Re: problemi openvpn dietro gw

[xserver80 <xserver80@gmail.com>]

Il 31 ottobre 2010 17:52, emmanuel segura <emi2fast@gmail.com> ha scritto:
> mi hai vedere la tua configurazione?
>



|___________D M Z_________________|

Client 1 (windows7):                 Gateway1:
Internet             Gateway2:                Server VPN:
     Application server:


ip 192.168.1.31                    ip 192.168.1.1
                ip 192.168.1.1            eth1 0.0.0.0
    ip 192.168.1.5
gw 192.168.1.1
                                                       tun0 0.0.0.0
                gw 192.168.1.1

                                                               br0
192.168.1.205

Dal client, che in via definitiva sarà una linux box embedded, ho
bisogno di collegarmi all'application server probabilmente tramite
telnet. Di conseguenza ho bnisogno del collegamento vpn che mi
consenta di fare accesso con canale bidirezionale.



Attualmente per la fase di test, usando come client windows e seguendo
la guida che hai postato, la configurazione è questa:


Client Windows 7 con OpenVPN GUI:

client.ovpn
------------------------------------
client
dev tap0
proto udp
remote 151.76.34.27 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user1.crt
key user1.key
tls-auth ta.key 1
verb 4
ping 60
ping-restart 120
--explicit-exit-notify 2
------------------------------------


Server Debian5:
server.conf
------------------------------------
#/etc/openvpn/server.conf
local 192.168.1.205
port 1194
proto udp
dev tap0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
tls-auth /etc/openvpn/keys/ta.key 0

ifconfig-pool-persist ipp.txt
server-bridge 192.168.2.1 255.255.255.0 192.168.2.70 192.168.2.79

keepalive 40 180
push "redirect-gateway"
max-clients 5
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
------------------------------------


E in definitiva, fatto partire il server con la configurazione di br0....
bridge.sh
------------------------------------
#bridge.sh
#!/bin/bash
# Create global variables
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"
eth_ip="192.168.1.251"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"
gw="192.168.1.251"
start_bridge () {
#################################
# Set up Ethernet bridge on Linux
#################################
for t in $tap; do
openvpn --mktun --dev $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast up
route add default gw $gw $br
}
stop_bridge () {
####################################
# Pull Down Ethernet bridge on Linux
####################################
ifconfig $br down
brctl delbr $br
for t in $tap; do
openvpn --rmtun --dev $t
done
ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast up
route add default gw $gw $eth
}
case "$1" in
start)
echo -n "Starting Bridge"
start_bridge
;;
stop)
echo -n "Stopping Bridge"
stop_bridge
;;
restart)
stop_bridge
sleep 2
start_bridge
;;
*)
echo "Usage: $0 {start|stop|restart}" >&2
exit 1
;;
esac
--------------------------------------


...non riesco più a raggiungere il server neppure in ssh (ovviamente
ho forwardato le porte ssh e vpn dal gateway).


Cosa sto sbagliando? :-(


Grazie!