Изучаю OpenVPN
Собрал такой "стенд" в VirtualBox:
сервер 1:
OS: Debian 9
hostname: srv1srv
внешний интерфейс: название - isp, IP 10.0.0.49/24 gw 10.0.0.2
внутренний интерфейс: название - lan, IP 192.168.1.1/24
роль: OpenVPN-сервер, 192.168.3.0/24
сервер 2:
OS: Debian 9
hostname: srv2client
внешний интерфейс: название - isp, IP 10.0.0.50/24 gw 10.0.0.2
внутренний интерфейс: название - lan, IP 192.168.2.1/24
роль: OpenVPN-клиент
Конфигурационные файлы сервера
server.conf
Spoiler
port 1194
#proto udp
proto tcp
dev tun
ca /etc/openvpn/certs/keys/ca.crt
cert /etc/openvpn/certs/keys/server.crt
key /etc/openvpn/certs/keys/server.key
dh /etc/openvpn/dh4096.pem
tls-auth /etc/openvpn/certs/keys/ta.key 0
topology subnet
server 192.168.3.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0" # отправить сеть сервера
route 192.168.2.0 255.255.255.0 # сеть клиента1
client-config-dir /etc/openvpn/ccd
client-to-client
keepalive 10 120
cipher AES-256-CBC
user openvpn
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
auth SHA512
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
mode server
tls-server
ccd/srv2client1
Spoiler
iroute 192.168.2.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
Конфигурационные файлы клиента:
Spoiler
client
tls-client
dev tun
#proto udp
proto tcp
remote 10.0.0.49 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/srv2client1.crt
key /etc/openvpn/certs/srv2client1.key
remote-cert-tls server
tls-auth /etc/openvpn/certs/ta.key 1
cipher AES-256-CBC
auth SHA512
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
в сети каждого есть второй ПК, 192.168.1.2 и 192.168.2.2
Суть проблемы: не могу из сети 192.168.2.0/24 пропинговать сеть за сервером, сам сервер пигнуется
Код: Выделить всё
root@srv2client:~# ping 192.168.1.1 -c 1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.507 ms
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.507/0.507/0.507/0.000 ms
root@srv2client:~# ping 192.168.1.2 -c 1
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
^C
--- 192.168.1.2 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
сеть клиента пингуется номрально
Код: Выделить всё
root@srv1srv:~# ping 192.168.2.2 -c1
PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
64 bytes from 192.168.2.2: icmp_seq=1 ttl=63 time=0.691 ms
--- 192.168.2.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.691/0.691/0.691/0.000 ms
root@srv1srv:~# ping 192.168.2.1 -c1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.359 ms
--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.359/0.359/0.359/0.000 ms
Код: Выделить всё
root@srv1srv:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 isp
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 isp
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 lan
192.168.2.0 192.168.3.2 255.255.255.0 UG 0 0 0 tun0
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
Код: Выделить всё
root@srv2client:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 isp
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 isp
192.168.1.0 192.168.3.1 255.255.255.0 UG 0 0 0 tun0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 lan
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0