Poti sa pui ruta inversa cu "push route": push "route 10.10.0.0 255.255.0.0" in configul de server. Cred ca merge si in acel fisier in care ai pus iroute. ( exemplele mele nu sunt consistente, sunt din configuri diferite)
2016-12-12 15:29 GMT+02:00 Adrian Sevcenco <[email protected]>: > On 12/12/2016 01:45 PM, alex alex wrote: > >> Trebuie sa ai ruta de intorcere catre reteaua ta de acasa pe >> clientii/pc-urile de la serviciu... Sau sa faci NAT/MAsq pe >> office/ethpriv1. >> > mda, ar fi logic, ca nu au de unde sa stie .. > ruta de intoarcere nu am cum sa pun (nu sunt compuri sunt deviceuri : > raid, ipmi, switch) > > NAT/Masq cred ca e singura modalitate ... cum s-ar face? > postrouting -s net_priv_1 -o tun10 ? > > Sau sa faci tunel L2 cu openVPN, ca sa fii in aceeasi retea layer2 (pot >> aparea probleme suplimentare) >> > m-am gindit dar prefer sa nu.. > > Multumesc de idei si info! > Adrian > > > > >> 2016-12-12 9:17 GMT+02:00 Adrian Sevcenco <[email protected]>: >> >> On 12/11/2016 08:31 PM, Mihai Badici wrote: >>> >>> On Sunday 11 December 2016 20:23:06 Adrian Sevcenco wrote: >>>> >>>> Salut! Am o problema de routing si clar imi scapa un amanunt esential : >>>>> >>>>> net_priv_0---(eth_priv_0)[home](tun_2)---openvpn---(tun_1)[ >>>>> office](eth_priv_ >>>>> 1)---net_priv_1 >>>>> >>>>> in principiu pe fiecare in parte pus rutele sa ajunga in partea >>>>> cealalta >>>>> de pe fiecare comp am ping la ip-urile de pe interfata privata din >>>>> partea cealalta : >>>>> din home : ping la ip eth_priv_1 DA >>>>> din office : ping la ip eth_priv_0 DA >>>>> >>>>> problema e ca nu am ping la retelele private net_priv_ (de interes >>>>> fiind >>>>> net_priv_1) >>>>> am incercat ce pe serverul de openvpn (configurat p2p) sa specific la >>>>> local routes ca 172.20.0.0/24 are ca gateway 172.20.0.200 (ip-ul de pe >>>>> eth_priv_1) dar asa nu a mers nici ping pe 200.. >>>>> >>>>> Aveti idee ce imi scapa ? >>>>> Multumesc frumos! >>>>> Adrian >>>>> >>>>> Cred ca trebuie sa iti pui niste rute catre retelele private in >>>> openvpn de >>>> genul: >>>> >>>> client-config-dir ccd ( asta in configul openvpn) >>>> si dupa aia in ccd un fisier cu numele clientului in care pui rutele : >>>> de exemplu: >>>> >>>> cat /etc/openvpn/ccd/test >>>> iroute 192.168.8.0 255.255.255.0 >>>> >>>> Multumesc de sfat! >>> Din nefericire nu functioneaza .. cind introduc >>> client-config-dir /etc/openvpn/clients >>> mode server >>> >>> unde clients are fisierul DEFAULT cu rutele serverului >>> nu mai am ping nici la capatul tunelului :( .. >>> (fisierul e DEFAULT intru-cat cind am facut CA-ul l-am facut org >>> ca sa folosesc certificatele si in alte scopuri, iar CN-ul e cat china >>> ca are adaugat /emailAddress= ... asa l-a facut easyrsa) >>> in log am asa ceva : >>> >>> 192.168.1.100/5.12.126.170:1194 OPTIONS IMPORT: reading client specific >>> options from: /etc/openvpn/clients/DEFAULT >>> 192.168.1.100/5.12.126.170:1194 MULTI: no dynamic or static remote >>> --ifconfig address is available for 192.168.1.100/5.12.126.170:1194 >>> 192.168.1.100/5.12.126.170:1194 MULTI: internal route 172.20.0.0/24 -> >>> 192.168.1.100/5.12.126.170:1194 >>> 192.168.1.100/5.12.126.170:1194 MULTI: Learn: 172.20.0.0/24 -> >>> 192.168.1.100/5.12.126.170:1194 >>> 192.168.1.100/5.12.126.170:1194 MULTI: internal route 10.10.8.0/22 -> >>> 192.168.1.100/5.12.126.170:1194 >>> 192.168.1.100/5.12.126.170:1194 MULTI: Learn: 10.10.8.0/22 -> >>> 192.168.1.100/5.12.126.170:1194 >>> 192.168.1.100/5.12.126.170:1194 REMOVE PUSH ROUTE: 'route 10.10.8.0 >>> 255.255.252.0' >>> 192.168.1.100/5.12.126.170:1194 REMOVE PUSH ROUTE: 'route 172.20.0.0 >>> 255.255.255.0' >>> >>> tunelul e static, doar vreau sa am access de acasa la 2 retele private de >>> la serviciu, deci nu am nevoie de nimic complicat dinamic .. >>> avind in vedere ca vad ip-urile de pe eth_priv_1 pot sa fac un routing >>> de mina ca sa vad si retelele net_priv_1 ? >>> >>> Multumesc frumos! >>> Adrian >>> >>> >>> >>> _______________________________________________ >>> RLUG mailing list >>> [email protected] >>> http://lists.lug.ro/mailman/listinfo/rlug >>> >>> >>> _______________________________________________ >> RLUG mailing list >> [email protected] >> http://lists.lug.ro/mailman/listinfo/rlug >> >> > > > _______________________________________________ > RLUG mailing list > [email protected] > http://lists.lug.ro/mailman/listinfo/rlug > > _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
