Temat: VPN na OpenWRT 15.05 TP-Link 842ND v1
Witam.
Mam problem z ustawieniem VPN tak, żeby działał prawidłowo. Od 2 dni się męczę bez zadowalającego rezultatu.
Udało mi się wczoraj jakimś cudem mieszając dwa lub trzy tutoriale ale dostęp do VPN był wyłącznie z zewnątrz a na LAN niby IP były ale nie dało się używać.
Co chcę osiągnąć: ustawić serwer VPN na moim routerze i połączyć mostkiem z LANem.
Aktualnie mam konfigurację dokładnie:
https://wiki.openwrt.org/doc/howto/vpn. … penvpn.tap
z różnicą, że dh wygenerowałem sobie na PC i ma 2048 a nie 1024.
Aktualnie działa mi połączenie do VPN z zewnątrz, dostaję IP 192.168.1.220 więc zgodnie z moim życzeniem jest to IP z mojej sieci.
po połączeniu do VPN:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.1.220 P-t-P:192.168.1.220 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.42.129 0.0.0.0 UG 0 0 0 usb0
093105198006.sk 192.168.42.129 255.255.255.255 UGH 0 0 0 usb0
192.168.1.0 * 255.255.255.0 U 0 0 0 tun0
192.168.42.0 * 255.255.255.0 U 1 0 0 usb0Mam ustawione, w systemie, żeby używać VPN tylko dla zasobów tej sieci i tylko na IPv4, bo w przeciwnym przypadku nie działa internet wcale.
ifconfig z routera:
br-lan Link encap:Ethernet HWaddr 64:70:02:9D:BD:4B
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fde5:2566:98b2::1/60 Scope:Global
inet6 addr: fe80::6670:2ff:fe9d:bd4b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4734 errors:0 dropped:0 overruns:0 frame:0
TX packets:5255 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:551730 (538.7 KiB) TX bytes:3899912 (3.7 MiB)
eth0 Link encap:Ethernet HWaddr 64:70:02:9D:BD:4B
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4980 errors:0 dropped:0 overruns:0 frame:0
TX packets:5224 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:656925 (641.5 KiB) TX bytes:3896846 (3.7 MiB)
Interrupt:5
eth1 Link encap:Ethernet HWaddr 64:70:02:9D:BD:4D
inet addr:93.105.198.6 Bcast:93.105.207.255 Mask:255.255.240.0
inet6 addr: fe80::6670:2ff:fe9d:bd4d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6930 errors:0 dropped:0 overruns:0 frame:0
TX packets:4738 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4141701 (3.9 MiB) TX bytes:623919 (609.2 KiB)
Interrupt:4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2290 (2.2 KiB) TX bytes:2290 (2.2 KiB)
tap0 Link encap:Ethernet HWaddr A6:52:4E:CA:74:8E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:269 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:40087 (39.1 KiB)Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 093105192001.sk 0.0.0.0 UG 0 0 0 eth1
93.105.192.0 * 255.255.240.0 U 0 0 0 eth1
93.105.192.1 * 255.255.255.255 UH 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lanw logach pokazuje się, że się połączyłem:
Mon Jul 25 18:13:19 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:34363 TLS: Initial packet from [AF_INET]93.105.192.106:34363, sid=29743a87 0efa2c74
Mon Jul 25 18:13:20 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:34363 VERIFY OK: depth=1, C=PL, ST=Lodzkie, L=Skierniewice, O=Knarf, OU=Dom, CN=Knarf CA, name=EasyRSA, emailAddress=mlegiecki@gmail.com
Mon Jul 25 18:13:20 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:34363 VERIFY OK: depth=0, C=PL, ST=Lodzkie, L=Skierniewice, O=Knarf, OU=Dom, CN=Behoston, name=EasyRSA, emailAddress=mlegiecki@gmail.com
Mon Jul 25 18:13:21 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:34363 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul 25 18:13:21 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:34363 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul 25 18:13:21 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:34363 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul 25 18:13:21 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:34363 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul 25 18:13:21 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:34363 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Jul 25 18:13:21 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:34363 [Behoston] Peer Connection Initiated with [AF_INET]93.105.192.106:34363
Mon Jul 25 18:13:21 2016 daemon.notice openvpn(myvpn)[1686]: Behoston/93.105.192.106:34363 MULTI_sva: pool returned IPv4=192.168.1.220, IPv6=(Not enabled)
Mon Jul 25 18:13:23 2016 daemon.notice openvpn(myvpn)[1686]: Behoston/93.105.192.106:34363 PUSH: Received control message: 'PUSH_REQUEST'
Mon Jul 25 18:13:23 2016 daemon.notice openvpn(myvpn)[1686]: Behoston/93.105.192.106:34363 send_push_reply(): safe_cap=940
Mon Jul 25 18:13:23 2016 daemon.notice openvpn(myvpn)[1686]: Behoston/93.105.192.106:34363 SENT CONTROL [Behoston]: 'PUSH_REPLY,dhcp-option DNS 192.168.1.1,redirect-gateway def1,route-gateway 192.168.1.1,ping 10,ping-restart 120,ifconfig 192.168.1.220 255.255.255.0' (status=1)
Mon Jul 25 18:13:36 2016 kern.notice kernel: [ 73.290000] random: nonblocking pool is initialized
Mon Jul 25 18:14:21 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:38292 TLS: Initial packet from [AF_INET]93.105.192.106:38292, sid=b7dceca9 db2fd129
Mon Jul 25 18:14:22 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:38292 VERIFY OK: depth=1, C=PL, ST=Lodzkie, L=Skierniewice, O=Knarf, OU=Dom, CN=Knarf CA, name=EasyRSA, emailAddress=mlegiecki@gmail.com
Mon Jul 25 18:14:22 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:38292 VERIFY OK: depth=0, C=PL, ST=Lodzkie, L=Skierniewice, O=Knarf, OU=Dom, CN=Behoston, name=EasyRSA, emailAddress=mlegiecki@gmail.com
Mon Jul 25 18:14:23 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:38292 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul 25 18:14:23 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:38292 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul 25 18:14:23 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:38292 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul 25 18:14:23 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:38292 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul 25 18:14:23 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:38292 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Jul 25 18:14:23 2016 daemon.notice openvpn(myvpn)[1686]: 93.105.192.106:38292 [Behoston] Peer Connection Initiated with [AF_INET]93.105.192.106:38292
Mon Jul 25 18:14:23 2016 daemon.notice openvpn(myvpn)[1686]: MULTI: new connection by client 'Behoston' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Mon Jul 25 18:14:23 2016 daemon.notice openvpn(myvpn)[1686]: MULTI_sva: pool returned IPv4=192.168.1.220, IPv6=(Not enabled)
Mon Jul 25 18:14:25 2016 daemon.notice openvpn(myvpn)[1686]: Behoston/93.105.192.106:38292 PUSH: Received control message: 'PUSH_REQUEST'
Mon Jul 25 18:14:25 2016 daemon.notice openvpn(myvpn)[1686]: Behoston/93.105.192.106:38292 send_push_reply(): safe_cap=940
Mon Jul 25 18:14:25 2016 daemon.notice openvpn(myvpn)[1686]: Behoston/93.105.192.106:38292 SENT CONTROL [Behoston]: 'PUSH_REPLY,dhcp-option DNS 192.168.1.1,redirect-gateway def1,route-gateway 192.168.1.1,ping 10,ping-restart 120,ifconfig 192.168.1.220 255.255.255.0' (status=1)Nie mam pojęcia co zrobić bo to już 3 próba, wygląda na jakiś problem po stronie serwera z połączeniem tych tap0 do br-lan (w luci widać, że są połączone eth0, tap0 i wifi)
