Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Openvpn Site-to-Site маршрутизация

    Russian
    3
    4
    1089
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      ZHoLD last edited by

      Есть задача, маршрутизировать один маршрут 93.158.134.198 mask 255.255.255.255 через openvpn, а тот в свою очередь отправлял трафик через интернет gw1. Добавляю route 93.158.134.198 255.255.255.225; клиенту openvpn gw2, проверяю из 192.168.5.0/26.

      PS C:\Users\Администратор> tracert 93.158.134.198

      Трассировка маршрута к pythonlbp-s.yandex.ru [93.158.134.198]
      с максимальным числом прыжков 30:

      1    <1 мс    <1 мс    <1 мс  gw2 [192.168.5.1]
        2    3 ms    3 ms    4 ms  10.0.8.9
        3    *        *        *    Превышен интервал ожидания для запроса.
        4    *        *        *    Превышен интервал ожидания для запроса.

      Вижу, что трафик уходит на gw1, но при этом дальше не маршрутизится. Помогите пожалуйста разобраться.

      GW1 Server Openvpn

      
      dev ovpns1
      dev-type tun
      tun-ipv6
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 37.75.7.121
      tls-server
      server 192.168.4.96 255.255.255.224
      client-config-dir /var/etc/openvpn-csc
      tls-verify /var/etc/openvpn/server1.tls-verify.php
      lport 1199
      management /var/etc/openvpn/server1.sock unix
      push "route 192.168.4.0 255.255.255.192"
      client-to-client
      ca /var/etc/openvpn/server1.ca 
      cert /var/etc/openvpn/server1.cert 
      key /var/etc/openvpn/server1.key 
      dh /etc/dh-parameters.1024
      tls-auth /var/etc/openvpn/server1.tls-auth 0
      comp-lzo
      persist-remote-ip
      float
      

      GW2 Client Openvpn

      dev ovpnc3
      dev-type tun
      tun-ipv6
      dev-node /dev/tun3
      writepid /var/run/openvpn_client3.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 10.193.48.110
      lport 0
      management /var/etc/openvpn/client3.sock unix
      remote 37.75.7.121 1174
      ifconfig 10.0.8.10 10.0.8.9
      route 192.168.4.0 255.255.255.192
      secret /var/etc/openvpn/client3.secret 
      comp-lzo
      route 192.168.4.96 255.255.255.224
      route 93.158.134.198 255.255.255.225
      
      1 Reply Last reply Reply Quote 0
      • werter
        werter last edited by

        В каком режиме работает OpenVPN-сервер ?
        Рисуйте схему с адресами и маршрутами.

        1 Reply Last reply Reply Quote 0
        • D
          dvserg last edited by

          Картинки прикрепляем непосредственно к посту.

          1 Reply Last reply Reply Quote 0
          • Z
            ZHoLD last edited by

            Схема в главном посте

            Что в итоге необходимо:

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy