Temat: OpenVpn - brak dostepu do lan
Mam skonfigurowany openvpn w trybie tun. Dostęp do usług na routerze jest, ale już do żadnego komputera w lan nie. Gdzie mam błąd w konfiguracji?
/etc/config/openvpn
config openvpn 'home'
option enabled '1'
option dev 'tun'
option port '14131'
option proto 'tcp'
option log '/tmp/openvpn.log'
option verb '3'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/serwer.crt'
option key '/etc/openvpn/serwer.key'
option server '10.8.0.0 255.255.255.0'
option dh '/etc/openvpn/dh2048.pem'
list push 'route 172.27.0.0 255.255.0.0'/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 e3272 NeoV'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config rule
option ac_enabled '1'
option src '*'
option dest 'wan'
option extra '--kerneltz'
option proto '0'
option target 'REJECT'
option enabled '1'
option name 'b5330'
option src_mac '04:FE:31:F8:FB:FF'
option start_time '23:00'
option stop_time '23:10'
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'vpn'
option masq '1'
config forwarding
option src 'vpn'
option dest 'wan'
config rule
option name 'OpenVPN'
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '14131'
config forwarding
option src 'vpn'
option dest 'lan'ifconfig
br-lan Link encap:Ethernet HWaddr C0:4A:00:2C:BB:F6
inet addr:172.27.172.27 Bcast:172.27.255.255 Mask:255.255.0.0
inet6 addr: fd6b:e0a6:132e::1/60 Scope:Global
inet6 addr: fe80::c24a:ff:fe2c:bbf6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1182350 errors:0 dropped:0 overruns:0 frame:0
TX packets:754012 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1421191572 (1.3 GiB) TX bytes:188210005 (179.4 MiB)
eth0 Link encap:Ethernet HWaddr C0:4A:00:2C:BB:F6
inet6 addr: fe80::c24a:ff:fe2c:bbf6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1943774 errors:0 dropped:0 overruns:0 frame:0
TX packets:1940883 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1640182972 (1.5 GiB) TX bytes:1635545701 (1.5 GiB)
Interrupt:4
eth0.1 Link encap:Ethernet HWaddr C0:4A:00:2C:BB:F6
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1182421 errors:0 dropped:0 overruns:0 frame:0
TX packets:753777 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1421194838 (1.3 GiB) TX bytes:188187948 (179.4 MiB)
eth0.2 Link encap:Ethernet HWaddr C0:4A:00:2C:BB:F6
inet addr:178.235.179.25 Bcast:178.235.191.255 Mask:255.255.240.0
inet6 addr: fe80::c24a:ff:fe2c:bbf6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:761349 errors:0 dropped:0 overruns:0 frame:0
TX packets:1187101 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:183998906 (175.4 MiB) TX bytes:1439593723 (1.3 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:94 errors:0 dropped:0 overruns:0 frame:0
TX packets:94 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11062 (10.8 KiB) TX bytes:11062 (10.8 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:143 errors:0 dropped:0 overruns:0 frame:0
TX packets:116 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:8167 (7.9 KiB) TX bytes:10578 (10.3 KiB)
wlan0 Link encap:Ethernet HWaddr C0:4A:00:2C:BB:F7
inet6 addr: fe80::c24a:ff:fe2c:bbf7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:713 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:138138 (134.9 KiB)
wlan1 Link encap:Ethernet HWaddr C0:4A:00:2C:BB:F8
inet6 addr: fe80::c24a:ff:fe2c:bbf8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:750 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:143320 (139.9 KiB)