Добрый день! OVPN настроен в локальной сети между двумя компьютерами. При проверке в Wireshark, видны все файлы, которые передаются по локальной сети (между 169.254.181.113 и 169.254.73.114), насколько я понимаю, при vpn-соединении такого быть не должно. То есть, либо данные идут в обход vpn, либо ещё что-то. Подскажите, пожалуйста, в чём проблема и как исправить. На сервере прописал: route add 10.26.0.0 mask 255.255.255.0 169.254.181.113
server.conf
===========
local 0.0.0.0
port 443
proto tcp
dev tap
ca ..//easy-rsa//keys//ca.crt
cert ..//easy-rsa//keys//server.crt
key ..//easy-rsa//keys//server.key
dh ..//easy-rsa//keys//dh1024.pem
server 10.26.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
client-to-client
received during 60
keepalive 10 60
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status ..//log//openvpn-status.log
verb 3
client.conf
===========
client
dev tap
proto tcp
port 443
remote 169.254.181.113
redirect-gateway local def1
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
Лог сервера:
…
Thu Dec 14 12:06:24 2017 169.254.73.114:49200 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Thu Dec 14 12:06:24 2017 169.254.73.114:49200 [client1] Peer Connection Initiated with [AF_INET]169.254.73.114:49200
Thu Dec 14 12:06:24 2017 client1/169.254.73.114:49200 MULTI_sva: pool returned IPv4=10.26.0.4, IPv6=(Not enabled)
Thu Dec 14 12:06:25 2017 client1/169.254.73.114:49200 PUSH: Received control message: 'PUSH_REQUEST'
Thu Dec 14 12:06:25 2017 client1/169.254.73.114:49200 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1,route-gateway 10.26.0.1,ping 10,ping-restart 60,ifconfig 10.26.0.4 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Dec 14 12:06:25 2017 client1/169.254.73.114:49200 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Dec 14 12:06:25 2017 client1/169.254.73.114:49200 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 14 12:06:25 2017 client1/169.254.73.114:49200 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 14 12:06:26 2017 client1/169.254.73.114:49200 MULTI: Learn: 00:ff:b1:d5:42:03 -> client1/169.254.73.114:49200
Лог клиента:
…
Thu Dec 14 12:06:25 2017 MANAGEMENT: >STATE:1513235185,GET_CONFIG,,,,,,
Thu Dec 14 12:06:25 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Dec 14 12:06:25 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route-gateway 10.26.0.1,ping 10,ping-restart 60,ifconfig 10.26.0.4 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Thu Dec 14 12:06:25 2017 OPTIONS IMPORT: timers and/or timeouts modified
Thu Dec 14 12:06:25 2017 OPTIONS IMPORT: --ifconfig/up options modified
Thu Dec 14 12:06:25 2017 OPTIONS IMPORT: route options modified
Thu Dec 14 12:06:25 2017 OPTIONS IMPORT: route-related options modified
Thu Dec 14 12:06:25 2017 OPTIONS IMPORT: peer-id set
Thu Dec 14 12:06:25 2017 OPTIONS IMPORT: adjusting link_mtu to 1659
Thu Dec 14 12:06:25 2017 OPTIONS IMPORT: data channel crypto options modified
Thu Dec 14 12:06:25 2017 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Dec 14 12:06:25 2017 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 14 12:06:25 2017 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 14 12:06:25 2017 interactive service msg_channel=0
Thu Dec 14 12:06:25 2017 ROUTE: default_gateway=UNDEF
Thu Dec 14 12:06:25 2017 open_tun
Thu Dec 14 12:06:25 2017 TAP-WIN32 device [Подключение по локальной сети 3] opened: \\.\Global\{B1D54203-71BD-4069-B15F-A6610D1A6C5E}.tap
Thu Dec 14 12:06:25 2017 TAP-Windows Driver Version 9.21
Thu Dec 14 12:06:25 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.26.0.4/255.255.255.0 on interface {B1D54203-71BD-4069-B15F-A6610D1A6C5E} [DHCP-serv: 10.26.0.0, lease-time: 31536000]
Thu Dec 14 12:06:25 2017 Successful ARP Flush on interface [14] {B1D54203-71BD-4069-B15F-A6610D1A6C5E}
Thu Dec 14 12:06:25 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Dec 14 12:06:25 2017 MANAGEMENT: >STATE:1513235185,ASSIGN_IP,,10.26.0.4,,,,
Thu Dec 14 12:06:30 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Thu Dec 14 12:06:30 2017 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.26.0.1
Thu Dec 14 12:06:30 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Dec 14 12:06:30 2017 Route addition via IPAPI succeeded [adaptive]
Thu Dec 14 12:06:30 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.26.0.1
Thu Dec 14 12:06:30 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Dec 14 12:06:30 2017 Route addition via IPAPI succeeded [adaptive]
Thu Dec 14 12:06:30 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Dec 14 12:06:30 2017 Initialization Sequence Completed
Thu Dec 14 12:06:30 2017 MANAGEMENT: >STATE:1513235190,CONNECTED,SUCCESS,10.26.0.4,169.254.181.113,443,169.254.73.114,49200
Маршрутизация на сервере:
C:\Windows\system32>route print
===========================================================================
Список интерфейсов
17...00 ff a4 c7 f9 0c ......TAP-Windows Adapter V9
13...08 00 27 d6 a8 94 ......Адаптер рабочего стола Intel(R) PRO/1000 MT
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Адаптер Microsoft ISATAP
15...00 00 00 00 00 00 00 e0 Адаптер Microsoft ISATAP #2
===========================================================================
IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика
10.26.0.0 255.255.255.0 On-link 169.254.181.113 11
10.26.0.0 255.255.255.0 On-link 10.26.0.1 276
10.26.0.1 255.255.255.255 On-link 10.26.0.1 276
10.26.0.255 255.255.255.255 On-link 169.254.181.113 266
10.26.0.255 255.255.255.255 On-link 10.26.0.1 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.181.113 266
169.254.181.113 255.255.255.255 On-link 169.254.181.113 266
169.254.255.255 255.255.255.255 On-link 169.254.181.113 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.181.113 266
224.0.0.0 240.0.0.0 On-link 10.26.0.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.181.113 266
255.255.255.255 255.255.255.255 On-link 10.26.0.1 276
===========================================================================
Постоянные маршруты:
Отсутствует
IPv6 таблица маршрута
===========================================================================
Активные маршруты:
Метрика Сетевой адрес Шлюз
1 306 ::1/128 On-link
13 266 fe80::/64 On-link
17 276 fe80::/64 On-link
17 276 fe80::197:6291:2145:2b19/128
On-link
13 266 fe80::f5a6:ab26:934d:b571/128
On-link
1 306 ff00::/8 On-link
13 266 ff00::/8 On-link
17 276 ff00::/8 On-link
===========================================================================
Постоянные маршруты:
Отсутствует
Версия для распечатки
ovpn не шифрует трафик, 
yarek, 14-Дек-17, 10:37 [смотреть все]
