Ïðîáëåìû ñ OpenVPN. Ïðîøó ïîìîùè!

Printable View

Show 40 post(s) from this thread on one page

22-12-2011, 17:51
KEKC

Óñòàíîâêà ïðîãðàìì áåç HDD

Âîçìîæíî ëè òàêîå? Ê ïðèìåðó ïðîãà áóäåò õðàíèòñÿ íà ftp ñ êîíôèãàìè, à ðàáîòàòü íà ðîóòåðå.
04-01-2012, 20:58
melnikdima

Âñåì çäðàñüòå.

ñåé÷àñ óñòàíîâëåíî ïîäêëþ÷åíèå client-to-client
Íî íóæíî ÷òîáû áûë öåíòðàëèçîâàííûé ñåðâåð.
à ê íåìó ïîäêëþ÷àëèñü êëèíòû. êëèåíòû äîëæíû èìåòü äîñòóï ìåæäó ñîáîé ïî ip àäðåñàì âûäàííûì ñåðâåðîì.

ñåé÷àñ íàñòðîéêè òàêèå

SERVER (ÐÎÓÒÅÐ)

Code:

dev tun0 ifconfig 10.8.0.1 10.8.0.2 secret static.key

CLIENT

Code:

remote xxxxxxxxxxx dev tun0 ifconfig 10.8.0.2 10.8.0.1 secret static.key keepalive 10 120

íèêòî íå ïîäñêàæåò òîëêîâûå íàñòðîéêè????

È â ÷¸ì ðàçíèöà ìåæäó tap è tun
09-01-2012, 19:27
RTM

rt-n16

Âñåõ ñ ïðîøåäøèìè ïðàçíèêàìè!
Åñòü ïàðà âîïðîñîâ êàñàòåëüíî íàñòðîåê ðîóòåðà, ìîæåò áûòü âû ñìîæèòå ìíå ïîìî÷ü:
1) Openvpn ðàáîòàåò òîëüêî ïî tcp, udp ñîåäèíåíèÿ ïîäêëþ÷àþòñÿ íî òðàôôèê ÷åðåç òàêîå ñîåäèíåíèå ïåðåñòàåò èäòè áóêâàëüíî ÷åðåç 5ñåê ïîñëå ïîäêëþ÷åíèÿ. Áåç ðîóòåðà âñå îê.
2) Ìîæíî ëè ñäåëàòü âòîðîå ïîäêëþ÷åíèå â ðîóòåðå ê èíòåðíåòó ÷åðåç usb ìîäåì è ïîäêëþ÷àòüñÿ ê íåìó ÷åðåç ñîêñ ñåðâåð íà ðîóòåðå, ïðè ýòîì ñòàíäàðíòíîå PPTP WAN ïîäêëþ÷åíèå îñòàâèòü ïî äåôîëòó?

Çàðàíåå ñïàñèáî ;)
06-03-2012, 09:46
kpush

openvpn

ðåïîçèòàðèè opkg èäåò ïîñëå r3702 âî âñåõ ñëåäóþùèõ âåðñèÿõ âìåñòî ipkg
Êòî íèáóäü ñ ïîìîùüþ íîâîãî ðåïîçèòàðèÿ opkg,
OpenVPN óñòàíàâëèâàë?

Ïî ýòîé èíñòðóêöèè http://wl500g.info/archive/index.php/t-8880.html
âïðÿìóþ íå ïðîõîäèò: ïàêåòîâ ñ èìåíàìè uclibc-opt openssl lzo
íåò. Äèðåêòîðèè /opt/etc/init.d íå ñîçäàåòñÿ. è ò.ä.

ß íàõîæóñü â ïðîöåññå, íî óæå ÿñíî, ÷òî íàäî,
îòäåëüíóþ èíñòðóêöèþ ñîçäàòü.
06-03-2012, 10:24
Spartach

Quote:

Originally Posted by kpush

ðåïîçèòàðèè opkg èäåò ïîñëå r3702 âî âñåõ ñëåäóþùèõ âåðñèÿõ âìåñòî ipkg
Êòî íèáóäü ñ ïîìîùüþ íîâîãî ðåïîçèòàðèÿ opkg,
OpenVPN óñòàíàâëèâàë?

Ïî ýòîé èíñòðóêöèè http://wl500g.info/archive/index.php/t-8880.html
âïðÿìóþ íå ïðîõîäèò: ïàêåòîâ ñ èìåíàìè uclibc-opt openssl lzo
íåò. Äèðåêòîðèè /opt/etc/init.d íå ñîçäàåòñÿ. è ò.ä.

ß íàõîæóñü â ïðîöåññå, íî óæå ÿñíî, ÷òî íàäî,
îòäåëüíóþ èíñòðóêöèþ ñîçäàòü.

Äà, init.d è ñòàðòîâûé ñêðèïò ïðè óñòàíîâêå íå ñîçäàåòñÿ, äåëàë ðóêàìè.
Â îñòàëüíîì íè êàêèõ ïðîáëåì íå áûëî ïðè ïåðååçäå íà íîâûé ðåïîçèòîðèé.
06-03-2012, 19:13
kpush

Quote:

Originally Posted by Spartach

Äà, init.d è ñòàðòîâûé ñêðèïò ïðè óñòàíîâêå íå ñîçäàåòñÿ, äåëàë ðóêàìè.
Â îñòàëüíîì íè êàêèõ ïðîáëåì íå áûëî ïðè ïåðååçäå íà íîâûé ðåïîçèòîðèé.

Ñïàñèáî.
Äà âñå ïîëó÷èëîñü.
07-03-2012, 01:24
pux

Â÷åðà òîëüêî ïðèøëîñü çàìîðî÷èòüñÿ, ïîêà çàìåòêè åùå ïîä ðóêîé..

Íà ðîóòåðå âûïîëíÿåì êîìàíäû:
# mkdir /tmp/local/opt
# mount -o bind /usr/local/opt /opt
# ipkg.sh update; ipkg.sh install opkg; opkg update; opkg install openvpn

Ñîçäàåì ôàéëèêè:

(1) /opt/etc/openvpn/server.conf

Code:

proto tcp-server dev tun0 port 443 ifconfig 10.8.0.2 10.8.0.1 keepalive 10 120 secret static.key

(2) /usr/local/sbin/post-boot

Code:

#!/bin/sh # keep opkg repository in flash memory mount -o bind /usr/local/opt /opt # OpenVPN /sbin/insmod tun /opt/bin/openvpn --daemon --cd /opt/etc/openvpn --config server.conf

(3) /usr/local/sbin/post-firewall

Code:

#!/bin/sh vpnPort=443 vpnProto=tcp vpnDevice=tun0 iptables -P INPUT DROP iptables -D INPUT -j DROP iptables -A INPUT -p $vpnProto --dport $vpnPort --tcp-flags FIN,SYN,RST,ACK SYN -j BRUTE iptables -A INPUT -p $vpnProto --dport $vpnPort -j ACCEPT iptables -I INPUT -i $vpnDevice -j ACCEPT iptables -I FORWARD -i $vpnDevice -j ACCEPT iptables -I FORWARD -o $vpnDevice -j ACCEPT iptables -I OUTPUT -o $vpnDevice -j ACCEPT

(4) /opt/etc/openvpn/static.key
(ãåíåðèðóåòñÿ íà ñåðâåðå èëè íà êëèåíòå êîìàíäîé
# openvpn --genkey --secret static.key
ñîäåðæèìîå êîïèïàñòèòñÿ ÷åðåç ssh áåç âñÿêèõ scp)

óñòàíàâëèâàåì ïðàâà íà ôàéëû:
# chmod 0755 "/usr/local/sbin/post-boot"
# chmod 0755 "/usr/local/sbin/post-firewall"

ïèøåì ñäåëàííîå âî ôëåø è ïåðåãðóæàåìñÿ ñ ìîëèòâîé:
# flashfs save && flashfs commit && flashfs enable
# reboot

êîíôèã äëÿ êëèåíòà:

Code:

proto tcp-client dev tun0 port 443 ifconfig 10.8.0.1 10.8.0.2 secret static.key redirect-gateway remote 213.24.76.23

Íþàíñû:
(1) ôàåðâîëîì ïðèêðûë OpenVPN îò áðóòôîðñà;
(2) ïèøó ëîã â ñèñëîã, ÷òîáû íå ïàðèòüñÿ ñ ðîòàöèåé, è ÷òîáû ïðîùå áûëî ãëÿíóòü ÷åðåç âåá-èíòåðôåéñ;
(3) åñëè õî÷åòñÿ óïðàâëÿòü îòäåëüíûì ñêðèïòîì â /opt/etc/init.d/ , òî íóæíî èñêàòü rc.unslung .

PS: Ñïàñèáî çà íîâûé ðåïîçèòîðèé!
PPS: ïîïðàâëåíî.
07-03-2012, 05:12
Spartach

Quote:

Originally Posted by pux

Â÷åðà òîëüêî ïðèøëîñü çàìîðî÷èòüñÿ, ïîêà çàìåòêè åùå ïîä ðóêîé..

Ýòî äåëàòü íå íóæíî:

Code:

mkdir /dev/net mknod /dev/net/tun c 10 200

Ñêðèïò çàïóñêà äåëàåò ìíîãî ïîëåçíûõ âåùåé â ÷àñòíîñòè

Code:

/sbin/insmod tun

åñëè ìîäóëü íå áûë çàãðóæåí.
Ïëþñ ïðîâåðêà íà íàëè÷èå çàïóùåííûõ ïðîöåññîâ ïðè îñòàíîâêè è ðåñòàðòå (stop/start).
16-03-2012, 19:41
vaxon

WL500gP OpenVPN + masquerade = ïåðåçàãðóçêà ðîóòåðà

Óñòàíîâëåíà ïðîøèâêà 1.9.2.7-rtn.3976
Óñòàíîâèë íà USB ôëåøêó openvpn_2.2.0-1_mipsel.ipk

Äîñòóï ê VPN ðàáîòàåò ñ ðîóòåðà íîðìàëüíî.

Çàïóñêàþ íà ðîóòåðå iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
äëÿ òîãî ÷òîáû ìîæíî áûëî èç ëîêàëüíîé ñåòêè ÷åðåç ðóòåð äîñòóï â VPN ïîëó÷èòü.

Ïîñëå ýòîãî ping èç ëîêàëüíîé ñåòêè â VPN ïðîõîäèò áåç ïðîáëåì, íî ëþáîå îáðàùåíèå ïî ssh/telnet ïðèâîäèò ê ïåðåçàãðóçêè ðîóòåðà.

Ïîõîæå ïðîáëåìà ãäå-òî â masquerading tcp + tun

Êòî-íèáóäü ñòàëêèâàëñÿ ñ ïîäîáíûì?

Ñïàñèáî,
Â.
16-03-2012, 19:55
VicSer

Quote:

Originally Posted by vaxon

Ïîõîæå ïðîáëåìà ãäå-òî â masquerading tcp + tun

Êòî-íèáóäü ñòàëêèâàëñÿ ñ ïîäîáíûì?

Ïîïðîáóéòå îòêëþ÷èòü Fast nat:

Code:

nvram set misc_fastnat_x=0 nvram commit && reboot
16-03-2012, 21:06
vaxon

Quote:

Originally Posted by VicSer

Ïîïðîáóéòå îòêëþ÷èòü Fast nat:

Code:

nvram set misc_fastnat_x=0 nvram commit && reboot

Îãðîìíîå ñïàñèáî! Ïîìîãëî! :)

Èíòåðåñíî ýòî ïîôèêñèëè â íîâûõ âåðñèÿõ ÿäðà?

Åùå ðàç áîëüøîå ñïàñèáî!

Â.

Quote:

Originally Posted by vaxon

Îãðîìíîå ñïàñèáî! Ïîìîãëî! :)

Èíòåðåñíî ýòî ïîôèêñèëè â íîâûõ âåðñèÿõ ÿäðà?

ß ñíà÷àëà ïîäóìàë, ÷òî ýòî ëèíóêñîâàÿ ôè÷à èç êîììüþíèòè. Îêàçàëîñü, fast nat - ýòî áðîàäêîìîâêèé õàê.

Â.
18-03-2012, 04:20
pux

Ïîäòâåðæäàþ, áûëà ðîâíî òàêàÿ æå ôèãíÿ. Îòêëþ÷åíèå fast nat òàêæå ïîìîãëî. VicSer, áëàãîäàðþ çà íàâîäêó.
18-06-2012, 13:29
wig

Quote:

Originally Posted by staticroute

÷òîáû çàðàáîòàë openvpn êàê êëèåíò, íåîáõîäèìî äîáàâèòü ñîîòâåòñòâóþùèå ïðàâèëà iptables
è äîáàâèòü íóæíûå ïîäñåòêè â ðîóòèíã (÷òî ïî èäåå äîëæåí äåëàòü server push-åì).

â /usr/local/sbin/post-firewall äîáàâüòå:

Code:

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

è äîáàâüòå â client.conf:

Code:

dev tun0

íó ÷òî, íèêòî åù¸ íå ïðîâåðÿë?

ñïàñèáî, ýòî ÿ êàê ðàç ñîîáðàçèë!
À âîò ñ ðóòèíãîì - íåò èäåé.
Ïîëíîñòüþ çàäà÷à
Åñòü èíòåðôåéñû
br0 ëîêàëêà 192.168.1.0
vlan2 WAN 192.168.2.0 ñ ãåéòîì 192.168.2.1 Îíî default gateway
tun0 ñ îáñòâåííî òóíåëü, openvpn client, íàçîâåì IPtun.0 c ãåòéîì êàê âîäèòñÿ IPtun.1
Çàäà÷êà
âñå ÷òî íå 192.168.õ.õ çàðóòèòü â tun0, ïðè ýòîì äåôîëò ãåéò (vlan2) îñòàâèòü ïðåæíèì.
×òîá åñëè tun0 îòâàëèòñÿ (÷òî áûâàåò), âñå ñàìî âåðíóëîñü íà îáû÷íóþ ñõåìó
Íå ïîäñêàæåòå ðåøåíèå?
Ãäå òî âèäåë äà íèêàê íàéòè íå ìîãó
18-06-2012, 13:32
staticroute

Quote:

Originally Posted by wig

ñïàñèáî, ýòî ÿ êàê ðàç ñîîáðàçèë!
À âîò ñ ðóòèíãîì - íåò èäåé.
Ïîëíîñòüþ çàäà÷à
Åñòü èíòåðôåéñû
br0 ëîêàëêà 192.168.1.0
vlan2 WAN 192.168.2.0 ñ ãåéòîì 192.168.2.1 Îíî default gateway
tun0 ñ îáñòâåííî òóíåëü, openvpn client, íàçîâåì IPtun.0 c ãåòéîì êàê âîäèòñÿ IPtun.1
Çàäà÷êà
âñå ÷òî íå 192.168.õ.õ çàðóòèòü â tun0, ïðè ýòîì äåôîëò ãåéò (vlan2) îñòàâèòü ïðåæíèì.
×òîá åñëè tun0 îòâàëèòñÿ (÷òî áûâàåò), âñå ñàìî âåðíóëîñü íà îáû÷íóþ ñõåìó
Íå ïîäñêàæåòå ðåøåíèå?
Ãäå òî âèäåë äà íèêàê íàéòè íå ìîãó

×òî êîíêðåòíî âû õîòèòå âîîáùå? Ó âàñ Openvpn êëèåíò öåïëÿåòñÿ ó èíòåðíåò-óçëó ÿ òàê ïîíèìàþ? (188.õõ.õõ)

Êàêàÿ ïîäñåòü ó tun0 èíòåðôåéñà? Îáúÿñíèòå ïî-÷åëîâå÷åñêè.
18-06-2012, 14:33
wig

Quote:

Originally Posted by staticroute

×òî êîíêðåòíî âû õîòèòå âîîáùå? Ó âàñ Openvpn êëèåíò öåïëÿåòñÿ ó èíòåðíåò-óçëó ÿ òàê ïîíèìàþ? (188.õõ.õõ)

Äà, âñå ïðàâèëüíî

Quote:

Originally Posted by staticroute

Êàêàÿ ïîäñåòü ó tun0 èíòåðôåéñà? Îáúÿñíèòå ïî-÷åëîâå÷åñêè.

inet addr:10.114.232.41 Bcast:10.127.255.255 Mask:255.240.0.0
Òîëüêî îí íå tun0 à tap0
È route table âûãëÿäèò òàê
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.1 * 255.255.255.255 UH 0 0 0 vlan2
188.xx.xx.xx 192.168.2.1 255.255.255.255 UGH 0 0 0 vlan2
192.168.2.0 * 255.255.255.0 U 0 0 0 vlan2
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
10.112.0.0 * 255.240.0.0 U 0 0 0 tap0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default localhost 128.0.0.0 UG 0 0 0 tap0
128.0.0.0 localhost 128.0.0.0 UG 0 0 0 tap0
default 192.168.2.1 0.0.0.0 UG 0 0 0 vlan2

È òåïåðü íàäî âñå, ÷òî íå 192.168.0.0 255.255.0.0 çàðóòèòü íà tap0
×òîáû ñåòêà íà br0 ïîëüçîâàëà èíåò ÷åðåç VPN (tap0)

Show 40 post(s) from this thread on one page