Ïðîáëåìû ñ OpenVPN. Ïðîøó ïîìîùè!

[as_lan]

Òàêàÿ ïðîáëåìà.
Ïðîâàéäåð ïðåäîñòàâëÿåò èíòåðíåò ïî ADSL. Ðîóòåð ïîäíèìàåò pppoe ñîåäèíåíèå. Íî äëÿ òîãî ÷òîá ïîëüçîâàòüñÿ âíóòðåííèìè ðåñóðñàìè íàäî äîïîëíèòåëüíî ïîäêëþ÷àòüñÿ ïî openvpn, êàæäûé ðàç äåëàòü ýòî íà êîìï íàäîåëî. Ïîñòàâèë OpenVPN íà ðîóòåð. Íî íåäàâíî íà÷àë èñïîëüçîâàòü Flylink, è ïðîáëåìà â òîì ÷òî îí íå èùåò è íå çàõîäèò íà øàðû ïîëüçîâàòåëåé. ß òàê ïîíèìàþ äëÿ ýòîãî îí èñïîëüçóåò UPD ïðîòîêîë, íî ãäå òî íå ïðîõîäèò ýòî âñå. Íà äàííûé ìîìåíò ïðîïèñàë ïðàâèëî òîëüêî

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Èòàê èñõîäíûå äàííûå.
èíòåðôåéñ âïí ïîíÿòíî tun0, åãî àäðåñ 172.16.1.6
ïîðòû ïî êîòîðîìó ïóñêàþ flylink tcp 5555 udp 6666
Âíóòðåííèé àäðåñ êîìï íà êîòîðîì ôëàéëèíê 192.168.1.3.

Êàêîãî âèäà ïðàâèëüíî äîëæíî áûòü ÷òîá âñå çàðàáîòàëî. Ïûòàëñÿ ñàì ÷òî-òî ñäåëàòü, íî íå ïîëó÷àåòñÿ. Ïîèñê òàê è íå ðàáîòàåò. Áóäó î÷åíü ïðèçíàòåëåí åñëè êòî-òî ïîìîæåò

[5v5]

íà ðîóòåðå (WL-500gP) ñ ïðîøèâêîé 19.2.7-rtn-r3300 ÷åðåç ipkg óñòàíîâëåí openvpn. ïðè ñòàðòå openvpn âûïîëíÿåòñÿ ñêðèïò:

Code:

#!/bin/sh

if [ "$6" == "init" ]
then
    iptables -t nat -A POSTROUTING -o $1 ! -s $4 -j MASQUERADE
fi

$1 - èñïîëüçóåìûé tun, $4 - àäðåñ êëèåíòñêîãî êîíöà òóíåëÿ.

ïðè ïîïûòêå îáðàùåíèÿ èç ëîêàëüíîé ñåòè ê àäðåñàì ñ äðóãîé ñòîðîíû òóíåëÿ ðîóòåð ïàäàåò (ïåðåãðóæàåòñÿ).

p.s. âèäèìî ìåíÿ íåïðàâèëüíî ïîíÿëè - ïðîáëåìà íå â openvpn - ó ìåíÿ íà ðîóòåðå âèñèò åùå øòóê 5 êëèåíòîâ, íî áåç ìàñêàðàäà, âñå îòëè÷íî ðàáîòàåò - ïðîáëåìà ãäå-òî â ÿäðå.

[abi]

Ïðøó ïîìîùè. Ëåò 5 íàçàä íàñòðîèë openvpn íà wl500gP Âñ¸ ðàáîòàëî, ïîêà íå ñãîðåë âèíò.
Çàìåíèë è ïûòàþñü âñïîìíèòü êàê íàñòðîèòü.

Ñèñòåìà òàêàÿ.
Öèñêà, âîòêíóòà â èíåò (10.0.0.222)
Ðîóòåð ïåðåâåä¸í â ðåæèì ñâèò÷à è âîòêíóò LAN'îì â êîøêó (10.0.0.1)

Íà ðîóòåðå íàïèñàë ïðèìåðíî òàê:

Code:

#
# Sample OpenVPN configuration file for
# office using SSL/TLS mode and RSA certificates/keys.
#
# '#' or ';' may be used to delimit comments.

# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
#dev tun
; dev tap

dev tap0

# Choose an uncommon local subnet for the virtual VPN end points.
# 10.1.0.1 is the local side of the VPN endpoint (slug side)
# 10.1.0.2 is the remote side of the VPN endpoint (client side)
# For tun mode use ifconfig 10.1.0.1 10.1.0.2
# For tap mode use ifconfig 10.1.0.1 255.255.255.0
; ifconfig 10.1.0.1 10.1.0.2
; ifconfig 10.1.0.1 255.255.255.0

server-bridge 10.0.0.222 255.255.255.0 10.0.0.50 10.0.0.70
ifconfig-pool-persist /opt/etc/openvpn/ipp.txt
client-to-client

# Our up script will establish routes once the VPN is alive.
# Running scripts need the script-security set to 2.
#script-security 2
#up ./openvpn.up

# Push the 'server subnet route' to the clients
#push "route 192.168.1.0 255.255.255.0"
push "route 10.0.0.0 255.255.255.0"

# Push the WINS server to the clients - if we have a Samba WINS server.
; push "dhcp-option WINS 192.168.1.77"
push "dhcp-option DNS 10.0.0.222"
;push "dhcp-option WINS 10.0.1.222"

# Server Static Key
# (For security run - chmod 600 /opt/etc/openvpn/static.key)
#secret static.key

# In SSL/TLS key exchange, Office will
# assume server role and Home
# will assume client role.
tls-server

# Diffie-Hellman Parameters (tls-server only)
dh /opt/etc/openvpn/keys/dh1024.pem

# Certificate Authority file
ca /opt/etc/openvpn/keys/ca.crt

# Our certificate/public key
cert /opt/etc/openvpn/keys/server.crt

# Our private key
#crl-verify /opt/etc/openvpn/crl.pem
key  /opt/etc/openvpn/keys/server.key

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.

proto tcp-server

port 443

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
user nobody
group nobody

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive.  Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection.  For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
persist-tun
persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3

# Log files
log-append /opt/var/log/openvpn/openvpn.log
; status /opt/var/log/openvpn/status.log

#  Inactivity timeout
; inactive            45
keepalive 10 60

 post-mount âïèñàë

openvpn --mktun --dev tap0
brctl addif br0 ta0
ifconfig tap0 0.0.0.0 promisc up

Êëèåíò êîííåêòèòñÿ. Ïîëó÷àåò àäðåñ, íî íå ïèíãàåò êîøêó (10.0.0.222).
Âåðíåå, íå ïèíãàåò íè÷åãî.

Ïðè ýòîì, êëèåíò íå ïîëó÷àåò gateway !
Ïîìíþ, ÷òî òàêîãî òî÷íî íåáûëî.

Ïîìîãèòå, ïëèç. Êóäà ñìîòðåòü? Ñèæó 2 äåíü

[abi]

Âîïðîñ ñíÿò. Âîò êàê áûâàåò ïîëåçíî îïèñàòü ïðîáëåìó.
ß äîáàâëÿë tap0 íå â òîò áðèäæ.....

[melnikdima]

Óñòàíàâëèâàë openvpn ïî ýòîé èíñòðóêöèè íà RT-16N
http://wl500g.info/showthread.php?t=5312

íà ýòàïå
Start OpenVPN server manually

ðóãàåòñÿ íà /sbin/insmod tun

[admin@ROUT sbin]$ /sbin/insmod tun
insmod: can't insert 'tun.ko': File exists

êàê áûòü?

[legionnet]

Îðãàíèçîâàë ìåæäó äâóìÿ ASUS RT-N16 VPN-òóííåëü ñ ïîìîùüþ OpenVPN, íî ìàêñèìàëüíàÿ ñêîðîñòü, êîòîðóþ óäàëîñü ïîëó÷èòü - 10ìáèò/ñ â ëþáóþ ñòîðîíó, ïðîáîâàë âûêëþ÷àòü øèôðîâàíèå, ñæàòèå. Íî ðåçóëüòàòîâ íå äàëî, ñêîðîñòü íèêàê íå óâåëè÷èëàñü.
Ñêîðîñòü ìåæäó äâóìÿ RT-N16 íàïðÿìóþ ~80-90 ìáèò/ñ, èçìåðÿë ñ ïîìîùüþ iperf.
Êàê äîáèòüñÿ áîëåå âûñîêèõ ñêîðîñòåé ÂÏÍ? Ïîñîâåòóéòå ðåøåíèå ïðîáëåìû.

Ïðîøèâêè RT-N-1.9.2.7-rtn-r2274 (2010-10-17)

[YVM]

ìàêñèìàëüíàÿ ñêîðîñòü, êîòîðóþ óäàëîñü ïîëó÷èòü - 10ìáèò/ñ â ëþáóþ ñòîðîíó

Ó ìåíÿ òîò æå ðåçóëüòàò. Õîòÿ, ïðè íàëè÷èè íåñêîëüêèõ òóííåëåé ïîëó÷àåòñÿ 10 íà êàæäûé.

[mooncat4er]

ïîäñêàæèòå êàê ñîçäàòü dh1024.pem

[j00e]

ðàññêàæèòå ïëèç êàê íàñòðîèòü óñòàíîâëåííûé ÷åðåç âàø ñêðèïò OpenVPN.

[Rung]

ðàññêàæèòå ïëèç êàê íàñòðîèòü óñòàíîâëåííûé ÷åðåç âàø ñêðèïò OpenVPN.

ïîäñêàæèòå êàê ñîçäàòü dh1024.pem

Çäåñü âû íàéäåòå âñþ èíôîðìàöèþ êàê ñãåíåðèðîâàòü êëþ÷è è íàñòðîèòü ñåòü ìåæäó ðîóòåðàìè.
 îäíîé èç ñëåäóþùèõ âåðñèÿõ â ñêðèïò áóäåò äîáàâëåí äèàëîã íàñòðîéêè vpn òóííåëÿ.

[nemnemonik]

Ïðè âûáîðå openvpn âûâîäèòñÿ ñòðî÷êà:

Enter your menu choice: v
Введите адре� �ервера OpenVPN [x.x.x.x]:

ïûòàþñü ïîíÿòü êîäèðîâêó...

[d0wn]

Ïðè âûáîðå openvpn âûâîäèòñÿ ñòðî÷êà:

Enter your menu choice: v
Введите адре� �ервера OpenVPN [x.x.x.x]:

ïûòàþñü ïîíÿòü êîäèðîâêó...

Koi8-R "Ââåäèòå àäðåñ ñåðâåðà"

 PUTTY âûñòàâèòü êîäèðîâêó.

[nemnemonik]

Ìåíÿòü êîäèðîâêó ïàòòè è ïîòîì âûáèðàòü âñ¸ çàíîâî ñîâñåì íåóäîáíî. Äëÿ âñåãî îñòàëüíîãî êîäèðîâêà ïîäõîäèò, à òóò íåò.

[skolan]

Íà ðàáîòå íàñòðîèëè openVPN. õîòåëîñü áû ÷òîáû äîìà ïîäêëþ÷åíèå øëî íà ðîóòîðå, à íå îòäåëüíî íà êàæäîì êîìïå.Íå ïîäñêàæèòå ÿ ñìîãó íàñòðîèòü openvpn êëèåíò ñ ïîìîùüþ ñêðèïòà?

[Rung]

Íà ðàáîòå íàñòðîèëè openVPN. õîòåëîñü áû ÷òîáû äîìà ïîäêëþ÷åíèå øëî íà ðîóòîðå, à íå îòäåëüíî íà êàæäîì êîìïå.Íå ïîäñêàæèòå ÿ ñìîãó íàñòðîèòü openvpn êëèåíò ñ ïîìîùüþ ñêðèïòà?

Êàê íàñòðîèòü êëèåíòà ñìîòðèòå çäåñü