Leandro, desta maneira as pontas da VPN se conversam... consigo pingar de qualquer ponta pra qualquer ponta....
Também pingo do cliente para a rede interna do servidor. Mas nao pinga de cliente para a rede interna de um cliente ou do servidor para a rede interna de cliente. 2009/7/15 Leandro Moreira <lean...@leandromoreira.eti.br> > Rafael, > Olha so o seu servidor esta com ip: > > 10.15.15.1 P-t-P:10.15.15.2 > > E seu cliente esta com ip: > > 10.15.15.6 P-t-P:10.15.15.5 > > E por isso q nao pinga, experimente configurar o seu cliente com o ip > > 10.15.15.2 10.15.15.1 > > Acho que isso resolve seu problema, pelo que entendi voce esta levantando o > tunel local com um ip e o remoto com outro, o que acontece é que o tunel > local tem que ter um ip, e o remoto, o inverso tipo > > local: > ifconfig 10.15.15.1 10.15.15.2 > > Remoto > ifconfig 10.15.15.2 10.15.15.1 > > Pois a coneção e realizada ponto a ponto, com a configuarção que esta > fazendo voce levanta 2 tuneis que realmente nao conversam entre si. > Qualquer duvida estou a disposição. > > > Att. > > Leandro Moreira. > > 2009/7/15 Rafael Moraes <raf...@bsd.com.br> > >> Será que desta maneira que estou usando está prejudicando o roteamento? >> >> talvez se eu colocar cada conf no /etc/openvpn/ccd ajudaria? >> >> Abraço >> Rafael >> >> >> 2009/7/15 Rafael Moraes <raf...@bsd.com.br> >> >>> >>> >>> 2009/7/15 Rafael Moraes <raf...@bsd.com.br> >>> >>>> >>>> Eu nao entendi muito bem este esquema, mas o que tenho é isto: >>>> >>>> *Server:* >>>> tun0 Link encap:UNSPEC HWaddr >>>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >>>> inet addr:10.15.15.1 P-t-P:10.15.15.2 Mask:255.255.255.255 >>>> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >>>> RX packets:39011 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:55031 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:100 >>>> RX bytes:1601038 (1.5 Mb) TX bytes:3042908 (2.9 Mb) >>>> >>>> *Clientx* >>>> >>>> tun0 Link encap:UNSPEC HWaddr >>>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >>>> inet addr:10.15.15.6 P-t-P:10.15.15.5 Mask:255.255.255.255 >>>> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >>>> RX packets:6 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:100 >>>> RX bytes:504 (504.0 b) TX bytes:1092 (1.0 Kb) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> 2009/7/15 Leandro Moreira <lean...@leandromoreira.eti.br> >>>> >>>>> Rafael, >>>>> Me ocorreu uma coisa, experimente levantar apenas um tunel e ver se da >>>>> certo acredito q possa estar ae o seu problema, cria um tunel testa o >>>>> ping, >>>>> cria outro e assim sucessivamente, abaixo segue uma observação para >>>>> criação >>>>> do tunel: >>>>> >>>>> remote endpoints must be part of the same 255.255. >>>>> subnet. The following list shows examples of endp >>>>> pairs which satisfy this requirement. Only the fi >>>>> component of the IP address pairs is at issue. >>>>> >>>>> As an example, the following option would be corre >>>>> --ifconfig 10.7.0.5 10.7.0.6 (on host A) >>>>> --ifconfig 10.7.0.6 10.7.0.5 (on host B) >>>>> because [5,6] is part of the below list. >>>>> >>>>> [ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] >>>>> [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] >>>>> [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] >>>>> [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] >>>>> [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] >>>>> [101,102] [105,106] [109,110] [113,114] [117,118] >>>>> [121,122] [125,126] [129,130] [133,134] [137,138] >>>>> [141,142] [145,146] [149,150] [153,154] [157,158] >>>>> [161,162] [165,166] [169,170] [173,174] [177,178] >>>>> [181,182] [185,186] [189,190] [193,194] [197,198] >>>>> [201,202] [205,206] [209,210] [213,214] [217,218] >>>>> [221,222] [225,226] [229,230] [233,234] [237,238] >>>>> [241,242] [245,246] [249,250] [253,254] >>>>> >>>>> >>>>> A propósito como esta a configuração do seu tunel, como esta >>>>> configurando o ip local e o remoto. >>>>> >>>>> >>>>> Att. >>>>> >>>>> Leandro Moreira. >>>>> >>>>> 2009/7/15 Rafael Moraes <raf...@bsd.com.br> >>>>> >>>>>> Leandro, >>>>>> >>>>>> veja como ficou: >>>>>> >>>>>> tenho um script assim no server : >>>>>> #!/bin/bash >>>>>> route add -net 192.168.2.0 netmask 255.255.255.0 gw $5 # rede cliente1 >>>>>> route add -net 192.168.50.0 netmask 255.255.255.0 gw $5 #rede cliente >>>>>> 2 >>>>>> route add -net 172.50.10.0 netmask 255.255.255.0 gw $5 #rede cliente 3 >>>>>> >>>>>> >>>>>> e nos clientes tem a rota ja implicita pela conf do server push >>>>>> "192.168.20.0 255.255.255.0" que funciona ok >>>>>> e também rota para outros clientes: >>>>>> exemplo da rota no cliente 1 >>>>>> #!/bin/bash >>>>>> route add -net 192.168.50.0 netmask 255.255.255.0 gw $5 #rede cliente >>>>>> 2 >>>>>> route add -net 172.50.10.0 netmask 255.255.255.0 gw $5 #rede cliente 3 >>>>>> >>>>>> Estes scripts são executados com up ./rotas.up >>>>>> >>>>>> >>>>>> E ainda não funciona....ta difícil.... >>>>>> dou um traceroute e ele não acha nada .... >>>>>> >>>>>> Ah, e no route -n veja como fica a parte das rotas para clientes: >>>>>> >>>>>> 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 >>>>>> eth2 *# (este é a rede local do server *) >>>>>> 172.50.10.0 10.15.15.2 255.255.255.0 UG 0 0 >>>>>> 0 tun0 >>>>>> 192.168.50.0 10.15.15.2 255.255.255.0 UG 0 0 >>>>>> 0 tun0 >>>>>> 192.168.2.0 10.15.15.2 255.255.255.0 UG 0 0 >>>>>> 0 tun0 >>>>>> >>>>>> >>>>>> o 10.15.15.2 é: >>>>>> >>>>>> *inet addr:10.15.15.1 P-t-P:10.15.15.2 Mask:255.255.255.255* >>>>>> >>>>>> >>>>>> >>>>>> -------------------------------------------------------------------------------------------------------------------------------------- >>>>>> Tentativa 2: >>>>>> >>>>>> tentei colocar todos com o IP VPN do Server como gateway mas aí a >>>>>> iface que saía era a da internet e nao a tun0 >>>>>> >>>>>> >>>>>> estranho demais.... >>>>>> >>>>>> Abraços >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> 2009/7/15 Leandro Moreira <lean...@leandromoreira.eti.br> >>>>>> >>>>>>> Rafael, >>>>>>> Isso memos, pois o $5 diz ao route que o gw defaul e o ip da ponta >>>>>>> remota (ip do cliente), já no cliente ele aponta o gw default da rede >>>>>>> diretamente para o ip do servidor. >>>>>>> >>>>>>> Att. >>>>>>> >>>>>>> Leandro Moreira. >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2009/7/15 Rafael Moraes <raf...@bsd.com.br> >>>>>>> >>>>>>> deixa eu ver se peguei certo: >>>>>>>> >>>>>>>> route add -net 192.168.77.0 netmask 255.255.255.0 gw $5 ** *vai no >>>>>>>> server* >>>>>>>> >>>>>>>> route 192.168.77.0 255.255.255.0 192.168.77.1 *vai nos clientes* >>>>>>>> * >>>>>>>> *???? >>>>>>>> >>>>>>>> abraço e obrigado* >>>>>>>> * >>>>>>>> 2009/7/15 Leandro Moreira <lean...@leandromoreira.eti.br> >>>>>>>> >>>>>>>> Rafale, >>>>>>>>> SE o seu problema for rota segue uma dica: >>>>>>>>> >>>>>>>>> # servidor-cliente: >>>>>>>>> >>>>>>>>> route add -net 192.168.77.0 netmask 255.255.255.0 gw $5 >>>>>>>>> >>>>>>>>> # cliente-servidor >>>>>>>>> route 192.168.77.0 255.255.255.0 192.168.77.1 >>>>>>>>> >>>>>>>>> Acabei de cfg um vpn e pingno normalmente entre clientes e >>>>>>>>> servidores. >>>>>>>>> >>>>>>>>> Att. >>>>>>>>> >>>>>>>>> Leandro Moreira >>>>>>>>> >>>>>>>>> 2009/7/12 Rafael Moraes <raf...@bsd.com.br> >>>>>>>>> >>>>>>>>>> Boa madrugada pessoal >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> criei uma vpn com openvpn e está funcionando perfeitamente a não >>>>>>>>>> ser pelo fato de não conseguir pingar as redes dos clientes ( Sem >>>>>>>>>> firewall >>>>>>>>>> para impedir ) >>>>>>>>>> >>>>>>>>>> O estranho é que consigo acessar um servidor WTS da rede de um >>>>>>>>>> cliente vpn através de outro cliente ou do servidor sem problemas, >>>>>>>>>> mas >>>>>>>>>> pingar de jeito nenhum. >>>>>>>>>> >>>>>>>>>> As devidas rotas estão inseridas na configuração do servidor.ex: >>>>>>>>>> push "192.168.1.0 255.255.255.0" >>>>>>>>>> >>>>>>>>>> alguém já passou por isto? >>>>>>>>>> >>>>>>>>>> Rafael >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Leandro Moreira >>>>>>>>> Linux Administrator: LPIC-1 >>>>>>>>> e-mail/msn: lean...@leandromoreira.eti.br >>>>>>>>> Tel.: + 55(32) 9906-5713 >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Leandro Moreira >>>>>>> Linux Administrator: LPIC-1 >>>>>>> e-mail/msn: lean...@leandromoreira.eti.br >>>>>>> Tel.: + 55(32) 9906-5713 >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Leandro Moreira >>>>> Linux Administrator: LPIC-1 >>>>> e-mail/msn: lean...@leandromoreira.eti.br >>>>> Tel.: + 55(32) 9906-5713 >>>>> >>>> >>>> >>> >> > > > -- > Leandro Moreira > Linux Administrator: LPIC-1 > e-mail/msn: lean...@leandromoreira.eti.br > Tel.: + 55(32) 9906-5713 >
