Настраиваю OpenVPN 2.1.1 на DD-WRT.
Виндовый клиент коннектится нормально
Но пинги до виртуального роутера(192.168.88.80) не проходят хотя route print выдаёт правильный путь.
Трафик через этот ip тоже не идёт.
Стоит задача коннектится из инета клиентом и ходить в инет через туннель.
Плюс нужен доступ до локалки к которая будет за другим клиентом (пока не копал).
Конфиг сервера: -----------------------
mode server
proto udp
port 1194
dev tap0
server-bridge 192.168.88.80 255.255.255.0 192.168.88.88 192.168.88.95
ifconfig 192.168.88.80 255.255.255.0
# Gateway (VPN Server) Subnetmask Start-IP End-IP
keepalive 10 120
daemon
verb 5
client-to-client
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
tls-server
push «route-gateway 192.168.88.80»
push «dhcp-option DNS 192.168.88.80»
push «dhcp-option WINS 192.168.88.80»
push «redirect-gateway»
При старте выполняються следующие комманды: -------------
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
Фаерволлы ничего не режут. Проверял по логам.
Лог сервера: -----------------------
Jan 1 00:00:12 DD-WRT daemon.notice openvpn[203]: OpenVPN 2.1.1 mipsel-unknown-linux-gnu [SSL] [LZO2] [EPOLL] built on Aug 12 2010
Jan 1 00:00:12 DD-WRT daemon.warn openvpn[203]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Jan 1 00:00:14 DD-WRT daemon.notice openvpn[203]: Diffie-Hellman initialized with 1024 bit key
Jan 1 00:00:15 DD-WRT daemon.warn openvpn[203]: WARNING: file '/tmp/openvpn/key.pem' is group or others accessible
Jan 1 00:00:15 DD-WRT daemon.notice openvpn[203]: TLS-Auth MTU parms [ L:1573 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 1 00:00:15 DD-WRT daemon.notice openvpn[203]: TUN/TAP device tap0 opened
Jan 1 00:00:15 DD-WRT daemon.notice openvpn[203]: TUN/TAP TX queue length set to 100
Jan 1 00:00:15 DD-WRT daemon.notice openvpn[203]: /sbin/ifconfig tap0 192.168.88.80 netmask 255.255.255.0 mtu 1500 broadcast 192.168.88.255
Jan 1 00:00:17 DD-WRT daemon.notice openvpn[203]: Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ]
Jan 1 00:00:17 DD-WRT daemon.notice openvpn[442]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Jan 1 00:00:17 DD-WRT daemon.notice openvpn[442]: UDPv4 link local (bound): [undef]:1194
Jan 1 00:00:17 DD-WRT daemon.notice openvpn[442]: UDPv4 link remote: [undef]
Jan 1 00:00:17 DD-WRT daemon.notice openvpn[442]: MULTI: multi_init called, r=256 v=256
Jan 1 00:00:17 DD-WRT daemon.notice openvpn[442]: IFCONFIG POOL: base=192.168.88.88 size=8
Jan 1 00:00:17 DD-WRT daemon.notice openvpn[442]: Initialization Sequence Completed
Feb 14 22:49:39 DD-WRT daemon.notice openvpn[442]: MULTI: multi_create_instance called
Feb 14 22:49:39 DD-WRT daemon.notice openvpn[442]: 192.168.87.88:2424 Re-using SSL/TLS context
Feb 14 22:49:39 DD-WRT daemon.notice openvpn[442]: 192.168.87.88:2424 Control Channel MTU parms [ L:1573 D:138 EF:38 EB:0 ET:0 EL:0 ]
Feb 14 22:49:39 DD-WRT daemon.notice openvpn[442]: 192.168.87.88:2424 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ]
Feb 14 22:49:39 DD-WRT daemon.notice openvpn[442]: 192.168.87.88:2424 TLS: Initial packet from 192.168.87.88:2424, sid=f9a972a6 8f850d25
Feb 14 22:49:44 DD-WRT daemon.notice openvpn[442]: 192.168.87.88:2424 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Feb 14 22:49:44 DD-WRT daemon.notice openvpn[442]: 192.168.87.88:2424 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 14 22:49:44 DD-WRT daemon.notice openvpn[442]: 192.168.87.88:2424 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Feb 14 22:49:44 DD-WRT daemon.notice openvpn[442]: 192.168.87.88:2424 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 14 22:49:44 DD-WRT daemon.notice openvpn[442]: 192.168.87.88:2424 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Feb 14 22:49:44 DD-WRT daemon.notice openvpn[442]: 192.168.87.88:2424 [client1] Peer Connection Initiated with 192.168.87.88:2424
Feb 14 22:49:47 DD-WRT daemon.notice openvpn[442]: client1/192.168.87.88:2424 PUSH: Received control message: 'PUSH_REQUEST'
Feb 14 22:49:47 DD-WRT daemon.notice openvpn[442]: client1/192.168.87.88:2424 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 192.168.88.80,dhcp-option DNS 192.168.88.80,dhcp-option WINS 192.168.88.80,redirect-gateway,route-gateway 192.168.88.80,ping 10,ping-restart 120
Feb 14 22:49:49 DD-WRT daemon.notice openvpn[442]: client1/192.168.87.88:2424 MULTI: Learn: 00:ff:b4:fd:31:5b -> client1/192.168.87.88:2424
Интерфейсы на сервере: -----------------------
br0 Link encap:Ethernet HWaddr 00:18:F8:CC:B7:C2
inet addr:192.168.87.7 Bcast:192.168.87.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:8362 errors:0 dropped:0 overruns:0 frame:0
TX packets:10073 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:788386 (769.9 KiB) TX bytes:5734441 (5.4 MiB)
br0:0 Link encap:Ethernet HWaddr 00:18:F8:CC:B7:C2
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 00:18:F8:CC:B7:C2
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8191 errors:0 dropped:0 overruns:0 frame:0
TX packets:11233 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:887144 (866.3 KiB) TX bytes:5900688 (5.6 MiB)
Interrupt:4
eth1 Link encap:Ethernet HWaddr 00:18:F8:CC:B7:C4
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:2622
TX packets:0 errors:12 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:2 Base address:0x5000
etherip0 Link encap:Ethernet HWaddr DA:E7:4B:6D:AF:63
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1805 (1.7 KiB) TX bytes:1805 (1.7 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:xx.xx.xx.xx P-t-P:xx.xx.xx.xx Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:85 errors:0 dropped:0 overruns:0 frame:0
TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:7375 (7.2 KiB) TX bytes:1941 (1.8 KiB)
tap0 Link encap:Ethernet HWaddr 00:FF:C5:5D:AC:CE
inet addr:192.168.88.80 Bcast:192.168.88.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:329 errors:0 dropped:0 overruns:0 frame:0
TX packets:692 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:34729 (33.9 KiB) TX bytes:42288 (41.2 KiB)
teql0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vlan0 Link encap:Ethernet HWaddr 00:18:F8:CC:B7:C2
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6904 errors:0 dropped:0 overruns:0 frame:0
TX packets:10798 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:650142 (634.9 KiB) TX bytes:5825840 (5.5 MiB)
vlan1 Link encap:Ethernet HWaddr 00:18:F8:CC:B7:C3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1294 errors:0 dropped:0 overruns:0 frame:0
TX packets:440 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:90277 (88.1 KiB) TX bytes:17243 (16.8 KiB)
Меня конечно смущает ip на br0:0 но как с этим жить непонятно.
route print на клиенте: -------------------------
Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика
0.0.0.0 0.0.0.0 192.168.88.80 192.168.88.88 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.87.0 255.255.255.0 192.168.87.88 192.168.87.88 20
192.168.87.88 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.87.255 255.255.255.255 192.168.87.88 192.168.87.88 20
192.168.88.0 255.255.255.0 192.168.88.88 192.168.88.88 30
192.168.88.88 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.88.255 255.255.255.255 192.168.88.88 192.168.88.88 30
224.0.0.0 240.0.0.0 192.168.87.88 192.168.87.88 20
224.0.0.0 240.0.0.0 192.168.88.88 192.168.88.88 30
255.255.255.255 255.255.255.255 192.168.87.88 192.168.87.88 1
255.255.255.255 255.255.255.255 192.168.88.88 192.168.88.88 1
Основной шлюз: 192.168.88.80
brctrl show на сервере: ----------------------
bridge name bridge id STP enabled interfaces
br0 8000.0018f8ccb7c2 yes vlan0
eth1
tap0
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Похожие темы
- Форум openvpn в режиме моста (2005)
- Форум Помогите разобраться в железке (2010)
- Форум dir 320 OpenWrt: как раздавать интернет? (2010)
- Форум Вернёмся к шлюзу (2007)
- Форум [dd-wrt]Нет доступа в WAN (2010)
- Форум IPTV + udpxy + pppoe + роутер tplink 741 (2014)
- Форум [XEN] настроить локальную сеть на eth1 (2012)
- Форум ifconfig пропали RX bytes и TX bytes (2008)
- Форум Помогите разобраться с маршрутизацией DDWRT (2011)
- Форум windows шлюз (2008)