2009/7/15 Rafael Moraes <[email protected]>
> > Eu nao entendi muito bem este esquema, mas o que tenho é isto: > > *Server:* > tun0 Link encap:UNSPEC HWaddr > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > inet addr:10.15.15.1 P-t-P:10.15.15.2 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:39011 errors:0 dropped:0 overruns:0 frame:0 > TX packets:55031 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:1601038 (1.5 Mb) TX bytes:3042908 (2.9 Mb) > > *Clientx* > > tun0 Link encap:UNSPEC HWaddr > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > inet addr:10.15.15.6 P-t-P:10.15.15.5 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:6 errors:0 dropped:0 overruns:0 frame:0 > TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:504 (504.0 b) TX bytes:1092 (1.0 Kb) > > > > > > > > > 2009/7/15 Leandro Moreira <[email protected]> > >> Rafael, >> Me ocorreu uma coisa, experimente levantar apenas um tunel e ver se da >> certo acredito q possa estar ae o seu problema, cria um tunel testa o ping, >> cria outro e assim sucessivamente, abaixo segue uma observação para criação >> do tunel: >> >> remote endpoints must be part of the same 255.255. >> subnet. The following list shows examples of endp >> pairs which satisfy this requirement. Only the fi >> component of the IP address pairs is at issue. >> >> As an example, the following option would be corre >> --ifconfig 10.7.0.5 10.7.0.6 (on host A) >> --ifconfig 10.7.0.6 10.7.0.5 (on host B) >> because [5,6] is part of the below list. >> >> [ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] >> [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] >> [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] >> [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] >> [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] >> [101,102] [105,106] [109,110] [113,114] [117,118] >> [121,122] [125,126] [129,130] [133,134] [137,138] >> [141,142] [145,146] [149,150] [153,154] [157,158] >> [161,162] [165,166] [169,170] [173,174] [177,178] >> [181,182] [185,186] [189,190] [193,194] [197,198] >> [201,202] [205,206] [209,210] [213,214] [217,218] >> [221,222] [225,226] [229,230] [233,234] [237,238] >> [241,242] [245,246] [249,250] [253,254] >> >> >> A propósito como esta a configuração do seu tunel, como esta configurando >> o ip local e o remoto. >> >> >> Att. >> >> Leandro Moreira. >> >> 2009/7/15 Rafael Moraes <[email protected]> >> >>> Leandro, >>> >>> veja como ficou: >>> >>> tenho um script assim no server : >>> #!/bin/bash >>> route add -net 192.168.2.0 netmask 255.255.255.0 gw $5 # rede cliente1 >>> route add -net 192.168.50.0 netmask 255.255.255.0 gw $5 #rede cliente 2 >>> route add -net 172.50.10.0 netmask 255.255.255.0 gw $5 #rede cliente 3 >>> >>> >>> e nos clientes tem a rota ja implicita pela conf do server push >>> "192.168.20.0 255.255.255.0" que funciona ok >>> e também rota para outros clientes: >>> exemplo da rota no cliente 1 >>> #!/bin/bash >>> route add -net 192.168.50.0 netmask 255.255.255.0 gw $5 #rede cliente 2 >>> route add -net 172.50.10.0 netmask 255.255.255.0 gw $5 #rede cliente 3 >>> >>> Estes scripts são executados com up ./rotas.up >>> >>> >>> E ainda não funciona....ta difícil.... >>> dou um traceroute e ele não acha nada .... >>> >>> Ah, e no route -n veja como fica a parte das rotas para clientes: >>> >>> 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 >>> eth2 *# (este é a rede local do server *) >>> 172.50.10.0 10.15.15.2 255.255.255.0 UG 0 0 0 >>> tun0 >>> 192.168.50.0 10.15.15.2 255.255.255.0 UG 0 0 0 >>> tun0 >>> 192.168.2.0 10.15.15.2 255.255.255.0 UG 0 0 0 >>> tun0 >>> >>> >>> o 10.15.15.2 é: >>> >>> *inet addr:10.15.15.1 P-t-P:10.15.15.2 Mask:255.255.255.255* >>> >>> >>> >>> -------------------------------------------------------------------------------------------------------------------------------------- >>> Tentativa 2: >>> >>> tentei colocar todos com o IP VPN do Server como gateway mas aí a iface >>> que saía era a da internet e nao a tun0 >>> >>> >>> estranho demais.... >>> >>> Abraços >>> >>> >>> >>> >>> 2009/7/15 Leandro Moreira <[email protected]> >>> >>>> Rafael, >>>> Isso memos, pois o $5 diz ao route que o gw defaul e o ip da ponta >>>> remota (ip do cliente), já no cliente ele aponta o gw default da rede >>>> diretamente para o ip do servidor. >>>> >>>> Att. >>>> >>>> Leandro Moreira. >>>> >>>> >>>> >>>> 2009/7/15 Rafael Moraes <[email protected]> >>>> >>>> deixa eu ver se peguei certo: >>>>> >>>>> route add -net 192.168.77.0 netmask 255.255.255.0 gw $5 ** *vai no >>>>> server* >>>>> >>>>> route 192.168.77.0 255.255.255.0 192.168.77.1 *vai nos clientes* >>>>> * >>>>> *???? >>>>> >>>>> abraço e obrigado* >>>>> * >>>>> 2009/7/15 Leandro Moreira <[email protected]> >>>>> >>>>> Rafale, >>>>>> SE o seu problema for rota segue uma dica: >>>>>> >>>>>> # servidor-cliente: >>>>>> >>>>>> route add -net 192.168.77.0 netmask 255.255.255.0 gw $5 >>>>>> >>>>>> # cliente-servidor >>>>>> route 192.168.77.0 255.255.255.0 192.168.77.1 >>>>>> >>>>>> Acabei de cfg um vpn e pingno normalmente entre clientes e servidores. >>>>>> >>>>>> Att. >>>>>> >>>>>> Leandro Moreira >>>>>> >>>>>> 2009/7/12 Rafael Moraes <[email protected]> >>>>>> >>>>>>> Boa madrugada pessoal >>>>>>> >>>>>>> >>>>>>> criei uma vpn com openvpn e está funcionando perfeitamente a não ser >>>>>>> pelo fato de não conseguir pingar as redes dos clientes ( Sem firewall >>>>>>> para >>>>>>> impedir ) >>>>>>> >>>>>>> O estranho é que consigo acessar um servidor WTS da rede de um >>>>>>> cliente vpn através de outro cliente ou do servidor sem problemas, mas >>>>>>> pingar de jeito nenhum. >>>>>>> >>>>>>> As devidas rotas estão inseridas na configuração do servidor.ex: push >>>>>>> "192.168.1.0 255.255.255.0" >>>>>>> >>>>>>> alguém já passou por isto? >>>>>>> >>>>>>> Rafael >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Leandro Moreira >>>>>> Linux Administrator: LPIC-1 >>>>>> e-mail/msn: [email protected] >>>>>> Tel.: + 55(32) 9906-5713 >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Leandro Moreira >>>> Linux Administrator: LPIC-1 >>>> e-mail/msn: [email protected] >>>> Tel.: + 55(32) 9906-5713 >>>> >>> >>> >> >> >> -- >> Leandro Moreira >> Linux Administrator: LPIC-1 >> e-mail/msn: [email protected] >> Tel.: + 55(32) 9906-5713 >> > >
