Nie jesteś zalogowany. Proszę się zalogować lub zarejestrować.
eko.one.pl → Oprogramowanie / Software → OpenVpn a logowanie się zdalne do np HomeAssitant
Strony 1
Zaloguj się lub zarejestruj by napisać odpowiedź
Cześć
Mam problem aby za pomocą OpenVpn zalogować się zdalnie do HA. Jednakże mogę się zalogować do router. Co mam zrobić aby to umożliwić
Więcej danych podaj. W tej chwili to można powiedzieć żebyś zrestartował to się może naprawi.
Konfigi adresacja, logi.
Prawdopodobnie musisz udostepnic swoja siec wewnetrzna zeby była widoczna jak się połączysz z routerem. Taki dodatkowy wpis w tablicy routingu.
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdcd:1f57:72d6::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.0.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr 'xx:xx:xx:'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option mtu '1472'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config switch_vlan
option device 'switch0'
option vlan '52'
option ports '1t 5'
ot@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdcd:1f57:72d6::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.0.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr 'x'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option mtu '1472'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config switch_vlan
option device 'switch0'
option vlan '52'
option ports '1t 5'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'vpn'
option masq '1'
config forwarding
option src 'vpn'
option dest 'wan'
config forwarding
option src 'vpn'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option name 'OpenVPN'
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '1194'
config forwarding
option src 'vpn'
option dest 'lan'
at /etc/config/openvpn
config openvpn 'custom_config'
option enabled '0'
option config '/etc/openvpn/my-vpn.conf'
config openvpn 'sample_server'
option enabled '0'
option port '443'
option proto 'tcp'
option dev 'tun'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/server.crt'
option key '/etc/openvpn/server.key'
option dh '/etc/openvpn/dh1024.pem'
option server '10.8.0.0 255.255.255.0'
option ifconfig_pool_persist '/tmp/ipp.txt'
option keepalive '10 120'
option compress 'lzo'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option status '/tmp/openvpn-status.log'
option verb '3'
config openvpn 'sample_client'
option enabled '0'
option client '1'
option dev 'tun'
option proto 'udp'
list remote 'my_server_1 443'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option compress 'lzo'
option verb '3'
config openvpn 'home'
option enabled '1'
option dev 'tun0'
option port '1194'
option proto 'udp'
option keepalive '10 120'
option log '/tmp/openvpn.log'
option verb '3'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/serwer.crt'
option key '/etc/openvpn/serwer.key'
option server '10.8.0.0 255.255.255.0'
option dh '/etc/openvpn/dh2048.pem'
list push 'route 192.168.0.0 255.255.255.0'
list push 'redirect-gateway def1'
option topology 'subnet'
cat /etc/openvpn.user
#!/bin/sh
#
# This file is interpreted as shell script.
# Put your custom openvpn action here, they will
# be executed with each opevnp event.
#
# $ACTION
# <down> down action is generated after the TUN/TAP device is closed
# <up> up action is generated after the TUN/TAP device is opened
# $INSTANCE Name of the openvpn instance which went up or down
logi z openvpn
połączenie z 192.168.0.1 działa
2024-10-29 20:49:54 iPhoneM/xxxxxxxxxxSENT CONTROL [iPhoneM]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 2,cipher AES-256-GCM' (status=1)
2024-10-29 20:49:54 iPhoneM/37.248.219.115:31010 PUSH: Received control message: 'PUSH_REQUEST'
2024-10-29 20:49:59 read UDPv6 [NO-INFO]: Connection refused (code=146)
2024-10-29 20:49:59 read UDPv6 [NO-INFO]: Connection refused (code=146)
2024-10-29 20:50:07 read UDPv6 [NO-INFO]: Connection refused (code=146)
2024-10-29 20:50:07 read UDPv6 [NO-INFO]: Connection refused (code=146)
2024-10-29 20:50:23 read UDPv6 [NO-INFO]: Connection refused (code=146)
2024-10-29 20:50:23 read UDPv6 [NO-INFO]: Connection refused (code=146)
połączenie 192.168.0.3 nie działa
2024-10-29 20:50:40 192.168.0.196:49892 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-10-29 20:50:40 192.168.0.196:49892 TLS Error: TLS handshake failed
2024-10-29 20:50:40 192.168.0.196:49892 SIGUSR1[soft,tls-error] received, client-instance restarting
Ha ma ustawionego gatewaya?
tego nie wiem mam zrobione ze router nadaje IP dla rpi. jak mam to sprawdzić
Gdzieś pewnie masz jakieś info jaki adres ma ha.
end0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.3 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fdcd:1f57:72d6::617 prefixlen 128 scopeid 0x0<global>
inet6 fdcd:1f57:72d6:0:2f45:431f:e6a:3e16 prefixlen 64 scopeid 0x0<global>
inet6 fe80::d6b4:7c0:ac5e:a1e7 prefixlen 64 scopeid 0x20<link>
ether 2c:cf:67:08:45:b3 txqueuelen 1000 (Ethernet)
RX packets 36321 bytes 11926076 (11.3 MiB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 19940 bytes 5048004 (4.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 106
ip r
Pokaż
ip r
default via 192.168.0.1 dev end0 proto dhcp src 192.168.0.3 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.30.32.0/23 dev hassio proto kernel scope link src 172.30.32.1
192.168.0.0/24 dev end0 proto kernel scope link src 192.168.0.3 metric 100
No to tylko sprawdź czy gui nie ma ograniczeń np. do sieci lan czy innego czegoś co ogranicza dostęp z innego ip.
Nie chcąc tu mocno mieszać, ale może jest szansa ze zrezygnujesz z OpenVpna na rzecz Wireguarda, duzo łatwiej ustawić sobie klienta pod komorkę i zdalnie mieć podgląd w HA?
Strony 1
Zaloguj się lub zarejestruj by napisać odpowiedź
eko.one.pl → Oprogramowanie / Software → OpenVpn a logowanie się zdalne do np HomeAssitant
Forum oparte o PunBB, wspierane przez Informer Technologies, Inc