Ïðîáëåìû ñ OpenVPN. Ïðîøó ïîìîùè!

Âîò ìîé êóñîê post-firewall, ïðåêðàñíî ðàáîòàåò:

iptables -D INPUT -j DROP
iptables -I INPUT -p udp --dport 9513 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p udp --dport 9513 -j DNAT --to-destination \$4:9513
iptables -A INPUT -j DROP
iptables -I INPUT -i tun0 -j ACCEPT

iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT

OpenVPN ìåæäó äâóìÿ ðîóòåðàìè.

Ïðîøó íåìíîãî ïîìî÷ü, ïîìîåìó, çàáëóäèëñÿ â äâóõ ñîñíàõ ïðîñòî.

Åñòü äîìàøíÿÿ ñåòü è ñåòü íà äà÷å, õî÷åòñÿ ñâÿçàòü èõ âìåñòå ÷åðåç openVPN, ÷òîáû ñåòè çà ðîóòåðàìè ïèíãàëèñü.

Òîïîëîãèÿ ïðèìåðíî òàêàÿ: 10.0.0.0/24 ----------- 192.168.0.0/24 (openVPN) ---------------- 10.0.1.0/24

Ïåðâûé ðîóòåð ñîâñåì äðåâíèé ñ ïðîøèâêîé Îëåãà, âûñòóïàåò ñåðâåðîì (åãî àäðåñ 10.0.0.222). Âòîðîé ÷óòü íîâåå.

Code:

[root@galaxy root]$ openvpn --version OpenVPN 2.2.0 mipsel-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Apr 28 2011

Êîíôèã:

Code:

dev tap0 mode server proto tcp-server port 443 ifconfig 192.168.0.1 255.255.255.0 ifconfig-pool 192.168.0.2 192.168.0.10 ifconfig-pool-persist /opt/etc/openvpn/ipp.txt client-to-client route 10.0.1.0 255.255.255.0 push "route 10.0.0.0 255.255.255.0" script-security 2 tls-server dh /opt/etc/openvpn/keys/dh1024.pem ca /opt/etc/openvpn/keys/ca.crt cert /opt/etc/openvpn/keys/server.crt key /opt/etc/openvpn/keys/server.key user nobody group nobody comp-lzo persist-tun persist-key verb 3 status /opt/var/log/openvpn/status.log

Òàáëèöû ñåðâåðà

Code:

[root@galaxy root]$ iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 286 27143 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https 248 18192 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 3 144 DROP all -- any any anywhere anywhere ctstate INVALID 23 5007 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED 1 122 ACCEPT all -- lo any anywhere anywhere ctstate NEW 38 5125 ACCEPT all -- br0 any anywhere anywhere ctstate NEW 1029 72708 DROP all -- any any anywhere anywhere 0 0 DROP all -- any any anywhere anywhere 0 0 ACCEPT all -- lo any anywhere anywhere 0 0 ACCEPT all -- tap0 any anywhere anywhere 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:www 0 0 DROP all -- any any anywhere anywhere Chain FORWARD (policy ACCEPT 117 packets, 6260 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- br0 br0 anywhere anywhere 9 384 DROP all -- any any anywhere anywhere ctstate INVALID 0 0 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED 0 0 DROP all -- !br0 vlan1 anywhere anywhere 0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT 0 0 DROP all -- any br0 anywhere anywhere 0 0 ACCEPT all -- tap0 any anywhere anywhere

Âèðòóàëüíûé èíòåðôåéñ:

Code:

[root@galaxy root]$ ifconfig tap0 tap0 Link encap:Ethernet HWaddr 00:FF:29:15:1F:06 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Âòîðîé ðîóòåð âûñòóïàåò êëèåíòîì, åãî àäðåñ 10.0.1.222.

Code:

root@dacha:~# openvpn --version OpenVPN 2.3.1 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 24 2013

Êîíôèã

Quote:

root@dacha:~# cat /tmp/openvpncl/openvpn.conf
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tap1
proto tcp-client
cipher bf-cbc
auth sha1
remote ïîãðûçàíî 443
comp-lzo yes
tls-client
tun-mtu 1500
mtu-disc yes
ns-cert-type server

Èíòåðôåéñ

Code:

root@dacha:~# ifconfig tap1 tap1 Link encap:Ethernet HWaddr 00:FF:EB:09:9E:C9 inet addr:192.168.0.4 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:210 errors:0 dropped:0 overruns:0 frame:0 TX packets:158 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:22513 (21.9 KiB) TX bytes:22204 (21.6 KiB)

Òàáëèöû

Code:

root@dacha:~# iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 235 21625 ACCEPT 0 -- tap1 any anywhere anywhere 669 101K logaccept 0 -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 logdrop udp -- ppp0 any anywhere anywhere udp dpt:route 0 0 logdrop udp -- br0 any anywhere anywhere udp dpt:route 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:route 0 0 ACCEPT icmp -- ppp0 any anywhere anywhere 24 768 ACCEPT igmp -- any any anywhere anywhere 0 0 ACCEPT 0 -- lo any anywhere anywhere state NEW 1326 83843 logaccept 0 -- br0 any anywhere anywhere state NEW 9 3550 logdrop 0 -- any any anywhere anywhere Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT 0 -- any tap1 anywhere anywhere 0 0 ACCEPT 0 -- tap1 any anywhere anywhere 0 0 logaccept gre -- any ppp0 10.0.1.0/24 anywhere 0 0 logaccept tcp -- any ppp0 10.0.1.0/24 anywhere tcp dpt:1723 9483 6550K lan2wan 0 -- any any anywhere anywhere 386 20352 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 9170 6527K logaccept 0 -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 logaccept 0 -- br0 br0 anywhere anywhere 0 0 logaccept udp -- ppp0 any anywhere base-address.mcast.net/4 0 0 TRIGGER 0 -- ppp0 br0 anywhere anywhere TRIGGER type:in match:0 relate:0 313 22934 trigger_out 0 -- br0 any anywhere anywhere 303 22534 logaccept 0 -- br0 any anywhere anywhere state NEW 10 400 logdrop 0 -- any any anywhere anywhere

Îò ýòîé ñâÿçè ÿ èñêðåííå îæèäàë ñëåäóþùåãî: ñåðâåð áóäåò çíàòü êóäà åìó ðóòèòü íà äà÷ó è ïðîïèõí¸ò êëèåíòó êóäà åìó ðîóòèòü â äîì.

Â ðåçóëüòàòå èìååì:
íà ñåðâåðå

Code:

[root@galaxy root]$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.208.124.1 0.0.0.0 255.255.255.255 UH 0 0 0 vlan1 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 10.208.125.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.208.124.1 0.0.0.0 UG 0 0 0 vlan1

Code:

root@dacha:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.64.64.64 0.0.0.0 UG 0 0 0 ppp0

ò.å. ìàðøðóòîâ íåò. ß ìîãó çàõîäèòü ñ ðîóòåðà íà ðîóòåð ââåäÿ åãî àéïè èç ñåòè 192.168.0.0/24 íî íå ïèíãîâàòü èõ ñ 10.0.0.0 è 10.0.1.0 . Ìàøèíû çà ðîóòåðàìè, ïîíÿòíîå äåëî, íè÷åãî íå âèäÿò.

Êóäà êîïàòü?

OpenVPN ìåæäó äâóìÿ ðîóòåðàìè.

abi
ÿ äóìàþ ðîóòèíã òåáå íóæíî äîáàâèòü íà ñåðâå, íå ïîìíþ êàê Linux â Windows áóäåò âûãëÿäåòü òàê

Code:

Route -p add 10.0.0.0 mask 255.255.255.0 10.0.1.0 Route -p add 10.0.1.0 mask 255.255.255.0 10.0.0.0

Ïåðåñòàåò îòêðûâàòüñÿ ÷àñòü ñàéòîâ

Äîáðûé äåíü!
Ðîóòåð WL-500GP V2. Óæå âòîðîé ãîä ðàáîòàåò OpenVPN êàê ñåðâåð, íåñêîëüêî êëèåíòîâ âûõîäÿò â èíåò ÷åðåç íåãî.
Ïîñëåäíåå âðåìÿ ñòàëà âîçíèêàòü òàêàÿ ïðîáëåìà: â îïðåäåëåííûé ìîìåíò ó êëèåíòà ïåðåñòàåò îòêðûâàòüñÿ ÷àñòü ñàéòîâ, ïðè÷åì ñêîðîñòü ñêà÷èâàíèÿ ñ îäíîãî îïðåäåëåííîãî IP íå ìåíÿåòñÿ, ïðîáëåìà ëå÷èòñÿ âûêëþ÷åíèåì ðîóòåðà íà 20-30 ñåêóíä.
Ñíà÷àëà äóìàë ÷òî ïðîáëåìà â DNS, äîáàâèë push-dns ÷òîáû êëèåíò èñïîëüçîâàë ëîêàëüíûé DNS ïðîâàéäåðà âìåñòî DNS ÷åðåç òóííåëü. Äåëàë òàêæå ïåðåçàïóñê ïðîöåññà openvpn. Íî, ñèòóàöèÿ íå ïîìåíÿëàñü. Òàêàÿ ïðîáëåìà òîëüêî ÷åðåç OpenVPN, íàïðÿìóþ èíåò ðàáîòàåò îòëè÷íî âñåãäà.
Ïðîáëåìà âîçíèêàåò íå ïåðèîäè÷åñêè, ìîæåò ðàç â 10-15 äíåé, ìîæåò íåñêîëüêî ðàç â íåäåëþ ïîÿâëÿòüñÿ.

Åñòü ïðåäïîëîæåíèÿ ÷òî ïðîáëåìà ñ æåëåçîì èëè USB-ôëåøêîé. Ðàç/äâà â ìåñÿö ðîóòåð ñòàáèëüíî óõîäèò â ðåáóò, ñàì.

Ìîæíî êàê-íèáóäü äèàãíîñòèðîâàòü ïðîáëåìû ñ æåëåçîì? Òåñòû? Çàïóñòèòü ìîíèòîðèíã êàêèõ-íèáóäü ïàðàìåòðîâ?

P.S.
Ñåãîäíÿ íî÷üþ áûë òàêîé ñëó÷àé:
ðîóòåð ñàìîïðîèçâîëüíî ïåðåçàãðóçèëñÿ, ïîñëå ïåðåçàãðóçêè ó êëèåíòà ïåðåñòàëè îòêðûâàòüñÿ ÷àñòü ñàéòîâ, îñòàëüíàÿ ÷àñòü îòêðûâàåòñÿ ÷àñòè÷íî (ïîõîæå íà ïðîáëåìó ñ DNS), âûêëþ÷àþ ðîóòåð íà 30 ñåêóíä, çàãðóæàåòñÿ, âñå ñàéòû îòêðûâàþòñÿ íîðìàëüíî.

Ñåãîäíÿ ïåðåíåñ openvpn íà âíóòðåííþþ ôëåø ðîóòåðà, ïîñìîòðèì êàê áóäåò ñåáÿ âåñòè. È.... îïÿòü ïîâòîðèëàñü ïðîáëåìà, ïåðåíîñ openvpn íà âíóòðåííþþ ôëåø íè÷åãî íå äàë.

openvpn íå çàïóñêàåòñÿ èñïîëíÿåìûé ôàèë. HELP

http://wl500g.info/showthread.php?31...1-%ED%F3%EB%FF

âåðñèÿ ïðîøèâêè
WL500gp-1.9.2.7-rtn-r5066.trx
÷òî íå òàê ?

Code:

[admin@WL-001E8C023520 sbin]$ ipkg.sh update Downloading http://wl500g-repo.googlecode.com/svn/ipkg/openwrt/Packages ... Connecting to wl500g-repo.googlecode.com (173.194.70.82:80) Packages 100% |*************************************| 843k 0:00:00 ETA Done. Updated list of available packages in /opt/lib/ipkg/lists/openwrt [admin@WL-001E8C023520 sbin]$ ipkg.sh install ipkg-opt ipkg_get_install: ERROR: Cannot find package ipkg-opt in /opt/lib/ipkg/lists ipkg_get_install: Check the spelling and maybe run `ipkg update'. [admin@WL-001E8C023520 sbin]$

ïðîáîâàë ñêà÷àòü

Code:

http://ipkg.nslu2-linux.org/feeds/optware/oleg/cross/stable/ipkg-opt_0.99.163-10_mipsel.ipk

ïîñòàâèòü

Code:

[admin@WL-001E8C023520 bin]$ipkg.sh install ipkg-opt_0.99.163-10_mipsel.ipk Unpacking ipkg-opt...Done. Configuring ipkg-opt...Done. [admin@WL-001E8C023520 bin]$ cd /opt/bin [admin@WL-001E8C023520 bin]$ ls ipkg ipkg-opt update-alternatives [admin@WL-001E8C023520 bin]$ ./ipkg -sh: ./ipkg: not found [admin@WL-001E8C023520 bin]$

òàêæå äåëàë è ñ openvpn/ òîæå íå çàïóñêàåòñÿ.

sajor2006, íà÷èíàÿ ñ r3727 ipkg.sh óñòàíàâëèâàåò íå Optware, à Entware. Ñ ïîëüçîâàòåëüñêîé òî÷êè çðåíèÿ îñíîâíîå îòëè÷èå - âìåñòî ipkg èñïîëüçóåòñÿ opkg, íàñ÷åò îñòàëüíîãî ïîñìîòðèòå ïî ññûëêå. Âû óìóäðèëèñü ñìåøàòü äâà ðåïîçèòîðèÿ, òàê ÷òî ðåêîìåíäóþ òåïåðü î÷èñòèòü /opt è âûïîëíèòü óñòàíîâêó "ñ ÷èñòîãî ëèñòà".

OpenVPN + ðîóòèíã

Åñòü òàêàÿ çàäà÷à. 2 ëîêàëüíûõ ñåòêè, îäíà äîìà, âòîðàÿ íà äà÷å. Äîìà ñòîèò ôàéëîïîìîéêà íà áàçå x86 + Debian. Íà íåå ïîñòàâèë OpenVPN ñåðâåð.
Íà äà÷å ðîóòåð ÷åðåç ìîäåì ê èíåòó ïîäêëþ÷åí. Òóäà âòóëèë openvpn êëèåíò. Çàäà÷à ñîåäåíèòü ëîêàëüíûå ñåòêè äà÷íóþ è äîìàøíþþ.

Ïðîáëåìà â iptables íà ðîóòåðå. Ñ äà÷è äîñòóï ê äîìó åñòü, à âîò ðîóòåð â ëîêàëêó íå ïóñêàåò.

×òî åñòü,
Home lan: 10.0.10.0/24
Dacha lan: 172.16.2.0/24
OpenVPN lan: 172.17.1.0/24

Debian server: 10.0.10.1
Openvpn server: 172.17.1.1
Dacha openvpn ip: 172.17.1.2

Íà ðóòåðå ppp0 - èíåò, tun0 - openvpn, br0 - ëîêàëêà (wifi+lan)

iptables

Code:

# Generated by iptables-save v1.3.8 on Fri Feb 7 16:57:01 2014 *nat :PREROUTING ACCEPT [2349:182383] :POSTROUTING ACCEPT [1146:206671] :OUTPUT ACCEPT [846:198793] :VSERVER - [0:0] -A PREROUTING -d 94.248.35.40 -j VSERVER -A POSTROUTING -s ! 94.248.35.40 -o ppp0 -j MASQUERADE -A POSTROUTING -s 172.16.2.0/255.255.255.0 -d 172.16.2.0/255.255.255.0 -o br0 -j MASQUERADE -A VSERVER -p udp -m udp --dport 18432 -j DNAT --to-destination 192.168.1.153:18432 -A VSERVER -p tcp -m tcp --dport 18432 -j DNAT --to-destination 192.168.1.153:18432 -A VSERVER -p udp -m udp --dport 4500 -j DNAT --to-destination 192.168.1.153:4500 -A VSERVER -p udp -m udp --dport 5353 -j DNAT --to-destination 192.168.1.153:5353 -A VSERVER -p udp -m udp --dport 42387 -j DNAT --to-destination 172.16.2.178:42387 -A VSERVER -p tcp -m tcp --dport 42387 -j DNAT --to-destination 172.16.2.178:42387 -A VSERVER -p tcp -m tcp --dport 3389 -j DNAT --to-destination 172.16.2.2:3389 -A VSERVER -p udp -m udp --dport 64694 -j DNAT --to-destination 172.16.2.2:64694 -A VSERVER -p tcp -m tcp --dport 64694 -j DNAT --to-destination 172.16.2.2:64694 COMMIT # Completed on Fri Feb 7 16:57:01 2014 # Generated by iptables-save v1.3.8 on Fri Feb 7 16:57:01 2014 *mangle :PREROUTING ACCEPT [81617:48066595] :INPUT ACCEPT [18476:3572129] :FORWARD ACCEPT [62880:44456466] :OUTPUT ACCEPT [18091:10279534] :POSTROUTING ACCEPT [86220:56668177] COMMIT # Completed on Fri Feb 7 16:57:01 2014 # Generated by iptables-save v1.3.8 on Fri Feb 7 16:57:01 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [518:37108] :OUTPUT ACCEPT [18060:10268331] :BRUTE - [0:0] :MACS - [0:0] :SECURITY - [0:0] :logaccept - [0:0] :logdrop - [0:0] -A INPUT -i tun0 -m state --state NEW -j ACCEPT -A INPUT -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -m state --state INVALID -j DROP -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -m state --state NEW -j ACCEPT -A INPUT -i br0 -m state --state NEW -j ACCEPT -A INPUT -i ppp0 -m state --state NEW -j SECURITY -A INPUT -i vlan1 -m state --state NEW -j SECURITY -A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j BRUTE -A INPUT -p icmp -j ACCEPT -A INPUT -p udp -m udp --dport 33434:33534 -j ACCEPT -A INPUT -j DROP -A FORWARD -d 172.16.2.2 -p tcp -m tcp --dport 64694 -j ACCEPT -A FORWARD -d 172.16.2.2 -p udp -m udp --dport 64694 -j ACCEPT -A FORWARD -i tun0 -o br0 -j ACCEPT -A FORWARD -i br0 -o tun0 -j ACCEPT -A FORWARD -i br0 -o br0 -j ACCEPT -A FORWARD -m state --state INVALID -j DROP -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ! br0 -o ppp0 -j DROP -A FORWARD -i ! br0 -o vlan1 -j DROP -A FORWARD -i ! br0 -m state --state NEW -j SECURITY -A FORWARD -o br0 -p tcp -m tcp --sport 3389 --dport 3389 -j ACCEPT -A FORWARD -m conntrack --ctstate DNAT -j ACCEPT -A FORWARD -o br0 -j DROP -A BRUTE -m recent --update --seconds 600 --hitcount 3 --name BRUTE --rsource -j DROP -A BRUTE -m recent --set --name BRUTE --rsource -j ACCEPT -A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN -A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN -A SECURITY -p udp -m limit --limit 5/sec -j RETURN -A SECURITY -p icmp -m limit --limit 5/sec -j RETURN -A SECURITY -j DROP -A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options -A logaccept -j ACCEPT -A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options -A logdrop -j DROP COMMIT # Completed on Fri Feb 7 16:57:01 2014

Òàêîå îùóùåíèå ÷òî ðóòåð áëî÷èò ôàåðâîëëîì openvpn. Êàê ìîæíî ïîëå÷èòü?

Ìîé post-firewall

Code:

-I FORWARD -i br0 -o tun0 -j ACCEPT -I FORWARD -i tun0 -o br0 -j ACCEPT -I INPUT -i tun0 -p tcp --dport 80 -j ACCEPT -I INPUT -i tun0 -m state --state NEW -j ACCEPT

Quote:

Originally Posted by IICUX

Åñòü òàêàÿ çàäà÷à. 2 ëîêàëüíûõ ñåòêè, îäíà äîìà, âòîðàÿ íà äà÷å. Äîìà ñòîèò ôàéëîïîìîéêà íà áàçå x86 + Debian. Íà íåå ïîñòàâèë OpenVPN ñåðâåð.
Íà äà÷å ðîóòåð ÷åðåç ìîäåì ê èíåòó ïîäêëþ÷åí. Òóäà âòóëèë openvpn êëèåíò. Çàäà÷à ñîåäåíèòü ëîêàëüíûå ñåòêè äà÷íóþ è äîìàøíþþ.

Ïðîáëåìà â iptables íà ðîóòåðå. Ñ äà÷è äîñòóï ê äîìó åñòü, à âîò ðîóòåð â ëîêàëêó íå ïóñêàåò.

×òî åñòü,
Home lan: 10.0.10.0/24
Dacha lan: 172.16.2.0/24
OpenVPN lan: 172.17.1.0/24

Debian server: 10.0.10.1
Openvpn server: 172.17.1.1
Dacha openvpn ip: 172.17.1.2

[/code]

Âñå ýòî õîðîøî à ìàðøðóò íà Debian server-å ïðîïèñàí

Code:

# route add -net 172.16.2.0/24 gw 172.17.1.2 dev tun0

Êîëëåãè, ïîäñêàæèòå
ñäåëàë ñåáå òóííåëü PPTP
Ñåðâåð n66, êëèåíò N16. (ïðîøèâêà Ìåðëèíà)
2 âîïðîñà:

1. êàê ìíå çàñòàâèòü êëèåíòà (åñëè ïðîèçîøëî ïðîïàäàíèå ïèòàíèÿ) ñäåëàòü ðåêîííåêò òóíåëÿ.
Ñåé÷àñ ïîñëå ïåðåçàãðóçêè ñîåäèíåíèå íóæíî ïðîèçâîäèòü âðó÷íóþ ñ ïîìîùüþ âåá èíòåðåôåéñà (êíîïêîé êîííåêò).

2. ïîñëå óñòàíîâëåíèÿ ñîåäèíåíèÿ, ñâÿçü ñ ñîñåäíåé ëîêàëüíîé ñåòüþ èäåò îäíîñòîðîííÿÿ: ò.å ñî ñòîðîíû êëèåíòà ñåòü îê, à ñî ñòîðîíû ñåðâåðà ñåòü íå âèäíà. Íà÷àë ðàçáèðàòüñÿ - óâèäåë, ÷òî íà ñåðâåðå íå õâàòàåò ìàðøðóòà:
ìîé âàðèàíò (route add -net 192.168.0.0/24 gw 192.168.10.2) ýòî ñïàñàåò. Íî ïðîáëåìà, ÷òî ìàðøðóò íå ñîõðàíÿåòñÿ. Ïðè ðåêîííåêòå òóííåëÿ èëè ðåñòàðòå - ðîóòåðà ìàðøðóò òåðÿåòñÿ. Êàê íèáóäü ìîæíî ýòî ïîáîðîòü?

Quote:

192.168.10.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp10
10.90.41.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.0.0 192.168.10.2 255.255.255.0 UG 0 0 0 ppp10
10.90.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.90.41.254 0.0.0.0 UG 0 0 0 eth0

Quote:

Originally Posted by Balada

Êîëëåãè, ïîäñêàæèòå
ñäåëàë ñåáå òóííåëü PPTP
Ñåðâåð n66, êëèåíò N16. (ïðîøèâêà Ìåðëèíà)
2 âîïðîñà:

1. êàê ìíå çàñòàâèòü êëèåíòà (åñëè ïðîèçîøëî ïðîïàäàíèå ïèòàíèÿ) ñäåëàòü ðåêîííåêò òóíåëÿ.
Ñåé÷àñ ïîñëå ïåðåçàãðóçêè ñîåäèíåíèå íóæíî ïðîèçâîäèòü âðó÷íóþ ñ ïîìîùüþ âåá èíòåðåôåéñà (êíîïêîé êîííåêò).

2. ïîñëå óñòàíîâëåíèÿ ñîåäèíåíèÿ, ñâÿçü ñ ñîñåäíåé ëîêàëüíîé ñåòüþ èäåò îäíîñòîðîííÿÿ: ò.å ñî ñòîðîíû êëèåíòà ñåòü îê, à ñî ñòîðîíû ñåðâåðà ñåòü íå âèäíà. Íà÷àë ðàçáèðàòüñÿ - óâèäåë, ÷òî íà ñåðâåðå íå õâàòàåò ìàðøðóòà:
ìîé âàðèàíò (route add -net 192.168.0.0/24 gw 192.168.10.2) ýòî ñïàñàåò. Íî ïðîáëåìà, ÷òî ìàðøðóò íå ñîõðàíÿåòñÿ. Ïðè ðåêîííåêòå òóííåëÿ èëè ðåñòàðòå - ðîóòåðà ìàðøðóò òåðÿåòñÿ. Êàê íèáóäü ìîæíî ýòî ïîáîðîòü?

Ïîáåäèëè ïðîáëåìó ñ ðåêîíåêòîì ?
Ñïàñèáî

Ïîäêëþ÷åíèå ê ðîóòåðó ïî ssh ÷åðåç VPN

Óâàæàåìûå ôîðóì÷àíå! Ïîìîãèòå, ïîæàëóéñòà ðåøèòü çàäà÷êó:

Èìååòñÿ äâà WL500gpV2 ñ ïðîøèâêàìè 1.9.2.7-rtn-r5450
Íà îäíîì óñòàíîâëåí OpenVpn-ñåðâåð (10.8.0.1) íà âòîðîì,ñîîòâåòñòâåííî, OpenVpn-êëèåíò.
Ñåòü çà ñåðâåðîì - 192.168.1.0/24
Ñåòü çà êëèåíòîì 192.168.4.0/24
Êëèåíòû èç ýòèõ äâóõ ñåòåé âèäÿò äðóã äðóãà, ïàêåòû õîäÿò - âñå íîðìàëüíî.
Íèêàê íå ïîëó÷àåòñÿ ðàçðåøèòü ïîäêëþ÷åíèå ïî ssh (è ïðî÷èõ ñîåäèíåíèé, íàïðèìåð snmp) ê ñàìèì ðîóòåðàì. Íàïðèìåð, õî÷ó ïîäêëþ÷èòñÿ ñ õîñòà 192.168.4.30 ê ðîóòåðó íà êîòîðîì ñòîèò OpenVPN-ñåðâåð (192.168.1.1). Ñóäÿ ïî tcpdump çàïðîñ óõîäèò, íî îòâåòà íåò.

Ñïàñèáî âñåì, êòî îòêëèêíóëñÿ!

Quote:

Originally Posted by Dr.Norfolk

Êëèåíòû èç ýòèõ äâóõ ñåòåé âèäÿò äðóã äðóãà, ïàêåòû õîäÿò - âñå íîðìàëüíî.
Íèêàê íå ïîëó÷àåòñÿ ðàçðåøèòü ïîäêëþ÷åíèå ïî ssh (è ïðî÷èõ ñîåäèíåíèé, íàïðèìåð snmp) ê ñàìèì ðîóòåðàì. Íàïðèìåð, õî÷ó ïîäêëþ÷èòñÿ ñ õîñòà 192.168.4.30 ê ðîóòåðó íà êîòîðîì ñòîèò OpenVPN-ñåðâåð (192.168.1.1). Ñóäÿ ïî tcpdump çàïðîñ óõîäèò, íî îòâåòà íåò.

ðåïîðòèë òàêóþ ïðîáëåìó https://github.com/wl500g/wl500g/issues/451
Ðåøåíèÿ òàê è íåò.
Ïðèõîäèòñÿ ëàçèòü ìåæäó ðîóòåðàìè íå ÷åðåç OpenVPN, à ÷åðåç èíòåðíåò èñïîëüçóÿ dynamic dns. OpenVPN - òîëüêî äëÿ ñåòè çà ðîóòåðàìè.