[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OPENVPN ( ping entre redes )



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 12-07-2009 02:32, Rafael Moraes wrote:
> Boa madrugada pessoal
> 
> criei uma vpn com openvpn e está funcionando perfeitamente a não ser
> pelo fato de não conseguir pingar as redes dos clientes ( Sem firewall
> para impedir )
> 
> O estranho é que consigo acessar um servidor WTS da rede de um cliente
> vpn através de outro cliente ou do servidor sem problemas, mas pingar de
> jeito nenhum.
> 
> As devidas rotas estão inseridas na configuração do servidor.ex: push
> "192.168.1.0 255.255.255.0"
> 
> alguém já passou por isto?

Do FAQ do OpenVPN:

| Q: I've successfully set up OpenVPN and can ping between both OpenVPN
|    peers, however I cannot reach any of the other machines on the
|    remote subnet. What's the problem?
| A:
|    * Make sure that the firewall is not filtering the TUN/TAP interface.
|    * Make sure you have IP forwarding enabled on the server.
|    * If you are using routing (not ethernet bridging), make sure the
|      clients (or LAN gateway) have a route back to the server for the
|      packets coming in over the tunnel. This can be done by:
|          o adding a route in your default gateway for the VPN network IP
|            subnet pointing to the OpenVPN machine,
|          o adding a route to every client, or
|          o NATing all VPN traffic to the local address of the OpenVPN
|            machine for network traffic which leaves the OpenVPN machine
|            for the local net.
|    * If you are still stumped, use tcpdump, wireshark, or WinDump to
|      determine where packets are being dropped.
Referência: http://openvpn.net/index.php/open-source/faq.html

Veja os pontos acima para tentar resolver o seu problema, em especial,
o fato de que os clientes precisam ter rota pra chegar na outra rede,
ainda que seja através do servidor, pois o gateway pode ser diferente.

Abraço,
- --
Felipe Augusto van de Wiel (faw)
"Debian. Freedom to code. Code to freedom!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkpctfUACgkQCjAO0JDlykaeIACeKLvH7H3E3DA7jCQGvzutIr1J
W7oAni8fgn6O8PV/DxXjlkyPEA7hkjNS
=Rfx0
-----END PGP SIGNATURE-----


Reply to: