Temat: Druga instancja openvpn
chcialem do testow zrobic druga instancje...
przy probie polaczenia mam w tcd dumpie:
21:36:28.079980 IP mycomp.lan.52611 > OpenWrt.lan.1195: UDP, length 124
21:36:28.080508 IP mycomp.lan.52611 > OpenWrt.lan.1195: UDP, length 260
21:36:28.180790 IP mycomp.lan.52611 > OpenWrt.lan.1195: UDP, length 124
21:36:28.181227 IP mycomp.lan.52611 > OpenWrt.lan.1195: UDP, length 108
21:36:28.381837 IP mycomp.lan.52611 > OpenWrt.lan.1195: UDP, length 132
21:36:29.132728 IP mycomp.lan.52611 > OpenWrt.lan.1195: UDP, length 132
21:36:29.882506 IP mycomp.lan.52611 > OpenWrt.lan.1195: UDP, length 132cat /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
iptables -t nat -A prerouting_wan -p udp --dport 1195 -j ACCEPT
iptables -A input_wan -p udp --dport 1195 -j ACCEPT
iptables -I OUTPUT -o tap+ -j ACCEPT
iptables -I INPUT -i tap+ -j ACCEPT
iptables -I FORWARD -o tap+ -j ACCEPT
iptables -I FORWARD -i tap+ -j ACCEPT cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan henet'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option _name 'transmission'
option src 'wan'
option target 'ACCEPT'
option proto 'tcp'
option dest_port '5141'
config rule
option _name 'openvpn'
option src 'wan'
option target 'ACCEPT'
option proto 'udp'
option dest_port '1194'
config rule
option _name 'openvpn1195'
option src 'wan'
option target 'ACCEPT'
option proto 'udp'
option dest_port '1195' brctl show
bridge name bridge id STP enabled interfaces
br-lan 8000.0027XXXXXXXX no eth0.1
wlan0
wlan0-1
tap0
tap1cat /etc/config/openvpn
config openvpn 'myvpn-tun'
option enabled '1'
option config '/etc/openvpn/my-vpntun.conf'
config openvpn 'sample_server'
option enabled '0'
option port '1194'
option proto 'udp'
option dev 'tun'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/server.crt'
option key '/etc/openvpn/server.key'
option dh '/etc/openvpn/dh1024.pem'
option server '10.8.0.0 255.255.255.0'
option ifconfig_pool_persist '/tmp/ipp.txt'
option keepalive '10 120'
option comp_lzo '1'
option persist_key '1'
option persist_tun '1'
option status '/tmp/openvpn-status.log'
option verb '3'
config openvpn 'sample_client'
option enabled '0'
option client '1'
option dev 'tun'
option proto 'udp'
list remote 'my_server_1 1194'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option comp_lzo '1'
option verb '3'
config openvpn 'myvpn-tap'
option config '/etc/openvpn/my-vpn.conf'
option enable '1' cat /etc/openvpn/my-vpn.conf
port 1194
proto udp
dev tap0
keepalive 10 120
status /tmp/openvpn-status.log
verb 3 cat /etc/openvpn/my-vpntun.conf
port 1195
proto udp
dev tap1
keepalive 10 120
status /tmp/openvpn-status.log
verb 3nazwa drugiej instancji tun, ale wiem ze jest aktualnie tap, tylko to potem chcialem modyfikowac...
w czym moze byc problem? wyglada tak, jakby firewall blokowal odpowiedz... albo vpn zle ustawiony?
z:
cat /etc/init.d/openvpn-startup
#!/bin/sh /etc/rc.common
START=94
start() {
openvpn --mktun --dev tap0
brctl addif br-lan tap0
ifconfig tap0 0.0.0.0 promisc up
zrobilem z reki ww. polecenia i zmienilem na tap0
Wszystkie posty dotycza: TP-LINK TL-WR1043ND
Za pomoc Cezarego w poscie powyzej i ponizej dziekuje z gory :-)
Za pomoc Cezarego w poscie powyzej i ponizej dziekuje z gory :-)
