mbrainiac
(usa Debian)
Enviado em 15/11/2013 - 15:22h
Estou usando MV no virtualbox em pcs diferentes
1 MV server conectado a vivo speedy
2 MV cliente conectado a 3G vivo
consigo pingar os endereços reais (pegos em meuip.com.br) mas não consigo pingar 10.0.0.1 servidor e 10.0.0.2 cliente dos tuneis virtuais.
Alguém pode me ajudar?
servidor no vivo (speedy)
root@debianPURO:/etc/openvpn# openvpn --config server.conf
Fri Nov 15 14:07:22 2013 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013
Fri Nov 15 14:07:22 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Nov 15 14:07:22 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Nov 15 14:07:22 2013 WARNING: file '/etc/openvpn/keys/servidor.key' is group or others accessible
Fri Nov 15 14:07:22 2013 Control Channel Authentication: using '/etc/openvpn/keys/chave.key' as a OpenVPN static key file
Fri Nov 15 14:07:22 2013 TUN/TAP device tun0 opened
Fri Nov 15 14:07:22 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Nov 15 14:07:22 2013 /sbin/ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2 mtu 1500
Fri Nov 15 14:07:22 2013 UDPv4 link local (bound): [undef]
Fri Nov 15 14:07:22 2013 UDPv4 link remote: [undef]
Fri Nov 15 14:07:22 2013 Initialization Sequence Completed
root@debianPURO:/etc/openvpn# ls
clientfile.conf easy-rsa ipp.txt keys server.conf
root@debianPURO:/etc/openvpn/keys# ls
ca.crt cliente1.crt cliente2.crt dh1024.pem servidor.key
chave.key cliente1.key cliente2.key servidor.crt
Ele pinga o ip real do cliente mas não o do tunel 10.0.0.2
PING 177.213.63.116 (177.213.63.116) 56(84) bytes of data.
64 bytes from 177.213.63.116: icmp_req=1 ttl=54 time=1052 ms
64 bytes from 177.213.63.116: icmp_req=2 ttl=54 time=355 ms
64 bytes from 177.213.63.116: icmp_req=3 ttl=54 time=328 ms
64 bytes from 177.213.63.116: icmp_req=4 ttl=54 time=335 ms
root@debianPURO:/etc/openvpn/keys# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
49 packets transmitted, 0 received, 100% packet loss, time 48003ms
nano /etc/openvpn/server.conf
# /etc/openvpn/server.conf
proto udp
port 22222
dev tun
server 10.0.0.0 255.255.255.0
push "route 10.0.12.15 255.255.255.0"
comp-lzo
keepalive 10 120
persist-key
persist-tun
float
ifconfig-pool-persist /etc/openvpn/ipp.txt
max-clients 10
#shaper 51200
tls-server
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/servidor.crt
key /etc/openvpn/keys/servidor.key
tls-auth /etc/openvpn/keys/chave.key
--script-security 2
**************************************
cliente num 3G
root@debianPURO:/etc/openvpn# ls
ca.crt chave.key cliente1.crt cliente1.key cliente2.crt cliente2.key clientfile.conf dh1024.pem servidor.crt servidor.key
root@debianPURO:/etc/openvpn# leafpad clientfile.conf
# /etc/openvpn/client.conf
remote 201.26.166.201
proto udp
port 22222
client
pull
dev tun
comp-lzo
keepalive 10 120
persist-key
persist-tun
float
tls-client
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/cliente1.crt
key /etc/openvpn/cliente1.key
tls-auth /etc/openvpn/chave.key
--script-security 2
logs ao conectar:
root@debianPURO:/etc/openvpn# openvpn --config clientfile.conf
Fri Nov 15 15:49:28 2013 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013
Fri Nov 15 15:49:28 2013 WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Fri Nov 15 15:49:28 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Nov 15 15:49:28 2013 WARNING: file '/etc/openvpn/cliente1.key' is group or others accessible
Fri Nov 15 15:49:28 2013 WARNING: file '/etc/openvpn/chave.key' is group or others accessible
Fri Nov 15 15:49:28 2013 Control Channel Authentication: using '/etc/openvpn/chave.key' as a OpenVPN static key file
Fri Nov 15 15:49:28 2013 LZO compression initialized
Fri Nov 15 15:49:28 2013 UDPv4 link local (bound): [undef]
Fri Nov 15 15:49:28 2013 UDPv4 link remote: [AF_INET]201.26.166.201:22222
pinga o servidor
root@debianPURO:/home/jga# ping 201.26.166.201
PING 201.26.166.201 (201.26.166.201) 56(84) bytes of data.
64 bytes from 201.26.166.201: icmp_req=1 ttl=63 time=104 ms
64 bytes from 201.26.166.201: icmp_req=3 ttl=63 time=264 ms
64 bytes from 201.26.166.201: icmp_req=2 ttl=63 time=1276 ms
64 bytes from 201.26.166.201: icmp_req=4 ttl=63 time=112 ms
64 bytes from 201.26.166.201: icmp_req=5 ttl=63 time=104 ms
mas não pinga o endereço do tunel 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
^C^C
--- 10.0.0.1 ping statistics ---
52 packets transmitted, 0 received, 100% packet loss, time 51044ms