Será que desta maneira que estou usando está prejudicando o roteamento? talvez se eu colocar cada conf no /etc/openvpn/ccd ajudaria?
Abraço Rafael 2009/7/15 Rafael Moraes <[email protected]> > > > 2009/7/15 Rafael Moraes <[email protected]> > >> >> Eu nao entendi muito bem este esquema, mas o que tenho é isto: >> >> *Server:* >> tun0 Link encap:UNSPEC HWaddr >> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >> inet addr:10.15.15.1 P-t-P:10.15.15.2 Mask:255.255.255.255 >> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >> RX packets:39011 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:55031 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:100 >> RX bytes:1601038 (1.5 Mb) TX bytes:3042908 (2.9 Mb) >> >> *Clientx* >> >> tun0 Link encap:UNSPEC HWaddr >> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >> inet addr:10.15.15.6 P-t-P:10.15.15.5 Mask:255.255.255.255 >> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >> RX packets:6 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:100 >> RX bytes:504 (504.0 b) TX bytes:1092 (1.0 Kb) >> >> >> >> >> >> >> >> >> 2009/7/15 Leandro Moreira <[email protected]> >> >>> Rafael, >>> Me ocorreu uma coisa, experimente levantar apenas um tunel e ver se da >>> certo acredito q possa estar ae o seu problema, cria um tunel testa o ping, >>> cria outro e assim sucessivamente, abaixo segue uma observação para criação >>> do tunel: >>> >>> remote endpoints must be part of the same 255.255. >>> subnet. The following list shows examples of endp >>> pairs which satisfy this requirement. Only the fi >>> component of the IP address pairs is at issue. >>> >>> As an example, the following option would be corre >>> --ifconfig 10.7.0.5 10.7.0.6 (on host A) >>> --ifconfig 10.7.0.6 10.7.0.5 (on host B) >>> because [5,6] is part of the below list. >>> >>> [ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] >>> [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] >>> [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] >>> [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] >>> [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] >>> [101,102] [105,106] [109,110] [113,114] [117,118] >>> [121,122] [125,126] [129,130] [133,134] [137,138] >>> [141,142] [145,146] [149,150] [153,154] [157,158] >>> [161,162] [165,166] [169,170] [173,174] [177,178] >>> [181,182] [185,186] [189,190] [193,194] [197,198] >>> [201,202] [205,206] [209,210] [213,214] [217,218] >>> [221,222] [225,226] [229,230] [233,234] [237,238] >>> [241,242] [245,246] [249,250] [253,254] >>> >>> >>> A propósito como esta a configuração do seu tunel, como esta configurando >>> o ip local e o remoto. >>> >>> >>> Att. >>> >>> Leandro Moreira. >>> >>> 2009/7/15 Rafael Moraes <[email protected]> >>> >>>> Leandro, >>>> >>>> veja como ficou: >>>> >>>> tenho um script assim no server : >>>> #!/bin/bash >>>> route add -net 192.168.2.0 netmask 255.255.255.0 gw $5 # rede cliente1 >>>> route add -net 192.168.50.0 netmask 255.255.255.0 gw $5 #rede cliente 2 >>>> route add -net 172.50.10.0 netmask 255.255.255.0 gw $5 #rede cliente 3 >>>> >>>> >>>> e nos clientes tem a rota ja implicita pela conf do server push >>>> "192.168.20.0 255.255.255.0" que funciona ok >>>> e também rota para outros clientes: >>>> exemplo da rota no cliente 1 >>>> #!/bin/bash >>>> route add -net 192.168.50.0 netmask 255.255.255.0 gw $5 #rede cliente 2 >>>> route add -net 172.50.10.0 netmask 255.255.255.0 gw $5 #rede cliente 3 >>>> >>>> Estes scripts são executados com up ./rotas.up >>>> >>>> >>>> E ainda não funciona....ta difícil.... >>>> dou um traceroute e ele não acha nada .... >>>> >>>> Ah, e no route -n veja como fica a parte das rotas para clientes: >>>> >>>> 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 >>>> eth2 *# (este é a rede local do server *) >>>> 172.50.10.0 10.15.15.2 255.255.255.0 UG 0 0 0 >>>> tun0 >>>> 192.168.50.0 10.15.15.2 255.255.255.0 UG 0 0 0 >>>> tun0 >>>> 192.168.2.0 10.15.15.2 255.255.255.0 UG 0 0 0 >>>> tun0 >>>> >>>> >>>> o 10.15.15.2 é: >>>> >>>> *inet addr:10.15.15.1 P-t-P:10.15.15.2 Mask:255.255.255.255* >>>> >>>> >>>> >>>> -------------------------------------------------------------------------------------------------------------------------------------- >>>> Tentativa 2: >>>> >>>> tentei colocar todos com o IP VPN do Server como gateway mas aí a iface >>>> que saía era a da internet e nao a tun0 >>>> >>>> >>>> estranho demais.... >>>> >>>> Abraços >>>> >>>> >>>> >>>> >>>> 2009/7/15 Leandro Moreira <[email protected]> >>>> >>>>> Rafael, >>>>> Isso memos, pois o $5 diz ao route que o gw defaul e o ip da ponta >>>>> remota (ip do cliente), já no cliente ele aponta o gw default da rede >>>>> diretamente para o ip do servidor. >>>>> >>>>> Att. >>>>> >>>>> Leandro Moreira. >>>>> >>>>> >>>>> >>>>> 2009/7/15 Rafael Moraes <[email protected]> >>>>> >>>>> deixa eu ver se peguei certo: >>>>>> >>>>>> route add -net 192.168.77.0 netmask 255.255.255.0 gw $5 ** *vai no >>>>>> server* >>>>>> >>>>>> route 192.168.77.0 255.255.255.0 192.168.77.1 *vai nos clientes* >>>>>> * >>>>>> *???? >>>>>> >>>>>> abraço e obrigado* >>>>>> * >>>>>> 2009/7/15 Leandro Moreira <[email protected]> >>>>>> >>>>>> Rafale, >>>>>>> SE o seu problema for rota segue uma dica: >>>>>>> >>>>>>> # servidor-cliente: >>>>>>> >>>>>>> route add -net 192.168.77.0 netmask 255.255.255.0 gw $5 >>>>>>> >>>>>>> # cliente-servidor >>>>>>> route 192.168.77.0 255.255.255.0 192.168.77.1 >>>>>>> >>>>>>> Acabei de cfg um vpn e pingno normalmente entre clientes e >>>>>>> servidores. >>>>>>> >>>>>>> Att. >>>>>>> >>>>>>> Leandro Moreira >>>>>>> >>>>>>> 2009/7/12 Rafael Moraes <[email protected]> >>>>>>> >>>>>>>> Boa madrugada pessoal >>>>>>>> >>>>>>>> >>>>>>>> criei uma vpn com openvpn e está funcionando perfeitamente a não ser >>>>>>>> pelo fato de não conseguir pingar as redes dos clientes ( Sem firewall >>>>>>>> para >>>>>>>> impedir ) >>>>>>>> >>>>>>>> O estranho é que consigo acessar um servidor WTS da rede de um >>>>>>>> cliente vpn através de outro cliente ou do servidor sem problemas, mas >>>>>>>> pingar de jeito nenhum. >>>>>>>> >>>>>>>> As devidas rotas estão inseridas na configuração do servidor.ex: >>>>>>>> push "192.168.1.0 255.255.255.0" >>>>>>>> >>>>>>>> alguém já passou por isto? >>>>>>>> >>>>>>>> Rafael >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Leandro Moreira >>>>>>> Linux Administrator: LPIC-1 >>>>>>> e-mail/msn: [email protected] >>>>>>> Tel.: + 55(32) 9906-5713 >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Leandro Moreira >>>>> Linux Administrator: LPIC-1 >>>>> e-mail/msn: [email protected] >>>>> Tel.: + 55(32) 9906-5713 >>>>> >>>> >>>> >>> >>> >>> -- >>> Leandro Moreira >>> Linux Administrator: LPIC-1 >>> e-mail/msn: [email protected] >>> Tel.: + 55(32) 9906-5713 >>> >> >> >
