openvpn (e routing)

To: debian-italian <debian-italian@lists.debian.org>
Subject: openvpn (e routing)
From: Pol Hallen <butterfly@fuckaround.org>
Date: Mon, 10 Dec 2007 19:31:06 +0100
Message-id: <[🔎] 200712101931.06174.butterfly@fuckaround.org>

Ciao a tutti,
ho un "piccolo" problema di ping tra gli host della vpn :-)

Vorrei che sia possibile pingare gli host tra loro (sia quelli in locale - 
attaccati al server) - sia quelli connessi su internet (passando chiaramente 
dalla vpn).

Ho infatti messo la direttiva client-to-client.

Dagli host riesco soltanto a pingare ed accedere al server.

Qui' sotto ho messo le configurazioni

Qualcuno ha voglia di darci un'occhiata? :-)

Grazie!

vpn config server:
port 1742
proto udp
dev tap
;dev-node tap0
ca ca.crt
cert server.crt
key server.key 
dh dh1024.pem
server 10.10.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.10.10.0 255.255.255.0" 
;duplicate-cn
keepalive 10 120
;cipher BF-CBC       
;cipher AES-128-CBC 
;cipher DES-EDE3-CBC 
comp-lzo
user nobody
group nobody
persist-key
persist-tun
;status openvpn-status.log
;log-append  openvpn.log
verb 10
mute 20
client-to-client
client-config-dir ccd "route 10.10.10.1 255.255.255.0"
ping-restart 0

ifconfig:
eth0      Link encap:Ethernet  HWaddr 00:15:F2:2A:AC:74
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::215:f2ff:fe2a:ac74/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:376324 errors:0 dropped:0 overruns:0 frame:0
          TX packets:357194 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:141256642 (134.7 MiB)  TX bytes:74325323 (70.8 MiB)

eth2      Link encap:Ethernet  HWaddr 00:60:08:6D:59:50
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::260:8ff:fe6d:5950/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:108734 errors:0 dropped:0 overruns:0 frame:0
          TX packets:136835 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13942176 (13.2 MiB)  TX bytes:104518436 (99.6 MiB)
          Interrupt:217 Base address:0xde80

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:28162 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28162 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5360422 (5.1 MiB)  TX bytes:5360422 (5.1 MiB)

tap0      Link encap:Ethernet  HWaddr B6:7A:90:16:13:79
          inet addr:10.10.10.1  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::b47a:90ff:fe16:1379/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7808 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5889 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:513040 (501.0 KiB)  TX bytes:591577 (577.7 KiB)

route -n 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 tap0
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0


Un client che si connette da internet

vpn config file:
remote 10.10.10.1 1742
client
dev tap
proto udp
#resolv-retry infinite # this is necessary for DynDNS
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client3.crt
key client3.key
comp-lzo
verb 4
mute 20

eth0      Link encap:Ethernet  HWaddr 00:08:C7:05:A1:CA
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::208:c7ff:fe05:a1ca/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:560815 errors:2 dropped:0 overruns:0 frame:2
          TX packets:319969 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:773484998 (737.6 MiB)  TX bytes:36623351 (34.9 MiB)


lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:180 errors:0 dropped:0 overruns:0 frame:0
          TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:13212 (12.9 KiB)  TX bytes:13212 (12.9 KiB)

tap0      Link encap:Ethernet  HWaddr 00:FF:92:77:C5:65
          inet addr:10.10.10.2  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::2ff:92ff:fe77:c565/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1809 errors:0 dropped:0 overruns:0 frame:0
          TX packets:702 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:112737 (110.0 KiB)  TX bytes:67779 (66.1 KiB)

route -n

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 tap0
0.0.0.0         192.168.1.212   0.0.0.0         UG    0      0        0 eth0


Pol

Reply to:

Follow-Ups:
- Re: openvpn (e routing)
  - From: "Dario Pilori" <penguin90@gmail.com>

Prev by Date: Re: Patch al kernel, quale?
Next by Date: Re: pcmcia su laptop che non funziona...
Previous by thread: Re: Patch al kernel, quale?
Next by thread: Re: openvpn (e routing)
Index(es):
- Date
- Thread