Óñòàíîâêà è íàñòðîéêà VPN/OpenVPN ÷åðåç 3G/4G (Yota) ìîäåì

**Selih** · 18-11-2013, 14:39

Äîáðûé äåíü.
Ïîìîãèòå ïîæàëóéñòà ÷àéíèêó.
Åñòü äà÷íûé wl500gp ñ ïîñëåäíåé ïðîøèâêîé ýíòóçèàñòîâ, ïîäêëþ÷åííîé âåáêàìåðîé è âûõîäîì â èíòåðíåò ÷åðåç 3g ìîäåì.
Çàäà÷à çàñòàâèòü åãî ïîäêëþ÷àòüñÿ ê PPTP ñåðâåðó, äëÿ äîñòóïà ê âåáêàìåðå.
Íà ôîðóìå íàøåë ìàíóàë òîëüêî ïî openvpn.

**Selih** · 19-11-2013, 08:23

Originally Posted by KMP

×åðåç âåá-ìîðäó íàñòðîèë 3g êàê wan ñîåäèíåíèå ïî-óìîë÷àíèþ, çàïóñêàåòñÿ, ðàáîòàåò. Ïîñëå âðó÷íóþ ñ ðîóòåðà çàïóñêàþ pptp ñîåäèíåíèå
pppd file /usr/local/root/russianproxy

íàñòðîéêè ñàìîãî ôàéëà pppd

noauth refuse-eap
user 'sdfdsfs'
password 'sdfsdf'
plugin pptp.so
pptp_server pptp-l2tp-vpn-russia-1.atomintersoft.com
nomppe-stateful -mppc mtu 1400
maxfail 0
persist
ipcp-accept-remote ipcp-accept-local noipdefault
defaultroute
usepeerdns
ktune
default-asyncmap nopcomp noaccomp
novj nobsdcomp nodeflate
lcp-echo-interval 10
lcp-echo-failure 6
unit 0

Ïðîáóþ ñäåëàòü òîæå ñàìîå, ïîëó÷àþ â ëîãå
pptp failed to create pptp socket (address family not supported by protocol)
Ïðîøèâêà WL500gp-1.9.2.7-rtn-r5066.trx
×òî ñäåëàòü, ÷òîá çàðàáîòàë êëèåíò ÷åðåç 3g?

**theMIROn** · 19-11-2013, 19:00

Originally Posted by Selih

Ïðîáóþ ñäåëàòü òîæå ñàìîå, ïîëó÷àþ â ëîãå
pptp failed to create pptp socket (address family not supported by protocol)
Ïðîøèâêà WL500gp-1.9.2.7-rtn-r5066.trx
×òî ñäåëàòü, ÷òîá çàðàáîòàë êëèåíò ÷åðåç 3g?

insmod pppox
insmod pptp

**Selih** · 20-11-2013, 10:35

Originally Posted by theMIROn

insmod pppox
insmod pptp

Ñïàñèáî ïîìîãëî.

Ïðèøëîñü óáðàòü èç êîíôèãà

nomppe-stateful -mppc mtu 1400

èíà÷å íå ñîåäèíÿë.
Ïîñëå ïðîâåðêè ñîçäàë post-boot, òåïåðü âñå ïîäíèìàåòñÿ ñàìî.
Ïîäêëþ÷àåòñÿ è ïîëó÷àåò ïî DHCP àäðåñ

Jan 1 00:00:27 USB Modem: connected to ISP
Jan 1 00:00:40 pptp[363]: Couldn't allocate PPP unit 0 as it is already in use
Jan 1 00:00:40 pptp[363]: Using interface ppp1
Jan 1 00:00:40 pptp[363]: Connect: ppp1 <--> pptp (xx.xxx.xxx.xxx)
Jan 1 00:00:43 pptp[363]: CHAP authentication succeeded
Jan 1 00:00:44 pptp[363]: MPPC/MPPE 128-bit stateful compression enabled
Jan 1 00:00:47 pptp[363]: not replacing existing default route via 10.64.64.64
Jan 1 00:00:47 pptp[363]: local IP address 192.168.11.201
Jan 1 00:00:47 pptp[363]: remote IP address 192.168.11.200
Jan 1 00:00:47 pptp[363]: primary DNS address 192.168.11.1
Jan 1 00:00:47 pptp[363]: secondary DNS address 192.168.11.1

Íî åãî âñå åùå íå âèäíî èç âíóòðåííåé ñåòè, à ñ íåãî è èç-çà íåãî âíóòðåííþþ ñåòü.
Ïîäñêàæèòå, ÷òî íóæíî íàïèñàòü íà íåì â post-firewall?

PS Èçâèíÿþñü çà ãëóïûå âîïðîñû, ÿ åùå ñîâñåì "çåëåíûé"

**theMIROn** · 21-11-2013, 07:28

Originally Posted by Selih

Ïîñëå ïðîâåðêè ñîçäàë post-boot, òåïåðü âñå ïîäíèìàåòñÿ ñàìî.

ñîâåòóþ ïðîïèñàòü êàêîé-íèòü ôèêñèðîâàííûé "unit N", ÷òîáû èíòåðôåéñ ñîçäàâàëñÿ âèäà pppN

Originally Posted by Selih

Íî åãî âñå åùå íå âèäíî èç âíóòðåííåé ñåòè, à ñ íåãî è èç-çà íåãî âíóòðåííþþ ñåòü.
Ïîäñêàæèòå, ÷òî íóæíî íàïèñàòü íà íåì â post-firewall?

iptables-save ïîêàæåò ñóùåñòâóþùèå ïðàâèëà, íà èõ áàçå äëÿ pppN èíòåðôåéñà íóæíî áóäåò ïðîïèñàòü ðàçðåøàþùèå

**ironmannsk** · 07-12-2013, 18:06

Çäðàâñòâóéòå
Óæå äàâíåíüêî yota lte ñòàëà ðåçàòü ñêîðîñòü íà ñêà÷êó ôàéëîâ,òîððåíòîâ è ò.ï.
Ó ìåíÿ òàðèô íà 1.5Ìáèòà, à ïî ôàêòó ñêîðîñòü âûøå 30êáàéò íå ïîäíèìàåòñÿ.
Ïîìîãàåò èñïîëüçîâàíèå vpn ÷åðåç pptp.
Íî âîò â ÷åì âîïðîñ:
Êàê ïîäíÿòü pptp è yota lte âìåñòå íà ðîóòåðå dir-320?
Ïðîøèâêà ñòîèò ïîñëåäíÿÿ îò vampik.

**WoolF911** · 30-05-2014, 14:42

Çäðàâñòâóéòå!

Ïîäñêàæèòå, ïîæàëóéñòà, íà ñêîëüêî âîçìîæíî ïîäíÿòü VPN êëèåíò íà ðîóòåðå RT-N16 ñ ïðîøèâêîé îò ýíòóçèàñòîâ â òîì ñëó÷àå, êîãäà èíòåðíåò íà ðîóòåð ïðèõîäèò ÷åðåç ìîäåì Huawei E3276, à ïðîâàéäåð Yota?
Äåëî â òîì, ÷òî Yota îùóòèìî ðåæåò òðàôèê òîððåíòîâ, îñîáåííî â äíåâíîå âðåìÿ, à õî÷åòñÿ ÷òîáû âñ¸ æå õîòÿ áû èíîãäà ìîæíî áûëî áû ïîäíÿòü VPN ñîåäèíåíèå íà ðîóòåðå çàêà÷àòü êàêîé-ëèáî ôàéë.
Íà íîóòáóêå äëÿ ýòîãî èíîãäà ïîäíèìàþ VPN ñîåäèíåíèÿ ñ áåñïëàòíûé VPN ñåðâåðîì vpnbook, íî õîòåëîñü áû êàê-òî ðåàëèçîâàòü ýòî íà ðîóòåðå.
×åðåç PPTP èëè OpenVPN âîçìîæíî òàêèì îáðàçîì ïîäêëþ÷èòüñÿ?

Çàðàíåå áîëüøîå ñïàñèáî çà îòâåò.

**Serge_K** · 08-06-2014, 13:07

Äàâíåíüêî ÿ çäåñü íå áûë

Ñèòóàöèÿ ñòàíäàðòíàÿ äëÿ òåìû: ïîäíÿò êëèåíò OpenVPN íà RT-N16 ñî ñâèñòêîì îò Ìåãàôîíà (ñîîòâåòñòâåííî àäðåñ ñåðûé) è ñåðâåð íà ìàøèíå ñ Äåáèàíîì (îíà æå "ïîäðàáàòûâàåò" ðîóòåðîì - àäðåñ ñîîòâåòñòâåííî áåëûé).. Ñåòü êëèåíòà 192.168.2.0/24 (êëèåíò -192.168.2.1), ñåòü ñåðâåðà 192.168.1.0/24 (ñåðâåð - 192.168.1.1). Òóííåëü îáðàçóåòñÿ áåç ïðîáëåì. Ñåðâåð è êëèåíò âçàèìíî ïèíãóþòñÿ.
Íî...
Ñ ìàøèíû çà êëèåíòîì (íàïðèìåð, ñ àäðåñà 192.168.2.147) ÿ ëåãêî ïîïàäàþ íà ñåðâåð ïî ssh ïî àäðåñó 192.168.1.1 (ïîðò 22), à ðàâíî è íà âåá-ñåðâåð ñåðâåðà (ïîðò 80). À ñ ìàøèíû çà ñåðâåðîì íè â êàêóþ íå ìîãó ïîïàñòü â âåáìîðäó êëèåíòà (RT-N16) ïî àäðåñó 192.168.2.1, à ðàâíî è íå ìîãó äîñòó÷àòüñÿ äî êëèåíòà è ïî ssh...

Êîíôèã ñåðâåðà:

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key 0
server 10.0.10.0 255.255.255.0
route 192.168.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir /etc/openvpn/ccd
client-to-client
keepalive 10 120
cipher AES-256-CBC
comp-lzo
max-clients 3
user nobody
group nogroup
persist-key
persist-tun
log-append /var/log/openvpn.log
status /var/log/openvpn-status.log
verb 3

.../ccd/client1:

push "route 192.168.1.0 255.255.255.0"
iroute 192.168.2.0 255.255.255.0

Êîôèã êëèåíòà:

client
dev tun
proto udp
remote õõõ.õõõ.õõõ.õõõ 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca /opt/etc/openvpn/keys/ca.crt
cert /opt/etc/openvpn/keys/client1.crt
key /opt/etc/openvpn/keys/client1.key
tls-auth /opt/etc/openvpn/keys/ta.key 1
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3
pull
status /tmp/openvpn-status.log

Ìàðøðóòû íà ñåðâåðå:

Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
10.0.0.0 10.80.0.1 255.0.0.0 UG 0 0 0 br1
10.0.10.0 10.0.10.2 255.255.255.0 UG 0 0 0 tun0
10.0.10.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.80.0.0 0.0.0.0 255.252.0.0 U 0 0 0 br1
77.246.96.90 10.80.0.1 255.255.255.255 UGH 0 0 0 br1
77.246.96.96 10.80.0.1 255.255.255.224 UG 0 0 0 br1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.2.0 10.0.10.2 255.255.255.0 UG 0 0 0 tun0
212.1.254.115 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
233.49.170.0 10.83.183.175 255.255.255.0 UG 0 0 0 br1
239.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 br0

Ìàðøðóòû íà êëèåíòå:

Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.10.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.182.159.225 0.0.0.0 255.255.255.255 UH 0 0 0 wan0
10.182.159.224 0.0.0.0 255.255.255.252 U 0 0 0 wan0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.1.0 10.0.10.5 255.255.255.0 UG 0 0 0 tun0
10.0.10.0 10.0.10.5 255.255.255.0 UG 0 0 0 tun0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.182.159.225 0.0.0.0 UG 0 0 0 wan0

Íó è ñêðèïò iptables:

iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT

×òî ÿ äåëàþ íå òàê?

**mike7** · 24-08-2014, 15:12

Originally Posted by Serge_K

Äàâíåíüêî ÿ çäåñü íå áûë

Ñèòóàöèÿ ñòàíäàðòíàÿ äëÿ òåìû: ïîäíÿò êëèåíò OpenVPN íà RT-N16 ñî ñâèñòêîì îò Ìåãàôîíà (ñîîòâåòñòâåííî àäðåñ ñåðûé) è ñåðâåð íà ìàøèíå ñ Äåáèàíîì (îíà æå "ïîäðàáàòûâàåò" ðîóòåðîì - àäðåñ ñîîòâåòñòâåííî áåëûé).. Ñåòü êëèåíòà 192.168.2.0/24 (êëèåíò -192.168.2.1), ñåòü ñåðâåðà 192.168.1.0/24 (ñåðâåð - 192.168.1.1). Òóííåëü îáðàçóåòñÿ áåç ïðîáëåì. Ñåðâåð è êëèåíò âçàèìíî ïèíãóþòñÿ.
Íî...
Ñ ìàøèíû çà êëèåíòîì (íàïðèìåð, ñ àäðåñà 192.168.2.147) ÿ ëåãêî ïîïàäàþ íà ñåðâåð ïî ssh ïî àäðåñó 192.168.1.1 (ïîðò 22), à ðàâíî è íà âåá-ñåðâåð ñåðâåðà (ïîðò 80). À ñ ìàøèíû çà ñåðâåðîì íè â êàêóþ íå ìîãó ïîïàñòü â âåáìîðäó êëèåíòà (RT-N16) ïî àäðåñó 192.168.2.1, à ðàâíî è íå ìîãó äîñòó÷àòüñÿ äî êëèåíòà è ïî ssh...
....

Ñòîëêíóëñÿ ñ òàêîé-æå ïðîáëåìîé íà WL500W, íà âåðñèè 5066 âñå ðàáîòàåò, à íà âåðñèè 5450, è ïîõîæå äàëåå (ïðîáîâàë 5566), - ïðîáëåìà.
Ñåòü çà êëèåíòîì ïðåêðàñíî âèæó, à ñàì êëèåíò ïî ssh è http íå îòâå÷àåò. SSH îòêðûò íàðóæó è ïðåêðàñíî ðàáîòàåò íà âíåøíåì ip.

Êóäà êîïàòü?

**mike7** · 28-08-2014, 14:08

Îòêëþ÷èë FastNat, ýôôåêòà íåò

**aa666** · 13-10-2014, 19:44

àñóñ N10U, ïðîøèâêà 1.9.2.7-rtn-r5625, èíåò ÷åðåç ñâèñòîê îò ìòñ
ïûòàþñü íàñòðîèòü âïí äî îñíîâíîãî îôèñà

Code:

[admin@WL-5404A65B3A38 sbin]$ ls -l /tmp/local/sbin
-rw-------    1 admin    root           330 Oct 11 16:19 options.wan1
-rwxr-xr-x    1 admin    root           584 Jan  1  1970 post-boot
-rwxr-xr-x    1 admin    root           302 Oct 13 16:57 post-firewall

Code:

[admin@WL-5404A65B3A38 sbin]$ cat options.wan1
noauth refuse-eap
user 'xxx'
password 'xxx'
plugin pptp.so
pptp_server xx.xx.xx.xx
nomppe-stateful  mtu 1400
maxfail 0
nodefaultroute
usepeerdns
persist
ipcp-accept-remote ipcp-accept-local noipdefault
ktune
default-asyncmap nopcomp noaccomp
novj nobsdcomp nodeflate
lcp-echo-interval 10
lcp-echo-failure 6
unit 1

Code:

[admin@WL-5404A65B3A38 sbin]$ cat post-boot
#!/bin/sh
insmod pppox
insmod pptp
pppd file /tmp/local/sbin/options.wan1

Code:

[admin@WL-5404A65B3A38 sbin]$ cat post-firewall
#!/bin/sh
echo $1 $2 $3 $4 $5 $6 >>/tmp/local/log
ip route add 192.168.68.0/24 dev ppp1
ip route add 172.17.0.0/24 dev ppp1
iptables -I INPUT -i ppp1 -j ACCEPT
iptables -I FORWARD -i ppp1 -j ACCEPT
iptables -I FORWARD -o ppp1 -j ACCEPT
iptables -I OUTPUT -o ppp1 -j ACCEPT

ïîñëå çàãðóçêè âïí ïîäíèìàåòñÿ, íî íóæíûõ ìàðøðóòîâ íåòó
â /tmp/local/log âèæó òîëüêî 2 ñòðî÷êè

Code:

ppp0 0.0.0.0 br0 192.168.70.254 vlan1 0.0.0.0
ppp0 10.168.200.49 br0 192.168.70.254 vlan1 0.0.0.0

òî åñòü ïîñëå ïîäíÿòèÿ ppp1 post-firewall íå îòðàáàòûâàåò

êòî âèíîâàò è ÷òî äåëàòü?

**megajok** · 25-10-2014, 22:57

Originally Posted by mike7

Ñòîëêíóëñÿ ñ òàêîé-æå ïðîáëåìîé íà WL500W, íà âåðñèè 5066 âñå ðàáîòàåò, à íà âåðñèè 5450, è ïîõîæå äàëåå (ïðîáîâàë 5566), - ïðîáëåìà.
Ñåòü çà êëèåíòîì ïðåêðàñíî âèæó, à ñàì êëèåíò ïî ssh è http íå îòâå÷àåò. SSH îòêðûò íàðóæó è ïðåêðàñíî ðàáîòàåò íà âíåøíåì ip.

Êóäà êîïàòü?

Ïîäíèìó òåìó, ñèòóàöèÿ àíàëîãè÷íàÿ íà WL500gP. Ìîçãè ñëîìàë, íî äîñòó÷àòüñÿ äî âåá ìîðäû íà êëèåíòå íå ïîëó÷èëîñü. Õîòÿ ïèíãè ïðîõîäÿò.

**mike7** · 26-10-2014, 10:33

Originally Posted by megajok

Ïîäíèìó òåìó, ñèòóàöèÿ àíàëîãè÷íàÿ íà WL500gP. Ìîçãè ñëîìàë, íî äîñòó÷àòüñÿ äî âåá ìîðäû íà êëèåíòå íå ïîëó÷èëîñü. Õîòÿ ïèíãè ïðîõîäÿò.

Òàì íå òîëüêî "âåá ìîðäà" íå îòâå÷àåò, íè îäèí ïðîòîêîë íå ðàáîòàåò. Ìíå, íàïðèìåð, DNS íóæåí...
Äëÿ äîñòóïà ïî http èñïîëüçóþ socks proxy, íî ýòî îáõîäíîå ðåøåíèå è ïðîáëåìû íå ðåøàåò.

**MaFIA** · 31-10-2014, 08:08

Äåíü äîáðûé. Íóæíà ïîìîùü óâàæàåìîãî ñîîáùåñòâà. Åñòü äâà ðîóòåðà AC68 è AC56. Â îáîèõ ïîñëåäíÿÿ ïðîøèâêà îò Ìåðëèíà. Îäèí ñòîèò äîìà â ÌÑÊ (áåëûé äèíàìè÷åñêèé IP), âòîðîé íà äà÷å ñ ìîäåìîì îò ÌÒÑ (ñåðûé äèíàìè÷åñêèé IP). Ìåæäó íèìè ïîäíÿò VPN TAP. Íà ìîñêîâñêîì ðîóòåðå íàñòðîåí dyndns. Òåïåðü ñîáñòâåííî çàäà÷à. ß õî÷ó èìåòü RDP äîñòóï ê êîìïüþòåðó íà äà÷å. Ò.å ïðè îáðàùåíèè íà ïîðò myhostname.dyndns.com:3389 ïðîèñõîäèë áû ïðîáðîñ ïîðòà â vpn òóííåëü íà äà÷íûé ðîóòåð è äàëüøå íà êîíêðåòíóþ ìàøèíó íà äà÷å. Ñîçäàíèå ïðàâèëà port forwardinga íà ìîñêîâñêîì ðîóòåðå ê ïîëîæèòåëüíîìó ðåçóëüòàòó íå ïðèâîäÿò. Ïîìîãèòå, êóäà êîïàòü. Ñïàñèáî.

**AndreyPopov** · 31-10-2014, 08:37

ïîðò 3389 äîëæåí ïðîáðàñûâàòüñÿ è áåç VPN.

ïðè ïîäêëþ÷åíèè ïî VPN ïðîáðàñûâàòü ïîðòû âîîáùå íåò íåîáõîäèìîñòè, íàäî ïðîñòî ìàðøðóòèçàöèþ ïðîïèñàòü.

Thread: Óñòàíîâêà è íàñòðîéêà VPN/OpenVPN ÷åðåç 3G/4G (Yota) ìîäåì

Thread Tools

Rate This Thread

Display

Íàñòðîéêà ðîóòåðà PPTP êëèåíòîì ÷åðåç 3g

"Âñå ìîçãè ðàçáèë íà ÷àñòè, âñå èçâèëèíû çàïë¸ë"(ñ)

Ïðîáðîñ ïîðòîâ ïðè openvpn. Ïîìîãèòå.

Similar Threads

Äâà ïðîâàéäåðà (3G/CDMA/YOTA USB-ìîäåì è WAN)

Íàñòðîéêà êëèåíòà è ñåðâåðà OpenVPN íà ðîóòåðå

[QoS] Óñòàíîâêà è íàñòðîéêà nShaper

Íàñòðîéêà (óñòàíîâêà) Samba3

Óñòàíîâêà OpenVPN â îñíîâíóþ ïàìÿòü äëÿ ÍÎÂÈ×ÊÎÂ

Tags for this Thread

Posting Permissions