dengan setting openvpn/server.conf & firewall, vpn klien dapat terkoneksi ke
vpn
server, klien dan network dibelakang vpn klien sudah dapat mengakses network
dibelakang vpn server, tapi kenapa ya di vpn server tidak bisa ping ke network
dibelakang vpn klien?
adakah rekan2 yg bisa memberikan solusi?
thanks before
Andromedas
local 222.124.12.212
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
server 10.10.11.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0"
client-to-client
keepalive 10 120
max-clients 250
user root
group root
persist-key
persist-tun
log-append openvpn.log.
verb 4
mute 20
/sbin/inconfig
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.10.11.1 P-t-P:10.10.11.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:300 (300.0 b) TX bytes:1253 (1.2 KiB)
/sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.11.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
232.124.12.208 0.0.0.0 255.255.255.240 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.10.11.0 10.10.11.2 255.255.255.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 222.124.12.209 0.0.0.0 UG 0 0 0 eth
===========berikut ini settingan rc.firewall di gateway saya===========
#!/bin/sh
#scripts by quicktables 1.0
if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 >
/proc/sys/net/ipv4/tcp_syncookies; fi
if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 >
/proc/sys/net/ipv4/ip_forward; fi
# flush any existing chains and set default policies
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
# setup nat
if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 >
/proc/sys/net/ipv4/ip_forward; fi
/sbin/iptables -F FORWARD
/sbin/iptables -F -t nat
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A INPUT -i tun0 -j ACCEPT
/sbin/iptables -A FORWARD -i tun0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o tun0 -j ACCEPT
/sbin/iptables -A FORWARD -i tun0 -o eth1 -j ACCEPT
/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth1 -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 10.10.11.0/24 -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o tun0 -j MASQUERADE
# allow all packets on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# allow established and related packets back in
/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# icmp
/sbin/iptables -A OUTPUT -p icmp -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s
-i
eth0 -j ACCEPT
# open ports to the firewall
/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
#transparent proxy
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.0.0/24 --dport 80
-j DNAT --to 192.168.0.1:8090
# drop all other packets
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 0:65535 -j DROP
/sbin/iptables -A INPUT -i eth0 -p udp --dport 0:65535 -j DROP
salam
andromedas
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis
