26 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

Patrz w logach smile Serwer powinien wysłać ci routing + ew trasę domyślną, która powinna się ustawić.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

27 Odpowiedź przez okos

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

Cienki jestem i nie wiem jak to wszystko czytać......:(
Wklejam logi klienta i serwera:


klient:

Tue Sep 27 14:20:08 2016 daemon.notice openvpn(custom_config)[7686]: UDPv4 link local: [undef]
Tue Sep 27 14:20:08 2016 daemon.notice openvpn(custom_config)[7686]: UDPv4 link remote: [AF_INET]217.61.1.233:12000
Tue Sep 27 14:20:08 2016 daemon.notice openvpn(custom_config)[7686]: VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Tue Sep 27 14:20:08 2016 daemon.notice openvpn(custom_config)[7686]: VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Tue Sep 27 14:20:09 2016 daemon.notice openvpn(custom_config)[7686]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 27 14:20:09 2016 daemon.notice openvpn(custom_config)[7686]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 27 14:20:09 2016 daemon.notice openvpn(custom_config)[7686]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 27 14:20:09 2016 daemon.notice openvpn(custom_config)[7686]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 27 14:20:09 2016 daemon.notice openvpn(custom_config)[7686]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Sep 27 14:20:09 2016 daemon.notice openvpn(custom_config)[7686]: [server] Peer Connection Initiated with [AF_INET]217.61.1.233:12000
Tue Sep 27 14:20:11 2016 daemon.notice openvpn(custom_config)[7686]: TUN/TAP device tun0 opened
Tue Sep 27 14:20:11 2016 daemon.notice openvpn(custom_config)[7686]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Sep 27 14:20:11 2016 daemon.notice openvpn(custom_config)[7686]: /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Tue Sep 27 14:20:11 2016 daemon.notice netifd: Interface 'vpn' is enabled
Tue Sep 27 14:20:11 2016 daemon.notice netifd: Network device 'tun0' link is up
Tue Sep 27 14:20:11 2016 daemon.notice netifd: Interface 'vpn' has link connectivity 
Tue Sep 27 14:20:11 2016 daemon.notice netifd: Interface 'vpn' is setting up now
Tue Sep 27 14:20:11 2016 daemon.notice netifd: Interface 'vpn' is now up
Tue Sep 27 14:20:11 2016 daemon.notice openvpn(custom_config)[7686]: Initialization Sequence Completed
Tue Sep 27 14:20:12 2016 user.notice firewall: Reloading firewall due to ifup of vpn (tun0)
Tue Sep 27 14:20:24 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 14:20:24 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 14:20:24 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 14:20:24 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 14:20:24 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 14:20:24 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 14:20:24 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 14:20:25 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Tue Sep 27 14:20:26 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 14:20:26 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 14:20:26 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 14:20:26 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 14:20:26 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 14:20:26 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 14:20:26 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 14:20:26 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: authenticated
Tue Sep 27 14:20:26 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: associated (aid 4)
Tue Sep 27 14:20:26 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 WPA: pairwise key handshake completed (RSN)
Tue Sep 27 14:20:26 2016 daemon.info dnsmasq-dhcp[4696]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:87:c2 
Tue Sep 27 14:20:26 2016 daemon.info dnsmasq-dhcp[4696]: DHCPOFFER(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 
Tue Sep 27 14:20:27 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Tue Sep 27 14:20:28 2016 daemon.info dnsmasq-dhcp[4696]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:87:c2 
Tue Sep 27 14:20:28 2016 daemon.info dnsmasq-dhcp[4696]: DHCPOFFER(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 
Tue Sep 27 14:20:28 2016 daemon.info dnsmasq-dhcp[4696]: DHCPREQUEST(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 
Tue Sep 27 14:20:28 2016 daemon.info dnsmasq-dhcp[4696]: DHCPACK(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 ESP_1C87C2
Tue Sep 27 14:20:28 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: authenticated
Tue Sep 27 14:20:28 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: associated (aid 3)
Tue Sep 27 14:20:28 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb WPA: pairwise key handshake completed (RSN)
Tue Sep 27 14:20:28 2016 daemon.info dnsmasq-dhcp[4696]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:26:cb 
Tue Sep 27 14:20:28 2016 daemon.info dnsmasq-dhcp[4696]: DHCPOFFER(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 14:20:30 2016 daemon.info dnsmasq-dhcp[4696]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:26:cb 
Tue Sep 27 14:20:30 2016 daemon.info dnsmasq-dhcp[4696]: DHCPOFFER(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 14:20:30 2016 daemon.info dnsmasq-dhcp[4696]: DHCPREQUEST(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 14:20:30 2016 daemon.info dnsmasq-dhcp[4696]: DHCPACK(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb ESP_1C26CB
Success


serwer:


                                                                                                        498023/486K              100%
Tue Sep 27 08:19:33 2016 moi_adres_ip:46169 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 27 08:19:33 2016 moi_adres_ip:46169 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block
 size.
Tue Sep 27 08:19:33 2016 moi_adres_ip:46169 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 27 08:19:33 2016 moi_adres_ip:46169 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 27 08:19:33 2016 moi_adres_ip:46169 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block
 size.
Tue Sep 27 08:19:33 2016 moi_adres_ip:46169 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 27 08:19:33 2016 moi_adres_ip:46169 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Sep 27 08:19:33 2016 moi_adres_ip:46169 [client] Peer Connection Initiated with [AF_INET]moi_adres_ip:46169
Tue Sep 27 08:19:33 2016 MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --du
plicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Tue Sep 27 08:19:33 2016 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Sep 27 08:19:33 2016 MULTI: Learn: 10.8.0.6 -> client/moi_adres_ip:46169
Tue Sep 27 08:19:33 2016 MULTI: primary virtual IP for client/moi_adres_ip:46169: 10.8.0.6
Tue Sep 27 08:19:36 2016 client/moi_adres_ip:46169 PUSH: Received control message: 'PUSH_REQUEST'
Tue Sep 27 08:19:36 2016 client/moi_adres_ip:46169 send_push_reply(): safe_cap=940
Tue Sep 27 08:19:36 2016 client/moi_adres_ip:46169 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option
 DNS 8.8.4.4,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Tue Sep 27 08:20:08 2016 moi_adres_ip:58340 TLS: Initial packet from [AF_INET]moi_adres_ip:58340, sid=825081ec 377d7cc0
Tue Sep 27 08:20:09 2016 moi_adres_ip:58340 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, n
ame=server, emailAddress=me@myhost.mydomain
Tue Sep 27 08:20:09 2016 moi_adres_ip:58340 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client, name=serve
r, emailAddress=me@myhost.mydomain
Tue Sep 27 08:20:09 2016 moi_adres_ip:58340 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 27 08:20:09 2016 moi_adres_ip:58340 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block
 size.
Tue Sep 27 08:20:09 2016 moi_adres_ip:58340 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 27 08:20:09 2016 moi_adres_ip:58340 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 27 08:20:09 2016 moi_adres_ip:58340 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block
 size.
Tue Sep 27 08:20:09 2016 moi_adres_ip:58340 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 27 08:20:09 2016 moi_adres_ip:58340 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Sep 27 08:20:09 2016 moi_adres_ip:58340 [client] Peer Connection Initiated with [AF_INET]moi_adres_ip:58340
Tue Sep 27 08:20:09 2016 MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --du
plicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Tue Sep 27 08:20:09 2016 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Sep 27 08:20:09 2016 MULTI: Learn: 10.8.0.6 -> client/moi_adres_ip:58340
Tue Sep 27 08:20:09 2016 MULTI: primary virtual IP for client/moi_adres_ip:58340: 10.8.0.6
Tue Sep 27 08:20:11 2016 client/moi_adres_ip:58340 PUSH: Received control message: 'PUSH_REQUEST'
Tue Sep 27 08:20:11 2016 client/moi_adres_ip:58340 send_push_reply(): safe_cap=940
Tue Sep 27 08:20:11 2016 client/moi_adres_ip:58340 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option
 DNS 8.8.4.4,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

28 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

W logach klienta powinno być coś typu PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1, itd. u ciebie tego nie ma.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

29 Odpowiedź przez okos

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

Wyłączyłem i ponownie włączyłem usługę ale w logach nic takiego nie ma.
Patrzę na logi w gui...........może lepiej byłoby zerknąć przez ssh tylko gdzie tego loga szukać bo w var/log  nie bardzo mogłem nic namierzyć ?

30 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

logread je pokaże. To są dokładnie te same co w gui.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

31 Odpowiedź przez okos (edytowany przez okos 2016-09-27 14:25:39)

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

Kilkukrotna próba i nic takiego jak PUSH_REPLY,redirect-gateway def1 nie zauważyłem.


ostatni log klienta:

Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 66.244.95.20#53 for domain geek
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.142.171.235#53 for domain fur
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.211.32.162#53 for domain fur
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 66.244.95.20#53 for domain fur
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.142.171.235#53 for domain free
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.211.32.162#53 for domain free
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 66.244.95.20#53 for domain free
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.142.171.235#53 for domain bbs
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.211.32.162#53 for domain bbs
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 66.244.95.20#53 for domain bbs
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.142.171.235#53 for domain dyn
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.211.32.162#53 for domain dyn
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 66.244.95.20#53 for domain dyn
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.142.171.235#53 for domain parody
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.211.32.162#53 for domain parody
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 66.244.95.20#53 for domain parody
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.142.171.235#53 for domain glue
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 95.211.32.162#53 for domain glue
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 66.244.95.20#53 for domain glue
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 176.58.118.172#53 for domain bit
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 106.187.47.17#53 for domain bit
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 178.32.31.41#53 for domain bit
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using local addresses only for domain lan
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 213.92.190.130#53
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 213.92.190.235#53
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 213.92.190.130#53
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: using nameserver 213.92.190.235#53
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: read /etc/hosts - 12 addresses
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq[8832]: read /tmp/hosts/dhcp - 1 addresses
Tue Sep 27 15:18:46 2016 daemon.info dnsmasq-dhcp[8832]: read /etc/ethers - 9 addresses
Tue Sep 27 15:18:46 2016 daemon.err uhttpd[1702]: arping: interface eth0 not found: No such device
Tue Sep 27 15:18:46 2016 kern.info kernel: [  452.160000] br-lan: port 2(wlan0) entered forwarding state
Tue Sep 27 15:18:47 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: authenticated
Tue Sep 27 15:18:47 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: associated (aid 3)
Tue Sep 27 15:18:47 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 WPA: pairwise key handshake completed (RSN)
Tue Sep 27 15:18:47 2016 daemon.notice openvpn(custom_config)[8920]: OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 21 2016
Tue Sep 27 15:18:47 2016 daemon.notice openvpn(custom_config)[8920]: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.08
Tue Sep 27 15:18:47 2016 daemon.warn openvpn(custom_config)[8920]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Sep 27 15:18:47 2016 daemon.warn openvpn(custom_config)[8920]: WARNING: file '/etc/openvpn/grouter_client_oktcysactimr.key' is group or others accessible
Tue Sep 27 15:18:47 2016 daemon.notice openvpn(custom_config)[8920]: UDPv4 link local: [undef]
Tue Sep 27 15:18:47 2016 daemon.notice openvpn(custom_config)[8920]: UDPv4 link remote: [AF_INET]217.61.1.233:12000
Tue Sep 27 15:18:47 2016 daemon.notice openvpn(custom_config)[8920]: VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Tue Sep 27 15:18:47 2016 daemon.notice openvpn(custom_config)[8920]: VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Tue Sep 27 15:18:47 2016 daemon.info dnsmasq-dhcp[8832]: DHCPDISCOVER(br-lan) 5c:cf:7f:16:ef:83 
Tue Sep 27 15:18:47 2016 daemon.info dnsmasq-dhcp[8832]: DHCPOFFER(br-lan) 192.168.0.161 5c:cf:7f:16:ef:83 
Tue Sep 27 15:18:47 2016 daemon.info dnsmasq-dhcp[8832]: DHCPREQUEST(br-lan) 192.168.0.161 5c:cf:7f:16:ef:83 
Tue Sep 27 15:18:47 2016 daemon.info dnsmasq-dhcp[8832]: DHCPACK(br-lan) 192.168.0.161 5c:cf:7f:16:ef:83 NODEMCU
Tue Sep 27 15:18:48 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: authenticated
Tue Sep 27 15:18:48 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: associated (aid 4)
Tue Sep 27 15:18:48 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb WPA: pairwise key handshake completed (RSN)
Tue Sep 27 15:18:48 2016 daemon.info dnsmasq-dhcp[8832]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:18:48 2016 daemon.info dnsmasq-dhcp[8832]: DHCPOFFER(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:18:49 2016 daemon.notice openvpn(custom_config)[8920]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 27 15:18:49 2016 daemon.notice openvpn(custom_config)[8920]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 27 15:18:49 2016 daemon.notice openvpn(custom_config)[8920]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 27 15:18:49 2016 daemon.notice openvpn(custom_config)[8920]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 27 15:18:49 2016 daemon.notice openvpn(custom_config)[8920]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Sep 27 15:18:49 2016 daemon.notice openvpn(custom_config)[8920]: [server] Peer Connection Initiated with [AF_INET]217.61.1.233:12000
Tue Sep 27 15:18:49 2016 daemon.info dnsmasq-dhcp[8832]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:87:c2 
Tue Sep 27 15:18:49 2016 daemon.info dnsmasq-dhcp[8832]: DHCPOFFER(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 
Tue Sep 27 15:18:49 2016 daemon.info dnsmasq-dhcp[8832]: DHCPREQUEST(br-lan) 192.168.0.103 00:23:4e:21:ae:45 
Tue Sep 27 15:18:49 2016 daemon.info dnsmasq-dhcp[8832]: DHCPACK(br-lan) 192.168.0.103 00:23:4e:21:ae:45 oko-Komputer
Tue Sep 27 15:18:50 2016 daemon.info dnsmasq-dhcp[8832]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:18:50 2016 daemon.info dnsmasq-dhcp[8832]: DHCPOFFER(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:18:50 2016 daemon.info dnsmasq-dhcp[8832]: DHCPREQUEST(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:18:50 2016 daemon.info dnsmasq-dhcp[8832]: DHCPACK(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb ESP_1C26CB
Tue Sep 27 15:18:51 2016 daemon.notice openvpn(custom_config)[8920]: TUN/TAP device tun0 opened
Tue Sep 27 15:18:51 2016 daemon.notice openvpn(custom_config)[8920]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Sep 27 15:18:51 2016 daemon.notice openvpn(custom_config)[8920]: /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Tue Sep 27 15:18:51 2016 daemon.notice netifd: Interface 'vpn' is enabled
Tue Sep 27 15:18:51 2016 daemon.notice netifd: Network device 'tun0' link is up
Tue Sep 27 15:18:51 2016 daemon.notice netifd: Interface 'vpn' has link connectivity 
Tue Sep 27 15:18:51 2016 daemon.notice netifd: Interface 'vpn' is setting up now
Tue Sep 27 15:18:51 2016 daemon.notice netifd: Interface 'vpn' is now up
Tue Sep 27 15:18:51 2016 daemon.notice openvpn(custom_config)[8920]: Initialization Sequence Completed
Tue Sep 27 15:18:53 2016 daemon.info dnsmasq-dhcp[8832]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:87:c2 
Tue Sep 27 15:18:53 2016 daemon.info dnsmasq-dhcp[8832]: DHCPOFFER(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 
Tue Sep 27 15:18:53 2016 daemon.info dnsmasq-dhcp[8832]: DHCPREQUEST(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 
Tue Sep 27 15:18:53 2016 daemon.info dnsmasq-dhcp[8832]: DHCPACK(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 ESP_1C87C2
Tue Sep 27 15:19:12 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:19:12 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:19:12 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:19:12 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:19:12 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:19:12 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:19:12 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:19:13 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Tue Sep 27 15:19:14 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: authenticated
Tue Sep 27 15:19:14 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: associated (aid 4)
Tue Sep 27 15:19:14 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb WPA: pairwise key handshake completed (RSN)
Tue Sep 27 15:19:14 2016 daemon.info dnsmasq-dhcp[8832]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:19:14 2016 daemon.info dnsmasq-dhcp[8832]: DHCPOFFER(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:19:16 2016 daemon.info dnsmasq-dhcp[8832]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:19:16 2016 daemon.info dnsmasq-dhcp[8832]: DHCPOFFER(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:19:16 2016 daemon.info dnsmasq-dhcp[8832]: DHCPREQUEST(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:19:16 2016 daemon.info dnsmasq-dhcp[8832]: DHCPACK(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb ESP_1C26CB
Tue Sep 27 15:19:16 2016 daemon.err uhttpd[1702]: sh: write error: Broken pipe
Tue Sep 27 15:19:16 2016 daemon.err uhttpd[1702]: sh: write error: Broken pipe
Tue Sep 27 15:19:18 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Tue Sep 27 15:19:48 2016 daemon.err openvpn(custom_config)[8920]: event_wait : Interrupted system call (code=4)
Tue Sep 27 15:19:48 2016 daemon.notice openvpn(custom_config)[8920]: Closing TUN/TAP interface
Tue Sep 27 15:19:48 2016 daemon.notice openvpn(custom_config)[8920]: /sbin/ifconfig tun0 0.0.0.0
Tue Sep 27 15:19:48 2016 daemon.notice netifd: Network device 'tun0' link is down
Tue Sep 27 15:19:48 2016 daemon.notice netifd: Interface 'vpn' has link connectivity loss
Tue Sep 27 15:19:48 2016 daemon.notice netifd: Interface 'vpn' is now down
Tue Sep 27 15:19:48 2016 daemon.notice openvpn(custom_config)[8920]: SIGTERM[hard,] received, process exiting
Tue Sep 27 15:19:48 2016 daemon.notice netifd: Interface 'vpn' is disabled
Tue Sep 27 15:19:48 2016 daemon.notice openvpn(custom_config)[10280]: OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 21 2016
Tue Sep 27 15:19:48 2016 daemon.notice openvpn(custom_config)[10280]: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.08
Tue Sep 27 15:19:48 2016 daemon.warn openvpn(custom_config)[10280]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Sep 27 15:19:48 2016 daemon.warn openvpn(custom_config)[10280]: WARNING: file '/etc/openvpn/grouter_client_oktcysactimr.key' is group or others accessible
Tue Sep 27 15:19:48 2016 daemon.notice openvpn(custom_config)[10280]: UDPv4 link local: [undef]
Tue Sep 27 15:19:48 2016 daemon.notice openvpn(custom_config)[10280]: UDPv4 link remote: [AF_INET]217.61.1.233:12000
Tue Sep 27 15:19:48 2016 daemon.notice openvpn(custom_config)[10280]: VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Tue Sep 27 15:19:48 2016 daemon.notice openvpn(custom_config)[10280]: VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Tue Sep 27 15:19:49 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth0.2)
Tue Sep 27 15:19:56 2016 daemon.notice openvpn(custom_config)[10280]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 27 15:19:56 2016 daemon.notice openvpn(custom_config)[10280]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 27 15:19:56 2016 daemon.notice openvpn(custom_config)[10280]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 27 15:19:56 2016 daemon.notice openvpn(custom_config)[10280]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 27 15:19:56 2016 daemon.notice openvpn(custom_config)[10280]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Sep 27 15:19:56 2016 daemon.notice openvpn(custom_config)[10280]: [server] Peer Connection Initiated with [AF_INET]217.61.1.233:12000
Tue Sep 27 15:19:58 2016 daemon.notice netifd: Interface 'vpn' is enabled
Tue Sep 27 15:19:58 2016 daemon.notice netifd: Network device 'tun0' link is up
Tue Sep 27 15:19:58 2016 daemon.notice netifd: Interface 'vpn' has link connectivity 
Tue Sep 27 15:19:58 2016 daemon.notice netifd: Interface 'vpn' is setting up now
Tue Sep 27 15:19:58 2016 daemon.notice openvpn(custom_config)[10280]: TUN/TAP device tun0 opened
Tue Sep 27 15:19:58 2016 daemon.notice openvpn(custom_config)[10280]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Sep 27 15:19:58 2016 daemon.notice openvpn(custom_config)[10280]: /sbin/ifconfig tun0 10.8.0.10 pointopoint 10.8.0.9 mtu 1500
Tue Sep 27 15:19:58 2016 daemon.notice netifd: Interface 'vpn' is now up
Tue Sep 27 15:19:58 2016 daemon.notice openvpn(custom_config)[10280]: Initialization Sequence Completed
Tue Sep 27 15:19:58 2016 user.notice firewall: Reloading firewall due to ifup of vpn (tun0)
Tue Sep 27 15:20:04 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:20:04 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:20:04 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:20:04 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:20:04 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:20:04 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:20:04 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: disassociated
Tue Sep 27 15:20:05 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Tue Sep 27 15:20:06 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: authenticated
Tue Sep 27 15:20:06 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb IEEE 802.11: associated (aid 4)
Tue Sep 27 15:20:06 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:26:cb WPA: pairwise key handshake completed (RSN)
Tue Sep 27 15:20:06 2016 daemon.info dnsmasq-dhcp[8832]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:20:06 2016 daemon.info dnsmasq-dhcp[8832]: DHCPOFFER(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:20:06 2016 daemon.info dnsmasq-dhcp[8832]: DHCPREQUEST(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb 
Tue Sep 27 15:20:06 2016 daemon.info dnsmasq-dhcp[8832]: DHCPACK(br-lan) 192.168.0.163 5c:cf:7f:1c:26:cb ESP_1C26CB
Tue Sep 27 15:20:09 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 15:20:09 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 15:20:09 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 15:20:09 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 15:20:09 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 15:20:09 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 15:20:09 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: disassociated
Tue Sep 27 15:20:10 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Tue Sep 27 15:20:11 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: authenticated
Tue Sep 27 15:20:11 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 IEEE 802.11: associated (aid 3)
Tue Sep 27 15:20:12 2016 daemon.info hostapd: wlan0: STA 5c:cf:7f:1c:87:c2 WPA: pairwise key handshake completed (RSN)
Tue Sep 27 15:20:12 2016 daemon.info dnsmasq-dhcp[8832]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:87:c2 
Tue Sep 27 15:20:12 2016 daemon.info dnsmasq-dhcp[8832]: DHCPOFFER(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 
Tue Sep 27 15:20:14 2016 daemon.info dnsmasq-dhcp[8832]: DHCPDISCOVER(br-lan) 5c:cf:7f:1c:87:c2 
Tue Sep 27 15:20:14 2016 daemon.info dnsmasq-dhcp[8832]: DHCPOFFER(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 
Tue Sep 27 15:20:14 2016 daemon.info dnsmasq-dhcp[8832]: DHCPREQUEST(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 
Tue Sep 27 15:20:14 2016 daemon.info dnsmasq-dhcp[8832]: DHCPACK(br-lan) 192.168.0.162 5c:cf:7f:1c:87:c2 ESP_1C87C2
Success

Jakie dalsze kroki mogę jeszcze wykonać ?

32 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

A pokaż jeszcze wynik polecenia route

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

33 Odpowiedź przez okos

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

route wykonane na routerze:


login as: root
root@192.168.0.1's password:


BusyBox v1.23.2 (2016-04-14 06:49:58 CEST) built-in shell (ash)


             _____                             _
            |  __ \                           | |
            | |  \/ __ _ _ __ __ _  ___  _   _| | ___
            | | __ / _` | '__/ _` |/ _ \| | | | |/ _ \
            | |_\ \ (_| | | | (_| | (_) | |_| | |  __/
             \____/\__,_|_|  \__, |\___/ \__, |_|\___|
                              __/ |       __/ |
                             |___/       |___/


 ----------------------------------------------------------------
 | Machine: TP-Link TL-WDR3600 v1                               |
 | Uptime: 0d, 00:23:22                                         |
 | Load: 0.06 0.12 0.16                                         |
 | Flash: total: 5.2GB, free: 4.9GB, used: 0%                   |
 | Memory: total: 123.1MB, free: 103.2MB, used: 16%             |
 | WAN: 192.168.1.10, proto: static                             |
 | LAN: 192.168.0.1                                             |
 | radio0: mode: ap, ssid: GAMBI, channel: 10, conn: 4          |
 ----------------------------------------------------------------
root@Gargoyle:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.8.0.9        128.0.0.0       UG    0      0        0 tun0
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0.2
10.8.0.1        10.8.0.9        255.255.255.255 UGH   0      0        0 tun0
10.8.0.9        *               255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.8.0.9        128.0.0.0       UG    0      0        0 tun0
192.168.0.0     *               255.255.255.0   U     0      0        0 br-lan
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0.2
217.61.1.233    192.168.1.1     255.255.255.255 UGH   0      0        0 eth0.2
root@Gargoyle:~#

34 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

Ale masz trasę domyślną przez openvpn puszczoną...

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

35 Odpowiedź przez okos (edytowany przez okos 2016-09-27 14:55:49)

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

Chyba zadziałało po dodaniu dns-ów googla obok moich smile
Teraz jeszcze jedno......a co......... jak pytać to do wyczerpania pytań albo cierpliwości Cezarego wink
W jaki sposób puścić tylko jednego klienta ( np:192.168.0.150 ), który jest podłączony do routera przez tunel a resztę normalnie ?

36 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

Wtedy nie robisz trasy domyślnej i robisz takie coś: http://eko.one.pl/?p=openwrt-routing

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

37 Odpowiedź przez okos

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

Łoooooo, to będzie lektura na dzisiejszą noc.
Na tą chwile dziękuje za pomoc mistrzu.
Pytania na pewno się jeszcze zrodzą po łyknięciu.......podesłanego "wykorzystania routingu"

38 Odpowiedź przez okos (edytowany przez okos 2016-09-28 18:00:40)

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

Poniżej ifconfig routera

root@Gargoyle:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr C0:4A:00:7A:BA:9C
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8710 errors:0 dropped:39 overruns:0 frame:0
          TX packets:11018 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1895303 (1.8 MiB)  TX bytes:11175017 (10.6 MiB)

eth0      Link encap:Ethernet  HWaddr C0:4A:00:7A:BA:9C
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15264 errors:0 dropped:2 overruns:0 frame:0
          TX packets:13580 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13379270 (12.7 MiB)  TX bytes:7238026 (6.9 MiB)
          Interrupt:4

eth0.1    Link encap:Ethernet  HWaddr C0:4A:00:7A:BA:9C
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4271 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5198 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1353949 (1.2 MiB)  TX bytes:4687110 (4.4 MiB)

eth0.2    Link encap:Ethernet  HWaddr C0:4A:00:7A:BA:9C
          inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:10972 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8382 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11748943 (11.2 MiB)  TX bytes:2496596 (2.3 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1118 (1.0 KiB)  TX bytes:1118 (1.0 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:5661 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3852 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:6217734 (5.9 MiB)  TX bytes:888442 (867.6 KiB)

wlan0     Link encap:Ethernet  HWaddr C0:4A:00:7A:BA:9D
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4573 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6082 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:617906 (603.4 KiB)  TX bytes:6688651 (6.3 MiB)

root@Gargoyle:~#

Próbuje postępować według artykułu podanego przez Cezarego w poprzednim poście  ( fragment "Przekierowanie ruchu z jednego hosta na drugie łącze" ) i mam pytania:
a/ czy pod adres gatewaya podstawic 10.8.0.6 ?
b/ pod fizyczną nazwę interfejsu podstawić tun0 ?

39 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

tak/tak

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

40 Odpowiedź przez okos

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

Niestety ale po takim zabiegu wszystkie urządzenia kierują pakiety przez tun0 a nie jak chciałem tylko jeden o ip: 192.168.0.220

rc.local wygląda tak:

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
ip rule add from 192.168.0.220 table modem
ip route add default via 10.8.0.6 dev tun0 table modem
ip route flush cache
exit 0


etc/iproute2/rt_tables


#
# reserved values
#
255     local
254     main
253     default
256     modem
0       unspec
#
# local
#
#1      inr.ruhep

Wydaje mi się, że prawidłowo/zgodnie z instrukcją wykonane ale całość idzie tunelem

41 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

Bo w openvpn masz zrobioną tak konfigurację że zmienia trasę domyślą żeby wszystko szło przez vpn. Dodałeś route_noexec?

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

42 Odpowiedź przez okos

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

nie dodałem, gdzie to dopisać?

43 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

A było to w poradniku. To opcja openvpn jest.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

44 Odpowiedź przez okos (edytowany przez okos 2016-09-29 12:58:45)

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

W poradniku jest zdanie


"Oznacza to tylko tyle, że drugie łącze nie powinno nadpisać domyślnej trasy (lub może nadpisać, ale wtedy cały domyślny ruch będzie iść właśnie tym łączem, a nie o to chodzi). Dla połączeń komórkowych (3g) oznacza to, że trzeba dodać opcję defaultroute 0, dla tuneli openvpn - route_noexec itd."


Ale gdzie to 

route_noexec

dopisać ?

45 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

W konfigu openvpn. A gdzie go masz? Pewnie w /etc/opnvpn/*.conf, prawda?

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

46 Odpowiedź przez okos (edytowany przez okos 2016-09-29 13:53:31)

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

konfig klienta?

47 Odpowiedź przez okos (edytowany przez okos 2016-09-29 14:10:04)

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

dodałem ten wpis 

route_noexec

do konfigu klienta ale to nie zadziałało, więc zmieniłem na 

route-noexec

i router pokazuje, że jest połączony z serwerem ale trasy wszystkich urządzeń omijają tunel ( nawet ten Pc 192.168.0.220, który miał iść właśnie przez tun0 )

48 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

I tak ma być. A teraz ty masz ręcznie skierować ten 192.168.0.220 przez tunel zgodnie z poradnikiem, właśnie tego tematu dotyczył poradnik.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona

49 Odpowiedź przez okos (edytowany przez okos 2016-09-29 15:02:36)

  • okos
  • Użytkownik
  • Nieaktywny
  • Zarejestrowany: 2014-09-12
  • Posty: 87

Odp: Klient open.vpn na gargoyle

rc.local 

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
ip rule add from 192.168.0.220 table modem
ip route add default via 10.8.0.6 dev tun0 table modem
ip route flush cache
exit 0


etc/iproute2/rt_tables


#
# reserved values
#
255     local
254     main
253     default
256     modem
0       unspec
#
# local
#
#1      inr.ruhep




To zrobiłem już wcześniej ( post 40 )

50 Odpowiedź przez Cezary

  • Skąd: Warszawa
  • Zarejestrowany: 2006-02-25
  • Posty: 116,075

Odp: Klient open.vpn na gargoyle

A teraz jak już masz zestawiony tunel to uruchom ręcznie rc.local jeszcze raz.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Cezary's Strona