Hallo Zusammen,
ich versuche gerade einen OpenVPN Server aufzusetzen, der es mir erlaubt unterwegs auf Resourcen in meinem Heimnetzwerk zuzugreifen. Die Einrichtung habe ich nach der Anleitung im Wiki gemacht, soweit funktioniert der Server auch und ich kann mich mit einem Client verbinden. Aber jetzt habe ich doch recht masive Probleme beim Routing.
Die entstehende Routingtabelle am Client sieht so aus, bei diesem Test war der Client über WLAN Tethering über das Smartphone am Internet. Zu dem Smartphone Hotspot gehört das 192.168.43.0 Netz. Das Heimnetz hat die IP 192.168.15.0. Und der VPN Server soll das 192.168.14.0 Netz verwenden.
~$ route -n Kernel-IP-Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.43.1 0.0.0.0 UG 0 0 0 wlan0 81.27.126.106 192.168.43.1 255.255.255.255 UGH 0 0 0 wlan0 192.168.14.0 192.168.14.5 255.255.255.0 UG 0 0 0 tun0 192.168.14.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.43.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0
Ich verstehe nicht was die 192.168.14.5 Adresse hier soll, und welches Gerät das sein soll. Vom Client kann ich weder 192.168.14.1 noch 192.168.14.5 anpingen. Meinem Verständniss nach sollte die Tabelle eher so aussehen...
Ziel Router Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.43.1 0.0.0.0 UG 0 0 0 wlan0 81.27.126.106 192.168.43.1 255.255.255.255 UGH 0 0 0 wlan0 192.168.14.0 0.0.0.0 255.255.255.0 UG 0 0 0 tun0 192.168.43.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0
Meine /etc/openvpn/server.conf sieht so aus:
# Which TCP/UDP port should OpenVPN listen on? # If you want to run multiple OpenVPN instances # on the same machine, use a different port # number for each one. You will need to # open up this port on your firewall. port 1194 # TCP or UDP server? proto udp # Create routed tunnel dev tun # Configure Keys ca ./easy-rsa2/keys/ca.crt cert ./easy-rsa2/keys/home.dyndns.lukas-metzger.com.crt key ./easy-rsa2/keys/home.dyndns.lukas-metzger.com.key # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. dh ./easy-rsa2/keys/dh2048.pem # Configure server mode and supply a VPN subnet # for OpenVPN to draw client addresses from. # The server will take 10.8.0.1 for itself, # the rest will be made available to clients. # Each client will be able to reach the server # on 10.8.0.1. Comment this line out if you are # ethernet bridging. See the man page for more info. server 192.168.14.0 255.255.255.0 # Maintain a record of client <-> virtual IP address # associations in this file. If OpenVPN goes down or # is restarted, reconnecting clients can be assigned # the same virtual IP address from the pool that was # previously assigned. ifconfig-pool-persist ipp.txt # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. ;push "route 192.168.0.0 255.255.0.0" # Push DNS Server push "dhcp-option DNS 192.168.15.3" # Uncomment this directive to allow different # clients to be able to "see" each other. # By default, clients will only see the server. # To force clients to only see the server, you # will also need to appropriately firewall the # server's TUN/TAP interface. client-to-client # The keepalive directive causes ping-like # messages to be sent back and forth over # the link so that each side knows when # the other side has gone down. # Ping every 10 seconds, assume that remote # peer is down if no ping received during # a 120 second time period. keepalive 10 120 # Enable compression on the VPN link. # If you enable it here, you must also # enable it in the client config file. comp-lzo # Set Permissions user openvpn group openvpn # The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. persist-key persist-tun # Output a short status file showing # current connections, truncated # and rewritten every minute. status openvpn-status.log # Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 4
Mir ist klar das ich mit der Config momentan das 192.168.15.0 Netz noch nicht erreichen kann. Aber zunächst möchte ich mal die Verbindung bis zum VPN Server zum funktionieren bekommen.
Vielen Dank schonmal für eure Bemühungen.
Gruß Lukas