Odp: Route openvpn subnet
No i zrób teraz ping 192.168.11.x z sieci 192.168.10.x
Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.
Strony Poprzednia 1 2 3
Zaloguj się lub zarejestruj by napisać odpowiedź
Nie jesteś zalogowany. Proszę się zalogować lub zarejestrować.
Route openvpn subnet (Strona 3 z 3)
eko.one.pl → Oprogramowanie / Software → Route openvpn subnet
Posty: 51 do 64 z 64
52 2020-02-06 22:58:55 (edytowany przez l1ght 2020-02-06 23:01:16)
Odp: Route openvpn subnet
Nie działa z .11 do .10 co akurat chcę uzyskać i nie działa z .10 do .11 co chcę mieć. Ruch idzie tak jak napisałem wcześniej.
Odp: Route openvpn subnet
Musi działać. hosty pozwalają na pingowanie w ogóle?
Pokaż wynik iptables -v -L
Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.
Odp: Route openvpn subnet
Tak hosty na pewno pozwalają na pingowanie.
iptables -v -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
216 19462 ACCEPT all -- lo any anywhere anywhere /* !fw3 */
93976 161M input_rule all -- any any anywhere anywhere /* !fw3: Custom input rule chain */
92284 161M ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
17 940 syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
393 37438 zone_lan_input all -- br-lan any anywhere anywhere /* !fw3 */
231 22495 zone_wan_input all -- eth0.2 any anywhere anywhere /* !fw3 */
0 0 zone_vpnout_input all -- br-vpnout any anywhere anywhere /* !fw3 */
969 75244 zone_guest_input all -- br-guest any anywhere anywhere /* !fw3 */
99 4892 zone_nordvpn_input all -- tun0 any anywhere anywhere /* !fw3 */
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8027 1089K forwarding_rule all -- any any anywhere anywhere /* !fw3: Custom forwarding rule chain */
6266 716K FLOWOFFLOAD all -- any any anywhere anywhere /* !fw3: Traffic offloading */ ctstate RELATED,ESTABLISHED FLOWOFFLOAD
6266 716K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
383 33067 zone_lan_forward all -- br-lan any anywhere anywhere /* !fw3 */
0 0 zone_wan_forward all -- eth0.2 any anywhere anywhere /* !fw3 */
8 608 zone_vpnout_forward all -- br-vpnout any anywhere anywhere /* !fw3 */
1370 339K zone_guest_forward all -- br-guest any anywhere anywhere /* !fw3 */
0 0 zone_nordvpn_forward all -- tun0 any anywhere anywhere /* !fw3 */
154 8664 reject all -- any any anywhere anywhere /* !fw3 */
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
216 19462 ACCEPT all -- any lo anywhere anywhere /* !fw3 */
70593 14M output_rule all -- any any anywhere anywhere /* !fw3: Custom output rule chain */
69443 14M ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
38 7656 zone_lan_output all -- any br-lan anywhere anywhere /* !fw3 */
0 0 zone_wan_output all -- any eth0.2 anywhere anywhere /* !fw3 */
0 0 zone_vpnout_output all -- any br-vpnout anywhere anywhere /* !fw3 */
25 6842 zone_guest_output all -- any br-guest anywhere anywhere /* !fw3 */
1087 70047 zone_nordvpn_output all -- any tun0 anywhere anywhere /* !fw3 */
Chain forwarding_guest_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_nordvpn_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_vpnout_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_guest_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_nordvpn_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_vpnout_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_guest_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_nordvpn_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_vpnout_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (9 references)
pkts bytes target prot opt in out source destination
453 23702 REJECT tcp -- any any anywhere anywhere /* !fw3 */ reject-with tcp-reset
328 24714 REJECT all -- any any anywhere anywhere /* !fw3 */ reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
17 940 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
0 0 DROP all -- any any anywhere anywhere /* !fw3 */
Chain zone_guest_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
25 6842 ACCEPT all -- any br-guest anywhere anywhere /* !fw3 */
Chain zone_guest_dest_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any br-guest anywhere anywhere /* !fw3 */
Chain zone_guest_forward (1 references)
pkts bytes target prot opt in out source destination
1370 339K forwarding_guest_rule all -- any any anywhere anywhere /* !fw3: Custom guest forwarding rule chain */
1370 339K zone_nordvpn_dest_ACCEPT all -- any any anywhere anywhere /* !fw3: Zone guest to nordvpn forwarding policy */
338 26268 zone_lan_dest_ACCEPT all -- any any anywhere anywhere /* !fw3: Zone guest to lan forwarding policy */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
154 8664 zone_guest_dest_REJECT all -- any any anywhere anywhere /* !fw3 */
Chain zone_guest_input (1 references)
pkts bytes target prot opt in out source destination
969 75244 input_guest_rule all -- any any anywhere anywhere /* !fw3: Custom guest input rule chain */
31 10340 ACCEPT udp -- any any anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc /* !fw3: Allow DHCP request GUEST */
3 164 ACCEPT tcp -- any any anywhere anywhere tcp dpt:domain /* !fw3: Allow DNS Queries GUEST */
600 39706 ACCEPT udp -- any any anywhere anywhere udp dpt:domain /* !fw3: Allow DNS Queries GUEST */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
335 25034 zone_guest_src_REJECT all -- any any anywhere anywhere /* !fw3 */
Chain zone_guest_output (1 references)
pkts bytes target prot opt in out source destination
25 6842 output_guest_rule all -- any any anywhere anywhere /* !fw3: Custom guest output rule chain */
25 6842 zone_guest_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_guest_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
335 25034 reject all -- br-guest any anywhere anywhere /* !fw3 */
Chain zone_lan_dest_ACCEPT (6 references)
pkts bytes target prot opt in out source destination
222 25260 ACCEPT all -- any br-lan anywhere anywhere /* !fw3 */
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
383 33067 forwarding_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan forwarding rule chain */
383 33067 zone_wan_dest_ACCEPT all -- any any anywhere anywhere /* !fw3: Zone lan to wan forwarding policy */
1 40 zone_guest_dest_ACCEPT all -- any any anywhere anywhere /* !fw3: Zone lan to guest forwarding policy */
1 40 zone_vpnout_dest_ACCEPT all -- any any anywhere anywhere /* !fw3: Zone lan to vpnout forwarding policy */
1 40 zone_nordvpn_dest_ACCEPT all -- any any anywhere anywhere /* !fw3: Zone lan to nordvpn forwarding policy */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_lan_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_lan_input (1 references)
pkts bytes target prot opt in out source destination
393 37438 input_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan input rule chain */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
393 37438 zone_lan_src_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_lan_output (1 references)
pkts bytes target prot opt in out source destination
38 7656 output_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan output rule chain */
38 7656 zone_lan_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_lan_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
393 37438 ACCEPT all -- br-lan any anywhere anywhere ctstate NEW,UNTRACKED /* !fw3 */
Chain zone_nordvpn_dest_ACCEPT (4 references)
pkts bytes target prot opt in out source destination
196 12981 DROP all -- any tun0 anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
1932 371K ACCEPT all -- any tun0 anywhere anywhere /* !fw3 */
Chain zone_nordvpn_dest_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any tun0 anywhere anywhere /* !fw3 */
Chain zone_nordvpn_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_nordvpn_rule all -- any any anywhere anywhere /* !fw3: Custom nordvpn forwarding rule chain */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_nordvpn_dest_REJECT all -- any any anywhere anywhere /* !fw3 */
Chain zone_nordvpn_input (1 references)
pkts bytes target prot opt in out source destination
99 4892 input_nordvpn_rule all -- any any anywhere anywhere /* !fw3: Custom nordvpn input rule chain */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
99 4892 zone_nordvpn_src_REJECT all -- any any anywhere anywhere /* !fw3 */
Chain zone_nordvpn_output (1 references)
pkts bytes target prot opt in out source destination
1087 70047 output_nordvpn_rule all -- any any anywhere anywhere /* !fw3: Custom nordvpn output rule chain */
1087 70047 zone_nordvpn_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_nordvpn_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
99 4892 reject all -- tun0 any anywhere anywhere /* !fw3 */
Chain zone_vpnout_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any br-vpnout anywhere anywhere /* !fw3 */
Chain zone_vpnout_dest_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any br-vpnout anywhere anywhere /* !fw3 */
Chain zone_vpnout_forward (1 references)
pkts bytes target prot opt in out source destination
8 608 forwarding_vpnout_rule all -- any any anywhere anywhere /* !fw3: Custom vpnout forwarding rule chain */
8 608 zone_nordvpn_dest_ACCEPT all -- any any anywhere anywhere /* !fw3: Zone vpnout to nordvpn forwarding policy */
0 0 zone_lan_dest_ACCEPT all -- any any anywhere anywhere /* !fw3: Zone vpnout to lan forwarding policy */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_vpnout_dest_REJECT all -- any any anywhere anywhere /* !fw3 */
Chain zone_vpnout_input (1 references)
pkts bytes target prot opt in out source destination
0 0 input_vpnout_rule all -- any any anywhere anywhere /* !fw3: Custom vpnout input rule chain */
0 0 ACCEPT udp -- any any anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc /* !fw3: Allow DHCP request VPNOUT */
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:domain /* !fw3: Allow DNS Queries VPNOUT */
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:domain /* !fw3: Allow DNS Queries VPNOUT */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
0 0 zone_vpnout_src_REJECT all -- any any anywhere anywhere /* !fw3 */
Chain zone_vpnout_output (1 references)
pkts bytes target prot opt in out source destination
0 0 output_vpnout_rule all -- any any anywhere anywhere /* !fw3: Custom vpnout output rule chain */
0 0 zone_vpnout_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_vpnout_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- br-vpnout any anywhere anywhere /* !fw3 */
Chain zone_wan_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
52 2080 DROP all -- any eth0.2 anywhere anywhere ctstate INVALID /* !fw3: Prevent NAT leakage */
330 30947 ACCEPT all -- any eth0.2 anywhere anywhere /* !fw3 */
Chain zone_wan_dest_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any eth0.2 anywhere anywhere /* !fw3 */
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan forwarding rule chain */
0 0 zone_lan_dest_ACCEPT esp -- any any anywhere anywhere /* !fw3: Allow-IPSec-ESP */
0 0 zone_lan_dest_ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp /* !fw3: Allow-ISAKMP */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port forwards */
0 0 zone_wan_dest_REJECT all -- any any anywhere anywhere /* !fw3 */
Chain zone_wan_input (1 references)
pkts bytes target prot opt in out source destination
231 22495 input_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan input rule chain */
37 12633 ACCEPT udp -- any any anywhere anywhere udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
1 36 ACCEPT icmp -- any any anywhere anywhere icmp echo-request /* !fw3: Allow-Ping */
0 0 ACCEPT igmp -- any any anywhere anywhere /* !fw3: Allow-IGMP */
0 0 ACCEPT all -- any any anywhere anywhere ctstate DNAT /* !fw3: Accept port redirections */
193 9826 zone_wan_src_REJECT all -- any any anywhere anywhere /* !fw3 */
Chain zone_wan_output (1 references)
pkts bytes target prot opt in out source destination
0 0 output_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan output rule chain */
0 0 zone_wan_dest_ACCEPT all -- any any anywhere anywhere /* !fw3 */
Chain zone_wan_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
193 9826 reject all -- eth0.2 any anywhere anywhere /* !fw3 */Odp: Route openvpn subnet
Pakiety się łapią na licznikach. Jesteś pewien tego pingowania?
Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.
56 2020-02-06 23:22:39 (edytowany przez l1ght 2020-02-06 23:25:54)
Odp: Route openvpn subnet
Chodzi Ci o to czy dany host odpowiada na ping adres_hosta ? Jeśli tak, to tak działało to wczoraj/dzisiaj przed moimi zmianami do nordvpn-a. Co to znaczy pakiety łapią się na licznikach?
Odp: Route openvpn subnet
Spójrz na wynik firewalla który podałeś. Liczby na początku linii to liczniki pakietów które złapały się na daną regułkę firewalla. A później odszukaj linię np. guest do lan i zobaczysz że mają wartości większe od zera.
Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.
58 2020-02-07 09:23:58 (edytowany przez l1ght 2020-02-07 10:21:42)
Odp: Route openvpn subnet
A to przypadkiem nie jest zepsuty routing, na tym traceroute, który Ci wysłałem ruch między lan a guest próbuje iść przez 10.200.0.2 i nie bardzo wiem czemu.
No i aktualnie nie mogę pingować hostów.
Odp: Route openvpn subnet
Witaj, wróciłem z ustawieniami z przed
iptables -I FORWARD -j ACCEPT
i ustawiłem poniższe parametry iptables na serwerze OpenVPN.
iptables -A FORWARD -s 192.168.1.0/24 -d 10.10.1.0/24 -j ACCEPT (lan serwera do lanu clienta)
iptables -A FORWARD -s 192.168.1.0/24 -d 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -d 10.10.1.0/24 -j ACCEPTsugerując się Twoimi wskazówkami. Niestety nie pomogło.
Mam założyć osobny wątek?
Cezary napisał/a:
Odblokowałeś forward wszystkiego ze wszystkim. Czyli to kwestia odblokowania firewalla, uszczelnij sobie regułę na określone adresy ip które masz i tyle.
Odp: Route openvpn subnet
iptables -I a nie iptables -A
Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.
Odp: Route openvpn subnet
Cezary napisał/a:
iptables -I a nie iptables -A
niestety tez to nie dział, mogę Cie jeszcze prosić o pomoc?
Odp: Route openvpn subnet
Wróć znów do mojej reguły, jeżeli nadal działa to źle podajesz adresy.
Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.
63 2020-02-10 12:41:55 (edytowany przez l1ght 2020-02-10 13:59:42)
Odp: Route openvpn subnet
OK, u mnie działa.
sieci:
lan (192.168.10.0/24)
guest (192.168.11.0/24)
vpnout (192.168.12.0/24)
forwarding w firewallu
lan -> wan
lan -> vpnout
lan -> guest
vpnout -> lan
vpnout -> vpn
guest -> vpn
Następnie skonfigurowanie odpowiednio configu openvpn aby nie nadpisywał routingu tylko sam dodawał na route-up i czyścił na route-down.
Wszystko śmiga 
Po wywaleniu tun0 sieci które mają iść przez vpn-a nie mają wyjścia na świat o co mi chodziło. Configi podeślę jak wrócę z pracy.
64 2020-02-12 21:20:37 (edytowany przez l1ght 2020-02-12 21:22:16)
Odp: Route openvpn subnet
Obiecane działające configi:
network
#-----------globals-------------------
config globals 'globals'
option ula_prefix 'fdeb:8aa2:48a5::/48'
#-----------interfaces----------------
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.10'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'guest'
option type 'bridge'
option ifname 'eth1.11'
option proto 'static'
option ipaddr '192.168.11.1'
option netmask '255.255.255.0'
config interface 'vpnout'
option type 'bridge'
option ifname 'eth1.12'
option proto 'static'
option ipaddr '192.168.12.1'
option netmask '255.255.255.0'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
#config interface 'nordvpn'
# option proto 'none'
# option ifname 'tun0'
#-------------switch-----------
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
#--------switches_vlan-------------
config switch_vlan
option device 'switch0'
option vlan '10'
option ports '1 2 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'
config switch_vlan
option device 'switch0'
option vlan '11'
option ports '4t 6t'
config switch_vlan
option device 'switch0'
option vlan '12'
option ports '3 4t 6t'firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option flow_offloading '1'
#--------------ZONES----------------
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config zone
option name 'vpnout'
list network 'vpnout'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'DROP'
config zone
option name 'guest'
list network 'guest'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'DROP'
config zone
option name 'nordvpn'
# list network 'nordvpn'
option device 'tun0'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
#--------FORWARDING NETS---------
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'guest'
config forwarding
option src 'lan'
option dest 'vpnout'
config forwarding
option src 'vpnout'
option dest 'lan'
config forwarding
option src 'guest'
option dest 'nordvpn'
config forwarding
option src 'vpnout'
option dest 'nordvpn'
#-----------------DHCP-------------
config rule
option name 'Allow DHCP request GUEST'
option src 'guest'
option src_port '67-68'
option dest_port '67-68'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Allow DNS Queries GUEST'
option src 'guest'
option dest_port '53'
option proto 'tcp udp'
option target 'ACCEPT'
config rule
option name 'Allow DHCP request VPNOUT'
option src 'vpnout'
option src_port '67-68'
option dest_port '67-68'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Allow DNS Queries VPNOUT'
option src 'vpnout'
option dest_port '53'
option proto 'tcp udp'
option target 'ACCEPT'
#--------REST STUFF --------
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'route-up
#!/bin/sh
echo "$dev : $ifconfig_local -> $ifconfig_remote gw: $route_nordvpn_gateway"
/sbin/ip route del 128.0.0.0/1 via ${route_vpn_gateway}
/sbin/ip route del 0.0.0.0/1 via ${route_vpn_gateway}
/sbin/ip rule add from 192.168.11.0/24 table nordvpn
/sbin/ip rule add to 192.168.11.0/24 table nordvpn
/sbin/ip route add table nordvpn default dev ${dev}
/sbin/ip route add 192.168.11.0/24 dev br-guest src 192.168.11.1 table nordvpn
echo "$dev : $ifconfig_local -> $ifconfig_remote gw: $route_nordvpn_gateway"
/sbin/ip route del 128.0.0.0/1 via ${route_vpn_gateway}
/sbin/ip route del 0.0.0.0/1 via ${route_vpn_gateway}
/sbin/ip rule add from 192.168.12.0/24 table nordvpn
/sbin/ip rule add to 192.168.12.0/24 table nordvpn
/sbin/ip route add table nordvpn default dev ${dev}
/sbin/ip route add 192.168.12.0/24 dev br-vpnout src 192.168.12.1 table nordvpn
/sbin/ip route add 192.168.10.0/24 dev br-lan src 192.168.10.1 table nordvpndown
#!/bin/sh
ip route flush table nordvpn
ip rule flush table nordvpnip route show table nordvpn
default dev tun0 scope link
192.168.10.0/24 dev br-lan scope link src 192.168.10.1
192.168.11.0/24 dev br-guest scope link src 192.168.11.1
192.168.12.0/24 dev br-vpnout scope link src 192.168.12.1Posty: 51 do 64 z 64
Strony Poprzednia 1 2 3
Zaloguj się lub zarejestruj by napisać odpowiedź
eko.one.pl → Oprogramowanie / Software → Route openvpn subnet
Forum oparte o PunBB, wspierane przez Informer Technologies, Inc