- Openvpn +Bridge
+ Responder ao Tópico
-
Openvpn +Bridge
Bom dia,
Estou tentando configura o openvpn no modo bridge e nao estou obtendo sucesso, solicito uma luz dos amigo onde posso esta errando. estou conseguindo me conectar a minha vpn, mais nao consigo pingar nenhuma maquia da rede 10.1.8.0/21.
OS: Centos 5.5
Kernel: 2.6.18
OpenVPN: 2.1.4
Rede: 10.1.8.0/21
Configuracao rede linux:
[root@openvpn openvpn]# ifconfig eth0
eth0 Link encap:Ethernet Endereço de HW 00:0F:EA:B4:11:FC
endereço inet6: fe80::20f:eaff:feb4:11fc/64 Escopo:Link
UP BROADCASTRUNNING PROMISC MULTICAST MTU:1500 Métrica:1
RX packets:15462 errors:0 dropped:0 overruns:0 frame:0
TX packets:4264 errors:0 dropped:0 overruns:0 carrier:0
colisões:0 txqueuelen:1000
RX bytes:1565400 (1.4 MiB) TX bytes:489118 (477.6 KiB)
IRQ:185 Endereço de E/S:0xa800
Configuracao OpenVPN:
# /etc/openvpn/server.conf
proto udp
port 22223
dev tap0
server-bridge 10.1.8.6 255.255.248.0 10.1.15.200 10.1.15.253
comp-lzo
keepalive 10 120
persist-key
persist-tun
float
ifconfig-pool-persist /etc/openvpn/ipp.txt
max-clients 10
push shaper 512
tls-server
log-append /var/log/openvpn.log
status /var/log/openvpn-status.log
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
tls-auth keys/static.key
# crl-verify keys/crl.pem
Configuracao cliente:
# C:\Arquivos de programas\OpenVPN\config
remote 10.1.8.6
#remote vpn.ers.com
#remote-random
remote-cert-tls server
proto udp
port 22223
client
pull
dev tap
comp-lzo
keepalive 10 120
persist-key
persist-tun
float
tls-client
dh keys/dh1024.pem
ca keys/ca.crt
cert keys/eghijs.crt
key keys/eghijs.key
tls-auth keys/static.key
Scripts bridge:
#!/bin/bash
# /etc/openvpn/bridge-start
br="br0"
tap="tap0"
eth="eth0"
eth_ip="10.1.8.6"
eth_gw="10.1.8.254"
eth_netmask="255.255.248.0"
eth_broadcast="10.1.15.255"
for t in $tap; do
openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
route add defalt gw $eth_gw dev $br
====================================
====================================
#!/bin/bash
# /etc/openvpn/bridge-start
br="br0"
tap="tap0"
ifconfig $br down
brctl delbr $br
for t in $tap; do
openvpn --rmtun --dev $t
done
====================================
Iniciando o servico:
[root@openvpn openvpn]# ./bridge-start
Mon Mar 14 04:44:17 2011 TUN/TAP device tap0 opened
Mon Mar 14 04:44:17 2011 Persist state set to: ON
defalt: Falha na procura do nome de host
[root@openvpn openvpn]# service openvpn start
Iniciando openvpn: (OK)
Tabela de rota do windows:
ver anexo
Configuracao da rede windows apos conexao vpn:
ver anexo
Grato,