Thread View: pl.comp.os.bsd
2 messages
2 total messages
Started by "werther"
Fri, 12 Nov 2010 17:07
[FreeBSD 8] OpenVPN bridge
Author: "werther"
Date: Fri, 12 Nov 2010 17:07
Date: Fri, 12 Nov 2010 17:07
160 lines
5320 bytes
5320 bytes
Witam, Mam problem z konfiguracja OpenVPN, byc moze trywialny, ale po raz pierwszy to zestawiam, wiec prosze o wyrozumialosc i ewentualne nakierowanie na wlasciwe tory. OpenVPN sie laczy, uzywajac klucza i PAM, TAP (v.9) na Win7 dostaje adres z wlasciwej puli, ale niestety na tym sie konczy. Moge zapingowac IP serwera OpenVPN (10.10.10.212) i swoje wlasne, ktore dostalem, ale nie widac zadnego hosta w podsieci. Robilem wg: http://www.isgsp.net/freebsd/freebsd-openvpn.html http://blog.hongens.nl/guides/setting-up-openvpn-using-radius-on-freebsd/ rc.conf wyglada tak: ---------------------------------------------------------- defaultrouter="10.10.10.1" hostname="xxx" ifc gateway_enable="YES" openvpn_enable="YES" openvpn_if="tap bridge" openvpn_c openvpn_flags="--script-security 2" ---------------------------------------------------------- server.conf tak: ---------------------------------------------------------- cd /usr/local/etc/openvpn up /usr/local/etc/openvpn/server-up.sh down /usr/local/etc/openvpn/server-down.sh daemon port 1194 proto tcp dev tap0 tls-server tls-auth /usr/local/etc/openvpn/easy-rsa/ta.key 0 cipher AES-256-CBC ca /usr/local/etc/openvpn/easy-rsa/keys/ca.crt cert /usr/local/etc/openvpn/easy-rsa/keys/server.crt key /usr/local/etc/openvpn/easy-rsa/keys/server.key dh /usr/local/etc/openvpn/easy-rsa/keys/dh1024.pem client-cert-not-required username-as-common-name plugin /usr/local/lib/openvpn-auth-pam.so common-auth server-bridge 10.10.10.212 255.255.255.0 10.10.10.171 10.10.10.199 client-to-client keepalive 12 120 duplicate-cn comp-lzo user openvpn group openvpn persist-key persist-tun push "redirect-gateway local" push "dhcp-option DNS 10.10.10.211" push "dhcp-option WINS 10.10.10.210" push "dhcp-option DOMAIN xxxxxx" status /var/openvpn/openvpn-status.log log-append /var/log/openvpn.log verb 5 ---------------------------------------------------------- z tym, ze jest to juz wynik wielu roznych prob, wiec niektore opcje moga byc nadmiarowe. Probowalem ustawiac pierwsza opcje w server-bridge z IP glownego gatewaya: 10.10.10.1, ale z tym samym rezulatatem. server-up.sh ---------------------------------------------------------- #!/bin/sh /sbin/ifconfig bridge0 create /sbin/ifconfig bridge0 addm em0 addm $dev up /sbin/ifconfig $dev up ---------------------------------------------------------- server-down.sh ---------------------------------------------------------- #!/bin/sh /sbin/ifconfig bridge0 deletem $dev /sbin/ifconfig bridge0 destroy /sbin/ifconfig $dev destroy ---------------------------------------------------------- Konfiguracja klienta tak: ---------------------------------------------------------- client remote xxx.xxx.xxx.xxx 1194 dev tap proto tcp resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert test1.crt key test1.key tls-auth ta.key 1 cipher AES-256-CBC ns-cert-type server comp-lzo verb 5 auth-user-pass tls-client ---------------------------------------------------------- W syslogu ani sladu bledow. Bridge sie podnosi: ---------------------------------------------------------- em0: flags43<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:0c:29:94:2d:3e inet 10.10.10.212 netmask 0xffffff00 broadcast 10.10.10.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags10<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags49<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> tap0: flags43<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options000<LINKSTATE> ether 00:bd:ef:b1:09:00 Opened by PID 7960 bridge0: flags43<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 36:2a:df:8c:ef:f7 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: tap0 flags3<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 4 priority 128 path cost 2000000 member: em0 flags3<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 1 priority 128 path cost 20000 ---------------------------------------------------------- Schemat sieci i tego co potrzebuje uzyskac wyglada tak: / Serwer OpenVPN 10.10.10.212 Klient Win ----> router xxx.xxx.xxx.xxx(zew.) 10.10.10.1 (wew.) \ Serwer 1 10.10.10.xxx \ Serwer 2 10.10.10.xxx \ Serwer 3 10.10.10.xxx \ Serwer ... Klient Win ma miec tylko dostep do serwerow uslug w sieci wewnetrznej, z puli adresow przypisanych w dyrektywie server-bridge w server.conf. Mecze sie nad tym juz kilka dobrych dni, i bede wdzieczny za jakakolwiek pomoc. Pozdrawiam, werther -- Wys³ano z serwisu OnetNiusy: http://niusy.onet.pl
Re: OpenVPN bridge
Author: tobnet
Date: Sat, 13 Nov 2010 01:56
Date: Sat, 13 Nov 2010 01:56
24 lines
614 bytes
614 bytes
tap0 nie ma przypisanego adresu ip dlatego bridge nie dzia³a #!/bin/sh /sbin/ifconfig bridge0 create >> tu przypisz adres z twojej sieci ip do tap0 /sbin/ifconfig bridge0 addm em0 addm $dev up /sbin/ifconfig $dev up i te dwie ostatnie linijki ja bym napisa³ tak: /sbin/ifconfig bridge0 addm em0 addm tap0 up tu mo¿e byæ jeszcze: sleep 2 /sbin/ifconfig bridge0 up aha i taka ma³a rada po ka¿dym restarcie opevpn trzeba stworzyæ od nowa bridge bo tap0 traci adres ip :-) najlepiej napisaæ jeden skrypt niszcz±cy bridge0 restartuj±cy openvpn i tworz±cy bridge od nowa Pozdrawiam Tobiasz
Thread Navigation
This is a paginated view of messages in the thread with full content displayed inline.
Messages are displayed in chronological order, with the original post highlighted in green.
Use pagination controls to navigate through all messages in large threads.
Back to All Threads