у меня есть рабочая настройка openvpn, которую я скопировал с одной машины на другую (конечно, оригинальная машина выключена). Клиент подключается к серверу (сервер не менялся), настраивает IP и маршрутизацию но аппарт от этого ничего не работает.
сервер LAN 192.168.123.0
клиент LAN 192.168.1.0
OpenVPN Client IP 192.168.123.253
openvpn /etc/openvpn/client.conf
Tue Nov 8 09:50:53 2016 OpenVPN 2.3.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 17 2016
Tue Nov 8 09:50:53 2016 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.08
Tue Nov 8 09:50:53 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 8 09:50:53 2016 Control Channel Authentication: using '/etc/openvpn/client/ta.key' as a OpenVPN static key file
Tue Nov 8 09:50:53 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 8 09:50:53 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 8 09:50:54 2016 Attempting to establish TCP connection with [AF_INET]XXX:XX940 [nonblock]
Tue Nov 8 09:50:55 2016 TCP connection established with [AF_INET]XXX:XX940
Tue Nov 8 09:50:55 2016 TCPv4_CLIENT link local: [undef]
Tue Nov 8 09:50:55 2016 TCPv4_CLIENT link remote: [AF_INET]XXX:XXXXX940
Tue Nov 8 09:50:55 2016 VERIFY OK: depth=1, C=DE, ST=Bayern, L=Munich, O=nothing, OU=private, CN=private, name=private, emailAddress=XXXX
Tue Nov 8 09:50:55 2016 VERIFY OK: depth=0, C=DE, ST=Bayern, L=Munich, O=nothing, OU=private, CN=server, name=private, emailAddress=XXX
Tue Nov 8 09:50:55 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Nov 8 09:50:55 2016 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Tue Nov 8 09:50:55 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 8 09:50:55 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Nov 8 09:50:55 2016 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Tue Nov 8 09:50:55 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 8 09:50:55 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Nov 8 09:50:55 2016 [server] Peer Connection Initiated with [AF_INET]84.56.32.58:11940
Tue Nov 8 09:50:57 2016 TUN/TAP device tap0 opened
Tue Nov 8 09:50:57 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Nov 8 09:50:57 2016 /bin/ip link set dev tap0 up mtu 1500
Tue Nov 8 09:50:57 2016 /bin/ip addr add dev tap0 192.168.123.253/24 broadcast 192.168.123.255
Tue Nov 8 09:50:57 2016 Initialization Sequence Completed
также на клиенте, ip установлен правильно и pingable
ifconfig
br0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::c43:1ff:fea0:26de prefixlen 64 scopeid 0x20<link>
ether 0e:43:01:a0:26:de txqueuelen 1000 (Ethernet)
RX packets 107244 bytes 65503139 (62.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7740 bytes 2854919 (2.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::325a:3aff:fe0d:49e1 prefixlen 64 scopeid 0x20<link>
ether 30:5a:3a:0d:49:e1 txqueuelen 1000 (Ethernet)
RX packets 45013 bytes 7253888 (6.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 69966 bytes 62536816 (59.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Lokale Schleife)
RX packets 1737 bytes 155991 (152.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1737 bytes 155991 (152.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.123.253 netmask 255.255.255.0 broadcast 192.168.123.255
inet6 fe80::30ff:6bff:fe1f:8503 prefixlen 64 scopeid 0x20<link>
ether 32:ff:6b:1f:85:03 txqueuelen 100 (Ethernet)
RX packets 1060 bytes 51338 (50.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 377 bytes 39122 (38.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
~ # route
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
default wan.localnet 0.0.0.0 UG 13 0 0 br0
loopback 0.0.0.0 255.0.0.0 U 0 0 0 lo
loopback localhost 255.0.0.0 UG 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
~ # ping 192.168.123.253
PING 192.168.123.253 (192.168.123.253) 56(84) bytes of data.
64 bytes from 192.168.123.253: icmp_seq=1 ttl=64 time=0.245 ms
--- 192.168.123.253 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
~ # ping 192.168.123.150
PING 192.168.123.150 (192.168.123.150) 56(84) bytes of data.
--- 192.168.123.150 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1074ms
теперь моя проблема в том, что все работает нормально, если я попробую эту настройку на машине A, но не на машине B. только другая точка в сетевых конфигурациях заключается в том, что на машине B интерфейс TAP0 уже запущен и работает от сетевых сценариев (на этой машине также размещены 3 виртуальные машины, которые используют мост)