Dobry den,
uz jsem z toho zoufalej, po precteni vsech moznych howto, mi porad OpenVPN
nefunguje.Klient se overi pres TLS, start klienta i serveru probehne v
poradku, ale nemuzu nikam pingnout, pritom arp pakety na klientovi vidim.
Kdyz bude treba neco doplnit rad zaslu. V bridge modu by se nemelo moc resit
routovani, tak routovaci tabulky neposilam. Nejde mi ani ping z klienta
192.168.10.80 na server s IP 192.168.10.69:
gw:~# ping 192.168.10.69
PING 192.168.10.69 (192.168.10.69) 56(84) bytes of data.
>From 192.168.10.80 icmp_seq=1 Destination Host Unreachable
>From 192.168.10.80 icmp_seq=2 Destination Host Unreachable
>From 192.168.10.80 icmp_seq=3 Destination Host Unreachable
FW problem to nebude, kdyz se klient se serverm spoji, kdyz si na klientu
pustim tcpdump -vv -i tap0 tak vidim arp komunikaci ze vzdalene site, ale
nemuzu pingnout na zadnou adresu.
konfigurace serveru (FreeBSD 7.1)
keepalive 10 120
proto udp
dev tap
server-bridge 192.168.10.69 255.255.255.0 192.168.10.80 192.168.10.85
push "route 192.168.10.0 255.255.255.0"
verb 9
log /var/log/openvpn/openvpn.log
ca /usr/local/etc/openvpn/keys/ca.crt
dh /usr/local/etc/openvpn/keys/dh2048.pem
cert /usr/local/etc/openvpn/keys/-server.crt
key /usr/local/etc/openvpn/keys/-server.key
comp-lzo
mssfix
duplicate-cn
klienta (Linux, zkouseno i na MS Windows XP)
keepalive 10 120
proto udp
dev tap
remote x.x.x.x
verb 9
log /var/log/openvpn/openvpn.log
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/-server.crt
key /etc/openvpn/keys/-server.key
pull
comp-lzo
mssfix
tls-client
ifconfig server:
serv2# ifconfig
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:0b:cd:cf:4d:01
inet 192.168.10.250 netmask 0xffffff00 broadcast 192.168.10.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
tap0: flags=8942<BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:bd:1b:86:b1:00
Opened by PID 33431
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 52:eb:51:79:6c:00
inet 192.168.10.69 netmask 0xffffff00 broadcast 192.168.10.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 4 priority 128 path cost 2000000
member: bge0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 200000
serv2#
ifconfig klient:
gw:~# ifconfig
eth1 Link encap:Ethernet HWaddr 00:e0:7d:cb:9b:dd
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:7dff:fecb:9bdd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:368288 errors:0 dropped:0 overruns:0 frame:0
TX packets:358797 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:188896205 (180.1 MiB) TX bytes:299252267 (285.3 MiB)
Interrupt:23 Base address:0xb400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2454 errors:0 dropped:0 overruns:0 frame:0
TX packets:2454 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:266127 (259.8 KiB) TX bytes:266127 (259.8 KiB)
tap0 Link encap:Ethernet HWaddr 00:ff:61:9c:18:ec
inet addr:192.168.10.80 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::2ff:61ff:fe9c:18ec/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:690 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:139403 (136.1 KiB) TX bytes:594 (594.0 B)
Budu rad za jakoukoliv pomoc.
Petr Kucera
Ceske Budejovice
--
FreeBSD mailing list (users-l@freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l
