I spoke too soon in a recent thread, when i thought I had openvpn working properly. In fact it seems that it is working inside my LAN but not from outside. I cannot reach it from a static IP to the router.
my internal lan is all on the 10.8.0.0/24 subnet. I'm trying to establish the VON in bridge mode with the following topology:
router: 10.8.0.1
vpn gateway: 10.8.0.2
dhcp server: 10.8.0.5 (also serves DNS and WINS)
the dhcp will lease addresses to vpn clients.
all this works if i try to connect to the 10.8.0.2 gateway inside the network (or 10.8.0.1, in fact). it doesn't work outside.
i have set an ipforwarding rule in the ar7.cfg file to point all incoming traffic on port 1194 to 10.8.0.1, which should do the trick, but seemingly not.
my server conf, debug.cfg are
server.conf
Code:
daemon
proto tcp-server
port 1194
dev tap0
dev-node /dev/misc/net/tun
mode server
tls-server
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig 10.8.0.2 255.255.255.0
client-to-client
keepalive 10 60
comp-lzo
persist-key
persist-tun
verb 3
debug.cfg
Code:
cd /var/tmp
mkdir vpn
cd vpn
wget ftp://10.8.0.5/brctl
wget ftp://10.8.0.5/ca.crt
wget ftp://10.8.0.5/dh1024.pem
wget ftp://10.8.0.5/fritz.conf
wget ftp://10.8.0.5/openvpn
wget ftp://10.8.0.5/server.conf
wget ftp://10.8.0.5/server.crt
wget ftp://10.8.0.5/server.key
chmod 0600 ./*
chmod +x ./openvpn
chmod +x ./brctl
/var/tmp/vpn/openvpn --config /var/tmp/vpn/fritz.conf
/var/tmp/vpn/brctl addif lan tap0
an ifconfig gives the following output
Code:
dsl Link encap:Point-Point Protocol
inet addr:192.168.179.1 P-t-P:192.168.179.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:1724 errors:0 dropped:0 overruns:0 frame:0
TX packets:2078 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:278391 (271.8 KiB) TX bytes:430953 (420.8 KiB)
eth0 Link encap:Ethernet HWaddr 00:15:0C:97:46:1E
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:4078 errors:0 dropped:0 overruns:0 frame:0
TX packets:3054 errors:0 dropped:0 overruns:0 carrier:0
collisions:1367 txqueuelen:100
RX bytes:2603889 (2.4 MiB) TX bytes:505053 (493.2 KiB)
eth1 Link encap:Ethernet HWaddr 00:15:0C:97:46:1F
UP BROADCAST ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Base address:0x2800
lan Link encap:Ethernet HWaddr 00:15:0C:97:46:1E
inet addr:10.8.0.1 Bcast:10.255.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:4098 errors:0 dropped:0 overruns:0 frame:0
TX packets:3029 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2555254 (2.4 MiB) TX bytes:496047 (484.4 KiB)
lan:0 Link encap:Ethernet HWaddr 00:15:0C:97:46:1E
inet addr:192.168.178.254 Bcast:192.168.178.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:223 errors:0 dropped:0 overruns:0 frame:0
TX packets:223 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:30170 (29.4 KiB) TX bytes:30170 (29.4 KiB)
tap0 Link encap:Ethernet HWaddr 00:FF:F6:AD:A2:76
inet addr:10.8.0.2 Bcast:10.8.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:27006 (26.3 KiB)
usbrndis Link encap:Ethernet HWaddr 00:15:0C:97:46:22
UP BROADCAST ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
the addition to ar7.cfg was
Code:
"tcp 0.0.0.0:1194 10.8.0.1:1194 0 #openvpn",
do i, perhaps, need to explicitly bridge the tap0 interface? or what else am i doing wrong? all help gratefully received.
0 komentar:
Post a Comment