Przejdź do treści forum
eko.one.pl
OpenWrt, Linux, USB, notebooki i inne ciekawe rzeczy
Nie jesteś zalogowany. Proszę się zalogować lub zarejestrować.
Aktywne tematy Tematy bez odpowiedzi
Opcje wyszukiwania (Strona 1 z 9)
Strony 1 2 3 … 9 Następna
Cześć,
Czy da się zrobić tak żeby laptop podłączony po hotspocie do telefonu który jest połączony po VPN z domem był widoczny jakby łączył się z domu?
Schemat:
INTERNET <stały IP> DOM <VPN> TELEFON <Hotspot> LAPTOP
Chciałbym podczas wakacji za granicą łączyć się do pracy i być widoczny jak był bym w domu 
Podczas pracy i tak łączę się ze służbowym VPN, ale nie wiem czy oni sprawdzają skąd się łączę.
Gdy łączę się z VPN to z telefonu jestem widoczny jako mój stały IP, ale udostępniając intenet hotspotem na laptopie moje IP wyświetla się jako jakiś publiczny adres.
mar_w napisał/a:A dodałeś maskaradę do strefy LAN routera na działce?
Teraz dodałem:
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
Niestety nie pomogło. Może przesiądę się na inny VPN.
Cezary napisał/a:W punkt. Może kamery nie mają ustawionego gatewaya i dlatego nie działa.
Sprawdziłem, mają gateway na router na dziłce ustawiony
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'home'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'home'
option masq '1'
config forwarding
option src 'home'
option dest 'wan'
config forwarding
option src 'home'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'home'
config redirect
option target 'DNAT'
config redirect
option dest_port '554'
option src 'home'
option name 'Camera'
option src_dport '554'
option target 'DNAT'
option dest_ip '192.168.10.244'
option dest 'lan'
Mam, ale chciałbym mieć też podgląd przez rtsp
Czy to ze mogę wejść na 'stronę" kamery z domu i tam widzieć obraz nie neguje tej tezy?
Tak czy siak, już sprawdzam co tam mam w opcjach kamery..
Cześć.
Mam problem z podglądem kamer po rtsp za tunelem zerotierone. Na działce mam router z openwrt na którym mam skonfigurowanego klienta zerotierone według poradnika wraz z udostępnianiem urządzeń za routerem. Podgląd kamer po rtsp i http gdy jestem na działce bezpośrednio działa. Z domu z komputera który jest wpięty również w sieć zerotierone mogę wejść zarówno na router jak i na stronę kamery po http i podglądać tam wideo. Niestety podgląd po rtsp nie działa na żadnej kamerze. Miał ktoś podobny problem?
no może i dobrze jest ustawione bo patrząc z drugiej strony to ruch idzie przez adres VPN serwera
root@OpenWrt:~# traceroute 192.168.1.5
traceroute to 192.168.1.5 (192.168.1.5), 30 hops max, 38 byte packets
1 10.8.0.1 (10.8.0.1) 172.364 ms 57.334 ms 58.756 ms
2 192.168.1.5 (192.168.1.5) 157.887 ms 88.049 ms 29.747 ms
Niestety nie
a ten routing na serwerze jest dobrze? Ruch powinien iść przez gateway adres VPN klienta ? nie przez 10.8.0.1?
admin@RT-AX56U-9240:/tmp/home/root# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default ipv4-80-68-233- 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun21
80.68.233.0 * 255.255.255.128 U 0 0 0 eth0
80.68.233.1 * 255.255.255.255 UH 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
188.121.31.151 ipv4-80-68-233- 255.255.255.255 UGH 1 0 0 eth0
188.121.31.201 ipv4-80-68-233- 255.255.255.255 UGH 1 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.10.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun21
239.0.0.0 * 255.0.0.0 U 0 0 0 br0
Usunąłem z pliku config, ale powróciła po restarcie routera.
Nie jestem pewny jak to wywalić, w GUI nie ma tej opcji
admin@RT-AX56U-9240:/tmp/home/root# ping 10.8.0.2
PING 10.8.0.2 (10.8.0.2): 56 data bytes
64 bytes from 10.8.0.2: seq=0 ttl=64 time=57.823 ms
64 bytes from 10.8.0.2: seq=1 ttl=64 time=50.341 ms
Usunę:
client-config-dir /jffs/configs/openvpn/ccd1/
Jaką drugą sekcje masz na mysli?
Aha, pewnie te sample_server i sample_client, jeśli tak to już są usunięte.
Ta opcja "client-config-dir ccd" jest jakos domyślna, usunąłem ją z configa, ale po restarcie powróciła
dmin@RT-AX56U-9240:/tmp/home/root# cat //tmp/etc/openvpn/server1/config.ovpn
daemon ovpn-server1
topology subnet
server 10.8.0.0 255.255.255.0
proto tcp4
port 1194
dev tun21
txqueuelen 1000
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
data-ciphers-fallback AES-128-CBC
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
[color=#FF0000]client-config-dir ccd[/color]
client-to-client
ca ca.crt
dh dh.pem
cert server.crt
key server.key
script-security 2
up 'ovpn-up 1 server'
down 'ovpn-down 1 server'
status-version 2
status status 5
# Custom Configuration
reneg-sec 432000
push "route 192.168.10.0 255.255.255.0"
client-config-dir /jffs/configs/openvpn/ccd1/
route 192.168.10.0 255.255.255.0
Oba pliki zawieraja to samo:
admin@RT-AX56U-9240:/tmp/home/root# find / |grep ccd
/tmp/etc/openvpn/server1/ccd
/tmp/etc/openvpn/server1/ccd/Remote1
/jffs/nvram/vpn_server1_ccd_val
/jffs/nvram/vpn_server2_ccd_val
/jffs/nvram/vpn_server_ccd_val
/jffs/configs/openvpn/ccd1
/jffs/configs/openvpn/ccd1/Remote1
admin@RT-AX56U-9240:/tmp/home/root# cat /tmp/etc/openvpn/server1/ccd/Remote1
iroute 192.168.10.0 255.255.255.0
admin@RT-AX56U-9240:/tmp/home/root# cat /jffs/configs/openvpn/ccd1/Remote1
iroute 192.168.10.0 255.255.255.0
root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fdbb:3737:bf9b::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth1.1'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.10.1'
network.wan=interface
network.wan.ifname='eth0'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.ifname='eth0'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 5t'
network.vpn=interface
network.vpn.ifname='tun0'
network.vpn.proto='none'
Aha, zapomniałem dodać ze router klient stoi za routerem GSM, nie wiem czy to ma jakieś znaczenie.
Założyłem że skoro mogę się po VPN połączyć do routera klient to nie przeszkadza.
Kurcze, na moje oko jest poprawnie..
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'vpn'
option masq '1'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config forwarding
option src 'vpn'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'vpn'
konfig openvpn z serwera
admin@RT-AX56U-9240:/tmp/home/root# cat /tmp/etc/openvpn/server1/config.ovpn
daemon ovpn-server1
topology subnet
server 10.8.0.0 255.255.255.0
proto tcp4
port 1194
dev tun21
txqueuelen 1000
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
data-ciphers-fallback AES-128-CBC
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
client-config-dir ccd
client-to-client
ca ca.crt
dh dh.pem
cert server.crt
key server.key
script-security 2
up 'ovpn-up 1 server'
down 'ovpn-down 1 server'
status-version 2
status status 5
# Custom Configuration
reneg-sec 432000
push "route 192.168.10.0 255.255.255.0"
client-config-dir /jffs/configs/openvpn/ccd1/
admin@RT-AX56U-9240:/tmp/home/root# cat /jffs/configs/openvpn/ccd1/Remote1
iroute 192.168.10.0 255.255.255.0
routing na serwerze
admin@RT-AX56U-9240:/tmp/home/root# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default ipv4-80-68-233- 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun21
80.68.233.0 * 255.255.255.128 U 0 0 0 eth0
80.68.233.1 * 255.255.255.255 UH 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
188.121.31.151 ipv4-80-68-233- 255.255.255.255 UGH 1 0 0 eth0
188.121.31.201 ipv4-80-68-233- 255.255.255.255 UGH 1 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.10.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun21
239.0.0.0 * 255.0.0.0 U 0 0 0 br0
konfig openvpn z klienta
root@OpenWrt:~# cat /etc/config/openvpn
config openvpn 'custom_config'
option config '/etc/openvpn/my-vpn.conf'
config openvpn 'sample_server'
option port '1194'
option proto 'udp'
option dev 'tun'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/server.crt'
option key '/etc/openvpn/server.key'
option dh '/etc/openvpn/dh1024.pem'
option server '10.8.0.0 255.255.255.0'
option ifconfig_pool_persist '/tmp/ipp.txt'
option keepalive '10 120'
option compress 'lzo'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option status '/tmp/openvpn-status.log'
option verb '3'
config openvpn 'sample_client'
option client '1'
option dev 'tun'
option proto 'udp'
list remote 'my_server_1 1194'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option compress 'lzo'
option verb '3'
config openvpn 'Gotowyplik'
option config '/etc/openvpn/Gotowyplik.ovpn'
option enabled '1'
root@OpenWrt:~# cat /etc/openvpn/Gotowyplik.ovpn
# Config generated by Asuswrt-Merlin 388.2, requires OpenVPN 2.4.0 or newer.
client
dev tun
proto tcp-client
remote 80.68.233.7 1194
resolv-retry infinite
nobind
float
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
keepalive 15 60
remote-cert-tls server
<ca>
...
routing na kliencie
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.2.2 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
192.168.1.0 10.8.0.1 255.255.255.0 UG 500 0 0 tun0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 10.8.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.10.0 * 255.255.255.0 U 0 0 0 br-lan
ifconfig na kliencie
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr 00:0C:42:9E:49:E6
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::20c:42ff:fe9e:49e6/64 Scope:Link
inet6 addr: fdbb:3737:bf9b::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:77925 errors:0 dropped:0 overruns:0 frame:0
TX packets:4329 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6793200 (6.4 MiB) TX bytes:219919 (214.7 KiB)
eth0 Link encap:Ethernet HWaddr 00:0C:42:9E:49:E5
inet addr:192.168.2.101 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fd60:aaef:1cc9:6200:20c:42ff:fe9e:49e5/64 Scope:Global
inet6 addr: fe80::20c:42ff:fe9e:49e5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:152819 errors:0 dropped:0 overruns:0 frame:0
TX packets:160387 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14273345 (13.6 MiB) TX bytes:28167303 (26.8 MiB)
Interrupt:5
eth1 Link encap:Ethernet HWaddr 00:0C:42:9E:49:E6
inet6 addr: fe80::20c:42ff:fe9e:49e6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:77965 errors:0 dropped:0 overruns:0 frame:0
TX packets:4390 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8202057 (7.8 MiB) TX bytes:291959 (285.1 KiB)
Interrupt:4
eth1.1 Link encap:Ethernet HWaddr 00:0C:42:9E:49:E6
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:77925 errors:0 dropped:0 overruns:0 frame:0
TX packets:4329 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6793200 (6.4 MiB) TX bytes:219919 (214.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:808 errors:0 dropped:0 overruns:0 frame:0
TX packets:808 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64945 (63.4 KiB) TX bytes:64945 (63.4 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
inet6 addr: fe80::3144:3a82:2c38:1967/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:113 errors:0 dropped:0 overruns:0 frame:0
TX packets:28463 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:11117 (10.8 KiB) TX bytes:2234264 (2.1 MiB)
wlan0 Link encap:Ethernet HWaddr 00:0C:42:62:ED:38
inet6 addr: fe80::20c:42ff:fe62:ed38/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:531 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:71198 (69.5 KiB)
z klienta ping 192.168.x.x hosta w sieci lan klienta
root@OpenWrt:~# ping 192.168.1.5
PING 192.168.1.5 (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: seq=0 ttl=63 time=105.440 ms
64 bytes from 192.168.1.5: seq=1 ttl=63 time=61.825 ms
64 bytes from 192.168.1.5: seq=2 ttl=63 time=54.494 ms
64 bytes from 192.168.1.5: seq=3 ttl=63 time=54.214 ms
z serwera ping 192.168.x.x hosta w sieci lan klienta
admin@RT-AX56U-9240:/tmp/home/root# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
^C
--- 192.168.10.1 ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss
admin@RT-AX56U-9240:/tmp/home/root# ping 192.168.10.2
PING 192.168.10.2 (192.168.10.2): 56 data bytes
^C
--- 192.168.10.2 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss
admin@RT-AX56U-9240:/tmp/home/root# ping 192.168.10.121
PING 192.168.10.121 (192.168.10.121): 56 data bytes
^C
--- 192.168.10.121 ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss
admin@RT-AX56U-9240:/tmp/home/root# ping 192.168.10.122
PING 192.168.10.122 (192.168.10.122): 56 data bytes
^C
--- 192.168.10.122 ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss
client_to_client ma być włączony? bo to chyba nie ten przypadek
Czy coś jeszcze widać że mam niepoprawnie lub brakuje? Bo niestety nadal nie widzę nic za routerem na działce.
Próbowałem bazować na twoich instrukcjach i dodałem wszystko co wydało mi sie że trzeba.
A tutaj mam dobrze ten gateway?
admin@RT-AX56U-9240:/tmp/home/root# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default ipv4-80-68-233- 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun21
80.68.233.0 * 255.255.255.128 U 0 0 0 eth0
80.68.233.1 * 255.255.255.255 UH 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
188.121.31.151 ipv4-80-68-233- 255.255.255.255 UGH 1 0 0 eth0
188.121.31.201 ipv4-80-68-233- 255.255.255.255 UGH 1 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.10.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun21
239.0.0.0 * 255.0.0.0 U 0 0 0 br0
admin@RT-AX56U-9240:/tmp/home/root# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
^C
--- 192.168.10.1 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=64 time=139.913 ms
64 bytes from 192.168.1.1: seq=1 ttl=64 time=50.813 ms
64 bytes from 192.168.1.1: seq=2 ttl=64 time=58.610 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 50.813/83.112/139.913 ms
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.2.2 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
192.168.1.0 10.8.0.1 255.255.255.0 UG 500 0 0 tun0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 10.8.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.10.0 * 255.255.255.0 U 0 0 0 br-lan
niby sie poprawił.
poprawiełem ten push
admin@RT-AX56U-9240:/tmp/home/root# cat /jffs/configs/openvpn/ccd1/Remote1
iroute 192.168.10.0 255.255.255.0
Pozwolę sobie odświeżyć temat po roku, bo w międzyczasie musiałem zmienić router i tunel przestał mi działać. Niestety zmieniłem router na ASUS RT-AX56U który nie jest wspierany przez OpenWRT i mam małe problemy z przywróceniem tunelu. Na routerzez jest zainstalowane oprogramowanie Merlin, wszsytko klikam w GUI.
Aktualnie jak to u mnie wygląda:
Działka - internet mobilny:
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.2.2 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
192.168.1.0 10.8.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 10.8.0.1 255.255.255.0 UG 500 0 0 tun0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 br-lan
root@OpenWrt:~# cat /etc/config/openvpn
config openvpn 'custom_config'
option config '/etc/openvpn/my-vpn.conf'
config openvpn 'sample_server'
option port '1194'
option proto 'udp'
option dev 'tun'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/server.crt'
option key '/etc/openvpn/server.key'
option dh '/etc/openvpn/dh1024.pem'
option server '10.8.0.0 255.255.255.0'
option ifconfig_pool_persist '/tmp/ipp.txt'
option keepalive '10 120'
option compress 'lzo'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option status '/tmp/openvpn-status.log'
option verb '3'
config openvpn 'sample_client'
option client '1'
option dev 'tun'
option proto 'udp'
list remote 'my_server_1 1194'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option compress 'lzo'
option verb '3'
config openvpn 'Gotowyplik'
option config '/etc/openvpn/Gotowyplik.ovpn'
option enabled '1'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'vpn'
option masq '1'
config forwarding
option src 'vpn'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'vpn'
Dom - stały adres:
admin@RT-AX56U-9240:/# cat tmp/etc/openvpn/server1/config.ovpn
daemon ovpn-server1
topology subnet
server 10.8.0.0 255.255.255.0
proto tcp4
port 1194
dev tun21
txqueuelen 1000
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
data-ciphers-fallback AES-128-CBC
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
duplicate-cn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
script-security 2
up 'ovpn-up 1 server'
down 'ovpn-down 1 server'
status-version 2
status status 5
# Custom Configuration
reneg-sec 432000
push "route 192.168.1.0 255.255.255.0"
client-config-dir /jffs/configs/openvpn/ccd1/
admin@RT-AX56U-9240:/# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default ipv4-80-xxx-xxx- 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun21
80.xxx.xxx.0 * 255.255.255.128 U 0 0 0 eth0
80.xxx.xxx.1 * 255.255.255.255 UH 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
188.121.31.151 ipv4-80-xxx-xxx- 255.255.255.255 UGH 1 0 0 eth0
188.121.31.201 ipv4-80-xxx-xxx- 255.255.255.255 UGH 1 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.10.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun21
239.0.0.0 * 255.0.0.0 U 0 0 0 br0
admin@RT-AX56U-9240:/# ifconfig
archer Link encap:Ethernet HWaddr 00:00:00:00:00:00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6242386 errors:0 dropped:0 overruns:0 frame:0
TX packets:6249429 errors:0 dropped:8 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2480006312 (2.3 GiB) TX bytes:2480392178 (2.3 GiB)
br0 Link encap:Ethernet HWaddr F0:2F:74:B7:92:40
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:2160227 errors:0 dropped:4 overruns:0 frame:0
TX packets:4316758 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1030756268 (983.0 MiB) TX bytes:5756860768 (5.3 GiB)
eth0 Link encap:Ethernet HWaddr F0:2F:74:B7:92:40
inet addr:80.xxx.xxx.7 Bcast:80.xxx.xxx.127 Mask:255.255.255.128
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:4547179 errors:0 dropped:3515 overruns:0 frame:0
TX packets:2089571 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5807703373 (5.4 GiB) TX bytes:1089764728 (1.0 GiB)
eth1 Link encap:Ethernet HWaddr F0:2F:74:B7:92:40
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:899505 errors:0 dropped:538 overruns:0 frame:0
TX packets:1829859 errors:0 dropped:2 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:83976097 (80.0 MiB) TX bytes:1803578089 (1.6 GiB)
eth2 Link encap:Ethernet HWaddr F0:2F:74:B7:92:40
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:886825 errors:0 dropped:24 overruns:0 frame:0
TX packets:672195 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:733623601 (699.6 MiB) TX bytes:52550521 (50.1 MiB)
eth3 Link encap:Ethernet HWaddr F0:2F:74:B7:92:40
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:928320 errors:0 dropped:200 overruns:0 frame:0
TX packets:2551202 errors:0 dropped:1179 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:109034024 (103.9 MiB) TX bytes:3692273204 (3.4 GiB)
eth4 Link encap:Ethernet HWaddr F0:2F:74:B7:92:40
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:3 overruns:0 frame:0
TX packets:41387 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4294967295 (3.9 GiB) TX bytes:6477506 (6.1 MiB)
eth5 Link encap:Ethernet HWaddr F0:2F:74:B7:92:40
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:722172 errors:0 dropped:0 overruns:0 frame:223046
TX packets:236864 errors:641 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:976501259 (931.2 MiB) TX bytes:38697332 (36.9 MiB)
Interrupt:38
eth6 Link encap:Ethernet HWaddr F0:2F:74:B7:92:44
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:87680 errors:0 dropped:0 overruns:0 frame:1845
TX packets:175424 errors:87 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27735687 (26.4 MiB) TX bytes:131901108 (125.7 MiB)
Interrupt:42
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1
RX packets:60201 errors:0 dropped:0 overruns:0 frame:0
TX packets:60201 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12908978 (12.3 MiB) TX bytes:12908978 (12.3 MiB)
lo:0 Link encap:Local Loopback
inet addr:127.0.1.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1
spu_ds_dummy Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
spu_us_dummy Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun21 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:551 errors:0 dropped:0 overruns:0 frame:0
TX packets:931 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:188032 (183.6 KiB) TX bytes:123418 (120.5 KiB)
wl0.1 Link encap:Ethernet HWaddr F0:2F:74:B7:92:41
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:11321 errors:0 dropped:0 overruns:0 frame:223046
TX packets:60786 errors:12 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1350790 (1.2 MiB) TX bytes:13108059 (12.5 MiB)
Połączenie się spina, mogę zalogować się na router na adresie vpnowym, ale nie widzę kompletnie nic za routerem na działece.
Czy macie jakiś pomysł co mam jeszcze zmienić lub dodać?
Cześć,
próbuje podłączyć Brother DCP-B7500D do Archera z luci 22.03 oczywiście edycja Cezara
Czy jest możliwość udostępnić skaner sieciowo ?
Część,
Złota łopata dla mnie za odkopanie tematu, ale mam podobny przykład.
Chcę kupić to urządzenie i podłączyć je do tplinka archer C7. Soft najnowszy na routerze z dystrybucji Cezarego.
Z tego co czytałem to cups już nie jest dostępny
Znalezione posty: 1 do 25 z 212
Strony 1 2 3 … 9 Następna