dengan setting openvpn/server.conf & firewall, vpn klien dapat terkoneksi ke vpn server, klien dan network dibelakang vpn klien sudah dapat mengakses network dibelakang vpn server, tapi kenapa ya di vpn server tidak bisa ping ke network dibelakang vpn klien?
adakah rekan2 yg bisa memberikan solusi? thanks before Andromedas local 222.124.12.212 port 1194 proto udp dev tun ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server 10.10.11.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.0.0 255.255.255.0" client-to-client keepalive 10 120 max-clients 250 user root group root persist-key persist-tun log-append openvpn.log. verb 4 mute 20 /sbin/inconfig tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.10.11.1 P-t-P:10.10.11.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:300 (300.0 b) TX bytes:1253 (1.2 KiB) /sbin/route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.10.11.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 232.124.12.208 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.10.11.0 10.10.11.2 255.255.255.0 UG 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 222.124.12.209 0.0.0.0 UG 0 0 0 eth ===========berikut ini settingan rc.firewall di gateway saya=========== #!/bin/sh #scripts by quicktables 1.0 if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; fi if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 > /proc/sys/net/ipv4/ip_forward; fi # flush any existing chains and set default policies /sbin/iptables -F INPUT /sbin/iptables -F OUTPUT /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT ACCEPT # setup nat if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 > /proc/sys/net/ipv4/ip_forward; fi /sbin/iptables -F FORWARD /sbin/iptables -F -t nat /sbin/iptables -P FORWARD DROP /sbin/iptables -A INPUT -i tun0 -j ACCEPT /sbin/iptables -A FORWARD -i tun0 -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o tun0 -j ACCEPT /sbin/iptables -A FORWARD -i tun0 -o eth1 -j ACCEPT /sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT /sbin/iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -j ACCEPT /sbin/iptables -A INPUT -i eth1 -j ACCEPT /sbin/iptables -A OUTPUT -o eth1 -j ACCEPT /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -s 10.10.11.0/24 -o eth0 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o tun0 -j MASQUERADE # allow all packets on the loopback interface /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A OUTPUT -o lo -j ACCEPT # allow established and related packets back in /sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # icmp /sbin/iptables -A OUTPUT -p icmp -m state --state NEW -j ACCEPT /sbin/iptables -A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -i eth0 -j ACCEPT # open ports to the firewall /sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT #transparent proxy /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.0.0/24 --dport 80 -j DNAT --to 192.168.0.1:8090 # drop all other packets /sbin/iptables -A INPUT -i eth0 -p tcp --dport 0:65535 -j DROP /sbin/iptables -A INPUT -i eth0 -p udp --dport 0:65535 -j DROP salam andromedas -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis