|
Author |
Message |
pentan0l DD-WRT Novice
Joined: 17 Dec 2014 Posts: 1
|
Posted: Sat Dec 27, 2014 10:33 Post subject: openvpn route frage |
|
Hallo,
Ich habe probleme mit routes am open vpn server.
Warum Ich keine ping auf openvpn server ovpn clients?
Code: | tls-server
ca /etc/openvpn/ca.ca
cert /etc/openvpn/srv.cert
comp-lzo yes
dev tun
dh /etc/openvpn/dh.dh
keepalive 10 120
key /etc/openvpn/srv.key
route 192.168.64.0 255.255.255.0 172.28.1.2
server 172.28.1.0 255.255.255.0
tls-auth /etc/openvpn/tlsauth.key 0
tls-timeout 120
verb 3 |
Route ist bestehen, aber ping kein arbeit.
Code: | # netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
172.28.1.0 172.28.1.2 255.255.255.0 UG 0 0 0 tun0
172.28.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.32.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.64.0 172.28.1.2 255.255.255.0 UG 0 0 0 tun0
# ping 192.168.64.254
PING 192.168.64.254 (192.168.64.254): 56 data bytes
^C
--- 192.168.64.254 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
|
Code: | Sat Dec 27 19:54:30 2014 daemon.notice openvpn(multi)[9895]: /sbin/ifconfig tun0 172.28.1.1 pointopoint 172.28.1.2 mtu 1500
Sat Dec 27 19:54:30 2014 daemon.notice openvpn(multi)[9895]: /sbin/route add -net 192.168.64.0 netmask 255.255.255.0 gw 172.28.1.2
Sat Dec 27 19:54:30 2014 daemon.notice openvpn(multi)[9895]: /sbin/route add -net 172.28.1.0 netmask 255.255.255.0 gw 172.28.1.2
Sat Dec 27 19:54:30 2014 daemon.notice openvpn(multi)[9895]: UDPv4 link local (bound): [undef] |
gleich route arbeit von client:
Code: | # netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
172.28.1.1 172.28.1.5 255.255.255.255 UGH 0 0 0 tun0
172.28.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.32.0 172.28.1.5 255.255.252.0 UG 0 0 0 tun0
192.168.64.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
# ping 192.168.32.254
PING 192.168.32.254 (192.168.32.254): 56 data bytes
64 bytes from 192.168.32.254: seq=0 ttl=64 time=1.445 ms
^C
--- 192.168.32.254 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 1.445/1.445/1.445 ms
# ping 192.168.34.254
PING 192.168.34.254 (192.168.34.254): 56 data bytes
64 bytes from 192.168.34.254: seq=0 ttl=64 time=1.564 ms
^C
--- 192.168.34.254 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 1.564/1.564/1.564 ms |
|
|
Back to top |
|
|
Sponsor
|
|
|
bospre DD-WRT Novice
Joined: 12 Jan 2014 Posts: 22
|
Posted: Wed Feb 04, 2015 7:47 Post subject: |
|
Du musst die Firewall-Regeln anpassen.
(unter Administartion/Diagnose)
Ich habe das so geloest:
iptables -I INPUT 1 -p udp --dport 10125 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.200.0/24 -j ACCEPT
iptables -I INPUT 1 -i tun2 -j ACCEPT
iptables -A FORWARD -i tun2 -j ACCEPT
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE |
|
Back to top |
|
|
Sash DD-WRT Guru
Joined: 20 Sep 2006 Posts: 17619 Location: Hesse/Germany
|
|
Back to top |
|
|
|