Lepr1k
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору [more] [more] [more] [more] Здравствуйте. Необходимо организовать связь между удаленными офисами. Они должны видеть подсети друг друга. Клиент сидит на 192.168.0.0, Сервер 192.168.1.0 Сеть VPN 10.10.0.0 Оба клиента виндовые, оба сидят за роутерами (192.168.0.1 & 192.168.1.1) Проблема в том что ни сервер, ни клиент не видят подсети друг за другом. Конфиг клиента Код: client #10.10.0.2 255.255.255.0 dev tun ;proto tcp proto udp remote xxx.xxx.xxx.xxx 1194 resolv-retry infinite nobind ;user nobody ;group nobody persist-key ;persist-tun ca "C:\\Program Files (x86)\\OpenVPN\\config\\keys\\ca.crt" cert "C:\\Program Files (x86)\\OpenVPN\\config\\keys\\newone.crt" key "C:\\Program Files (x86)\\OpenVPN\\config\\keys\\newone.key" ns-cert-type server comp-lzo verb 3 | Конфиг сервера Код: server 10.10.0.0 255.255.255.0 push "route 192.168.1.0 255.255.255.0" route 192.168.0.0 255.255.255.0 10.10.0.1 topology subnet port 1194 proto udp ;proto tcp ;dev tap dev tun ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt" cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.crt" key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.key" # This file should be kept secret dh "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\dh1024.pem" client-config-dir "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\ccd\\" keepalive 10 120 comp-lzo persist-key persist-tun verb 3 | ccd файл клиента. Код: iroute 192.168.0.0 255.255.255.0 | Лог клиента Код: Mon Feb 11 17:29:31 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011 Mon Feb 11 17:29:31 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Feb 11 17:29:31 2013 LZO compression initialized Mon Feb 11 17:29:31 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 11 17:29:31 2013 Socket Buffers: R=[8192->8192] S=[8192->8192] Mon Feb 11 17:29:31 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 11 17:29:31 2013 Local Options hash (VER=V4): '41690919' Mon Feb 11 17:29:31 2013 Expected Remote Options hash (VER=V4): '530fdded' Mon Feb 11 17:29:31 2013 UDPv4 link local: [undef] Mon Feb 11 17:29:31 2013 UDPv4 link remote: xx.xxx.xxx.xxx:1194 Mon Feb 11 17:29:31 2013 TLS: Initial packet from xx.xxx.xxx.xxx:1194, sid=32cc6d5c 86230f92 Mon Feb 11 17:29:31 2013 VERIFY OK: depth=1, /C=RU/ST=UDM/L=zzzz/O=USP-VSTset_/OU=Server/CN=server/name=server/emailAddress=zzzz@.ru_ Mon Feb 11 17:29:31 2013 VERIFY OK: nsCertType=SERVER Mon Feb 11 17:29:31 2013 VERIFY OK: depth=0, /C=RU/ST=UDM/L=zzzz/O=USP-VSTset_/OU=VST/CN=server/name=server/emailAddress=zzzz@.ru_ Mon Feb 11 17:29:43 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Feb 11 17:29:43 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Feb 11 17:29:43 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Feb 11 17:29:43 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Feb 11 17:29:43 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Feb 11 17:29:43 2013 [server] Peer Connection Initiated with xx.xxx.xxx.xxx:1194 Mon Feb 11 17:29:45 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Mon Feb 11 17:29:45 2013 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 10.10.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.10.0.2 255.255.255.0' Mon Feb 11 17:29:45 2013 OPTIONS IMPORT: timers and/or timeouts modified Mon Feb 11 17:29:45 2013 OPTIONS IMPORT: --ifconfig/up options modified Mon Feb 11 17:29:45 2013 OPTIONS IMPORT: route options modified Mon Feb 11 17:29:45 2013 OPTIONS IMPORT: route-related options modified Mon Feb 11 17:29:45 2013 ROUTE default_gateway=192.168.0.1 Mon Feb 11 17:29:45 2013 TAP-WIN32 device [Подключение по локальной сети 2] opened: \\.\Global\{C698EA75-CA99-41D5-ADCC-966454178C0E}.tap Mon Feb 11 17:29:45 2013 TAP-Win32 Driver Version 9.9 Mon Feb 11 17:29:45 2013 TAP-Win32 MTU=1500 Mon Feb 11 17:29:45 2013 Set TAP-Win32 TUN subnet mode network/local/netmask = 10.10.0.0/10.10.0.2/255.255.255.0 [SUCCEEDED] Mon Feb 11 17:29:45 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.10.0.2/255.255.255.0 on interface {C698EA75-CA99-41D5-ADCC-966454178C0E} [DHCP-serv: 10.10.0.254, lease-time: 31536000] Mon Feb 11 17:29:45 2013 Successful ARP Flush on interface [14] {C698EA75-CA99-41D5-ADCC-966454178C0E} Mon Feb 11 17:29:50 2013 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up Mon Feb 11 17:29:50 2013 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.10.0.1 Mon Feb 11 17:29:50 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Mon Feb 11 17:29:50 2013 Route addition via IPAPI succeeded [adaptive] Mon Feb 11 17:29:50 2013 Initialization Sequence Completed | Лог с сервера Код: Mon Feb 11 17:29:09 2013 MULTI: multi_create_instance called Mon Feb 11 17:29:09 2013 xx.xxx.xx.xxx:63197 Re-using SSL/TLS context Mon Feb 11 17:29:09 2013 xxx.xx.xx.xxx:63197 LZO compression initialized Mon Feb 11 17:29:09 2013 xxx.xx.xx.xxx:63197 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 11 17:29:09 2013 xx.xxx.xx.xxx:63197 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 11 17:29:09 2013 xx.xxx.xx.xxx:63197 Local Options hash (VER=V4): '530fdded' Mon Feb 11 17:29:09 2013 xx.xxx.xx.xxx:63197 Expected Remote Options hash (VER=V4): '41690919' Mon Feb 11 17:29:09 2013 xx.xxx.xx.xxx:63197 TLS: Initial packet from xx.xxx.xxx.xxx:63197, sid=ca326132 c1025c0c Mon Feb 11 17:29:14 2013 xx.xxx.xx.xxx:63197 VERIFY OK: depth=1, /C=RU/ST=UDM/L=Izhevsk/O=USP-VSTset_/OU=Server/CN=server/name=server/emailAddress=zzzz@.ru_ Mon Feb 11 17:29:14 2013 xxx.xx.xx.xxx:63197 VERIFY OK: depth=0, /C=RU/ST=UDM/L=zzzz/O=USP-VSTset_/OU=VST/CN=newone/name=newone/emailAddress=zzz@.ru_ Mon Feb 11 17:29:21 2013 xx.xxx.xx.xxx:63197 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Feb 11 17:29:21 2013 xx.xxx.xx.xxx:63197 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Feb 11 17:29:21 2013 xx.xxx.xx.xxx:63197 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Feb 11 17:29:21 2013 xx.xxx.xx.xxx:63197 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Feb 11 17:29:21 2013 xx.xxx.xx.xxx:63197 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Feb 11 17:29:21 2013 xx.xxx.xx.xxx:63197 [newone] Peer Connection Initiated with xx.xxx.xxx.xxx:63197 Mon Feb 11 17:29:21 2013 newone/xx.xxx.xx.xxx:63197 MULTI: Learn: 10.10.0.2 -> newone/xx.xxx.xx.xxx:63197 Mon Feb 11 17:29:21 2013 newone/xx.xxx.xx.xxx:63197 MULTI: primary virtual IP for newone/xx.xxx.xx.xxx:63197: 10.10.0.2 Mon Feb 11 17:29:23 2013 newone/xx.xxx.xx.xxx:63197 PUSH: Received control message: 'PUSH_REQUEST' Mon Feb 11 17:29:23 2013 newone/xx.xxx.xx.xxx:63197 SENT CONTROL [newone]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 10.10.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.10.0.2 255.255.255.0' (status=1) | Route print с клиента Код: Microsoft Windows [Version 6.1.7601] (c) Корпорация Майкрософт (Microsoft Corp.), 2009. Все права защищены. C:\Users\l>route print =========================================================================== Список интерфейсов 14...00 ff c6 98 ea 75 ......TAP-Win32 Adapter V9 11...bc 5f f4 60 8b 98 ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 12...00 00 00 00 00 00 00 e0 Адаптер Microsoft ISATAP 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 15...00 00 00 00 00 00 00 e0 Адаптер Microsoft ISATAP #2 =========================================================================== IPv4 таблица маршрута =========================================================================== Активные маршруты: Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.151 10 10.10.0.0 255.255.255.0 On-link 10.10.0.2 286 10.10.0.2 255.255.255.255 On-link 10.10.0.2 286 10.10.0.255 255.255.255.255 On-link 10.10.0.2 286 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.151 266 192.168.0.151 255.255.255.255 On-link 192.168.0.151 266 192.168.0.255 255.255.255.255 On-link 192.168.0.151 266 192.168.1.0 255.255.255.0 10.10.0.1 10.10.0.2 30 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.151 266 224.0.0.0 240.0.0.0 On-link 10.10.0.2 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.151 266 255.255.255.255 255.255.255.255 On-link 10.10.0.2 286 =========================================================================== Постоянные маршруты: Отсутствует IPv6 таблица маршрута =========================================================================== Активные маршруты: Метрика Сетевой адрес Шлюз 1 306 ::1/128 On-link 11 266 fe80::/64 On-link 14 286 fe80::/64 On-link 14 286 fe80::9532:68cb:1983:a7d0/128 On-link 11 266 fe80::9c7c:d320:6cbf:ed12/128 On-link 1 306 ff00::/8 On-link 11 266 ff00::/8 On-link 14 286 ff00::/8 On-link =========================================================================== Постоянные маршруты: Отсутствует C:\Users\l> | С сервера Код: Microsoft Windows [Version 6.1.7601] (c) Корпорация Майкрософт (Microsoft Corporation), 2009. Все права защищены. C:\Users\>route print =========================================================================== Список интерфейсов 16...00 ff bc 97 1a 86 ......TAP-Win32 Adapter V9 13...00 1e 67 51 76 60 ......Intel(R) 82574L Gigabit Network Connection 12...00 1e 67 51 76 61 ......Intel(R) 82579LM Gigabit Network Connection 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Адаптер Microsoft ISATAP 11...00 00 00 00 00 00 00 e0 Туннельный адаптер Microsoft Teredo 15...00 00 00 00 00 00 00 e0 Адаптер Microsoft ISATAP #2 17...00 00 00 00 00 00 00 e0 Адаптер Microsoft ISATAP #3 =========================================================================== IPv4 таблица маршрута =========================================================================== Активные маршруты: Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.114 276 10.10.0.0 255.255.255.0 On-link 10.10.0.1 286 10.10.0.1 255.255.255.255 On-link 10.10.0.1 286 10.10.0.255 255.255.255.255 On-link 10.10.0.1 286 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.114 276 192.168.1.114 255.255.255.255 On-link 192.168.1.114 276 192.168.1.255 255.255.255.255 On-link 192.168.1.114 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.114 276 224.0.0.0 240.0.0.0 On-link 10.10.0.1 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.114 276 255.255.255.255 255.255.255.255 On-link 10.10.0.1 286 =========================================================================== Постоянные маршруты: Сетевой адрес Маска Адрес шлюза Метрика 0.0.0.0 0.0.0.0 192.168.1.1 По умолчанию =========================================================================== IPv6 таблица маршрута =========================================================================== Активные маршруты: Метрика Сетевой адрес Шлюз 1 306 ::1/128 On-link 16 286 fe80::/64 On-link 16 286 fe80::b101:21c6:33f5:a9c3/128 On-link 1 306 ff00::/8 On-link 16 286 ff00::/8 On-link =========================================================================== Постоянные маршруты: Отсутствует C:\Users\L> | А теперь вопрос знатоки, как я понимаю пакеты уходят, но не возвращаются так как нет маршрутизации. Как бы ее сделать? | Всего записей: 1 | Зарегистр. 11-02-2013 | Отправлено: 17:51 11-02-2013 | Исправлено: Lepr1k, 17:58 11-02-2013 |
|