LINUX.ORG.RU
ФорумAdmin

Openvpn сетка не доступна

 


0

1

Хорошего дня.

Есть 2 машины между между ними прокинут VPN туннель, 10.2.0.0/24 Сервер под Freebsd: 10.2.0.1 Клиент под linux: 10.2.0.10 клиент пингует сервер и локалку под ним. Сервер пингует клиент нормально, но не видит локалок за ним. Где косяк?

Сервер:

ifconfig ------------

vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=82808<VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE>
	ether 00:1c:f0:d1:16:21
	hwaddr 00:1c:f0:d1:16:21
	inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255 
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 98:de:d0:02:d5:b0
	hwaddr 98:de:d0:02:d5:b0
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
re1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 6c:62:6d:e8:94:a1
	hwaddr 6c:62:6d:e8:94:a1
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (10baseT/UTP <half-duplex>)
	status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo 
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
	inet 94.28.253.189 --> 94.28.192.1  netmask 0xffffffff 
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
	options=80000<LINKSTATE>
	inet6 fe80::21c:f0ff:fed1:1621%tun0 prefixlen 64 scopeid 0x6 
	inet 10.8.0.46 --> 10.8.0.45  netmask 0xffffffff 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: tun 
	Opened by PID 4664
tun1: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> metric 0 mtu 1500
	options=80000<LINKSTATE>
	inet6 fe80::21c:f0ff:fed1:1621%tun1 prefixlen 64 scopeid 0x7 
	inet 10.2.0.1 --> 10.2.0.2  netmask 0xffffffff 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: tun 
	Opened by PID 5568

netstat -nr ----------------------------------

Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            94.28.192.1        UGS         ng0
10.2.0.0/24        10.2.0.2           UGS        tun1
10.2.0.1           link#7             UHS         lo0
10.2.0.2           link#7             UH         tun1
10.8.0.1/32        10.8.0.45          UGS        tun0
10.8.0.45          link#6             UH         tun0
10.8.0.46          link#6             UHS         lo0
94.28.192.1        link#5             UH          ng0
94.28.253.189      link#5             UHS         lo0
127.0.0.1          link#4             UH          lo0
192.168.0.0/24     10.2.0.10          UGS        tun1
192.168.5.0/24     link#1             U           vr0
192.168.5.1        link#1             UHS         lo0
192.168.21.0/24    10.8.0.45          UGS        tun0

Клиент:

ifconfig -------------------------------------------

eth0      Link encap:Ethernet  HWaddr e0:69:95:af:36:c0  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::e269:95ff:feaf:36c0/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:3542524025 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2529917151 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000 
          RX bytes:301549906 (301.5 MB)  TX bytes:2291449213 (2.2 GB)

eth2      Link encap:Ethernet  HWaddr 00:90:27:34:41:69  
          inet addr:185.42.76.74  Bcast:185.42.76.255  Mask:255.255.255.0
          inet6 addr: fe80::290:27ff:fe34:4169/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:446518144 errors:0 dropped:0 overruns:0 frame:0
          TX packets:278362575 errors:1 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000 
          RX bytes:3721212790 (3.7 GB)  TX bytes:3942885884 (3.9 GB)

eth4      Link encap:Ethernet  HWaddr 00:19:5b:8b:0d:4e  
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::219:5bff:fe8b:d4e/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:6486291877 errors:24 dropped:12 overruns:24 frame:0
          TX packets:3304771862 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:8169535471994 (8.1 TB)  TX bytes:307283900610 (307.2 GB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:15626569 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15626569 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:12026354604 (12.0 GB)  TX bytes:12026354604 (12.0 GB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:132141311 errors:0 dropped:0 overruns:0 frame:0
          TX packets:82499180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:2109151234 (2.1 GB)  TX bytes:2117329789 (2.1 GB)

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.2.0.10  P-t-P:10.2.0.9  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:336 (336.0 B)  TX bytes:336 (336.0 B)

route -n -------------------------------

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         185.42.76.1     0.0.0.0         UG    0      0        0 eth2
10.2.0.1        10.2.0.9        255.255.255.255 UGH   0      0        0 tun1
10.2.0.9        0.0.0.0         255.255.255.255 UH    0      0        0 tun1
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
185.42.76.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth4
192.168.5.0     10.2.0.9        255.255.255.0   UG    0      0        0 tun1
192.168.21.0    10.8.0.5        255.255.255.0   UG    0      0        0 tun0
192.168.88.0    192.168.0.32    255.255.255.0   UG    0      0        0 eth0
195.191.89.139  185.42.76.1     255.255.255.255 UGH   0      0        0 eth2


Хелп.

добавочно конфиги 
клиента

client
#dev tap
dev tun
#dev-node MyTap
#proto tcp
proto udp
remote  94.28.253.189 1199
#remote my-server-2 1194
#remote-random
resolv-retry infinite
nobind
#user nobody
#group nobody
persist-key
persist-tun
#http-proxy-retry 
#http-proxy [proxy server] [proxy port 
#mute-replay-warnings
ca ca.crt
cert office-test-work.crt
key office-test-work.key
remote-cert-tls server
tls-auth ta.key 1
cipher BF-CBC
comp-lzo
verb 5
#mute 20
daemon

сервера

port 1199
proto udp
dev tun
ca /usr/local/etc/openvpn/keys/office-test-server/ca.crt
cert //usr/local/etc/openvpn/keys/office-test-server/office-test-server.crt
key /usr/local/etc/openvpn/keys/office-test-server/office-test-server.key
dh /usr/local/etc/openvpn/keys/office-test-server/dh.pem
server 10.2.0.0 255.255.255.0
#client-config-dir /etc/openvpn/ccd
ifconfig-pool-persist ipp.txt
route 192.168.5.0 255.255.255.0
tls-server
tls-auth /usr/local/etc/openvpn/keys/office-test-server/ta.key 0
tls-timeout 120
auth SHA1 
cipher BF-CBC
keepalive 10 120
comp-lzo
max-clients 10
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn-office-test-server.log
verb 3
mute 30
daemon

недоступны сети 192.168.0.0/24, 192.168.1.0/24 у клиента. Клиент видит локалку на сервере = 192.168.5.0/24



Последнее исправление: annuunax (всего исправлений: 1)

Не идут пинги смотри пути.

Как обычно в путях до сети клиента.

libert0
()

iroute ? Но лучше показать конфиги клиента и сервера. А так же «но не видит локалок за ним» написать каких именно.

anc ★★★★★
()

Смотри tcpdump-ом, как идут пакеты. Перенаправление трафика на клиенте включено?

XMs ★★★★★
()
Ответ на: комментарий от XMs

да что там смотреть? У него пути не настроены. iroute пользовать

libert0
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.