FAQ o OpenWrt | Sprzedam różne routery | Oddam

Andrzej0991 · 2015-01-15 22:41:10

Andrzej0991
Użytkownik
Nieaktywny

Zarejestrowany: 2014-11-20
Posty: 93

Temat: openVPN, brak internetu

Witam
Poatawiłem sobie serwer openVPN na vps (debian). Gargoyle ustawiony jako klient. Po połączeniu gargoyle > serwer, nie mam internetu na moim komputerze.
Status OpenVPN: Uruchomiony, połączony, IP: 10.8.0.6
Logi z gargoyle:

Jan 15 22:32:11 Gargoyle daemon.notice openvpn(custom_config)[6395]: /sbin/ifconfig tun0 0.0.0.0
Jan 15 22:32:11 Gargoyle daemon.warn openvpn(custom_config)[6395]: Linux ip addr del failed: external program exited with error status: 1
Jan 15 22:32:11 Gargoyle daemon.notice openvpn(custom_config)[6395]: /etc/openvpn.down tun0 1500 1561 10.8.0.6 10.8.0.5 init
Jan 15 22:32:11 Gargoyle daemon.notice netifd: Interface 'vpn' is now down
Jan 15 22:32:11 Gargoyle user.notice nobody: openvpn down script called
Jan 15 22:32:12 Gargoyle daemon.notice openvpn(custom_config)[6395]: SIGTERM[hard,] received, process exiting
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: OpenVPN 2.2.2 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Jul  9 2013
Jan 15 22:32:14 Gargoyle daemon.warn openvpn(custom_config)[6842]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 15 22:32:14 Gargoyle daemon.warn openvpn(custom_config)[6842]: WARNING: file '/etc/openvpn/grouter_client_nldylbniyewg.key' is group or others accessible
Jan 15 22:32:14 Gargoyle daemon.warn openvpn(custom_config)[6842]: WARNING: file '/etc/openvpn/grouter_client_nldylbniyewg_ta.key' is group or others accessible
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: Control Channel Authentication: using '/etc/openvpn/grouter_client_nldylbniyewg_ta.key' as a OpenVPN static key file
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: Control Channel MTU parms [ L:1561 D:166 EF:66 EB:0 ET:0 EL:0 ]
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: Socket Buffers: R=[163840->131072] S=[163840->131072]
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:4 ET:0 EL:0 ]
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: Fragmentation MTU parms [ L:1561 D:1000 EF:61 EB:4 ET:0 EL:0 ]
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: UDPv4 link local: [undef]
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: UDPv4 link remote: 188.116.19.112:1194
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: TLS: Initial packet from 188.116.19.112:1194, sid=e6a56099 a8eeb15a
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: VERIFY OK: depth=1, /C=PL/ST=Kujawy/L=Chuby/O=T/OU=bartek/CN=bartek/name=bartek/emailAddress=mail@host.domain
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: VERIFY OK: nsCertType=SERVER
Jan 15 22:32:14 Gargoyle daemon.notice openvpn(custom_config)[6842]: VERIFY OK: depth=0, /C=PL/ST=Kujawy/L=Chuby/O=T/OU=bartek/CN=frydolin/name=bartek/emailAddress=mail@host.domain
Jan 15 22:32:15 Gargoyle daemon.notice openvpn(custom_config)[6842]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 15 22:32:15 Gargoyle daemon.notice openvpn(custom_config)[6842]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 15 22:32:15 Gargoyle daemon.notice openvpn(custom_config)[6842]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 15 22:32:15 Gargoyle daemon.notice openvpn(custom_config)[6842]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 15 22:32:15 Gargoyle daemon.notice openvpn(custom_config)[6842]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 15 22:32:15 Gargoyle daemon.notice openvpn(custom_config)[6842]: [frydolin] Peer Connection Initiated with 188.116.19.112:1194
Jan 15 22:32:17 Gargoyle daemon.notice openvpn(custom_config)[6842]: SENT CONTROL [frydolin]: 'PUSH_REQUEST' (status=1)
Jan 15 22:32:17 Gargoyle daemon.notice openvpn(custom_config)[6842]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Jan 15 22:32:17 Gargoyle daemon.notice openvpn(custom_config)[6842]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 15 22:32:17 Gargoyle daemon.notice openvpn(custom_config)[6842]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 15 22:32:17 Gargoyle daemon.notice openvpn(custom_config)[6842]: OPTIONS IMPORT: route options modified
Jan 15 22:32:17 Gargoyle daemon.notice openvpn(custom_config)[6842]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jan 15 22:32:17 Gargoyle daemon.notice openvpn(custom_config)[6842]: TUN/TAP device tun0 opened
Jan 15 22:32:17 Gargoyle daemon.notice openvpn(custom_config)[6842]: TUN/TAP TX queue length set to 100
Jan 15 22:32:17 Gargoyle daemon.notice openvpn(custom_config)[6842]: /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Jan 15 22:32:17 Gargoyle daemon.notice netifd: Interface 'vpn' is now up
Jan 15 22:32:17 Gargoyle daemon.notice openvpn(custom_config)[6842]: /etc/openvpn.up tun0 1500 1561 10.8.0.6 10.8.0.5 init
Jan 15 22:32:17 Gargoyle user.notice root: openvpn up script called
Jan 15 22:32:26 Gargoyle user.notice firewall: Reloading firewall due to ifup of vpn (tun0)
Jan 15 22:32:27 Gargoyle user.notice firewall: Reloading firewall due to ifup of wan (eth1)
Jan 15 22:32:31 Gargoyle daemon.notice openvpn(custom_config)[6842]: /sbin/route add -net 188.116.19.112 netmask 255.255.255.255 gw 192.168.8.1
Jan 15 22:32:31 Gargoyle daemon.warn openvpn(custom_config)[6842]: ERROR: Linux route add command failed: external program exited with error status: 1
Jan 15 22:32:31 Gargoyle daemon.notice openvpn(custom_config)[6842]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Jan 15 22:32:31 Gargoyle daemon.notice openvpn(custom_config)[6842]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Jan 15 22:32:31 Gargoyle daemon.notice openvpn(custom_config)[6842]: /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Jan 15 22:32:31 Gargoyle daemon.notice openvpn(custom_config)[6842]: GID set to nogroup
Jan 15 22:32:31 Gargoyle daemon.notice openvpn(custom_config)[6842]: UID set to nobody
Jan 15 22:32:31 Gargoyle daemon.notice openvpn(custom_config)[6842]: Initialization Sequence Completed
Jan 15 22:32:36 Gargoyle daemon.err openvpn(custom_config)[6842]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:32:45 Gargoyle daemon.err openvpn(custom_config)[6842]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:32:55 Gargoyle daemon.err openvpn(custom_config)[6842]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:33:05 Gargoyle daemon.err openvpn(custom_config)[6842]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:33:15 Gargoyle daemon.err openvpn(custom_config)[6842]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:33:25 Gargoyle daemon.err openvpn(custom_config)[6842]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:33:35 Gargoyle daemon.err openvpn(custom_config)[6842]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:33:45 Gargoyle daemon.err openvpn(custom_config)[6842]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:33:52 Gargoyle daemon.err openvpn(custom_config)[6842]: event_wait : Interrupted system call (code=4)
Jan 15 22:33:52 Gargoyle daemon.notice openvpn(custom_config)[6842]: TCP/UDP: Closing socket
Jan 15 22:33:52 Gargoyle daemon.notice openvpn(custom_config)[6842]: /sbin/route del -net 10.8.0.1 netmask 255.255.255.255
Jan 15 22:33:52 Gargoyle daemon.warn openvpn(custom_config)[6842]: ERROR: Linux route delete command failed: external program exited with error status: 1
Jan 15 22:33:52 Gargoyle daemon.notice openvpn(custom_config)[6842]: /sbin/route del -net 188.116.19.112 netmask 255.255.255.255
Jan 15 22:33:52 Gargoyle daemon.warn openvpn(custom_config)[6842]: ERROR: Linux route delete command failed: external program exited with error status: 1
Jan 15 22:33:52 Gargoyle daemon.notice openvpn(custom_config)[6842]: /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Jan 15 22:33:52 Gargoyle daemon.warn openvpn(custom_config)[6842]: ERROR: Linux route delete command failed: external program exited with error status: 1
Jan 15 22:33:52 Gargoyle daemon.notice openvpn(custom_config)[6842]: /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Jan 15 22:33:52 Gargoyle daemon.warn openvpn(custom_config)[6842]: ERROR: Linux route delete command failed: external program exited with error status: 1
Jan 15 22:33:52 Gargoyle daemon.notice openvpn(custom_config)[6842]: Closing TUN/TAP interface
Jan 15 22:33:52 Gargoyle daemon.notice openvpn(custom_config)[6842]: /sbin/ifconfig tun0 0.0.0.0
Jan 15 22:33:52 Gargoyle daemon.warn openvpn(custom_config)[6842]: Linux ip addr del failed: external program exited with error status: 1
Jan 15 22:33:52 Gargoyle daemon.notice openvpn(custom_config)[6842]: /etc/openvpn.down tun0 1500 1561 10.8.0.6 10.8.0.5 init
Jan 15 22:33:52 Gargoyle daemon.notice netifd: Interface 'vpn' is now down
Jan 15 22:33:52 Gargoyle user.notice nobody: openvpn down script called
Jan 15 22:33:52 Gargoyle daemon.notice openvpn(custom_config)[6842]: SIGTERM[hard,] received, process exiting
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: OpenVPN 2.2.2 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Jul  9 2013
Jan 15 22:33:53 Gargoyle daemon.warn openvpn(custom_config)[8509]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 15 22:33:53 Gargoyle daemon.warn openvpn(custom_config)[8509]: WARNING: file '/etc/openvpn/grouter_client_nldylbniyewg.key' is group or others accessible
Jan 15 22:33:53 Gargoyle daemon.warn openvpn(custom_config)[8509]: WARNING: file '/etc/openvpn/grouter_client_nldylbniyewg_ta.key' is group or others accessible
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: Control Channel Authentication: using '/etc/openvpn/grouter_client_nldylbniyewg_ta.key' as a OpenVPN static key file
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: Control Channel MTU parms [ L:1561 D:166 EF:66 EB:0 ET:0 EL:0 ]
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: Socket Buffers: R=[163840->131072] S=[163840->131072]
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:4 ET:0 EL:0 ]
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: Fragmentation MTU parms [ L:1561 D:1000 EF:61 EB:4 ET:0 EL:0 ]
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: UDPv4 link local: [undef]
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: UDPv4 link remote: 188.116.19.112:1194
Jan 15 22:33:53 Gargoyle daemon.notice openvpn(custom_config)[8509]: TLS: Initial packet from 188.116.19.112:1194, sid=9185359d c378fa79
Jan 15 22:33:54 Gargoyle daemon.notice openvpn(custom_config)[8509]: VERIFY OK: depth=1, /C=PL/ST=Kujawy/L=Chuby/O=T/OU=bartek/CN=bartek/name=bartek/emailAddress=mail@host.domain
Jan 15 22:33:54 Gargoyle daemon.notice openvpn(custom_config)[8509]: VERIFY OK: nsCertType=SERVER
Jan 15 22:33:54 Gargoyle daemon.notice openvpn(custom_config)[8509]: VERIFY OK: depth=0, /C=PL/ST=Kujawy/L=Chuby/O=T/OU=bartek/CN=frydolin/name=bartek/emailAddress=mail@host.domain
Jan 15 22:33:56 Gargoyle daemon.notice openvpn(custom_config)[8509]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 15 22:33:56 Gargoyle daemon.notice openvpn(custom_config)[8509]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 15 22:33:56 Gargoyle daemon.notice openvpn(custom_config)[8509]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 15 22:33:56 Gargoyle daemon.notice openvpn(custom_config)[8509]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 15 22:33:56 Gargoyle daemon.notice openvpn(custom_config)[8509]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 15 22:33:56 Gargoyle daemon.notice openvpn(custom_config)[8509]: [frydolin] Peer Connection Initiated with 188.116.19.112:1194
Jan 15 22:33:58 Gargoyle daemon.notice openvpn(custom_config)[8509]: SENT CONTROL [frydolin]: 'PUSH_REQUEST' (status=1)
Jan 15 22:33:58 Gargoyle daemon.notice openvpn(custom_config)[8509]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Jan 15 22:33:58 Gargoyle daemon.notice openvpn(custom_config)[8509]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 15 22:33:58 Gargoyle daemon.notice openvpn(custom_config)[8509]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 15 22:33:58 Gargoyle daemon.notice openvpn(custom_config)[8509]: OPTIONS IMPORT: route options modified
Jan 15 22:33:58 Gargoyle daemon.notice openvpn(custom_config)[8509]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jan 15 22:33:58 Gargoyle daemon.notice openvpn(custom_config)[8509]: TUN/TAP device tun0 opened
Jan 15 22:33:58 Gargoyle daemon.notice netifd: Interface 'vpn' is now up
Jan 15 22:33:58 Gargoyle daemon.notice openvpn(custom_config)[8509]: TUN/TAP TX queue length set to 100
Jan 15 22:33:58 Gargoyle daemon.notice openvpn(custom_config)[8509]: /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Jan 15 22:33:58 Gargoyle daemon.notice openvpn(custom_config)[8509]: /etc/openvpn.up tun0 1500 1561 10.8.0.6 10.8.0.5 init
Jan 15 22:33:58 Gargoyle user.notice root: openvpn up script called
Jan 15 22:33:58 Gargoyle user.notice firewall: Reloading firewall due to ifup of vpn (tun0)
Jan 15 22:34:12 Gargoyle daemon.notice openvpn(custom_config)[8509]: /sbin/route add -net 188.116.19.112 netmask 255.255.255.255 gw 192.168.8.1
Jan 15 22:34:12 Gargoyle daemon.warn openvpn(custom_config)[8509]: ERROR: Linux route add command failed: external program exited with error status: 1
Jan 15 22:34:12 Gargoyle daemon.notice openvpn(custom_config)[8509]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Jan 15 22:34:12 Gargoyle daemon.notice openvpn(custom_config)[8509]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Jan 15 22:34:12 Gargoyle daemon.notice openvpn(custom_config)[8509]: /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Jan 15 22:34:12 Gargoyle daemon.notice openvpn(custom_config)[8509]: GID set to nogroup
Jan 15 22:34:12 Gargoyle daemon.notice openvpn(custom_config)[8509]: UID set to nobody
Jan 15 22:34:12 Gargoyle daemon.notice openvpn(custom_config)[8509]: Initialization Sequence Completed
Jan 15 22:34:16 Gargoyle daemon.err openvpn(custom_config)[8509]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:34:26 Gargoyle daemon.err openvpn(custom_config)[8509]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:34:36 Gargoyle daemon.err openvpn(custom_config)[8509]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Jan 15 22:34:47 Gargoyle daemon.err openvpn(custom_config)[8509]: FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Success

Co jest nie tak? Serwer VPN stawiałem wg. tego poradnika
http://kb.rootbox.com/instalacja-i-konf … t/#install

ifconfig serwera

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:147 errors:0 dropped:0 overruns:0 frame:0
          TX packets:147 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11704 (11.4 KiB)  TX bytes:11704 (11.4 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:14273 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7015 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5304440 (5.0 MiB)  TX bytes:914359 (892.9 KiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:188.116.19.112  P-t-P:188.116.19.112  Bcast:188.116.19.112  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

PS: Wykonałem coś takiego, ten interfejs jest poprawny?

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE

eth0      Link encap:Ethernet  HWaddr C4:6E:1F:47:8A:23
          inet6 addr: fe80::c66e:1fff:fe47:8a23/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45245 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:15104020 (14.4 MiB)
          Interrupt:4

eth0.1    Link encap:Ethernet  HWaddr C4:6E:1F:47:8A:23
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45188 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:14917506 (14.2 MiB)

eth1      Link encap:Ethernet  HWaddr 0C:5B:8F:27:9A:64
          inet addr:192.168.8.100  Bcast:192.168.8.255  Mask:255.255.255.0
          inet6 addr: fe80::e5b:8fff:fe27:9a64/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8480675 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5621862 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:115105861 (109.7 MiB)  TX bytes:1466968108 (1.3 GiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:529 errors:0 dropped:0 overruns:0 frame:0
          TX packets:529 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:44508 (43.4 KiB)  TX bytes:44508 (43.4 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:159 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:8399 (8.2 KiB)

wlan0     Link encap:Ethernet  HWaddr C4:6E:1F:47:8A:24
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1108 errors:0 dropped:0 overruns:0 frame:0
          TX packets:782 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:139878 (136.5 KiB)  TX bytes:254713 (248.7 KiB)

root@Gargoyle:~# ip route show
0.0.0.0/1 via 10.8.0.5 dev tun0
default via 192.168.8.1 dev eth1  proto static
10.8.0.1 via 10.8.0.5 dev tun0
10.8.0.5 dev tun0  proto kernel  scope link  src 10.8.0.6
128.0.0.0/1 via 10.8.0.5 dev tun0
188.116.19.112 via 192.168.8.1 dev eth1
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1
192.168.8.0/24 dev eth1  proto kernel  scope link  src 192.168.8.100

Cezary · 2015-01-16 06:41:08

Cezary
...
Nieaktywny

Skąd: Warszawa
Zarejestrowany: 2006-02-25
Posty: 116,236

Odp: openVPN, brak internetu

Cała trasa jest skierowana przez vpn, więc ok. Zostaje więc konfiguracja serwera i dopuszczenie ruchu internetowego przez vpn. Właściwa konfiguracja serwera i jego firewalla się kłania.

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

Andrzej0991 · 2015-01-16 09:34:30

Andrzej0991
Użytkownik
Nieaktywny

Zarejestrowany: 2014-11-20
Posty: 93

Odp: openVPN, brak internetu

Dzięki za odp.
Próbowałem różnych konfiguracji, nic nie chce przepuścić ruchu z komputera...
cat /etc/iptables.rules

# Generated by iptables-save v1.4.14 on Fri Jan 16 09:29:03 2015
*filter
:INPUT ACCEPT [9:692]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7:980]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.88.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Jan 16 09:29:03 2015
# Generated by iptables-save v1.4.14 on Fri Jan 16 09:29:03 2015
*mangle
:PREROUTING ACCEPT [221:45961]
:INPUT ACCEPT [221:45961]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [121:14552]
:POSTROUTING ACCEPT [121:14552]
COMMIT
# Completed on Fri Jan 16 09:29:03 2015
# Generated by iptables-save v1.4.14 on Fri Jan 16 09:29:03 2015
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.88.0/24 -o venet0 -j SNAT --to-source 188.116.x.x
COMMIT
# Completed on Fri Jan 16 09:29:03 2015

Polecenie route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.88.2    *               255.255.255.255 UH    0      0        0 tun0
192.168.88.0    192.168.88.2    255.255.255.0   UG    0      0        0 tun0
default         *               0.0.0.0         U     0      0        0 venet0

ip route show
192.168.88.2 dev tun0  proto kernel  scope link  src 192.168.88.1
192.168.88.0/24 via 192.168.88.2 dev tun0
default dev venet0  scope link

Mógłbyś prosze napisać mi co jest źle? (albo co jest dobrze...)

garysek · 2015-01-16 18:23:33

garysek
Użytkownik
Nieaktywny

Zarejestrowany: 2012-10-29
Posty: 78

Odp: openVPN, brak internetu

Też mam server openvpn na VPS z Debianem i mogę puścić przez to Internet klientom.
Z tym, że ja używam ufw do konfigurowania reguł.
W /etc/ufw/before.rules dodałem przed *filter:

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.7.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

No i domyślnie w Debianie routing pomiędzy interfejsami jest wyłączony. Ja załatwiłem to odkomentowaniem linijki:

net/ipv4/ip_forward=1

w /etc/ufw/sysctl.conf

Upgreydd · 2015-01-16 19:44:05

Upgreydd
Użytkownik
Nieaktywny

Zarejestrowany: 2014-12-28
Posty: 28

Odp: openVPN, brak internetu

Pokaż konfig serwera

garysek · 2015-01-16 20:15:03

garysek
Użytkownik
Nieaktywny

Zarejestrowany: 2012-10-29
Posty: 78

Odp: openVPN, brak internetu

Upgreydd napisał/a:

Pokaż konfig serwera

Nie wiem czy to do mnie, ale proszę bardzo:

mode                  server
port                  1194
proto                 udp
tls-server
ifconfig              10.7.0.1 255.255.255.0
topology              subnet
client-config-dir     /etc/openvpn/ccd
client-to-client
cipher                BF-CBC
keysize               128
dev                   tun
keepalive             5 15
status                /var/openvpn/current_status
verb                  3
dh                    /etc/openvpn/dh1024.pem
ca                    /etc/openvpn/ca.crt
cert                  /etc/openvpn/server.crt
key                   /etc/openvpn/server.key
tls-auth              /etc/openvpn/ta.key 0
persist-key
persist-tun
comp-lzo
push "topology subnet"
push "route-gateway 10.7.0.1"

wszytkim klientom wysyłam tylko adres w sieci vpn, np.:

ifconfig-push 10.7.0.40 255.255.255.0

a tym, którym chcę udostępnić Internet dodatkowo:

push "redirect-gateway def1"

Upgreydd · 2015-01-16 20:37:01

Upgreydd
Użytkownik
Nieaktywny

Zarejestrowany: 2014-12-28
Posty: 28

Odp: openVPN, brak internetu

Chcialem sprawdzic czy linijka:

push "redirect-gateway def1"

jest u kolegi Andrzeja

FAQ o OpenWrt | Sprzedam różne routery | Oddam

openVPN, brak internetu

Posty: 7

1 Temat przez Andrzej0991 2015-01-15 22:41:10 (edytowany przez Andrzej0991 2015-01-15 22:54:46)

Temat: openVPN, brak internetu

2 Odpowiedź przez Cezary 2015-01-16 06:41:08

Odp: openVPN, brak internetu

3 Odpowiedź przez Andrzej0991 2015-01-16 09:34:30

Odp: openVPN, brak internetu

4 Odpowiedź przez garysek 2015-01-16 18:23:33 (edytowany przez garysek 2015-01-16 20:17:25)

Odp: openVPN, brak internetu

5 Odpowiedź przez Upgreydd 2015-01-16 19:44:05

Odp: openVPN, brak internetu

6 Odpowiedź przez garysek 2015-01-16 20:15:03

Odp: openVPN, brak internetu

7 Odpowiedź przez Upgreydd 2015-01-16 20:37:01

Odp: openVPN, brak internetu

Posty: 7