JackLayne
27-08-2015, 09:51
Salve a tutti,
ho un problema con la configurazione della mia rete
Io ho questa situazione qua:
Rete A: 192.168.1.0
Router A: 192.168.1.254
Rete B: 192.168.2.0
Router B: 192.168.2.253
Il Router A è quello che è connesso ad internet, mentre il router B è connesso al router tramite la porta WAN Ethernt del router.
Per il router A il router B corrisponde al 192.168.1.13
Ho necessità di configurare nel router B una VPN, usando OpenVPN, e che tutto il traffico del router B ( ethernet e WI-FI ) passi dalla VPN e non dal router A.
Ho già configurato la VPN ed entrato in SSH nel router B e facendo un traceroute e un check ip, il router funziona correttamente con la VPN. La cosa strana è che tutto ciò che è conesso al router venga re-indirizzato al router A e n on passi per la VPN.
Vi allego config e log:
OPENVPN config
client
dev tun
proto udp
remote lin-c04.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca /config/xxx/amod/openvpn/ca.crt
tls-remote lin-c04.ipvanish.com
auth-user-pass /config/xxx/amod/openvpn/auth.conf
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA
OpenVPN log
openvpn --config /config/xxx/amod/openvpn/openvpn_client.conf
Thu Aug 27 09:21:17 2015 DEPRECATED OPTION: --tls-remote, please update your configuration
Thu Aug 27 09:21:17 2015 OpenVPN 2.3.7 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 24 2015
Thu Aug 27 09:21:17 2015 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09
Thu Aug 27 09:21:17 2015 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
Thu Aug 27 09:21:17 2015 Deprecated TLS cipher name 'DHE-DSS-AES256-SHA', please use IANA name 'TLS-DHE-DSS-WITH-AES-256-CBC-SHA'
Thu Aug 27 09:21:17 2015 Deprecated TLS cipher name 'AES256-SHA', please use IANA name 'TLS-RSA-WITH-AES-256-CBC-SHA'
Thu Aug 27 09:21:17 2015 Socket Buffers: R=[122880->131072] S=[122880->131072]
Thu Aug 27 09:21:17 2015 UDPv4 link local: [undef]
Thu Aug 27 09:21:17 2015 UDPv4 link remote: [AF_INET]94.198.97.10:443
Thu Aug 27 09:21:17 2015 TLS: Initial packet from [AF_INET]94.198.97.10:443, sid=66e4e4fb 3f10728c
Thu Aug 27 09:21:17 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Aug 27 09:21:17 2015 VERIFY OK: depth=1, /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
Thu Aug 27 09:21:17 2015 VERIFY X509NAME OK: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=lin-c04.ipvanish.com/emailAddress=support@ipvanish.com
Thu Aug 27 09:21:17 2015 VERIFY OK: depth=0, /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=lin-c04.ipvanish.com/emailAddress=support@ipvanish.com
Thu Aug 27 09:21:19 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Aug 27 09:21:19 2015 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Aug 27 09:21:19 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Aug 27 09:21:19 2015 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Aug 27 09:21:19 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Aug 27 09:21:19 2015 [lin-c04.ipvanish.com] Peer Connection Initiated with [AF_INET]94.198.97.10:443
Thu Aug 27 09:21:21 2015 SENT CONTROL [lin-c04.ipvanish.com]: 'PUSH_REQUEST' (status=1)
Thu Aug 27 09:21:21 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.20.32.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.20.34.242 255.255.252.0'
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: explicit notify parm(s) modified
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Thu Aug 27 09:21:21 2015 Socket Buffers: R=[131072->245760] S=[131072->131072]
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: route options modified
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: route-related options modified
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 27 09:21:21 2015 TUN/TAP device tun0 opened
Thu Aug 27 09:21:21 2015 TUN/TAP TX queue length set to 100
Thu Aug 27 09:21:21 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Aug 27 09:21:21 2015 /bin/ip link set dev tun0 up mtu 1500
Thu Aug 27 09:21:21 2015 /bin/ip addr add dev tun0 172.20.34.242/22 broadcast 172.20.35.255
Thu Aug 27 09:21:22 2015 /bin/ip route add 94.198.97.10/32 via 192.168.1.254
Thu Aug 27 09:21:22 2015 /bin/ip route add 0.0.0.0/1 via 172.20.32.1
Thu Aug 27 09:21:22 2015 /bin/ip route add 128.0.0.0/1 via 172.20.32.1
Thu Aug 27 09:21:22 2015 Initialization Sequence Completed
ip route del router B
94.198.97.10 via 192.168.1.254 dev eth4
192.168.2.0/24 dev group1 proto kernel scope link src 192.168.2.253
192.168.1.0/24 dev eth4 proto kernel scope link src 192.168.1.13
172.20.32.0/22 dev tun0 proto kernel scope link src 172.20.34.242
239.0.0.0/8 dev group1 scope link
127.0.0.0/8 dev lo scope link
0.0.0.0/1 via 172.20.32.1 dev tun0
128.0.0.0/1 via 172.20.32.1 dev tun0
default via 192.168.1.254 dev eth4
netstat -nr del router B
94.198.97.10 192.168.1.254 255.255.255.255 UGH 0 0 0 eth4
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 group1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4
172.20.32.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0
239.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 group1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 172.20.32.1 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 172.20.32.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth4
traceroute effettuato in ssh dal router B
traceroute to google.it (173.194.40.143), 30 hops max, 38 byte packets
1 172.20.32.1 (172.20.32.1) 56.821 ms 57.138 ms 64.915 ms
2 95.141.37.1 (95.141.37.1) 72.550 ms 57.018 ms 58.854 ms
3 95.141.47.254 (95.141.47.254) 75.322 ms 57.733 ms 59.106 ms
4 google.mix-it.net (217.29.66.96) 66.882 ms 57.846 ms 59.337 ms
5 209.85.249.54 (209.85.249.54) 65.641 ms 58.608 ms 216.239.47.128 (216.239.47.128) 59.467 ms
6 209.85.253.9 (209.85.253.9) 64.777 ms 209.85.253.11 (209.85.253.11) 74.073 ms 64.239 ms
7 209.85.142.249 (209.85.142.249) 74.629 ms 209.85.143.219 (209.85.143.219) 83.182 ms 209.85.142.249 (209.85.142.249) 75.904 ms
8 209.85.245.80 (209.85.245.80) 77.139 ms 74.954 ms 78.684 ms
9 209.85.243.47 (209.85.243.47) 76.669 ms 76.239 ms 75.757 ms
10 par10s10-in-f15.1e100.net (173.194.40.143) 83.902 ms 75.904 ms 79.657 ms
invece da un dispositivo nella rete B collegato al router B, ho questo:
1 192.168.2.253 (192.168.2.253) 2.436 ms 8.045 ms 1.884 ms
2 192.168.1.254 (192.168.1.254) 2.469 ms 15.007 ms 1.732 ms
3 82.230.29.254 (82.230.29.254) 23.728 ms 28.420 ms 23.826 ms
4 montpellier-6k-1-a5.routers.proxad.net (213.228.12.62) 25.944 ms 37.071 ms 34.704 ms
5 montpellier-crs8-1-be2100.intf.routers.proxad.net (78.254.249.30) 33.926 ms 38.213 ms 35.982 ms
6 p11-cr16-1-be1103.intf.routers.proxad.net (194.149.160.21) 47.050 ms 47.324 ms 58.332 ms
7 cbv-9k-1-be1001.intf.routers.proxad.net (194.149.161.14) 44.040 ms 52.422 ms 52.980 ms
8 72.14.211.26 (72.14.211.26) 52.615 ms 58.753 ms 51.571 ms
9 72.14.239.145 (72.14.239.145) 52.409 ms 50.430 ms 53.787 ms
10 72.14.233.83 (72.14.233.83) 52.349 ms 51.231 ms 51.725 ms
11 par03s15-in-f99.1e100.net (216.58.211.99) 52.618 ms 52.439 ms 53.201 ms
facendo anche un check ip ( sul router tramite CLI ), nel router esco con l'IP della VPN, ma dal client collegato allo stesso router esco con l'IP del provider..
cosa mi manca?
Grazie in anticipo a tutti quanti
JL
ho un problema con la configurazione della mia rete
Io ho questa situazione qua:
Rete A: 192.168.1.0
Router A: 192.168.1.254
Rete B: 192.168.2.0
Router B: 192.168.2.253
Il Router A è quello che è connesso ad internet, mentre il router B è connesso al router tramite la porta WAN Ethernt del router.
Per il router A il router B corrisponde al 192.168.1.13
Ho necessità di configurare nel router B una VPN, usando OpenVPN, e che tutto il traffico del router B ( ethernet e WI-FI ) passi dalla VPN e non dal router A.
Ho già configurato la VPN ed entrato in SSH nel router B e facendo un traceroute e un check ip, il router funziona correttamente con la VPN. La cosa strana è che tutto ciò che è conesso al router venga re-indirizzato al router A e n on passi per la VPN.
Vi allego config e log:
OPENVPN config
client
dev tun
proto udp
remote lin-c04.ipvanish.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca /config/xxx/amod/openvpn/ca.crt
tls-remote lin-c04.ipvanish.com
auth-user-pass /config/xxx/amod/openvpn/auth.conf
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA
OpenVPN log
openvpn --config /config/xxx/amod/openvpn/openvpn_client.conf
Thu Aug 27 09:21:17 2015 DEPRECATED OPTION: --tls-remote, please update your configuration
Thu Aug 27 09:21:17 2015 OpenVPN 2.3.7 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 24 2015
Thu Aug 27 09:21:17 2015 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09
Thu Aug 27 09:21:17 2015 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
Thu Aug 27 09:21:17 2015 Deprecated TLS cipher name 'DHE-DSS-AES256-SHA', please use IANA name 'TLS-DHE-DSS-WITH-AES-256-CBC-SHA'
Thu Aug 27 09:21:17 2015 Deprecated TLS cipher name 'AES256-SHA', please use IANA name 'TLS-RSA-WITH-AES-256-CBC-SHA'
Thu Aug 27 09:21:17 2015 Socket Buffers: R=[122880->131072] S=[122880->131072]
Thu Aug 27 09:21:17 2015 UDPv4 link local: [undef]
Thu Aug 27 09:21:17 2015 UDPv4 link remote: [AF_INET]94.198.97.10:443
Thu Aug 27 09:21:17 2015 TLS: Initial packet from [AF_INET]94.198.97.10:443, sid=66e4e4fb 3f10728c
Thu Aug 27 09:21:17 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Aug 27 09:21:17 2015 VERIFY OK: depth=1, /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=IPVanish_CA/emailAddress=support@ipvanish.com
Thu Aug 27 09:21:17 2015 VERIFY X509NAME OK: /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=lin-c04.ipvanish.com/emailAddress=support@ipvanish.com
Thu Aug 27 09:21:17 2015 VERIFY OK: depth=0, /C=US/ST=FL/L=Winter_Park/O=IPVanish/OU=IPVanish_VPN/CN=lin-c04.ipvanish.com/emailAddress=support@ipvanish.com
Thu Aug 27 09:21:19 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Aug 27 09:21:19 2015 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Aug 27 09:21:19 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Aug 27 09:21:19 2015 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Aug 27 09:21:19 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Aug 27 09:21:19 2015 [lin-c04.ipvanish.com] Peer Connection Initiated with [AF_INET]94.198.97.10:443
Thu Aug 27 09:21:21 2015 SENT CONTROL [lin-c04.ipvanish.com]: 'PUSH_REQUEST' (status=1)
Thu Aug 27 09:21:21 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.20.32.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.20.34.242 255.255.252.0'
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: explicit notify parm(s) modified
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Thu Aug 27 09:21:21 2015 Socket Buffers: R=[131072->245760] S=[131072->131072]
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: route options modified
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: route-related options modified
Thu Aug 27 09:21:21 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 27 09:21:21 2015 TUN/TAP device tun0 opened
Thu Aug 27 09:21:21 2015 TUN/TAP TX queue length set to 100
Thu Aug 27 09:21:21 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Aug 27 09:21:21 2015 /bin/ip link set dev tun0 up mtu 1500
Thu Aug 27 09:21:21 2015 /bin/ip addr add dev tun0 172.20.34.242/22 broadcast 172.20.35.255
Thu Aug 27 09:21:22 2015 /bin/ip route add 94.198.97.10/32 via 192.168.1.254
Thu Aug 27 09:21:22 2015 /bin/ip route add 0.0.0.0/1 via 172.20.32.1
Thu Aug 27 09:21:22 2015 /bin/ip route add 128.0.0.0/1 via 172.20.32.1
Thu Aug 27 09:21:22 2015 Initialization Sequence Completed
ip route del router B
94.198.97.10 via 192.168.1.254 dev eth4
192.168.2.0/24 dev group1 proto kernel scope link src 192.168.2.253
192.168.1.0/24 dev eth4 proto kernel scope link src 192.168.1.13
172.20.32.0/22 dev tun0 proto kernel scope link src 172.20.34.242
239.0.0.0/8 dev group1 scope link
127.0.0.0/8 dev lo scope link
0.0.0.0/1 via 172.20.32.1 dev tun0
128.0.0.0/1 via 172.20.32.1 dev tun0
default via 192.168.1.254 dev eth4
netstat -nr del router B
94.198.97.10 192.168.1.254 255.255.255.255 UGH 0 0 0 eth4
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 group1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4
172.20.32.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0
239.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 group1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 172.20.32.1 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 172.20.32.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth4
traceroute effettuato in ssh dal router B
traceroute to google.it (173.194.40.143), 30 hops max, 38 byte packets
1 172.20.32.1 (172.20.32.1) 56.821 ms 57.138 ms 64.915 ms
2 95.141.37.1 (95.141.37.1) 72.550 ms 57.018 ms 58.854 ms
3 95.141.47.254 (95.141.47.254) 75.322 ms 57.733 ms 59.106 ms
4 google.mix-it.net (217.29.66.96) 66.882 ms 57.846 ms 59.337 ms
5 209.85.249.54 (209.85.249.54) 65.641 ms 58.608 ms 216.239.47.128 (216.239.47.128) 59.467 ms
6 209.85.253.9 (209.85.253.9) 64.777 ms 209.85.253.11 (209.85.253.11) 74.073 ms 64.239 ms
7 209.85.142.249 (209.85.142.249) 74.629 ms 209.85.143.219 (209.85.143.219) 83.182 ms 209.85.142.249 (209.85.142.249) 75.904 ms
8 209.85.245.80 (209.85.245.80) 77.139 ms 74.954 ms 78.684 ms
9 209.85.243.47 (209.85.243.47) 76.669 ms 76.239 ms 75.757 ms
10 par10s10-in-f15.1e100.net (173.194.40.143) 83.902 ms 75.904 ms 79.657 ms
invece da un dispositivo nella rete B collegato al router B, ho questo:
1 192.168.2.253 (192.168.2.253) 2.436 ms 8.045 ms 1.884 ms
2 192.168.1.254 (192.168.1.254) 2.469 ms 15.007 ms 1.732 ms
3 82.230.29.254 (82.230.29.254) 23.728 ms 28.420 ms 23.826 ms
4 montpellier-6k-1-a5.routers.proxad.net (213.228.12.62) 25.944 ms 37.071 ms 34.704 ms
5 montpellier-crs8-1-be2100.intf.routers.proxad.net (78.254.249.30) 33.926 ms 38.213 ms 35.982 ms
6 p11-cr16-1-be1103.intf.routers.proxad.net (194.149.160.21) 47.050 ms 47.324 ms 58.332 ms
7 cbv-9k-1-be1001.intf.routers.proxad.net (194.149.161.14) 44.040 ms 52.422 ms 52.980 ms
8 72.14.211.26 (72.14.211.26) 52.615 ms 58.753 ms 51.571 ms
9 72.14.239.145 (72.14.239.145) 52.409 ms 50.430 ms 53.787 ms
10 72.14.233.83 (72.14.233.83) 52.349 ms 51.231 ms 51.725 ms
11 par03s15-in-f99.1e100.net (216.58.211.99) 52.618 ms 52.439 ms 53.201 ms
facendo anche un check ip ( sul router tramite CLI ), nel router esco con l'IP della VPN, ma dal client collegato allo stesso router esco con l'IP del provider..
cosa mi manca?
Grazie in anticipo a tutti quanti
JL