Rafael, Olha so o seu servidor esta com ip: 10.15.15.1 P-t-P:10.15.15.2
E seu cliente esta com ip: 10.15.15.6 P-t-P:10.15.15.5 E por isso q nao pinga, experimente configurar o seu cliente com o ip 10.15.15.2 10.15.15.1 Acho que isso resolve seu problema, pelo que entendi voce esta levantando o tunel local com um ip e o remoto com outro, o que acontece é que o tunel local tem que ter um ip, e o remoto, o inverso tipo local: ifconfig 10.15.15.1 10.15.15.2 Remoto ifconfig 10.15.15.2 10.15.15.1 Pois a coneção e realizada ponto a ponto, com a configuarção que esta fazendo voce levanta 2 tuneis que realmente nao conversam entre si. Qualquer duvida estou a disposição. Att. Leandro Moreira. 2009/7/15 Rafael Moraes <raf...@bsd.com.br> > Será que desta maneira que estou usando está prejudicando o roteamento? > > talvez se eu colocar cada conf no /etc/openvpn/ccd ajudaria? > > Abraço > Rafael > > > 2009/7/15 Rafael Moraes <raf...@bsd.com.br> > >> >> >> 2009/7/15 Rafael Moraes <raf...@bsd.com.br> >> >>> >>> Eu nao entendi muito bem este esquema, mas o que tenho é isto: >>> >>> *Server:* >>> tun0 Link encap:UNSPEC HWaddr >>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >>> inet addr:10.15.15.1 P-t-P:10.15.15.2 Mask:255.255.255.255 >>> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >>> RX packets:39011 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:55031 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:100 >>> RX bytes:1601038 (1.5 Mb) TX bytes:3042908 (2.9 Mb) >>> >>> *Clientx* >>> >>> tun0 Link encap:UNSPEC HWaddr >>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >>> inet addr:10.15.15.6 P-t-P:10.15.15.5 Mask:255.255.255.255 >>> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >>> RX packets:6 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:100 >>> RX bytes:504 (504.0 b) TX bytes:1092 (1.0 Kb) >>> >>> >>> >>> >>> >>> >>> >>> >>> 2009/7/15 Leandro Moreira <lean...@leandromoreira.eti.br> >>> >>>> Rafael, >>>> Me ocorreu uma coisa, experimente levantar apenas um tunel e ver se da >>>> certo acredito q possa estar ae o seu problema, cria um tunel testa o ping, >>>> cria outro e assim sucessivamente, abaixo segue uma observação para criação >>>> do tunel: >>>> >>>> remote endpoints must be part of the same 255.255. >>>> subnet. The following list shows examples of endp >>>> pairs which satisfy this requirement. Only the fi >>>> component of the IP address pairs is at issue. >>>> >>>> As an example, the following option would be corre >>>> --ifconfig 10.7.0.5 10.7.0.6 (on host A) >>>> --ifconfig 10.7.0.6 10.7.0.5 (on host B) >>>> because [5,6] is part of the below list. >>>> >>>> [ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] >>>> [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] >>>> [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] >>>> [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] >>>> [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] >>>> [101,102] [105,106] [109,110] [113,114] [117,118] >>>> [121,122] [125,126] [129,130] [133,134] [137,138] >>>> [141,142] [145,146] [149,150] [153,154] [157,158] >>>> [161,162] [165,166] [169,170] [173,174] [177,178] >>>> [181,182] [185,186] [189,190] [193,194] [197,198] >>>> [201,202] [205,206] [209,210] [213,214] [217,218] >>>> [221,222] [225,226] [229,230] [233,234] [237,238] >>>> [241,242] [245,246] [249,250] [253,254] >>>> >>>> >>>> A propósito como esta a configuração do seu tunel, como esta >>>> configurando o ip local e o remoto. >>>> >>>> >>>> Att. >>>> >>>> Leandro Moreira. >>>> >>>> 2009/7/15 Rafael Moraes <raf...@bsd.com.br> >>>> >>>>> Leandro, >>>>> >>>>> veja como ficou: >>>>> >>>>> tenho um script assim no server : >>>>> #!/bin/bash >>>>> route add -net 192.168.2.0 netmask 255.255.255.0 gw $5 # rede cliente1 >>>>> route add -net 192.168.50.0 netmask 255.255.255.0 gw $5 #rede cliente 2 >>>>> route add -net 172.50.10.0 netmask 255.255.255.0 gw $5 #rede cliente 3 >>>>> >>>>> >>>>> e nos clientes tem a rota ja implicita pela conf do server push >>>>> "192.168.20.0 255.255.255.0" que funciona ok >>>>> e também rota para outros clientes: >>>>> exemplo da rota no cliente 1 >>>>> #!/bin/bash >>>>> route add -net 192.168.50.0 netmask 255.255.255.0 gw $5 #rede cliente 2 >>>>> route add -net 172.50.10.0 netmask 255.255.255.0 gw $5 #rede cliente 3 >>>>> >>>>> Estes scripts são executados com up ./rotas.up >>>>> >>>>> >>>>> E ainda não funciona....ta difícil.... >>>>> dou um traceroute e ele não acha nada .... >>>>> >>>>> Ah, e no route -n veja como fica a parte das rotas para clientes: >>>>> >>>>> 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 >>>>> eth2 *# (este é a rede local do server *) >>>>> 172.50.10.0 10.15.15.2 255.255.255.0 UG 0 0 0 >>>>> tun0 >>>>> 192.168.50.0 10.15.15.2 255.255.255.0 UG 0 0 0 >>>>> tun0 >>>>> 192.168.2.0 10.15.15.2 255.255.255.0 UG 0 0 0 >>>>> tun0 >>>>> >>>>> >>>>> o 10.15.15.2 é: >>>>> >>>>> *inet addr:10.15.15.1 P-t-P:10.15.15.2 Mask:255.255.255.255* >>>>> >>>>> >>>>> >>>>> -------------------------------------------------------------------------------------------------------------------------------------- >>>>> Tentativa 2: >>>>> >>>>> tentei colocar todos com o IP VPN do Server como gateway mas aí a iface >>>>> que saía era a da internet e nao a tun0 >>>>> >>>>> >>>>> estranho demais.... >>>>> >>>>> Abraços >>>>> >>>>> >>>>> >>>>> >>>>> 2009/7/15 Leandro Moreira <lean...@leandromoreira.eti.br> >>>>> >>>>>> Rafael, >>>>>> Isso memos, pois o $5 diz ao route que o gw defaul e o ip da ponta >>>>>> remota (ip do cliente), já no cliente ele aponta o gw default da rede >>>>>> diretamente para o ip do servidor. >>>>>> >>>>>> Att. >>>>>> >>>>>> Leandro Moreira. >>>>>> >>>>>> >>>>>> >>>>>> 2009/7/15 Rafael Moraes <raf...@bsd.com.br> >>>>>> >>>>>> deixa eu ver se peguei certo: >>>>>>> >>>>>>> route add -net 192.168.77.0 netmask 255.255.255.0 gw $5 ** *vai no >>>>>>> server* >>>>>>> >>>>>>> route 192.168.77.0 255.255.255.0 192.168.77.1 *vai nos clientes* >>>>>>> * >>>>>>> *???? >>>>>>> >>>>>>> abraço e obrigado* >>>>>>> * >>>>>>> 2009/7/15 Leandro Moreira <lean...@leandromoreira.eti.br> >>>>>>> >>>>>>> Rafale, >>>>>>>> SE o seu problema for rota segue uma dica: >>>>>>>> >>>>>>>> # servidor-cliente: >>>>>>>> >>>>>>>> route add -net 192.168.77.0 netmask 255.255.255.0 gw $5 >>>>>>>> >>>>>>>> # cliente-servidor >>>>>>>> route 192.168.77.0 255.255.255.0 192.168.77.1 >>>>>>>> >>>>>>>> Acabei de cfg um vpn e pingno normalmente entre clientes e >>>>>>>> servidores. >>>>>>>> >>>>>>>> Att. >>>>>>>> >>>>>>>> Leandro Moreira >>>>>>>> >>>>>>>> 2009/7/12 Rafael Moraes <raf...@bsd.com.br> >>>>>>>> >>>>>>>>> Boa madrugada pessoal >>>>>>>>> >>>>>>>>> >>>>>>>>> criei uma vpn com openvpn e está funcionando perfeitamente a não >>>>>>>>> ser pelo fato de não conseguir pingar as redes dos clientes ( Sem >>>>>>>>> firewall >>>>>>>>> para impedir ) >>>>>>>>> >>>>>>>>> O estranho é que consigo acessar um servidor WTS da rede de um >>>>>>>>> cliente vpn através de outro cliente ou do servidor sem problemas, mas >>>>>>>>> pingar de jeito nenhum. >>>>>>>>> >>>>>>>>> As devidas rotas estão inseridas na configuração do servidor.ex: >>>>>>>>> push "192.168.1.0 255.255.255.0" >>>>>>>>> >>>>>>>>> alguém já passou por isto? >>>>>>>>> >>>>>>>>> Rafael >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Leandro Moreira >>>>>>>> Linux Administrator: LPIC-1 >>>>>>>> e-mail/msn: lean...@leandromoreira.eti.br >>>>>>>> Tel.: + 55(32) 9906-5713 >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Leandro Moreira >>>>>> Linux Administrator: LPIC-1 >>>>>> e-mail/msn: lean...@leandromoreira.eti.br >>>>>> Tel.: + 55(32) 9906-5713 >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Leandro Moreira >>>> Linux Administrator: LPIC-1 >>>> e-mail/msn: lean...@leandromoreira.eti.br >>>> Tel.: + 55(32) 9906-5713 >>>> >>> >>> >> > -- Leandro Moreira Linux Administrator: LPIC-1 e-mail/msn: lean...@leandromoreira.eti.br Tel.: + 55(32) 9906-5713
