Re: [tanya-jawab] openvpn II
waduh ... kok dianggap "curang" ya ?, dan saya nggak merasa "curang" informasi yang saya berikan, ada yang gagal prosesnya lho ini saya kutip e-mail sebelumnya "permasalahannya mengapa PC1 tidak dapat menghubungi PC3, sedangkan ping ke PC2 (eth1) sudah dapat" memang aku-nya nggak ngerti kenapa firewall-nya ngeblock ?. benar- benar nggak ngerti. dan tuduhan anda sangat - sangat tidak benar . salam setijo agus Reza Iskandar Achmad wrote: Halah.. curang... informasi yg dikasih byk bgt.. dan yg bener semua.. /proc nya ga dikasih pdhl yg salah... dasar curang.. ~Reza Iskandar Achmad~ http://blog.chipset.or.id -Original Message- From: setijo agus [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2008 3:01 AM To: tanya-jawab@linux.or.id Subject: Re: [tanya-jawab] openvpn II sudah bisa [EMAIL PROTECTED] openvpn]# echo 1 > /proc/sys/net/ipv4/ip_forward [EMAIL PROTECTED] openvpn]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE setijo agus wrote: saya mencoba openvpn dengan konfigurasi sbb : PC1:eth0 (202.43.252.2)PC2 (eth0) 202.43.252.1-eth1(172.20.141.110/16)---PC3(172.20.140.31/16) permasalahannya mengapa PC1 tidak dapat menghubungi PC3, sedangkan ping ke PC2 (eth1) sudah dapat. bagaimana caranya agar PC1 dapat menghubungi PC3 ? salam, setijo agus yang telah saya lakukan 1. konfigurasi openvpn server port 1194 proto tcp dev tun ca ca.crt cert isc.crt key isc.key dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 172.20.0.0 255.255.0.0" client-to-client keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log verb 3 2. PC2 : openvpn server dan dapat ping ke PC3 dan PC1 [EMAIL PROTECTED] openvpn]# ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:4D:48:A9:FA inet addr:202.43.252.1 Bcast:202.43.255.255 Mask:255.255.0.0 inet6 addr: fe80::2e0:4dff:fe48:a9fa/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3730 errors:0 dropped:0 overruns:0 frame:0 TX packets:4412 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:514138 (502.0 KiB) TX bytes:403443 (393.9 KiB) Interrupt:9 Base address:0xd800 eth1 Link encap:Ethernet HWaddr 00:E0:4C:B2:29:6E inet addr:172.20.141.110 Bcast:172.20.255.255 Mask:255.255.0.0 inet6 addr: fe80::2e0:4cff:feb2:296e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:47287 errors:0 dropped:0 overruns:0 frame:0 TX packets:4257 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5175098 (4.9 MiB) TX bytes:619332 (604.8 KiB) Interrupt:11 Base address:0xd400 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:280 errors:0 dropped:0 overruns:0 frame:0 TX packets:42 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:20304 (19.8 KiB) TX bytes:4124 (4.0 KiB) [EMAIL PROTECTED] openvpn]# ping 172.20.140.31 PING 172.20.140.31 (172.20.140.31) 56(84) bytes of data. 64 bytes from 172.20.140.31: icmp_seq=0 ttl=64 time=1.18 ms 64 bytes from 172.20.140.31: icmp_seq=1 ttl=64 time=0.230 ms 64 bytes from 172.20.140.31: icmp_seq=2 ttl=64 time=0.221 ms --- 172.20.140.31 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.221/0.544/1.183/0.452 ms, pipe 2 [EMAIL PROTECTED] openvpn]# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination 3. konfigurasi openvpn client client dev tun proto tcp remote 202.43.252.1 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert myclient1.crt key myclient1.key comp-lzo verb 3 4. PC1 : openvpn client dan dapat ping ke PC2 tetapi tidak dapat ping ke PC3 [EMAIL PROTECTED] openvpn]# ifconfig eth0 Link encap:Ethernet HWaddr 00:1A:4D:F9:DC:CA inet addr:202.43.252.2 Bcast:202.43.255.255 Mask:255.255.0.0 inet6 addr: fe80::21a:4dff:fef9:dcca/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4318 errors:0 dropped:0 overruns:0 frame:0 TX packets:3693 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:395745 (386.4 KiB) TX bytes:509367 (497.4 KiB) Interrupt:177 Base address:0xe000 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-0
RE: [tanya-jawab] openvpn II
Halah.. curang... informasi yg dikasih byk bgt.. dan yg bener semua.. /proc nya ga dikasih pdhl yg salah... dasar curang.. ~Reza Iskandar Achmad~ http://blog.chipset.or.id -Original Message- From: setijo agus [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2008 3:01 AM To: tanya-jawab@linux.or.id Subject: Re: [tanya-jawab] openvpn II sudah bisa [EMAIL PROTECTED] openvpn]# echo 1 > /proc/sys/net/ipv4/ip_forward [EMAIL PROTECTED] openvpn]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE setijo agus wrote: > saya mencoba openvpn dengan konfigurasi sbb : > PC1:eth0 (202.43.252.2)PC2 (eth0) > 202.43.252.1-eth1(172.20.141.110/16)---PC3(172.20.140.31/16) > permasalahannya mengapa PC1 tidak dapat menghubungi PC3, sedangkan > ping ke PC2 (eth1) sudah dapat. > bagaimana caranya agar PC1 dapat menghubungi PC3 ? > > salam, > setijo agus > > > yang telah saya lakukan > 1. konfigurasi openvpn server > port 1194 > proto tcp > dev tun > ca ca.crt > cert isc.crt > key isc.key > dh dh1024.pem > > server 10.8.0.0 255.255.255.0 > ifconfig-pool-persist ipp.txt > push "route 172.20.0.0 255.255.0.0" > > client-to-client > keepalive 10 120 > comp-lzo > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > verb 3 > > 2. PC2 : openvpn server dan dapat ping ke PC3 dan PC1 > [EMAIL PROTECTED] openvpn]# ifconfig > eth0 Link encap:Ethernet HWaddr 00:E0:4D:48:A9:FA > inet addr:202.43.252.1 Bcast:202.43.255.255 Mask:255.255.0.0 > inet6 addr: fe80::2e0:4dff:fe48:a9fa/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:3730 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4412 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:514138 (502.0 KiB) TX bytes:403443 (393.9 KiB) > Interrupt:9 Base address:0xd800 > > eth1 Link encap:Ethernet HWaddr 00:E0:4C:B2:29:6E > inet addr:172.20.141.110 Bcast:172.20.255.255 Mask:255.255.0.0 > inet6 addr: fe80::2e0:4cff:feb2:296e/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:47287 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4257 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:5175098 (4.9 MiB) TX bytes:619332 (604.8 KiB) > Interrupt:11 Base address:0xd400 > > tun0 Link encap:UNSPEC HWaddr > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:280 errors:0 dropped:0 overruns:0 frame:0 > TX packets:42 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:20304 (19.8 KiB) TX bytes:4124 (4.0 KiB) > > [EMAIL PROTECTED] openvpn]# ping 172.20.140.31 > PING 172.20.140.31 (172.20.140.31) 56(84) bytes of data. > 64 bytes from 172.20.140.31: icmp_seq=0 ttl=64 time=1.18 ms > 64 bytes from 172.20.140.31: icmp_seq=1 ttl=64 time=0.230 ms > 64 bytes from 172.20.140.31: icmp_seq=2 ttl=64 time=0.221 ms > > --- 172.20.140.31 ping statistics --- > 3 packets transmitted, 3 received, 0% packet loss, time 2000ms > rtt min/avg/max/mdev = 0.221/0.544/1.183/0.452 ms, pipe 2 > > [EMAIL PROTECTED] openvpn]# iptables -L -t nat > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > 3. konfigurasi openvpn client > client > dev tun > proto tcp > remote 202.43.252.1 1194 > resolv-retry infinite > nobind > persist-key > persist-tun > ca ca.crt > cert myclient1.crt > key myclient1.key > comp-lzo > verb 3 > > 4. PC1 : openvpn client dan dapat ping ke PC2 tetapi tidak dapat ping > ke PC3 > [EMAIL PROTECTED] openvpn]# ifconfig > eth0 Link encap:Ethernet HWaddr 00:1A:4D:F9:DC:CA > inet addr:202.43.252.2 Bcast:202.43.255.255 Mask:255.255.0.0 > inet6 addr: fe80::21a:4dff:fef9:dcca/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:4318 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3693 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:395745 (386.4 KiB) TX bytes:509367 (497.4 KiB) > Interrupt:177 Base address:0xe000 > tun0 Link encap:U
Re: [tanya-jawab] openvpn II
sudah bisa [EMAIL PROTECTED] openvpn]# echo 1 > /proc/sys/net/ipv4/ip_forward [EMAIL PROTECTED] openvpn]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE setijo agus wrote: saya mencoba openvpn dengan konfigurasi sbb : PC1:eth0 (202.43.252.2)PC2 (eth0) 202.43.252.1-eth1(172.20.141.110/16)---PC3(172.20.140.31/16) permasalahannya mengapa PC1 tidak dapat menghubungi PC3, sedangkan ping ke PC2 (eth1) sudah dapat. bagaimana caranya agar PC1 dapat menghubungi PC3 ? salam, setijo agus yang telah saya lakukan 1. konfigurasi openvpn server port 1194 proto tcp dev tun ca ca.crt cert isc.crt key isc.key dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 172.20.0.0 255.255.0.0" client-to-client keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log verb 3 2. PC2 : openvpn server dan dapat ping ke PC3 dan PC1 [EMAIL PROTECTED] openvpn]# ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:4D:48:A9:FA inet addr:202.43.252.1 Bcast:202.43.255.255 Mask:255.255.0.0 inet6 addr: fe80::2e0:4dff:fe48:a9fa/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3730 errors:0 dropped:0 overruns:0 frame:0 TX packets:4412 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:514138 (502.0 KiB) TX bytes:403443 (393.9 KiB) Interrupt:9 Base address:0xd800 eth1 Link encap:Ethernet HWaddr 00:E0:4C:B2:29:6E inet addr:172.20.141.110 Bcast:172.20.255.255 Mask:255.255.0.0 inet6 addr: fe80::2e0:4cff:feb2:296e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:47287 errors:0 dropped:0 overruns:0 frame:0 TX packets:4257 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5175098 (4.9 MiB) TX bytes:619332 (604.8 KiB) Interrupt:11 Base address:0xd400 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:280 errors:0 dropped:0 overruns:0 frame:0 TX packets:42 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:20304 (19.8 KiB) TX bytes:4124 (4.0 KiB) [EMAIL PROTECTED] openvpn]# ping 172.20.140.31 PING 172.20.140.31 (172.20.140.31) 56(84) bytes of data. 64 bytes from 172.20.140.31: icmp_seq=0 ttl=64 time=1.18 ms 64 bytes from 172.20.140.31: icmp_seq=1 ttl=64 time=0.230 ms 64 bytes from 172.20.140.31: icmp_seq=2 ttl=64 time=0.221 ms --- 172.20.140.31 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.221/0.544/1.183/0.452 ms, pipe 2 [EMAIL PROTECTED] openvpn]# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination 3. konfigurasi openvpn client client dev tun proto tcp remote 202.43.252.1 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert myclient1.crt key myclient1.key comp-lzo verb 3 4. PC1 : openvpn client dan dapat ping ke PC2 tetapi tidak dapat ping ke PC3 [EMAIL PROTECTED] openvpn]# ifconfig eth0 Link encap:Ethernet HWaddr 00:1A:4D:F9:DC:CA inet addr:202.43.252.2 Bcast:202.43.255.255 Mask:255.255.0.0 inet6 addr: fe80::21a:4dff:fef9:dcca/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4318 errors:0 dropped:0 overruns:0 frame:0 TX packets:3693 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:395745 (386.4 KiB) TX bytes:509367 (497.4 KiB) Interrupt:177 Base address:0xe000 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:41 errors:0 dropped:0 overruns:0 frame:0 TX packets:280 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:4040 (3.9 KiB) TX bytes:20304 (19.8 KiB) [EMAIL PROTECTED] openvpn]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.8.0.50.0.0.0 255.255.255.255 UH0 0 0 tun0 10.8.0.010.8.0.5255.255.255.0 UG0 0 0 tun0 202.43.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 172.20.0.0 10.8.0.5255.255.0.0 UG
