-
Re: Open VPN - ROTAS
Neste caso nao, para melhorar o trafego entre matriz e filiais vc precisaria fazer traffic shappinp ou QoS.
Segue exemplo de script para QoS, neste caso uso este script para priorizar o trafego para o meu servidor Voip.
#!/bin/bash
tc qdisc del dev eth1 root
tc qdisc add dev eth1 root handle 1: prio priomap 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 0
tc qdisc add dev eth1 parent 1:1 handle 10: sfq limit 3000
tc qdisc add dev eth1 parent 1:2 handle 20: sfq
tc qdisc add dev eth1 parent 1:3 handle 30: sfq
tc filter add dev eth1 protocol ip parent 1: prio 1 u32 match ip dst 172.18.0.0/16 flowid 1:1
tc filter add dev eth1 protocol ip parent 1: prio 1 u32 match ip src 172.18.0.0/16 flowid 1:1
*A fonte do script foi um forum sobre o asterisk, mas nao me lembro bem qual foi.
-
Re: Open VPN - ROTAS
Blz.
Vo da um olhada em alguns tutoriais sobre Qos.
Uma ultima duvida para poder dar o topico como resolvido.
a conexao com a filial ta funcionando blzinha.
ao tentar acessar a vpn por um note book utilizando o OPENVPN GUI v1.03
conecta blz porem aparece a seguinte msg.
Sat Dec 25 15:38:57 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Dec 25 15:38:57 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Dec 25 15:39:05 2010 LZO compression initialized
Sat Dec 25 15:39:06 2010 UDPv4 link local (bound): [undef]:5200
Sat Dec 25 15:39:06 2010 UDPv4 link remote: 189.53.35.78:5200
Sat Dec 25 15:39:06 2010 [Firewall] Peer Connection Initiated with 189.53.35.78:5200
Sat Dec 25 15:39:07 2010 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:3: topology (2.0.9)
Sat Dec 25 15:39:07 2010 TAP-WIN32 device [Conexão local 2] opened: \\.\Global\{97DFA957-F1B3-4CA8-A62B-D491CD4B4299}.tap
Sat Dec 25 15:39:07 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.0.14/255.255.255.252 on interface {97DFA957-F1B3-4CA8-A62B-D491CD4B4299} [DHCP-serv: 10.0.0.13, lease-time: 31536000]
Sat Dec 25 15:39:07 2010 Successful ARP Flush on interface [3] {97DFA957-F1B3-4CA8-A62B-D491CD4B4299}
Sat Dec 25 15:39:11 2010 Initialization Sequence Completed
_______________________________________________________________
Utilizei aquela configuracao de rota (/etc/openvpn/ccd) apenas para a filial para as chaves q o pessoal utiliza em notebooks nao.
Ou o correto é criar uma para cada chave?
-
Re: Open VPN - ROTAS
Atualizei a versao OPENVPN Gui para OpenVPN 2.1.4 do cliente (windows XP): e o problema foi resolvido
Sun Dec 26 13:34:47 2010 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Sun Dec 26 13:34:47 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Dec 26 13:34:47 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Dec 26 13:35:02 2010 LZO compression initialized
Sun Dec 26 13:35:02 2010 UDPv4 link local (bound): [undef]:5200
Sun Dec 26 13:35:02 2010 UDPv4 link remote: 189.53.35.17:5200
Sun Dec 26 13:35:02 2010 [Firewall] Peer Connection Initiated with 189.59.35.157:5200
Sun Dec 26 13:35:04 2010 TAP-WIN32 device [Conexão local 3] opened: \\.\Global\{E37D4E02-7D7A-4146-BB9A-313292728060}.tap
Sun Dec 26 13:35:04 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.0.18/255.255.255.252 on interface {E37D4E02-7D7A-4146-BB9A-313292728060} [DHCP-serv: 10.0.0.17, lease-time: 31536000]
Sun Dec 26 13:35:04 2010 Successful ARP Flush on interface [3] {E37D4E02-7D7A-4146-BB9A-313292728060}
Sun Dec 26 13:35:09 2010 Initialization Sequence Completed
Porem essas duas msgs me chamaram a atenção!!!!!!
-
Re: Open VPN - ROTAS
Sun Dec 26 13:34:47 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Para resolver essa msg de aviso, add no arquivo de config. do cliente:
remote-cert-tls server