Re: openvpn nao pinga rede interna ! help
Anderson, Tem um roteamento maluco. 10.32.1.1 0.0.0.0 255.255.255.255 UH0 0 0 eth1 10.32.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 10.32.1.1 0.0.0.0 UG0 0 0 eth0 Não era para ter o roteamento 10.32.1.1/255.255.255.0 na eth1 e nein na eth0 Dá uma olhada nisso. Alex Paulo Laner aka rootsh On Mon, Mar 1, 2010 at 5:05 PM, Anderson Bertling < andersonbertl...@gmail.com> wrote: > opa me voltou isso > > Destino RoteadorMáscaraGen.Opções MSS Janela irtt > Iface > 10.32.2.2 0.0.0.0 255.255.255.255 UH0 0 0 > tun0 > 10.32.1.1 0.0.0.0 255.255.255.255 UH0 0 0 > eth1 > 10.32.1.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth0 > 10.32.2.0 10.32.2.2 255.255.255.0 UG0 0 0 > tun0 > 123.123.123.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth1 > 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 > eth1 > 0.0.0.0 10.32.1.1 0.0.0.0 UG0 0 0 > eth0 > > e no log me volta isso > > Mon Mar 1 17:01:31 2010 us=719177 sumaster/123.123.123.186:1194 UDPv4 > WRITE [114] to 123.123.123.186:1194: P_CONTROL_V1 kid=0 [ ] pid=32 DATA > len=100 > Mon Mar 1 17:01:31 2010 us=719674 sumaster/123.123.123.186:1194 UDPv4 > WRITE [100] to 123.123.123.186:1194: P_CONTROL_V1 kid=0 [ ] pid=33 DATA > len=86 > Mon Mar 1 17:01:31 2010 us=720306 sumaster/123.123.123.186:1194 UDPv4 > READ [22] from 123.123.123.186:1194: P_ACK_V1 kid=0 [ 32 ] > Mon Mar 1 17:01:31 2010 us=722208 sumaster/123.123.123.186:1194 UDPv4 > READ [22] from 123.123.123.186:1194: P_ACK_V1 kid=0 [ 33 ] > Mon Mar 1 17:01:32 2010 us=717034 sumaster/123.123.123.186:1194 UDPv4 > READ [125] from 123.123.123.186:1194: P_DATA_V1 kid=0 DATA len=124 > Mon Mar 1 17:01:32 2010 us=717261 sumaster/123.123.123.186:1194 TUN WRITE > [84] > Mon Mar 1 17:01:33 2010 us=717220 sumaster/123.123.123.186:1194 UDPv4 > READ [125] from 123.123.123.186:1194: P_DATA_V1 kid=0 DATA len=124 > Mon Mar 1 17:01:33 2010 us=717404 sumaster/123.123.123.186:1194 TUN WRITE > [84] > > > > > 2010/3/1 Alex Paulo Laner > > Anderson, >> >> Primeiramente não precisa dessa regra no firewall >> >> >> iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o tun0 -j MASQUERADE >> >> E no server.conf não vejo necessidade dessas linhas. >> >> route-up "route delete -net 10.32.1.0/24" >> route-up "route add -net 10.32.1.0/24 tun0"push " >> default-gateway 10.32.1.1" >> >> Depois disso mandar um netstat -rn para ver roteamento. >> >> Alex Paulo Laner aka rootsh >> >> >> On Mon, Mar 1, 2010 at 4:46 PM, Anderson Bertling < >> andersonbertl...@gmail.com> wrote: >> >>> ola alguem sabe o que pode estar acontecendo p nao pingar p dentro da >>> rede ? >>> >>> 2010/3/1 Anderson Bertling >>> Boa tarde ! estou com problemas para rodar uma openvpn, pelo que li ela esta uns 90% funcionando. mas nao consigo pingar nenhuma maquina da rede interna ! segue minha configuração para ajudar a entender p problema server.conf dev tun modeserver proto udp tls-server client-to-client dh keys/dh1024.pem ca keys/ca.crt certkeys/server.crt key keys/server.key duplicate-cn server 10.32.2.0 255.255.255.0 # IP range clients route-up "route delete -net 10.32.1.0/24" route-up "route add -net 10.32.1.0/24 tun0" push "route 10.32.1.0 255.255.255.0" # add route to protected network push "dhcp-option DNS 10.32.1.14" push "default-gateway 10.32.1.1" port 1194 user nobody group nogroup comp-lzo ping 60 ping-restart 45 ping-timer-rem persist-tun persist-key verb 6 log-append /var/log/openvpn/openvpn.log status /var/log/openvpn/status.log plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth #plugin /usr/lib/openvpn/openvpn-auth-pam.so common-password client-cert-not-required username-as-common-name firewall.sh #!/bin/bash echo 1 iptables -F iptables -F INPUT iptables -F OUTPUT echo nat iptables -F POSTROUTING -t nat iptables -F PREROUTING -t nat echo 1 > /proc/sys/net/ipv4/ip_forward iptables -P FORWARD ACCEPT iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE echo tun iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT iptables -A INPUT -p tcp --dport 1194 -j ACCEPT iptables -A INPUT -p udp --dport 1194 -j ACCEPT iptables -I INPUT -i tun+ -j ACCEPT iptables
Re: openvpn nao pinga rede interna ! help
opa me voltou isso Destino RoteadorMáscaraGen.Opções MSS Janela irtt Iface 10.32.2.2 0.0.0.0 255.255.255.255 UH0 0 0 tun0 10.32.1.1 0.0.0.0 255.255.255.255 UH0 0 0 eth1 10.32.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.32.2.0 10.32.2.2 255.255.255.0 UG0 0 0 tun0 123.123.123.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 10.32.1.1 0.0.0.0 UG0 0 0 eth0 e no log me volta isso Mon Mar 1 17:01:31 2010 us=719177 sumaster/123.123.123.186:1194 UDPv4 WRITE [114] to 123.123.123.186:1194: P_CONTROL_V1 kid=0 [ ] pid=32 DATA len=100 Mon Mar 1 17:01:31 2010 us=719674 sumaster/123.123.123.186:1194 UDPv4 WRITE [100] to 123.123.123.186:1194: P_CONTROL_V1 kid=0 [ ] pid=33 DATA len=86 Mon Mar 1 17:01:31 2010 us=720306 sumaster/123.123.123.186:1194 UDPv4 READ [22] from 123.123.123.186:1194: P_ACK_V1 kid=0 [ 32 ] Mon Mar 1 17:01:31 2010 us=722208 sumaster/123.123.123.186:1194 UDPv4 READ [22] from 123.123.123.186:1194: P_ACK_V1 kid=0 [ 33 ] Mon Mar 1 17:01:32 2010 us=717034 sumaster/123.123.123.186:1194 UDPv4 READ [125] from 123.123.123.186:1194: P_DATA_V1 kid=0 DATA len=124 Mon Mar 1 17:01:32 2010 us=717261 sumaster/123.123.123.186:1194 TUN WRITE [84] Mon Mar 1 17:01:33 2010 us=717220 sumaster/123.123.123.186:1194 UDPv4 READ [125] from 123.123.123.186:1194: P_DATA_V1 kid=0 DATA len=124 Mon Mar 1 17:01:33 2010 us=717404 sumaster/123.123.123.186:1194 TUN WRITE [84] 2010/3/1 Alex Paulo Laner > Anderson, > > Primeiramente não precisa dessa regra no firewall > > > iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o tun0 -j MASQUERADE > > E no server.conf não vejo necessidade dessas linhas. > > route-up "route delete -net 10.32.1.0/24" > route-up "route add -net 10.32.1.0/24 tun0"push " > default-gateway 10.32.1.1" > > Depois disso mandar um netstat -rn para ver roteamento. > > Alex Paulo Laner aka rootsh > > > On Mon, Mar 1, 2010 at 4:46 PM, Anderson Bertling < > andersonbertl...@gmail.com> wrote: > >> ola alguem sabe o que pode estar acontecendo p nao pingar p dentro da rede >> ? >> >> 2010/3/1 Anderson Bertling >> >>> Boa tarde ! >>> >>> estou com problemas para rodar uma openvpn, pelo que li ela esta uns 90% >>> funcionando. mas nao consigo pingar nenhuma maquina da rede interna ! segue >>> minha configuração para ajudar a entender p problema >>> >>> >>> server.conf >>> >>> dev tun >>> modeserver >>> proto udp >>> tls-server >>> client-to-client >>> dh keys/dh1024.pem >>> ca keys/ca.crt >>> certkeys/server.crt >>> key keys/server.key >>> duplicate-cn >>> server 10.32.2.0 255.255.255.0 # IP range clients >>> route-up "route delete -net 10.32.1.0/24" >>> route-up "route add -net 10.32.1.0/24 tun0" >>> push "route 10.32.1.0 255.255.255.0" # add route to protected network >>> push "dhcp-option DNS 10.32.1.14" >>> push "default-gateway 10.32.1.1" >>> port 1194 >>> user nobody >>> group nogroup >>> comp-lzo >>> ping 60 >>> ping-restart 45 >>> ping-timer-rem >>> persist-tun >>> persist-key >>> verb 6 >>> log-append /var/log/openvpn/openvpn.log >>> status /var/log/openvpn/status.log >>> plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth >>> #plugin /usr/lib/openvpn/openvpn-auth-pam.so common-password >>> client-cert-not-required >>> username-as-common-name >>> >>> firewall.sh >>> >>> #!/bin/bash >>> echo 1 >>> iptables -F >>> iptables -F INPUT >>> iptables -F OUTPUT >>> echo nat >>> iptables -F POSTROUTING -t nat >>> iptables -F PREROUTING -t nat >>> echo 1 > /proc/sys/net/ipv4/ip_forward >>> iptables -P FORWARD ACCEPT >>> iptables -A INPUT -i tun+ -j ACCEPT >>> iptables -A FORWARD -i tun+ -j ACCEPT >>> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE >>> echo tun >>> iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT >>> iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT >>> iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT >>> iptables -A INPUT -p tcp --dport 1194 -j ACCEPT >>> iptables -A INPUT -p udp --dport 1194 -j ACCEPT >>> iptables -I INPUT -i tun+ -j ACCEPT >>> iptables -I OUTPUT -o tun+ -j ACCEPT >>> iptables -I FORWARD -i tun+ -j ACCEPT >>> iptables -I FORWARD -o tun+ -j ACCEPT >>> iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o eth0 -j MASQUERADE >>> iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o tun0 -j MASQUERADE >>> # >>> Client.conf >>> >>> dev tun >>> tls-client >>> ca keys/ca.crt >>> remote 123.123.123.126 >>> port 1194 >>> pull >>> auth-user-pass >>> comp-lzo >>> ping 60 >>> ping-restart 45 >>> ping-timer-rem >>> persist-tun >>> persist-key >>> verb 6 >>> log-append /var/log/openvpn/openvpn.log >>> status /var/log/openvpn/status.log
Re: openvpn nao pinga rede interna ! help
Anderson, Primeiramente não precisa dessa regra no firewall iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o tun0 -j MASQUERADE E no server.conf não vejo necessidade dessas linhas. route-up "route delete -net 10.32.1.0/24" route-up "route add -net 10.32.1.0/24 tun0"push " default-gateway 10.32.1.1" Depois disso mandar um netstat -rn para ver roteamento. Alex Paulo Laner aka rootsh On Mon, Mar 1, 2010 at 4:46 PM, Anderson Bertling < andersonbertl...@gmail.com> wrote: > ola alguem sabe o que pode estar acontecendo p nao pingar p dentro da rede > ? > > 2010/3/1 Anderson Bertling > >> Boa tarde ! >> >> estou com problemas para rodar uma openvpn, pelo que li ela esta uns 90% >> funcionando. mas nao consigo pingar nenhuma maquina da rede interna ! segue >> minha configuração para ajudar a entender p problema >> >> >> server.conf >> >> dev tun >> modeserver >> proto udp >> tls-server >> client-to-client >> dh keys/dh1024.pem >> ca keys/ca.crt >> certkeys/server.crt >> key keys/server.key >> duplicate-cn >> server 10.32.2.0 255.255.255.0 # IP range clients >> route-up "route delete -net 10.32.1.0/24" >> route-up "route add -net 10.32.1.0/24 tun0" >> push "route 10.32.1.0 255.255.255.0" # add route to protected network >> push "dhcp-option DNS 10.32.1.14" >> push "default-gateway 10.32.1.1" >> port 1194 >> user nobody >> group nogroup >> comp-lzo >> ping 60 >> ping-restart 45 >> ping-timer-rem >> persist-tun >> persist-key >> verb 6 >> log-append /var/log/openvpn/openvpn.log >> status /var/log/openvpn/status.log >> plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth >> #plugin /usr/lib/openvpn/openvpn-auth-pam.so common-password >> client-cert-not-required >> username-as-common-name >> >> firewall.sh >> >> #!/bin/bash >> echo 1 >> iptables -F >> iptables -F INPUT >> iptables -F OUTPUT >> echo nat >> iptables -F POSTROUTING -t nat >> iptables -F PREROUTING -t nat >> echo 1 > /proc/sys/net/ipv4/ip_forward >> iptables -P FORWARD ACCEPT >> iptables -A INPUT -i tun+ -j ACCEPT >> iptables -A FORWARD -i tun+ -j ACCEPT >> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE >> echo tun >> iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT >> iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT >> iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT >> iptables -A INPUT -p tcp --dport 1194 -j ACCEPT >> iptables -A INPUT -p udp --dport 1194 -j ACCEPT >> iptables -I INPUT -i tun+ -j ACCEPT >> iptables -I OUTPUT -o tun+ -j ACCEPT >> iptables -I FORWARD -i tun+ -j ACCEPT >> iptables -I FORWARD -o tun+ -j ACCEPT >> iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o eth0 -j MASQUERADE >> iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o tun0 -j MASQUERADE >> # >> Client.conf >> >> dev tun >> tls-client >> ca keys/ca.crt >> remote 123.123.123.126 >> port 1194 >> pull >> auth-user-pass >> comp-lzo >> ping 60 >> ping-restart 45 >> ping-timer-rem >> persist-tun >> persist-key >> verb 6 >> log-append /var/log/openvpn/openvpn.log >> status /var/log/openvpn/status.log >> >> possuo 2 interfaces de rede no servidor eth0 = 10.32.1.0 que é a rede >> real >> e a eth1= 123.123.123.0 por onde vai entrar a conexão. >> >> >> Att >> >> Anderson Bertling >> >> > > > -- > Att > > Anderson Bertling > >
Re: openvpn nao pinga rede interna ! help
ola alguem sabe o que pode estar acontecendo p nao pingar p dentro da rede ? 2010/3/1 Anderson Bertling > Boa tarde ! > estou com problemas para rodar uma openvpn, pelo que li ela esta uns 90% > funcionando. mas nao consigo pingar nenhuma maquina da rede interna ! segue > minha configuração para ajudar a entender p problema > > > server.conf > > dev tun > modeserver > proto udp > tls-server > client-to-client > dh keys/dh1024.pem > ca keys/ca.crt > certkeys/server.crt > key keys/server.key > duplicate-cn > server 10.32.2.0 255.255.255.0 # IP range clients > route-up "route delete -net 10.32.1.0/24" > route-up "route add -net 10.32.1.0/24 tun0" > push "route 10.32.1.0 255.255.255.0" # add route to protected network > push "dhcp-option DNS 10.32.1.14" > push "default-gateway 10.32.1.1" > port 1194 > user nobody > group nogroup > comp-lzo > ping 60 > ping-restart 45 > ping-timer-rem > persist-tun > persist-key > verb 6 > log-append /var/log/openvpn/openvpn.log > status /var/log/openvpn/status.log > plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth > #plugin /usr/lib/openvpn/openvpn-auth-pam.so common-password > client-cert-not-required > username-as-common-name > > firewall.sh > > #!/bin/bash > echo 1 > iptables -F > iptables -F INPUT > iptables -F OUTPUT > echo nat > iptables -F POSTROUTING -t nat > iptables -F PREROUTING -t nat > echo 1 > /proc/sys/net/ipv4/ip_forward > iptables -P FORWARD ACCEPT > iptables -A INPUT -i tun+ -j ACCEPT > iptables -A FORWARD -i tun+ -j ACCEPT > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > echo tun > iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT > iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT > iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT > iptables -A INPUT -p tcp --dport 1194 -j ACCEPT > iptables -A INPUT -p udp --dport 1194 -j ACCEPT > iptables -I INPUT -i tun+ -j ACCEPT > iptables -I OUTPUT -o tun+ -j ACCEPT > iptables -I FORWARD -i tun+ -j ACCEPT > iptables -I FORWARD -o tun+ -j ACCEPT > iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o eth0 -j MASQUERADE > iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o tun0 -j MASQUERADE > # > Client.conf > > dev tun > tls-client > ca keys/ca.crt > remote 123.123.123.126 > port 1194 > pull > auth-user-pass > comp-lzo > ping 60 > ping-restart 45 > ping-timer-rem > persist-tun > persist-key > verb 6 > log-append /var/log/openvpn/openvpn.log > status /var/log/openvpn/status.log > > possuo 2 interfaces de rede no servidor eth0 = 10.32.1.0 que é a rede real > > e a eth1= 123.123.123.0 por onde vai entrar a conexão. > > > Att > > Anderson Bertling > > -- Att Anderson Bertling
Re: openvpn nao pinga rede interna ! help
Já resolvi isso... dando um restart-kill , stop , depois START. E reiniciando o firewall. Pelo menos pra mim resolveu. att 2010/3/1 Anderson Bertling > Boa tarde ! > estou com problemas para rodar uma openvpn, pelo que li ela esta uns 90% > funcionando. mas nao consigo pingar nenhuma maquina da rede interna ! segue > minha configuração para ajudar a entender p problema > > > server.conf > > dev tun > modeserver > proto udp > tls-server > client-to-client > dh keys/dh1024.pem > ca keys/ca.crt > certkeys/server.crt > key keys/server.key > duplicate-cn > server 10.32.2.0 255.255.255.0 # IP range clients > route-up "route delete -net 10.32.1.0/24" > route-up "route add -net 10.32.1.0/24 tun0" > push "route 10.32.1.0 255.255.255.0" # add route to protected network > push "dhcp-option DNS 10.32.1.14" > push "default-gateway 10.32.1.1" > port 1194 > user nobody > group nogroup > comp-lzo > ping 60 > ping-restart 45 > ping-timer-rem > persist-tun > persist-key > verb 6 > log-append /var/log/openvpn/openvpn.log > status /var/log/openvpn/status.log > plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth > #plugin /usr/lib/openvpn/openvpn-auth-pam.so common-password > client-cert-not-required > username-as-common-name > > firewall.sh > > #!/bin/bash > echo 1 > iptables -F > iptables -F INPUT > iptables -F OUTPUT > echo nat > iptables -F POSTROUTING -t nat > iptables -F PREROUTING -t nat > echo 1 > /proc/sys/net/ipv4/ip_forward > iptables -P FORWARD ACCEPT > iptables -A INPUT -i tun+ -j ACCEPT > iptables -A FORWARD -i tun+ -j ACCEPT > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > echo tun > iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT > iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT > iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT > iptables -A INPUT -p tcp --dport 1194 -j ACCEPT > iptables -A INPUT -p udp --dport 1194 -j ACCEPT > iptables -I INPUT -i tun+ -j ACCEPT > iptables -I OUTPUT -o tun+ -j ACCEPT > iptables -I FORWARD -i tun+ -j ACCEPT > iptables -I FORWARD -o tun+ -j ACCEPT > iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o eth0 -j MASQUERADE > iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o tun0 -j MASQUERADE > # > Client.conf > > dev tun > tls-client > ca keys/ca.crt > remote 123.123.123.126 > port 1194 > pull > auth-user-pass > comp-lzo > ping 60 > ping-restart 45 > ping-timer-rem > persist-tun > persist-key > verb 6 > log-append /var/log/openvpn/openvpn.log > status /var/log/openvpn/status.log > > possuo 2 interfaces de rede no servidor eth0 = 10.32.1.0 que é a rede real > > e a eth1= 123.123.123.0 por onde vai entrar a conexão. > > > Att > > Anderson Bertling > > -- --- Att. Guilherme M. da Fonseca guimfons...@gmail.com Administrador de Redes - LINUX
openvpn nao pinga rede interna ! help
Boa tarde ! estou com problemas para rodar uma openvpn, pelo que li ela esta uns 90% funcionando. mas nao consigo pingar nenhuma maquina da rede interna ! segue minha configuração para ajudar a entender p problema server.conf dev tun modeserver proto udp tls-server client-to-client dh keys/dh1024.pem ca keys/ca.crt certkeys/server.crt key keys/server.key duplicate-cn server 10.32.2.0 255.255.255.0 # IP range clients route-up "route delete -net 10.32.1.0/24" route-up "route add -net 10.32.1.0/24 tun0" push "route 10.32.1.0 255.255.255.0" # add route to protected network push "dhcp-option DNS 10.32.1.14" push "default-gateway 10.32.1.1" port 1194 user nobody group nogroup comp-lzo ping 60 ping-restart 45 ping-timer-rem persist-tun persist-key verb 6 log-append /var/log/openvpn/openvpn.log status /var/log/openvpn/status.log plugin /usr/lib/openvpn/openvpn-auth-pam.so common-auth #plugin /usr/lib/openvpn/openvpn-auth-pam.so common-password client-cert-not-required username-as-common-name firewall.sh #!/bin/bash echo 1 iptables -F iptables -F INPUT iptables -F OUTPUT echo nat iptables -F POSTROUTING -t nat iptables -F PREROUTING -t nat echo 1 > /proc/sys/net/ipv4/ip_forward iptables -P FORWARD ACCEPT iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE echo tun iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT iptables -A INPUT -p tcp --dport 1194 -j ACCEPT iptables -A INPUT -p udp --dport 1194 -j ACCEPT iptables -I INPUT -i tun+ -j ACCEPT iptables -I OUTPUT -o tun+ -j ACCEPT iptables -I FORWARD -i tun+ -j ACCEPT iptables -I FORWARD -o tun+ -j ACCEPT iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o eth0 -j MASQUERADE iptables -A POSTROUTING -t nat -s 10.32.1.0/24 -o tun0 -j MASQUERADE # Client.conf dev tun tls-client ca keys/ca.crt remote 123.123.123.126 port 1194 pull auth-user-pass comp-lzo ping 60 ping-restart 45 ping-timer-rem persist-tun persist-key verb 6 log-append /var/log/openvpn/openvpn.log status /var/log/openvpn/status.log possuo 2 interfaces de rede no servidor eth0 = 10.32.1.0 que é a rede real e a eth1= 123.123.123.0 por onde vai entrar a conexão. Att Anderson Bertling