Openvpn dd-rwt->linux, routing
Dusan Msk
msk.conf na gmail.com
Středa Srpen 24 19:39:20 CEST 2011
Ahoj,
snazim sa rozchodit openvpn medzi dd-wrt ( asus wl500gpv2 ) a linux
serverom. Dostal som sa do stavu, ked si neviem rady. Z klienta
sa dopingnem vsade, zo servera len na tun0 klienta.
Linux ( vpn server ):
server.conf:
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
server 10.15.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push route 192.168.24.0 255.255.255.0 # klient na server
route 192.168.66.0 255.255.255.0 # server na klient
client-to-client
keepalive 5 15
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 5
mute 10
siet:
eth0 inet addr:192.168.24.10 Bcast:192.168.24.255 Mask:255.255.255.0
tun0 inet addr:10.15.0.1 P-t-P:10.15.0.2 Mask:255.255.255.255
routing s vypnutym openvpn:
Destination Gateway Genmask Flags Metric Ref
Use Iface
192.168.24.0 * 255.255.255.0 U 0 0 0 eth0
default gw.in.firma.cz 0.0.0.0 UG 0 0 0 eth0
routing so zapnutym openvpn serverom:
Destination Gateway Genmask Flags Metric Ref
Use Iface
10.15.0.2 * 255.255.255.255 UH 0 0 0 tun0
>> 192.168.66.0 10.15.0.2 255.255.255.0 UG 0 0
0 tun0
10.15.0.0 10.15.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.24.0 * 255.255.255.0 U 0 0 0 eth0
default gw.in.firma.cz 0.0.0.0 UG 0 0 0 eth0
DD-WRT ( klient ):
client.conf:
nemam, naklikavaju sa len kluce a certifikaty a adresa servera
siet:
br0 Link encap:Ethernet HWaddr 20:CF:30:CE:4B:64
inet addr:192.168.66.1 Bcast:192.168.66.255 Mask:255.255.255.0
br0:0 Link encap:Ethernet HWaddr 20:CF:30:CE:4B:64
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 20:CF:30:CE:4B:64
eth1 Link encap:Ethernet HWaddr 20:CF:30:CE:4B:66
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.15.0.6 P-t-P:10.15.0.5 Mask:255.255.255.255
vlan0 Link encap:Ethernet HWaddr 20:CF:30:CE:4B:64
vlan1 Link encap:Ethernet HWaddr 20:CF:30:CE:4B:65
inet addr:192.168.100.97 Bcast:192.168.100.255 Mask:255.255.255.0
routing s vypnutym openvpn:
Destination Gateway Genmask Flags Metric Ref
Use Iface
192.168.100.1 * 255.255.255.255 UH 0 0
0 vlan1
192.168.100.0 * 255.255.255.0 U 0 0
0 vlan1
192.168.66.0 * 255.255.255.0 U 0 0 0 br0
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default WL-001FC611F85A 0.0.0.0 UG 0 0
0 vlan1
routing s pripojenym openvpn:
Destination Gateway Genmask Flags Metric Ref
Use Iface
192.168.100.1 * 255.255.255.255 UH 0 0
0 vlan1
10.15.0.5 * 255.255.255.255 UH 0 0 0 tun0
192.168.100.0 * 255.255.255.0 U 0 0
0 vlan1
192.168.66.0 * 255.255.255.0 U 0 0 0 br0
10.15.0.0 10.15.0.5 255.255.255.0 UG 0 0 0 tun0
>> 192.168.24.0 10.15.0.5 255.255.255.0 UG 0 0
0 tun0
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default WL-001FC611F85A 0.0.0.0 UG 0 0
0 vlan1
Problem jednoznacne suvisi s routingom, pretoze vpn sa ustanovi,
pricom ping medzi sietami funguje/nefunguje nasledovne:
klient pingne vsetko, tzn 10.15.0.1 ( server openvpn ), ako aj
192.168.24.1 ( eth0 vzdialeneho servera ) ako aj ine stroje v
192.168.24.0 ( siet za serverom ).
server pingne len 10.15.0.6 ( tun0 asus wl500g ), nedopinga sa ani
na 192.168.66.1 ( br0 asusu ) ani nikde dalej ( siet za klientom )
Pravdupovediac netusim, co dalej. Bude to asi suvisiet s tymi bridgami na asuse.
Nakopne ma niekto?
Diky
--
Dusan
Další informace o konferenci Linux