Alhamdulillah sekarang sudah bisa.. saya tambahkan rule di iptables sbb : /sbin/iptables -A INPUT -i tun0 -j ACCEPT /sbin/iptables -A FORWARD -i tun0 -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o tun0 -j ACCEPT /sbin/iptables -A FORWARD -i tun0 -o eth1 -j ACCEPT /sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT /sbin/iptables -A FORWARD -i tun0 -o tun0 -j ACCEPT
& menambahkan aturan push route pada server.conf di openvpnnya thanks guys for inspirationnya ----- Original Message ---- From: Nebula Andromedas <neoandrome...@yahoo.com> To: tanya-jawab@linux.or.id Sent: Thu, July 22, 2010 4:07:44 PM Subject: Re: [tanya-jawab] tanya tentang openvpn di linux kalo dari server vpnnya/gateway bisa ngeping ke klien vpn yg sdh koneksi ping 10.10.11.6 PING 10.10.11.6 (10.10.11.6) 56(84) bytes of data. 64 bytes from 10.10.11.6: icmp_seq=0 ttl=128 time=0.511 ms 64 bytes from 10.10.11.6: icmp_seq=1 ttl=128 time=0.485 ms 64 bytes from 10.10.11.6: icmp_seq=2 ttl=128 time=0.467 ms 64 bytes from 10.10.11.6: icmp_seq=3 ttl=128 time=0.467 ms kalo dari jaringan lokal yg berada dibelakang server gateway saya tidak bisa ping ke 10.10.11.6 (rto) tapi kalo ke 10.10.11.1 itu reply andromedas ----- Original Message ---- From: Nebula Andromedas <neoandrome...@yahoo.com> To: tanya-jawab@linux.or.id Sent: Thu, July 22, 2010 3:15:49 PM Subject: Re: [tanya-jawab] tanya tentang openvpn di linux ----- Original Message ---- From: "boby.her...@gmail.com" <boby.her...@gmail.com> To: tanya-jawab@linux.or.id Sent: Thu, July 22, 2010 3:01:42 PM Subject: Re: [tanya-jawab] tanya tentang openvpn di linux Firewall di XP sdh dmatikan? sudah pak, posisi OFF firewall xpnya Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...! -----Original Message----- From: Nebula Andromedas <neoandrome...@yahoo.com> Date: Thu, 22 Jul 2010 00:58:23 To: <tanya-jawab@linux.or.id> Reply-To: tanya-jawab@linux.or.id Subject: [tanya-jawab] tanya tentang openvpn di linux halo linuxer... saya ikutin cara membuat server vpn di : opensource.telkomspeedy.com saya ada kesulitan openvpn di linux saya nih, klien (windows xp) sudah bisa koneksi ke vpn server (dapet ip 10.10.11.6), tapi kok klien tidak bisa ngeping (request time out) ke ip si server vpnnya ya (saya ping ke 10.10.11.1) apakah di setting firewall saya ada yang musti ditambahkan? server vpn itu menyatu juga sebagai perangkat gateway dijaringan lokal saya menggunakan nat kalo dijaringan lokal saya bisa ping ke 10.10.11.1 tolong bantuannya linuxer, saya lampirkan setting di vpn svrnya dan firewall saya local 222.124.12.212 port 1194 proto udp dev tun ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server 10.10.11.0 255.255.255.0 ifconfig-pool-persist ipp.txt client-to-client keepalive 10 120 max-clients 250 user root group root persist-key persist-tun log-append openvpn.log. verb 4 mute 20 /sbin/inconfig tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.10.11.1 P-t-P:10.10.11.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:300 (300.0 b) TX bytes:1253 (1.2 KiB) /sbin/route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.10.11.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 232.124.12.208 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.10.11.0 10.10.11.2 255.255.255.0 UG 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 222.124.12.209 0.0.0.0 UG 0 0 0 eth ===========berikut ini settingan rc.firewall di gateway saya=========== #!/bin/sh #scripts by quicktables 1.0 if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; fi if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 > /proc/sys/net/ipv4/ip_forward; fi # flush any existing chains and set default policies /sbin/iptables -F INPUT /sbin/iptables -F OUTPUT /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT ACCEPT # setup nat if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 > /proc/sys/net/ipv4/ip_forward; fi /sbin/iptables -F FORWARD /sbin/iptables -F -t nat /sbin/iptables -P FORWARD DROP /sbin/iptables -A FORWARD -i eth1 -j ACCEPT /sbin/iptables -A INPUT -i eth1 -j ACCEPT /sbin/iptables -A OUTPUT -o eth1 -j ACCEPT /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE # allow all packets on the loopback interface /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A OUTPUT -o lo -j ACCEPT # allow established and related packets back in /sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # icmp /sbin/iptables -A OUTPUT -p icmp -m state --state NEW -j ACCEPT /sbin/iptables -A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -i eth0 -j ACCEP # open ports to the firewall /sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT #transparent proxy /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.0.0/24 --dport 80 -j DNAT --to 192.168.0.1:8090 # drop all other packets /sbin/iptables -A INPUT -i eth0 -p tcp --dport 0:65535 -j DROP /sbin/iptables -A INPUT -i eth0 -p udp --dport 0:65535 -j DROP salam andromedas -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis