On 12/13/2016 07:25 PM, Adrian Sevcenco wrote:
On 12/13/2016 07:05 PM, alex alex wrote:
Salut,
Salut!
Push route functioneza cind un client se conecteaza la un server
openvpn.
Aici se conecteaza doua servere openvpn. Clientii din lan ai lui
Adrian nu
stiu sa intoarca pachetele catre o retea necunoscuta pentru ei, asa ca
arunca pachetele la def. gateway. care le dropeaza, gateway-ul probabil
nestiind nici el de retaua respectiva.
Deci fie ruta de intoarcere specifica pentru lan-ul remote pe statii, fie
NAT (caz in care calculatoarele replica catre ip-ul gateway-ului openvpn,
din moment ce sursa vine dinspe acesta)
mda, make sense! acum imi dau seama ca singura solutie e NAT pe serverul
openvpn remote (sau solutia de haproxy data de Iulian)
dar mai intii incerc cu NAT :)
Salut! Am incercat sa fac NAT dar imi scapa ceva (cel mai probabil
intoarcerea de la clienti la sursa)
situatia e asha :
192.168.1.100 - acasa
10.1.1.2 - acasa tun10
10.1.1.1 - office tun10
172.20.0.200 - office privat
am ping de la 192.168.1.100 la 172.20.0.200 si invers
scopul e sa am ping de la 192.168.1.100 la oricare altele din 172.20.0/24
am in iptables urmatoarele :
*nat
-A POSTROUTING -s 192.168.1.0/24 -d 172.20.0.0/24,10.10.8.0/22 -j MASQUERADE
*filter
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i tun10 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,SNAT,DNAT -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -d 172.20.0.0/24,10.10.8.0/22 -m conntrack
--ctstate NEW -j ACCEPT
Nu imi dau seama ce anume lipseste ...
Multumesc frumos!
Adrian
Multumesc!
Adrian
2016-12-12 17:09 GMT+02:00 manuel "lonely wolf" wolfshant
<[email protected]
:
On 12/12/2016 03:57 PM, Mihai Badici wrote:
Poti sa pui ruta inversa cu "push route":
push "route 10.10.0.0 255.255.0.0" in configul de server. Cred ca
merge
si
in acel fisier in care ai pus iroute.
( exemplele mele nu sunt consistente, sunt din configuri diferite)
config functional de ani de zile in curtea mea:
push "route 192.168.10.201 255.255.255.255"
push "route 192.168.5.1 255.255.255.255"
push "route 192.168.5.24 255.255.255.255"
push "route 192.168.5.29 255.255.255.255"
push "dhcp-option DNS 192.168.10.11"
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
--
----------------------------------------------
Adrian Sevcenco, Ph.D. |
Institute of Space Science - ISS, Romania |
adrian.sevcenco at {cern.ch,spacescience.ro} |
----------------------------------------------
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
