Archiv verlassen und diese Seite im Standarddesign anzeigen : OpenVPN Routingproblem?
Hi,
Ich habe einen VPN-Server (DD-WRT 172.18.201.0) und einen Client (auch DD-WRT 172.18.200.0) und das Problem das ich von der Clientseite die Serverseite pingen (erreichen) kann aber nicht von der Serverseite die Clientseite.
Routingtabelle auf Serverseite 172.18.201.0:
Destination Gateway Genmask Flags Metric Ref Use Iface
10.9.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.186.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan1 //DSL-Routernetz auf Serverseite
172.18.200.0 10.9.0.2 255.255.255.0 UG 0 0 0 tun0
172.18.201.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.9.0.0 10.9.0.2 255.255.255.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.186.1 0.0.0.0 UG 0 0 0 vlan1
Routingtabelle auf Clientseite 172.18.200.0:
Destination Gateway Genmask Flags Metric Ref Use Iface
10.9.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
217.0.118.165 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
172.18.200.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
172.18.201.0 10.9.0.5 255.255.255.0 UG 0 0 0 tun0
10.9.0.0 10.9.0.5 255.255.255.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 217.0.118.165 0.0.0.0 UG 0 0 0 ppp0
Config des Servers:
push "route 172.18.201.0 255.255.255.0"
push "route 192.168.186.0 255.255.255.0"
server 10.9.0.0 255.255.255.0
route 172.18.200.0 255.255.255.0
client-to-client
dev tun0
port 443
verb 5
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
Config des Clients:
http://i34.tinypic.com/amabll.jpg
IPtables des Servers:
iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT 1 -p udp --dport 443 -j ACCEPT
iptables -I FORWARD 1 --source 10.9.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
IPtables des Clients:
hier habe ich aktuell keine Eintragungen, habe es aber mit den selben tables wie am Server probiert (hier auskommentiert) weil ich zugegebenermaßen keinen Plan von iptables habe ;-)
#iptables -I FORWARD 1 --source 10.9.0.0/24 -j ACCEPT
#iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
#iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
Also meiner Ansicht nach müssten die Router ja eigentliche passen. Ich nehme mal an es hängt irgendwo bei den IP-Tables oder in der Serverconfig.
Wäre sehr dankbar wenn mir jemand weiterhelfen könnte.
Grüße
Da hätte ich 2 Fragen:
Welche IP pingst du an?
Was sagt
cat /proc/sys/net/ipv4/ip_forward
auf dem Client-PC?
Da hätte ich 2 Fragen:
Welche IP pingst du an?
Was sagt
cat /proc/sys/net/ipv4/ip_forward
auf dem Client-PC?
Ich pinge jeweils die lokale IP der Router (per SSH auf dem Router)
Also Router1 (Server) die 172.18.201.1 (antwort kommt)
Vom Router2 (Client) die 172.18.200.1 (timeout)
ip_forwarding ist beidseitig auf 1
Gut, sieht nicht so falsch aus ;-)
Was sagt
iptables -vnL auf beiden Seiten?
172.18.201.0:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 194.231.229.20 0.0.0.0/0
0 0 ACCEPT 0 -- * * 212.65.2.116 0.0.0.0/0
1102 94169 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
5374 808K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- vlan1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
1027 53404 logaccept tcp -- * * 0.0.0.0/0 172.18.201.1 tcp dpt:80
3 156 logaccept tcp -- * * 0.0.0.0/0 172.18.201.1 tcp dpt:22
0 0 DROP icmp -- vlan1 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
14 896 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 logaccept 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- tun0 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 10.9.0.0/24 0.0.0.0/0
0 0 ACCEPT 47 -- * vlan1 172.18.201.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan1 172.18.201.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 tcpmss match 1461:65535 TCPMSS set 1460
0 0 lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 TRIGGER 0 -- vlan1 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 7380 packets, 1022K bytes)
pkts bytes target prot opt in out source destination
Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination
Chain logaccept (3 references)
pkts bytes target prot opt in out source destination
1030 53560 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset
Chain trigger_out (1 references)
pkts bytes target prot opt in out source destination
172.18.200.0:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 194.231.229.20 0.0.0.0/0
0 0 ACCEPT 0 -- * * 212.65.2.116 0.0.0.0/0
890 79665 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 logaccept tcp -- * * 0.0.0.0/0 172.18.200.1 tcp dpt:80
1 60 logaccept tcp -- * * 0.0.0.0/0 172.18.200.1 tcp dpt:22
0 0 DROP icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
12 768 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 logaccept 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
39 4751 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- tun0 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 10.9.0.0/24 0.0.0.0/0
0 0 ACCEPT 47 -- * ppp0 172.18.200.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * ppp0 172.18.200.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 tcpmss match 1453:65535 TCPMSS set 1452
0 0 lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 TRIGGER 0 -- ppp0 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1020 packets, 85488 bytes)
pkts bytes target prot opt in out source destination
Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination
Chain logaccept (3 references)
pkts bytes target prot opt in out source destination
1 60 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset
Chain trigger_out (1 references)
pkts bytes target prot opt in out source destination
Bin leider immernoch nicht weiter gekommen :( Habe schon mehrfach das ganze neu eingerichtet nach verschiedenen howtos. Leider immer das gleiche Ergebnis.
Powered by vBulletin® Version 4.2.5 Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.