Openvpn Matriz e Duas Filiais [RESOLVIDO]

13. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

asparion
(usa Ubuntu)

Enviado em 04/03/2014 - 19:52h

nao entendi a pergunta. ser for os tuneis. segue?



tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.0.0.1  P-t-P:10.0.0.2  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:60 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:0 (0.0 b)  TX bytes:5040 (4.9 KiB)



tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:20.0.0.1  P-t-P:20.0.0.2  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

quando ping 10.0.0.2 ok
quando ping 20.0.0.2 nao responde (filial2)

0 0

Quote

14. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 04/03/2014 - 20:15h

Na falial2 existe alguma interface virtual criada (tunel) ? executa os comandos abaixo no servidor e na filial2 e posta a saída aqui:

ifconfig;route -n

0 0

Quote

15. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

asparion
(usa Ubuntu)

Enviado em 04/03/2014 - 20:31h

segue:



[root@roberto openvpn]# ifconfig;route -n

eth0      Link encap:Ethernet  HWaddr 08:00:27:9E:4B:A5

          inet addr:192.168.0.252  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::a00:27ff:fe9e:4ba5/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:6943 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5409 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:5798420 (5.5 MiB)  TX bytes:515873 (503.7 KiB)



lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:1568 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1568 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:927484 (905.7 KiB)  TX bytes:927484 (905.7 KiB)



tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:20.0.0.2  P-t-P:20.0.0.1  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)



Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

20.0.0.1        0.0.0.0         255.255.255.255 UH    0      0        0 tun1

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0

0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

0 0

Quote

16. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 04/03/2014 - 21:05h

Executa os comandos abaixo no servidor (matriz) e no cliente (filial2) e posta a saída aqui:

iptables -nvL;route -n

OBS: comando route -n somente no servidor.

0 0

Quote

17. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

asparion
(usa Ubuntu)

Enviado em 04/03/2014 - 21:28h

segue servidor



Chain PORTAS (3 references)

 pkts bytes target     prot opt in     out     source               destination

 4214  831K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

  

    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1194

    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5000

    0     0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0

    0     0 ACCEPT     all  --  tun1   *       0.0.0.0/0            0.0.0.0/0



Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.0.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0

20.0.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun1

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1

0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

segue filial2



Chain PORTAS (3 references)

 pkts bytes target     prot opt in     out     source               destination

15119 4700K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

    1    88 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5000

    0     0 ACCEPT     all  --  tun1   tun1    0.0.0.0/0            0.0.0.0/0



Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

20.0.0.1        0.0.0.0         255.255.255.255 UH    0      0        0 tun1

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0

0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

0 0

Quote

18. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 04/03/2014 - 21:59h

Tanto no servidor quanto na filial2 altera o tipo de interface virtual para tunelamento. tipo servidor deixa o arquivo assim:



#filial2.conf   -- na matriz

 

dev tap1

proto udp

ifconfig 20.0.0.1 20.0.0.2

cd /etc/openvpn

secret filial2.key

port 5000

user root

group root

comp-lzo

persist-key

persist-tun

ping 15

verb 3

status /var/log/openvpn/filial2.log

log-append /var/log/openvpn/messages.log

log /var/log/openvpn/logsvpn.log

 

#route add -net 192.168.1.0 netmask 255.255.255.0 gw 20.0.0.2



#filial2.conf  -- no cliente2 VM2

 

dev tun1

proto udp

ifconfig 20.0.0.2 20.0.0.1

remote 189.7.20.XX

cd /etc/openvpn

secret filial2.key

port 5000

user nobody

group nobody

comp-lzo

persist-key

persist-tun

ping 15

verb 3

status /var/log/openvpn/filial2.log

log-append /var/log/openvpn/messages.log

log /var/log/openvpn/logsvpn.log

 

#route add -net 192.168.0.0 netmask 255.255.255.0 gw 20.0.0.1

depois reinicia os serviços em ambos e testa a conexão.

0 0

Quote

19. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

asparion
(usa Ubuntu)

Enviado em 04/03/2014 - 22:14h

nao deu certo e na servidor agora ficou assim



tap1      Link encap:Ethernet  HWaddr DE:46:A3:24:8B:65

          inet addr:20.0.0.1  Bcast:255.255.255.253  Mask:224.0.0.0

          inet6 addr: fe80::dc46:a3ff:fe24:8b65/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:0 (0.0 b)  TX bytes:468 (468.0 b)



tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:10.0.0.1  P-t-P:10.0.0.2  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:30 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:0 (0.0 b)  TX bytes:2520 (2.4 KiB)

tristeza rsrsrs

eu to achando estranho uma coisa. segue.
na filial2 esta tendo pacotes na porta 5000. segue:

4   480 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5000

ja no servidor nao. segue:

0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5000

mesmo que nao suba a vpn deveria a porta 5000 receber os pacotes no servidor.

esta tudo liberado no iptables.

0 0

Quote

20. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 04/03/2014 - 22:26h

Cara muda as portas (1194)no arquivo de configuração do servidor para as mesmas portas usada na failial1, testa e retorna.

0 0

Quote

21. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

asparion
(usa Ubuntu)

Enviado em 04/03/2014 - 22:31h

olha se eu colocar porta 1194 da erro. esta dessa forma.

no servidor...

filial1 porta 1194
filial2 porta 5000

filiais

filial1 porta 1194
filial2 porta 5000

se eu colocar a mesma porta para 2 arquivos *.conf da erro

[root@asparion openvpn]# service openvpn restart

Shutting down openvpn:                                     [  OK  ]

Starting openvpn:                                          [FAILED]

0 0

Quote

22. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 04/03/2014 - 22:40h

Cara posso até está errado, mas parece algo relacionado com rotas. pra tirar a prova executa o seguinte comando no servidor:

route add -net 20.0.0.0 gw 20.0.0.2 dev tun1

e na filial1:

route add -net 20.0.0.0 gw 20.0.0.1 dev tun1

OBS:. deixa as configurações como estavam desde o inicio o interface tun1 e porta 5000

0 0

Quote

23. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

asparion
(usa Ubuntu)

Enviado em 05/03/2014 - 08:27h

Bom dia. fiz como mencionado mas ainda nao funcionou obs: tive de colocoar /24 no 20.0.0.0 mesmo assim nao deu.

segue log na filial2:



[root@vm02 openvpn]# cat /var/log/openvpn/messages.log

Wed Mar  5 08:31:01 2014 OpenVPN 2.3.2 i686-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013

Wed Mar  5 08:31:01 2014 WARNING: --ping should normally be used with --ping-restart or --ping-exit

Wed Mar  5 08:31:01 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Wed Mar  5 08:31:01 2014 WARNING: file 'filial.key' is group or others accessible

Wed Mar  5 08:31:01 2014 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Wed Mar  5 08:31:01 2014 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Wed Mar  5 08:31:01 2014 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Wed Mar  5 08:31:01 2014 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Wed Mar  5 08:31:01 2014 Socket Buffers: R=[188416->131072] S=[188416->131072]

Wed Mar  5 08:31:01 2014 TUN/TAP device tun1 opened

Wed Mar  5 08:31:01 2014 TUN/TAP TX queue length set to 100

Wed Mar  5 08:31:01 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Wed Mar  5 08:31:01 2014 /sbin/ip link set dev tun1 up mtu 1500

Wed Mar  5 08:31:01 2014 /sbin/ip addr add dev tun1 local 20.0.0.2 peer 20.0.0.1

Wed Mar  5 08:31:01 2014 ./filial.up tun1 1500 1545 20.0.0.2 20.0.0.1 init

Wed Mar  5 08:31:01 2014 GID set to nobody

Wed Mar  5 08:31:01 2014 UID set to nobody

Wed Mar  5 08:31:01 2014 UDPv4 link local (bound): [undef]

Wed Mar  5 08:31:01 2014 UDPv4 link remote: [AF_INET]189.7.23.122:5000

0 0

Quote

24. Re: Openvpn Matriz e Duas Filiais [RESOLVIDO]

removido
(usa Nenhuma)

Enviado em 05/03/2014 - 09:01h

asparion escreveu:

Bom dia. fiz como mencionado mas ainda nao funcionou obs: tive de colocoar /24 no 20.0.0.0 mesmo assim nao deu.

segue log na filial2:



[root@vm02 openvpn]# cat /var/log/openvpn/messages.log

Wed Mar  5 08:31:01 2014 OpenVPN 2.3.2 i686-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013

Wed Mar  5 08:31:01 2014 WARNING: --ping should normally be used with --ping-restart or --ping-exit

Wed Mar  5 08:31:01 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Wed Mar  5 08:31:01 2014 WARNING: file 'filial.key' is group or others accessible

Wed Mar  5 08:31:01 2014 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

Wed Mar  5 08:31:01 2014 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Wed Mar  5 08:31:01 2014 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

Wed Mar  5 08:31:01 2014 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Wed Mar  5 08:31:01 2014 Socket Buffers: R=[188416->131072] S=[188416->131072]

Wed Mar  5 08:31:01 2014 TUN/TAP device tun1 opened

Wed Mar  5 08:31:01 2014 TUN/TAP TX queue length set to 100

Wed Mar  5 08:31:01 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Wed Mar  5 08:31:01 2014 /sbin/ip link set dev tun1 up mtu 1500

Wed Mar  5 08:31:01 2014 /sbin/ip addr add dev tun1 local 20.0.0.2 peer 20.0.0.1

Wed Mar  5 08:31:01 2014 ./filial.up tun1 1500 1545 20.0.0.2 20.0.0.1 init

Wed Mar  5 08:31:01 2014 GID set to nobody

Wed Mar  5 08:31:01 2014 UID set to nobody

Wed Mar  5 08:31:01 2014 UDPv4 link local (bound): [undef]

Wed Mar  5 08:31:01 2014 UDPv4 link remote: [AF_INET]189.7.23.122:5000

Bom dia... faz o seguinte... para o serviço openvpn no servidor e nas filiais. e faz os seguintes testes:

1- Levanta o servidor (filial2) sem levantar a conexão com filial1, e levanta o serviço na filial2 também.

2 - Faz o mesmo que o primeiro teste, mas troca a porta por 1194.

Após fazer estes testes retorna o resultado. detalhe não levante a conexão com a filial1 somente com a filial2.

0 0

Quote