Forums FUG-FR - Print Page

un petit schéma de l’infrastructure

| Client | —————— | INTERNET | —————— | ROUTEUR | — | SERVEUR OPENVPN |

IP Routeur : 192.168.0.254
IP Serveur Openvpn : 192.168.0.120

Je souhaite accéder à mon réseau depuis n'importe ...quel endroit.

J'ai suivi ce tuto qui se rapproche le plus de mon infastructure ( maison...)
Malheureusement je n'arrive qu'a atteindre le routeur de ma freebox...(192.168.0.254 GW ) et (192.168.0.25 freebox video player)
je n'arrive pas a pinger mon serveur 192.168.0.120

config serveur:
up /usr/local/etc/openvpn/startbridge.sh
script-security 2
# Which local IP address should OpenVPN
local 192.168.0.120
port 1194
proto udp
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
dev tap
# SSL/TLS root certificate (ca), certificate
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/serveur.crt
key /usr/local/etc/openvpn/keys/serveur.key # This file should be kept secret
# Diffie hellman parameters.
dh /usr/local/etc/openvpn/keys/dh2048.pem
ifconfig-pool-persist ipp.txt
# Configure server mode for ethernet bridging.
server-bridge 192.168.0.254 255.255.255.0 192.168.0.10 192.168.0.28
# Push routes to the client to allow it
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1"
# DNS servers provided by opendns.com.
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
# Uncomment this directive to allow different clients to be able to "see" each other.
client-to-client
keepalive 10 120
# For extra security beyond that provided # by SSL/TLS, create an "HMAC firewall"
;tls-auth /usr/local/etc/openvpn/keys/ta.key 0 # This file is secret
# Select a cryptographic cipher.
cipher DES-EDE3-CBC # Triple-DES
# Enable compression on the VPN link.
comp-lzo
# The maximum number of concurrently connected
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 4

config client (client windows fichier client.ovpn)
client
dev tap
proto udp
remote name.mondomaine.org 1194
;remote XXX.XXX.XXX.XXX 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
mute-replay-warnings
ca c:\\vpn\\ca.crt
cert c:\\vpn\\client.crt
key c:\\vpn\\client.key
ns-cert-type server
# If a tls-auth key is used on the server # then every client must also have the key.
;tls-auth c:\\vpn\\ta.key 1
# Select a cryptographic cipher.
cipher DES-EDE3-CBC # Triple-DES
# Enable compression on the VPN link.
comp-lzo
# Set log file verbosity.
verb 3

rc.conf
.......
ifconfig_re0="inet 192.168.0.120 netmask 0xffffff00"
defaultrouter="192.168.0.254"
......
cloned_interfaces="bridge0"
ifconfig_bridge0="addm re0 up"

# openvpn
openvpn_enable="YES"
openvpn_if="tap"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
...

startbridge.sh
#!/bin/sh
/sbin/ifconfig bridge0 addm tap0 up
/sbin/ifconfig tap0 up

# For extra security beyond that provided # by SSL/TLS, create an "HMAC firewall"
Ce paramètre est désactivé . la connexion n'est pas réalisé si je l'active....

quelques logs
Sun Mar 2 16:27:33 2014 us=592090 client/XX.XXX.XXX.XX:27040 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 192.168.0.254,ping 10,ping-restart 120,ifconfig 192.168.0.10 255.255.255.0' (status=1)

Forums FUG-FR
https://forums.fug-fr.org/cgi-bin/yabb2/YaBB.pl FreeBSD >> Réseau et sécurité >> RESOLU openvpn en mode bridge .. .atteind que la gateway !!! https://forums.fug-fr.org/cgi-bin/yabb2/YaBB.pl?num=1393771099 Message started by kermit on 02. Mar 2014 at 15:38