Tema: Re: HELP! OpenVPN
Autorius: Pluss
Data: 2009-01-21 15:25:21
Tiesa, dar truputi praleidau:

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT



Pluss wrote:
> Kas susije su OpenVPN ir Firewall, tai pas mane stai kas:
> 
> $IPTABLES -A ovpn -m state --state INVALID -j DROP
> $IPTABLES -A ovpn -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A ovpn -s AAA.BBB.CCC.DDD -m state --state NEW -j ACCEPT
> $IPTABLES -A ovpn -m limit --limit 10/second -j LOG  --log-level warning 
> --log-prefix "OpenVPN-DROP "
> $IPTABLES -A ovpn -j DROP
> 
> $IPTABLES -A INPUT -d $ExtIP -p UDP --dport 1194 -j ovpn
> $IPTABLES -A INPUT -d $ExtIP -p TCP --dport 1194 -j ovpn
> 
> 
> Dex wrote:
>> apie tai daug raso Faq.
>>
>> Pirmiausiai - ar nuo tavo tun device'o nuimtas firewall'as?
>>
>> Antriausiai - turbut nera nurodytas marsrutas routeryje/ovpn masinoje, 
>> kad priimti ateinancius paketus i 10.8.0.1 (i tai padetu atsakyti ovpn 
>> serverio puses logai, ten turetu matytis loge kazkokia reakcija, kad 
>> pingas ateina.
>> Jei nera nurodytas, o po defaultu tikriausiai kad nera, tai velgi 
>> reikia burti su IPTABLES.
>>
>>
>> Pluss wrote:
>>> "visu pirma, ar tu is namu nupingini i serverio opvn'o ip? (pvz 
>>> standartiskai 10.8.0.1)"
>>>
>>> Deje ne.
>>>
>>>
>>> Dex wrote:
>>>> la,
>>>> visu pirma, ar tu is namu nupingini i serverio opvn'o ip? (pvz 
>>>> standartiskai 10.8.0.1)
>>>>
>>>> kai galesi pinginti is namu i serva ir atgal, beliks padaryti imones 
>>>> kompus pasiekimus.
>>>>
>>>> Tam reikes vieno setingo serverio config faile:
>>>> push "route 192.168.1.0 255.255.255.0", kur 192.168.1.0 - tavo 
>>>> lan'as, tavo atveju 0.0
>>>>
>>>> ir dar reikes nupiesti marsruta, kad is kitu tinklo kompu paketai 
>>>> zinotu, kaip keliauti pas tave. Cia jau marsrutizatoriuje, tavo 
>>>> atveju iptables blablabla turbut
>>>>
>>>> Dex
>>>>
>>>>
>>>> Pluss wrote:
>>>>> Sveiki.
>>>>> Reikia pagalbos su OpenVPN.
>>>>> Imones LAN'as 192.168.0.0 (visi iseina per Gateway 192.168.0.254 
>>>>> (Linux, Debian)). Tarkim as jungiuosi is namu (Point to Point) prie 
>>>>> imones. Susijungti susijungia be problemu, tik as is namu negaliu 
>>>>> pasiekti nei vieno IP (pinginau), o is Gateway namu PC pasiekiu 
>>>>> (192.168.2.6).
>>>>> Reiketu kad klientai galetu pasiekti visus imones PC esancius 
>>>>> 192.168.0.0.
>>>>>
>>>>> Kai ant gw startuoja OpenVPN, susikuria interface tun0:
>>>>> inet addr:192.168.2.1  P-t-P:192.168.2.2  Mask:255.255.255.255
>>>>>
>>>>> O namie:
>>>>> inet addr:192.168.2.6  P-t-P:192.168.2.5  Mask:255.255.255.255
>>>>>
>>>>> Pridedu zemiau Serverio ir kliento konfigus.
>>>>> Jei kas susipazines su OpenVPN, gal kas pagelbetumete?
>>>>>
>>>>>
>>>>> Dekui isanksto.
Samba logNerijus2009-02-11 09:13
SambaNerijus2009-02-11 09:13
SD-MSklwn2009-02-09 22:16
+squid proxylens2009-02-09 22:03
+attrib.exe analogas Fedoros repozitorijuose?saimhe2009-02-09 16:12
+2web serveriaikikas2009-02-09 15:22
Q: Freebsd 6.0FT2009-02-09 11:40
+Mint6klwn2009-02-09 09:28
+Vidinio tinklo upgreidas. Ar suveiks toks sposas...?Levas2009-02-07 15:27
+shutdownaskashkas2009-02-07 15:09
+Programos instaliavimas linuxe (Baltixe)Rimas OK2009-02-06 10:06
Kernel modulio krovimasbertas2009-02-05 18:53
+DHCP temabertas2009-02-05 18:49
+gmail driveTadas Kvedaras2009-02-04 15:53
+Help:del kompiliavimoVirginijus Varnas2009-02-03 21:40
+procesu kontroleGintis2009-01-31 23:23
+TrixBox VOIPPluss2009-01-29 15:00
+Ar verta planuoti IPv6Makauskas Vidas2009-01-29 13:41
+Problemos su MAIL serveriu pakeitus IPcaro2009-01-29 11:04
+pinguknown2009-01-28 14:55
+Intel(R) PRO/Wireless 2200BG, Fedora 10Atlaikes Antanas2009-01-28 14:48
+klaida, ar realybe?ArunasSt2009-01-27 13:32
pan ir failo i¹saugojimasValdas2009-01-23 14:25
+OVPN perdavimo greitisazartas2009-01-22 18:55
+Video konferencijų softasFwd2009-01-22 10:24
reikia pagalbos su logrotateHyperlink2009-01-22 08:54
+IP telefonijabertas2009-01-22 08:49
nu va pagaliau paleidau 3G ZTE-K3565 su LinuxG.S.2009-01-21 12:47
-HELP! OpenVPNPluss2009-01-21 09:33
Re: HELP! OpenVPNMakauskas Vidas2009-01-28 12:00
kxmBYyBHJFrjlxpdjsli2009-09-27 07:48
Re: HELP! OpenVPNbelenkas2009-01-21 18:01
Re: HELP! OpenVPNbelenkas2009-01-21 18:04
Re: HELP! OpenVPNDex2009-01-21 12:50
Re: HELP! OpenVPNPluss2009-01-21 13:34
Re: HELP! OpenVPNDex2009-01-21 14:28
Re: HELP! OpenVPNPluss2009-01-21 15:23
Re: HELP! OpenVPNPluss2009-01-21 15:25
Re: HELP! OpenVPNDex2009-01-26 19:16
Re: HELP! OpenVPNazartas2009-01-21 09:55
Re: HELP! OpenVPNPluss2009-01-21 09:59
Re: HELP! OpenVPNazartas2009-01-21 09:53
Re: HELP! OpenVPNuknown2009-01-21 10:02
Re: HELP! OpenVPNPluss2009-01-21 10:03
Re: HELP! OpenVPNRobertas2009-01-21 09:52
mJrcFDAPYoEmFIzPTDdbtpxyajn2009-09-27 11:04
Re: HELP! OpenVPNPluss2009-01-21 10:02
Re: HELP! OpenVPNRobertas2009-01-21 10:26
Re: HELP! OpenVPNPluss2009-01-21 10:51
Re: HELP! OpenVPNRobertas2009-01-21 12:37
Re: HELP! OpenVPNPluss2009-01-21 13:27
Re: HELP! OpenVPNRobertas2009-01-21 16:16
KvPaGsKmapnLpBPtwSGkslgquergn2009-09-27 07:13
+25 identiškų kompiuterių klasėMykolas OK2009-01-18 20:05
+kuri mailo servisa?tobias2009-01-15 18:41
+USB linuxG.S.2009-01-15 18:10
+pinglingus2009-01-14 22:44
+pafleiminam?Artūras Šlajus2009-01-14 21:26
+spamassasino taisykles reikia.Levas2009-01-12 22:02
+Samba PDCbertas2009-01-12 17:39
+Q: dėl CCNA medžiagosscout <scout[trinti]@eos.lt>2009-01-11 15:19
+reikia uzdrausti XWindows ant Ubuntuso so2009-01-09 17:36
+torrentbertas2009-01-08 12:37
+ICQ susekimasbertas2009-01-08 11:05
+Mistika su routinguArtūras Šlajus2009-01-06 21:58
+samba domenas ir workgroupasMakauskas Vidas2009-01-06 12:55
+TCP Linux'eDomas Mituzas2009-01-05 18:24
+Neišeina pašalinti failoTadas Kvedaras2009-01-05 07:54