----- Original Message ----
From: "boby.her...@gmail.com" <boby.her...@gmail.com>
To: tanya-jawab@linux.or.id
Sent: Thu, July 22, 2010 3:01:42 PM
Subject: Re: [tanya-jawab] tanya tentang openvpn di linux
Firewall di XP sdh dmatikan?
sudah pak, posisi OFF firewall xpnya
Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...!
-----Original Message-----
From: Nebula Andromedas <neoandrome...@yahoo.com>
Date: Thu, 22 Jul 2010 00:58:23
To: <tanya-jawab@linux.or.id>
Reply-To: tanya-jawab@linux.or.id
Subject: [tanya-jawab] tanya tentang openvpn di linux
halo linuxer...
saya ikutin cara membuat server vpn di : opensource.telkomspeedy.com
saya ada kesulitan openvpn di linux saya nih, klien (windows xp) sudah bisa
koneksi ke vpn server (dapet ip 10.10.11.6), tapi kok klien tidak bisa ngeping
(request time out) ke ip si server vpnnya ya (saya ping ke 10.10.11.1) apakah
di
setting firewall saya ada yang musti ditambahkan?
server vpn itu menyatu juga sebagai perangkat gateway dijaringan lokal saya
menggunakan nat
kalo dijaringan lokal saya bisa ping ke 10.10.11.1
tolong bantuannya linuxer, saya lampirkan setting di vpn svrnya dan firewall
saya
local 222.124.12.212
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
server 10.10.11.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
max-clients 250
user root
group root
persist-key
persist-tun
log-append openvpn.log.
verb 4
mute 20
/sbin/inconfig
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.10.11.1 P-t-P:10.10.11.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:300 (300.0 b) TX bytes:1253 (1.2 KiB)
/sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.11.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
232.124.12.208 0.0.0.0 255.255.255.240 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.10.11.0 10.10.11.2 255.255.255.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 222.124.12.209 0.0.0.0 UG 0 0 0 eth
===========berikut ini settingan rc.firewall di gateway saya===========
#!/bin/sh
#scripts by quicktables 1.0
if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 >
/proc/sys/net/ipv4/tcp_syncookies; fi
if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 >
/proc/sys/net/ipv4/ip_forward; fi
# flush any existing chains and set default policies
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
# setup nat
if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 >
/proc/sys/net/ipv4/ip_forward; fi
/sbin/iptables -F FORWARD
/sbin/iptables -F -t nat
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -i eth1 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth1 -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
# allow all packets on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# allow established and related packets back in
/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# icmp
/sbin/iptables -A OUTPUT -p icmp -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s
-i
eth0 -j ACCEP
# open ports to the firewall
/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
#transparent proxy
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.0.0/24 --dport 80
-j DNAT --to 192.168.0.1:8090
# drop all other packets
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 0:65535 -j DROP
/sbin/iptables -A INPUT -i eth0 -p udp --dport 0:65535 -j DROP
salam
andromedas
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis