Здравствуйте!
Я настраиваю OpenVPN между двумя классами чтобы протестировать как работает OpenVPN.
сеть разделена Vlanами 192.168.130.0 255.255.255.0 Server1(192.168.150.16) ->10.10.0.0(виртуальная сеть при включении OpenVPN) -> 192.168.155.0 255.255.255.128 Server2(192.168.150.19)
конфиг Server1:
dev tun.
tls-server
proto udp
port 3334
#dev-node tap0
comp-lzo
persist-tun
persist-key
#server 10.1.0.0 255.255.255.0
#ifconfig-pool-persist ipp.txt
ifconfig 10.1.0.1 10.1.0.2
route 192.168.155.0 255.255.255.128
#push "route 192.168.130.0 255.255.255.0"
#duplicate-cn
#keepalive 10 120
#cipher BF-CBC
#cipher AES-128-CBC
#cipher DES-EDE3-CBC
#user nobody
#group nogroup
#status openvpn-status.log
#log-append openvpn.log
конфиг Server2:
remote 192.168.150.16.
port 3334
tls-client
dev tun
proto udp
#resolf-retry infinite
#nobind
#user nobody
#group nogroup
persist-key
persist-tun
ifconfig 10.1.0.2 10.1.0.1
route 192.168.130.0 255.255.255.0
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client.crt
key /etc/openvpn/keys/client.key
comp-lzo
log /var/log/openvpn.log
verb 3
#mute 20
iptables по данной теме прописал. При включении OpenVPN пинги между серверами есть на реальные и которые OpenVPN назначил, а с клиентских машин Server1 на клиентские машины Server2 и наоборот нет.
Вот логи:
Server1:
kylber@mailserver:~$ sudo mcedit /var/log/openvpn.log
/var/log/openvpn.log [----] 0 L:[ 1+ 0 1/ 28] *(0 /2276b)= W 87 0x57
Wed Jul 7 17:51:34 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL]
Wed Jul 7 17:51:34 2010 NOTE: the current --script-security setting may allow t
Wed Jul 7 17:51:34 2010 Diffie-Hellman initialized with 1024 bit key
Wed Jul 7 17:51:34 2010 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted
Wed Jul 7 17:51:34 2010 LZO compression initialized
Wed Jul 7 17:51:34 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:
Wed Jul 7 17:51:34 2010 ROUTE default_gateway=192.168.150.1
Wed Jul 7 17:51:34 2010 TUN/TAP device tun0 opened
Wed Jul 7 17:51:34 2010 TUN/TAP TX queue length set to 100
Wed Jul 7 17:51:34 2010 /sbin/ifconfig tun0 10.1.0.1 pointopoint 10.1.0.2 mtu 1
Wed Jul 7 17:51:34 2010 /sbin/route add -net 192.168.155.0 netmask 255.255.255.
Wed Jul 7 17:51:34 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:
Wed Jul 7 17:51:34 2010 Local Options hash (VER=V4): '1da739b7'
Wed Jul 7 17:51:34 2010 Expected Remote Options hash (VER=V4): '82111d75'
Wed Jul 7 17:51:34 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Wed Jul 7 17:51:34 2010 UDPv4 link local (bound): [undef]:3334
Wed Jul 7 17:51:34 2010 UDPv4 link remote: [undef]
Wed Jul 7 17:51:46 2010 TLS: Initial packet from 192.168.150.19:3334, sid=78510
Wed Jul 7 17:51:46 2010 VERIFY OK: depth=1, /C=RU/ST=Ya/L=Yakutsk/O=YGSHA/CN=YG
Wed Jul 7 17:51:46 2010 VERIFY OK: depth=0, /C=RU/ST=Ya/L=Yakutsk/O=YGSHA/CN=cl
Wed Jul 7 17:51:46 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
Wed Jul 7 17:51:46 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
Server2:
kylber@ubuntu:~$ sudo mcedit /var/log/openvpn.log
/var/log/openvpn.log [----] 0 L:[ 8+13 21/ 29] *(1713/2465b)= W 87 0x57
Wed Jul 7 17:52:22 2010 ROUTE default_gateway=192.168.150.1
Wed Jul 7 17:52:22 2010 TUN/TAP device tun0 opened
Wed Jul 7 17:52:22 2010 TUN/TAP TX queue length set to 100
Wed Jul 7 17:52:22 2010 /sbin/ifconfig tun0 10.1.0.2 pointopoint 10.1.0.1 mtu 1
Wed Jul 7 17:52:22 2010 /sbin/route add -net 192.168.130.0 netmask 255.255.255.
Wed Jul 7 17:52:22 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:
Wed Jul 7 17:52:22 2010 Local Options hash (VER=V4): '82111d75'
Wed Jul 7 17:52:22 2010 Expected Remote Options hash (VER=V4): '1da739b7'
Wed Jul 7 17:52:22 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Wed Jul 7 17:52:22 2010 UDPv4 link local (bound): [undef]:3334
Wed Jul 7 17:52:22 2010 UDPv4 link remote: 192.168.150.16:3334
Wed Jul 7 17:52:22 2010 TLS: Initial packet from 192.168.150.16:3334, sid=3eca3
Wed Jul 7 17:52:22 2010 VERIFY OK: depth=1, /C=RU/ST=Ya/L=Yakutsk/O=YGSHA/CN=YG
Wed Jul 7 17:52:22 2010 VERIFY OK: depth=0, /C=RU/ST=Ya/L=Yakutsk/O=YGSHA/CN=se
Wed Jul 7 17:52:22 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
Wed Jul 7 17:52:22 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
Wed Jul 7 17:52:22 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
Wed Jul 7 17:52:22 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
Wed Jul 7 17:52:22 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
Wed Jul 7 17:52:22 2010 [server] Peer Connection Initiated with 192.168.150.16:
Wed Jul 7 17:52:23 2010 Initialization Sequence Completed
помогите пожалуйста.
вот маршруты:
server1
kylber:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.0.2 * 255.255.255.255 UH 0 0 0 tun0
192.168.155.0 10.10.0.2 255.255.255.128 UG 0 0 0 tun0
192.168.130.0 * 255.255.255.0 U 0 0 0 eth1
192.168.150.0 * 255.255.255.0 U 0 0 0 eth0
default dcsrv.academy.l 0.0.0.0 UG 100 0 0 eth0
kylber:~$
server2
kylber@ubuntu:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.0.1 * 255.255.255.255 UH 0 0 0 tun0
192.168.155.0 * 255.255.255.128 U 0 0 0 eth1
192.168.130.0 10.10.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.150.0 * 255.255.255.0 U 0 0 0 eth0
default 192.168.150.1 0.0.0.0 UG 100 0 0 eth0
вроде как маршруты нормальные но пинги не идут на клиетские машины.