[linux] OpenVPN, masquerading a routovanie
Lubomir Host
rajo na platon.sk
Pátek Prosinec 31 17:39:58 CET 2004
On Fri, Dec 31, 2004 at 09:34:11AM +0100, Ing. Jan ONDREJ wrote:
> > Mam lokalnu siet 192.168.0.0/16, ktora je pripojena cez firewall/router
> > (oznacme si ho FW1) do internetu. FW1 ma 2 sietove karty eth0 a eth1.
> > eth0 je vonkajsi interface s adresou 12.34.56.78, vnutorny interface ma
> > IP 192.168.0.1.
> >
> > Na internete je umiestneny dalsi server (oznacme si ho SERVER1), ktory
> > ma iba jednu sietovu kartu eth0 a IP adresu 23.45.67.89.
> >
> > Mam rozbehnuty sifrovany OpenVPN tunel medzi FW1 a SERVER1. Na FW1 ma
> > tunelovy interface tun0 IP adresu 10.0.0.2, tun0 interface na serveri
> > SERVER1 ma IP 10.0.0.1. Na oboch FW1 a SERVER1 viem pingnut obe adresy
> > 10.0.0.1 a 10.0.0.2, cize OpenVPN tunel funguje bez problemov.
[...snip...]
> > FW1:
> > ------------------------------------------%<------------------------------------------
> > root na fw1# route -n
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use Iface
> > 10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
> > 12.34.56.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> > 0.0.0.0 12.34.56.1 0.0.0.0 UG 0 0 0 eth0
>
> Tu musis pridat routu na SERVER1 cez sucasnu branu a na cely zvysok
> cez tun0.
>
> route add -host 23.45.67.89 gw 12.34.56.1
> route add default gw 10.0.0.1
Skusil som tieto dva prikazy a routovacia tabulka bola nasledovna, ale
pakety sa zacali niekde zahadovat:
--------------------------------------%<--------------------------------------
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
23.45.67.89 12.34.56.78 255.255.255.255 UGH 0 0 0 eth0
10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
12.34.56.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 tun0
0.0.0.0 12.34.56.1 0.0.0.0 UG 0 0 0 eth0
--------------------------------------%<--------------------------------------
--
Lubomir Host 'rajo' <rajo AT platon.sk> ICQ #: 257322664
Platon Software Development Group http://platon.sk/
http://www.gnu.org/philosophy/no-word-attachments.html
Další informace o konferenci linux