Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Openvpn Site-to-Site маршрутизация

    Russian
    3
    4
    1089
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      ZHoLD last edited by

      Есть задача, маршрутизировать один маршрут 93.158.134.198 mask 255.255.255.255 через openvpn, а тот в свою очередь отправлял трафик через интернет gw1. Добавляю route 93.158.134.198 255.255.255.225; клиенту openvpn gw2, проверяю из 192.168.5.0/26.

      PS C:\Users\Администратор> tracert 93.158.134.198

      Трассировка маршрута к pythonlbp-s.yandex.ru [93.158.134.198]
      с максимальным числом прыжков 30:

      1    <1 мс    <1 мс    <1 мс  gw2 [192.168.5.1]
        2    3 ms    3 ms    4 ms  10.0.8.9
        3    *        *        *    Превышен интервал ожидания для запроса.
        4    *        *        *    Превышен интервал ожидания для запроса.

      Вижу, что трафик уходит на gw1, но при этом дальше не маршрутизится. Помогите пожалуйста разобраться.

      GW1 Server Openvpn

      
dev ovpns1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 37.75.7.121
tls-server
server 192.168.4.96 255.255.255.224
client-config-dir /var/etc/openvpn-csc
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1199
management /var/etc/openvpn/server1.sock unix
push "route 192.168.4.0 255.255.255.192"
client-to-client
ca /var/etc/openvpn/server1.ca 
cert /var/etc/openvpn/server1.cert 
key /var/etc/openvpn/server1.key 
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float

      GW2 Client Openvpn

      dev ovpnc3
dev-type tun
tun-ipv6
dev-node /dev/tun3
writepid /var/run/openvpn_client3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 10.193.48.110
lport 0
management /var/etc/openvpn/client3.sock unix
remote 37.75.7.121 1174
ifconfig 10.0.8.10 10.0.8.9
route 192.168.4.0 255.255.255.192
secret /var/etc/openvpn/client3.secret 
comp-lzo
route 192.168.4.96 255.255.255.224
route 93.158.134.198 255.255.255.225
      1 Reply Last reply Reply Quote 0
      • werter
        werter last edited by

        В каком режиме работает OpenVPN-сервер ?
        Рисуйте схему с адресами и маршрутами.

        1 Reply Last reply Reply Quote 0
        • D
          dvserg last edited by

          Картинки прикрепляем непосредственно к посту.

          1 Reply Last reply Reply Quote 0
          • Z
            ZHoLD last edited by

            Схема в главном посте

            Что в итоге необходимо:

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy