Hallo liebe Community, ich habe ein Problem mit folgenden Szenario und hoffe, dass ihr mir helfen könnt. Ich bin nach dem Wiki vorgegangen.OpenVPN
Szenario: Ein OpenVPN Server steht hinter einem Gateway:
Gateway: interne Schnittstelle 192.168.123.254, Portforwarding 1194 udp, aktiv, Router OS: ddwrt, OpenVPN Server: 192.168.123.136, Ubuntu 14.04, tun0 inet Adresse:10.8.0.1
Auszug: /etc/openvpn/server.conf
ca ./easy-rsa2/keys/ca.crt cert ./easy-rsa2/keys/server.crt key ./easy-rsa2/keys/server.key dh ./easy-rsa2/keys/dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.123.0 255.255.255.0" keepalive 10 120 comp-lzo user openvpn group openvpn persist-key persist-tun
IP-Forwarding ist aktiviert:
sudo sysctl -w net/ipv4/ip_forward=1
Die Verbindung zwischen dem Client (auch Ubuntu 14.04) wird aufgebaut. Nur die Roue scheint nicht zu funktionieren. Hier der Log-Auszug:/var/log/syslog
May 7 16:02:13 ovpn-srv ovpn-server[1149]: UID set to openvpn May 7 16:02:13 ovpn-srv ovpn-server[1149]: UDPv4 link local (bound): [undef] May 7 16:02:13 ovpn-srv ovpn-server[1149]: UDPv4 link remote: [undef] May 7 16:02:13 ovpn-srv ovpn-server[1149]: MULTI: multi_init called, r=256 v=256 May 7 16:02:13 ovpn-srv ovpn-server[1149]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0 May 7 16:02:13 ovpn-srv ovpn-server[1149]: ifconfig_pool_read(), in='userxyz,10.8.0.4', TODO: IPv6 May 7 16:02:13 ovpn-srv ovpn-server[1149]: succeeded -> ifconfig_pool_set() May 7 16:02:13 ovpn-srv ovpn-server[1149]: IFCONFIG POOL LIST May 7 16:02:13 ovpn-srv ovpn-server[1149]: userxyz,10.8.0.4 May 7 16:02:13 ovpn-srv ovpn-server[1149]: Initialization Sequence Completed May 7 16:04:43 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 TLS: Initial packet from [AF_INET]92.78.247.2:44897, sid=5a3376b5 1c920877 May 7 16:04:44 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 VERIFY OK: depth=1, C=DE, ST=Berlin, L=Berlin, O=UserXYZ, CN=userxyz.spdns.de, name=henneberger.spdns.de, emailAddress=info@stapis.com May 7 16:04:44 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 VERIFY OK: depth=0, C=DE, ST=Berlin, L=Berlin, O=UserXYZ, CN=userxyz, name=userxyz.spdns.de, emailAddress=info@stapis.com May 7 16:04:44 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1541' May 7 16:04:44 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo' May 7 16:04:44 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key May 7 16:04:44 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication May 7 16:04:44 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key May 7 16:04:44 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication May 7 16:04:44 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA May 7 16:04:44 ovpn-srv ovpn-server[1149]: 92.78.247.2:44897 [userxyz] Peer Connection Initiated with [AF_INET]92.78.247.2:44897 May 7 16:04:44 ovpn-srv ovpn-server[1149]: userxyz/92.78.247.2:44897 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) May 7 16:04:44 ovpn-srv ovpn-server[1149]: userxyz/92.78.247.2:44897 MULTI: Learn: 10.8.0.6 -> userxyz/92.78.247.2:44897 May 7 16:04:44 ovpn-srv ovpn-server[1149]: userxyz/92.78.247.2:44897 MULTI: primary virtual IP for userxyz/92.78.247.2:44897: 10.8.0.6 May 7 16:04:46 ovpn-srv ovpn-server[1149]: userxyz/92.78.247.2:44897 PUSH: Received control message: 'PUSH_REQUEST' May 7 16:04:46 ovpn-srv ovpn-server[1149]: userxyz/92.78.247.2:44897 send_push_reply(): safe_cap=940 May 7 16:04:46 ovpn-srv ovpn-server[1149]: userxyz/92.78.247.2:44897 SENT CONTROL [userxyz]: 'PUSH_REPLY,route 192.168.123.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1) May 7 16:04:48 ovpn-srv ovpn-server[1149]: userxyz/92.78.247.2:44897 Bad LZO decompression header byte: 69
Nachdem Herstellen der Verbindung: hat der Client seine Verbindung (10.8.0.6) diese kann ich anpingen. Der Server kann seine Verbindungen auch anpingen. Nur der Server den Client nicht und der Client den Server nicht. Was mache ich falsch?
Auf dem Router habe ich folgende Routen:
Destination Subnet Gateway Flags Interface 0.0.0.0 0.0.0.0 217.0.118.2 UG 0 ppp0 10.8.0.0 255.255.255.0 192.168.123.136 UG LAN & WLAN 169.254.0.0 255.255.0.0 0.0.0.0 U 0 LAN & WLAN 192.168.123.0 255.255.255.0 0.0.0.0 U 0 LAN & WLAN 217.0.118.2 255.255.255.255 0.0.0.0 UH 0 ppp0
Auf dem VPN-Server stellt sich das so dar: Ziel Router Genmask Use Iface 0.0.0.0 192.168.123.254 0.0.0.0 eth0 10.8.0.0 10.8.0.2 255.255.255.0 tun0 10.8.0.2 0.0.0.0 255.255.255.255 tun0 192.168.123.0 0.0.0.0 255.255.255.0 eth0