Как настроить VPN клиент сервиса Surfshark на роутере Keenetic?
Я человек исключительно далекий от программирования и сетевого администрирования, но мне страсть как необходимо решить базовую домашнюю задачу: подключить VPN на Keenetic от популярного провайдера Surfshark. У них, собственно, на сайте после покупки можно взять файл конфигурации ovpn, который прилагаю:
client dev tun proto udp remote 37.120.201.69 1194 resolv-retry infinite remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ping 15 ping-restart 0 ping-timer-rem reneg-sec 0 remote-cert-tls server auth-user-pass #comp-lzo verb 3 pull fast-io cipher AES-256-CBC auth SHA512 -----BEGIN CERTIFICATE----- MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+ 303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q 5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087 FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI 623cSEC3Q3UZutsEm/UplsM= -----END CERTIFICATE----- key-direction 1 # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- b02cb1d7c6fee5d4f89b8de72b51a8d0 c7b282631d6fc19be1df6ebae9e2779e 6d9f097058a31c97f57f0c35526a44ae 09a01d1284b50b954d9246725a1ead1f f224a102ed9ab3da0152a15525643b2e ee226c37041dc55539d475183b889a10 e18bb94f079a4a49888da566b9978346 0ece01daaf93548beea6c827d9674897 e7279ff1a19cb092659e8c1860fbad0d b4ad0ad5732f1af4655dbd66214e552f 04ed8fd0104e1d4bf99c249ac229ce16 9d9ba22068c6c0ab742424760911d463 6aafb4b85f0c952a9ce4275bc821391a a65fcd0d2394f006e3fba0fd34c4bc4a b260f4b45dec3285875589c97d3087c9 134d3a3aa2f904512e85aa2dc2202498 -----END OpenVPN Static key V1-----
Строчку auth-user-pass удалять пробовал, заменяя по инструкции на пресловутое:
Не помогло. Соединение просто не устанавливается, настройки выглядят так:
Кто виноват и что делать?
Простой 1 комментарий
Короче говоря, я разобрался с этим сам, просто вбив в поисковик вот это:
Unrecognized option or missing or extra parameter(s) in configuration: block-outside-dns
Пусть в файле конфигурации ovpn и отсутствует строка block-outside-dns , все равно нужно было добавить строку pull-filter ignore «block-outside-dns» .
А логи-то и правда очень полезная вещь.
Вот конфиг, который я нашел на 4pda. Он у меня заработал. Это для Франкфурта, можете любой сервер подставить. И логин-пароль пропишите свои
client
dev tun
proto udp
remote de-fra.prod.surfshark.com 1194
#remote pl-gdn.prod.surfshark.com 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
pull-filter ignore «block-outside-dns»
имя юзера из лк
пароль из лк
#comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC
——BEGIN CERTIFICATE——
MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV
BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS
b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE
BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv
b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o
SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua
Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C
c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp
FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI
yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn
TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe
ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t
tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP
SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m
iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z
CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD
ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z
S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf
ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+
303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q
5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx
KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK
ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG
EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq
X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087
FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC
LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI
623cSEC3Q3UZutsEm/UplsM=
——END CERTIFICATE——
#
# 2048 bit OpenVPN static key
#
——BEGIN OpenVPN Static key V1——
b02cb1d7c6fee5d4f89b8de72b51a8d0
c7b282631d6fc19be1df6ebae9e2779e
6d9f097058a31c97f57f0c35526a44ae
09a01d1284b50b954d9246725a1ead1f
f224a102ed9ab3da0152a15525643b2e
ee226c37041dc55539d475183b889a10
e18bb94f079a4a49888da566b9978346
0ece01daaf93548beea6c827d9674897
e7279ff1a19cb092659e8c1860fbad0d
b4ad0ad5732f1af4655dbd66214e552f
04ed8fd0104e1d4bf99c249ac229ce16
9d9ba22068c6c0ab742424760911d463
6aafb4b85f0c952a9ce4275bc821391a
a65fcd0d2394f006e3fba0fd34c4bc4a
b260f4b45dec3285875589c97d3087c9
134d3a3aa2f904512e85aa2dc2202498
——END OpenVPN Static key V1——
Надо открыть в другом окне логи и смотреть на что ругается
Так же попробуйте указать конкретное интернет подключение, с которого он должен подключаться, а не любое
PS это не домашняя базовая задача)
И правда, действительно активно ругается:
[I] Mar 12 18:28:38 ndm: Core::Syslog: the system log has been cleared. [I] Mar 12 18:28:41 ndm: Network::Interface::Base: "OpenVPN0": interface is up. [I] Mar 12 18:28:41 ndm: Core::System::Configuration: saving (http/rci). [I] Mar 12 18:28:42 ndhcpc: GigabitEthernet1: received ACK for 100.115.38.150 from 91.144.168.22 lease 1800 sec. [I] Mar 12 18:28:44 OpenVPN0: OpenVPN 2.4.6 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD] [I] Mar 12 18:28:44 OpenVPN0: library versions: OpenSSL 1.1.1m 14 Dec 2021, LZO 2.10 [W] Mar 12 18:28:44 OpenVPN0: WARNING: --ping should normally be used with --ping-restart or --ping-exit [I] Mar 12 18:28:44 OpenVPN0: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication [I] Mar 12 18:28:44 OpenVPN0: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication [I] Mar 12 18:28:44 OpenVPN0: Socket Buffers: R=[155648->155648] S=[155648->155648] [I] Mar 12 18:28:44 OpenVPN0: UDP link local (bound): [AF_INET]100.115.38.150:48920 [I] Mar 12 18:28:44 OpenVPN0: UDP link remote: [AF_INET]37.120.201.69:1194 [I] Mar 12 18:28:44 OpenVPN0: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay [I] Mar 12 18:28:44 OpenVPN0: TLS: Initial packet from [AF_INET]37.120.201.69:1194, sid=5f6f9d54 4be14cce [I] Mar 12 18:28:44 OpenVPN0: VERIFY SCRIPT OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA [I] Mar 12 18:28:44 OpenVPN0: VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA [I] Mar 12 18:28:44 OpenVPN0: VERIFY SCRIPT OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA [I] Mar 12 18:28:44 OpenVPN0: VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA [I] Mar 12 18:28:44 OpenVPN0: VERIFY KU OK [I] Mar 12 18:28:44 OpenVPN0: Validating certificate extended key usage [I] Mar 12 18:28:44 OpenVPN0: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication [I] Mar 12 18:28:44 OpenVPN0: VERIFY EKU OK [I] Mar 12 18:28:44 OpenVPN0: VERIFY SCRIPT OK: depth=0, CN=it-mil-v020.prod.surfshark.com [I] Mar 12 18:28:44 OpenVPN0: VERIFY OK: depth=0, CN=it-mil-v020.prod.surfshark.com [W] Mar 12 18:28:45 OpenVPN0: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1581' [W] Mar 12 18:28:45 OpenVPN0: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532' [W] Mar 12 18:28:45 OpenVPN0: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM' [W] Mar 12 18:28:45 OpenVPN0: WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]' [I] Mar 12 18:28:45 OpenVPN0: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA [I] Mar 12 18:28:45 OpenVPN0: [it-mil-v020.prod.surfshark.com] Peer Connection Initiated with [AF_INET]37.120.201.69:1194 [I] Mar 12 18:28:45 ndm: Network::Interface::OpenVpn: "OpenVPN0": connecting via ISP (GigabitEthernet1). [I] Mar 12 18:28:45 ndm: Network::Interface::OpenVpn: "OpenVPN0": added host route to remote endpoint 37.120.201.69 via 100.115.63.254. [I] Mar 12 18:28:45 ndm: Core::System::Configuration: configuration saved. [I] Mar 12 18:28:46 OpenVPN0: SENT CONTROL [it-mil-v020.prod.surfshark.com]: 'PUSH_REQUEST' (status=1) [I] Mar 12 18:28:47 OpenVPN0: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.37 255.255.255.0,peer-id 55,cipher AES-256-GCM' [E] Mar 12 18:28:47 OpenVPN0: Unrecognized option or missing or extra parameter(s) in configuration: (line 7): block-outside-dns (2.4.6) [E] Mar 12 18:28:47 OpenVPN0: Exiting due to fatal error [E] Mar 12 18:28:47 ndm: Service: "OpenVPN0": unexpectedly stopped. [W] Mar 12 18:28:47 ndm: Network::Interface::OpenVpn: "OpenVPN0": configuration is invalid.