PORT>'. You can also # specify the IP address instead of the hostname. # # Note that the auto-generated below hostname are a "auto-detected # IP address" of the VPN Server. You have to confirm the correctness # beforehand. # # When you want to connect to the VPN Server by using TCP protocol, # the port number of the destination TCP port should be same as one of # the available TCP listeners on the VPN Server. # # When you use UDP protocol, the port number must same as the configuration # setting of "OpenVPN Server Compatible Function" on the VPN Server. remote 118.216.61.125 1597 ############################################################################### # The HTTP/HTTPS proxy setting. # # Only if you have to use the Internet via a proxy, uncomment the below # two lines and specify the proxy address and the port number. # In the case of using proxy-authentication, refer the OpenVPN manual. ;http-proxy-retry ;http-proxy [proxy server] [proxy port] ############################################################################### # The encryption and authentication algorithm. # # Default setting is good. Modify it as you prefer. # When you specify an unsupported algorithm, the error will occur. # # The supported algorithms are as follows: # cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC # CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC # RC2-40-CBC RC2-64-CBC RC2-CBC # auth: SHA SHA1 MD5 MD4 RMD160 cipher AES-128-CBC auth SHA1 ############################################################################### # Other parameters necessary to connect to the VPN Server. # # It is not recommended to modify it unless you have a particular need. resolv-retry infinite nobind persist-key persist-tun client verb 3 #auth-user-pass ############################################################################### # The certificate file of the destination VPN Server. # # The CA certificate file is embedded in the inline format. # You can replace this CA contents if necessary. # Please note that if the server certificate is not a self-signed, you have to # specify the signer's root certificate (CA) here. <ca> -----END CERTIFICATE----- </ca> ############################################################################### # The client certificate file (dummy). # # In some implementations of OpenVPN Client software # (for example: OpenVPN Client for iOS), # a pair of client certificate and private key must be included on the # configuration file due to the limitation of the client. # So this sample configuration file has a dummy pair of client certificate # and private key as follows. <cert> -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </cert> <key> -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- </key>
  7. ну вот как-то он периодически отвечает не по мужски, через раз ... вторичный DNS ответил, первичный (dnsproxy2) проскочил запрос. admin@DiskStation1:~$ nslookup t.me Server: 8.8.4.4 Address: 8.8.4.4#53 Non-authoritative answer: Name: t.me Address: 5.3.3.17 admin@DiskStation1:~$ nslookup t.me Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: t.me Address: 149.154.167.99
  8. норма. ответ выше. подправил root@router:/opt/sbin# ./dnscrypt-proxy -config /opt/etc/dnscrypt-proxy.toml [2018-06-08 13:38:27] [FATAL] Near line 106 (last key parsed 'log_file'): strings cannot contain newlines заупстилось!
  9. да нормально все с правами ENABLED=yes PROCS=dnscrypt-proxy ARGS="-config /opt/etc/dnscrypt-proxy.toml" PREARGS="" DESC=$PROCS PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin . /opt/etc/init.d/rc.func -rwxr-xr-x 1 root root 236 Jun 8 13:23 S09dnscrypt-proxy2 -rw------- 1 root root 14234 Jun 7 17:38 dnscrypt-proxy.toml
  10. поставил на ультру-2. а оно не стартует : root@router:/opt/etc# /opt/etc/init.d/S09dnscrypt-proxy2 check Checking dnscrypt-proxy... dead. лога тоже нет. он вообще рабочий ?
  11. Loading data from [file:domains-blacklist-local-additions.txt] Loading data from [https://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt] [https://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt] could not be loaded: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] unknown error (_ssl.c:726)> Loading data from [https://hosts-file.net/.%5Cad_servers.txt] [https://hosts-file.net/.%5Cad_servers.txt] could not be loaded: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] unknown error (_ssl.c:726)> Loading data from [https://mirror1.malwaredomains.com/files/justdomains] [https://mirror1.malwaredomains.com/files/justdomains] could not be loaded: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] unknown error (_ssl.c:726)> что не так ? PS: done import ssl ssl._create_default_https_context = ssl._create_unverified_context у меня сервис так и не запустился. ни логов ни всего остального ... непоняно куда клевать далее. root@router:/opt/etc# /opt/etc/init.d/S09dnscrypt-proxy2 check Checking dnscrypt-proxy... dead.
  12. да-с. решил через openvpn+free protonvpn, и статических маршрутов для подсети telegram. осталось другая проблема : все DNS сервера резолвят забанненые имена в РКН как IP 5.3.3.17. туда попали и поддомены telegram.org. есть варианты (пути) решения этой проблемы использования DNS? google dns отдает тоже самое. в качестве временного решения сделал отдельный локальный dns сервер telegram.org и добавил туда необходимые поддомены. но это не решение.
  13. Вообщем пытаюсь и не получается. Перенаправить запрос с локалки в инет сайта telegram.org etc. через прокси 47.75.186.178 и тишина. iptables -t nat -I PREROUTING -p tcp -m tcp --dport 443 -d 5.3.3.17/32 -j DNAT --to-destination 47.75.186.178:1080 iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 949 packets, 148K bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0 5.3.3.17 tcp dpt:443 to:47.75.186.178:1080 0 0 DNAT tcp -- * * 0.0.0.0/0 5.3.3.17 tcp dpts:0:1024 to:47.75.186.178:1080 есть идеи ?
×