sudah bisa
[EMAIL PROTECTED] openvpn]# echo 1 > /proc/sys/net/ipv4/ip_forward
[EMAIL PROTECTED] openvpn]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o
eth1 -j MASQUERADE
setijo agus wrote:
saya mencoba openvpn dengan konfigurasi sbb :
PC1:eth0 (202.43.252.2)--------PC2 (eth0)
202.43.252.1-eth1(172.20.141.110/16)-------PC3(172.20.140.31/16)
permasalahannya mengapa PC1 tidak dapat menghubungi PC3, sedangkan
ping ke PC2 (eth1) sudah dapat.
bagaimana caranya agar PC1 dapat menghubungi PC3 ?
salam,
setijo agus
yang telah saya lakukan
1. konfigurasi openvpn server
port 1194
proto tcp
dev tun
ca ca.crt
cert isc.crt
key isc.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.20.0.0 255.255.0.0"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
2. PC2 : openvpn server dan dapat ping ke PC3 dan PC1
[EMAIL PROTECTED] openvpn]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:4D:48:A9:FA
inet addr:202.43.252.1 Bcast:202.43.255.255 Mask:255.255.0.0
inet6 addr: fe80::2e0:4dff:fe48:a9fa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3730 errors:0 dropped:0 overruns:0 frame:0
TX packets:4412 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:514138 (502.0 KiB) TX bytes:403443 (393.9 KiB)
Interrupt:9 Base address:0xd800
eth1 Link encap:Ethernet HWaddr 00:E0:4C:B2:29:6E
inet addr:172.20.141.110 Bcast:172.20.255.255 Mask:255.255.0.0
inet6 addr: fe80::2e0:4cff:feb2:296e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47287 errors:0 dropped:0 overruns:0 frame:0
TX packets:4257 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5175098 (4.9 MiB) TX bytes:619332 (604.8 KiB)
Interrupt:11 Base address:0xd400
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:280 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:20304 (19.8 KiB) TX bytes:4124 (4.0 KiB)
[EMAIL PROTECTED] openvpn]# ping 172.20.140.31
PING 172.20.140.31 (172.20.140.31) 56(84) bytes of data.
64 bytes from 172.20.140.31: icmp_seq=0 ttl=64 time=1.18 ms
64 bytes from 172.20.140.31: icmp_seq=1 ttl=64 time=0.230 ms
64 bytes from 172.20.140.31: icmp_seq=2 ttl=64 time=0.221 ms
--- 172.20.140.31 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.221/0.544/1.183/0.452 ms, pipe 2
[EMAIL PROTECTED] openvpn]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
3. konfigurasi openvpn client
client
dev tun
proto tcp
remote 202.43.252.1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert myclient1.crt
key myclient1.key
comp-lzo
verb 3
4. PC1 : openvpn client dan dapat ping ke PC2 tetapi tidak dapat ping
ke PC3
[EMAIL PROTECTED] openvpn]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1A:4D:F9:DC:CA
inet addr:202.43.252.2 Bcast:202.43.255.255 Mask:255.255.0.0
inet6 addr: fe80::21a:4dff:fef9:dcca/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4318 errors:0 dropped:0 overruns:0 frame:0
TX packets:3693 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:395745 (386.4 KiB) TX bytes:509367 (497.4 KiB)
Interrupt:177 Base address:0xe000
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:41 errors:0 dropped:0 overruns:0 frame:0
TX packets:280 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4040 (3.9 KiB) TX bytes:20304 (19.8 KiB)
[EMAIL PROTECTED] openvpn]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0
0 tun0
10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0
0 tun0
202.43.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth0
172.20.0.0 10.8.0.5 255.255.0.0 UG 0 0
0 tun0
[EMAIL PROTECTED] openvpn]# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=0 ttl=64 time=0.159 ms
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=0.111 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=0.089 ms
--- 10.8.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.089/0.119/0.159/0.031 ms, pipe 2
[EMAIL PROTECTED] openvpn]# ping 172.20.141.110
PING 172.20.141.110 (172.20.141.110) 56(84) bytes of data.
64 bytes from 172.20.141.110: icmp_seq=0 ttl=64 time=0.160 ms
64 bytes from 172.20.141.110: icmp_seq=1 ttl=64 time=0.095 ms
--- 172.20.141.110 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.095/0.127/0.160/0.034 ms, pipe 2
[EMAIL PROTECTED] openvpn]# traceroute 172.20.140.31
traceroute to 172.20.140.31 (172.20.140.31), 30 hops max, 40 byte packets
1 (10.8.0.1) 1.085 ms 3.691 ms 3.939 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 *
[EMAIL PROTECTED] openvpn]# ping 172.20.140.31
PING 172.20.140.31 (172.20.140.31) 56(84) bytes of data.
--- 172.20.140.31 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [EMAIL PROTECTED]
Arsip dan info milis selengkapnya di http://linux.or.id/milis
