[linux] OpenVPN, masquerading a routovanie

Lubomir Host rajo na platon.sk
Pátek Prosinec 31 17:39:58 CET 2004


On Fri, Dec 31, 2004 at 09:34:11AM +0100, Ing. Jan ONDREJ wrote:
> > Mam lokalnu siet 192.168.0.0/16, ktora je pripojena cez firewall/router
> > (oznacme si ho FW1) do internetu. FW1 ma 2 sietove karty eth0 a eth1.
> > eth0 je vonkajsi interface s adresou 12.34.56.78, vnutorny interface ma
> > IP 192.168.0.1.
> > 
> > Na internete je umiestneny dalsi server (oznacme si ho SERVER1), ktory
> > ma iba jednu sietovu kartu eth0 a IP adresu 23.45.67.89.
> > 
> > Mam rozbehnuty sifrovany OpenVPN tunel medzi FW1 a SERVER1. Na FW1 ma
> > tunelovy interface tun0 IP adresu 10.0.0.2, tun0 interface na serveri
> > SERVER1 ma IP 10.0.0.1. Na oboch FW1 a SERVER1 viem pingnut obe adresy
> > 10.0.0.1 a 10.0.0.2, cize OpenVPN tunel funguje bez problemov.
[...snip...]
> > FW1:
> > ------------------------------------------%<------------------------------------------
> > root na fw1# route -n
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> > 10.0.0.1        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
> > 12.34.56.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
> > 192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
> > 0.0.0.0         12.34.56.1      0.0.0.0         UG    0      0        0 eth0
> 
> Tu musis pridat routu na SERVER1 cez sucasnu branu a na cely zvysok
> cez tun0.
> 
> route add -host 23.45.67.89 gw 12.34.56.1
> route add default gw 10.0.0.1

Skusil som tieto dva prikazy a routovacia tabulka bola nasledovna, ale
pakety sa zacali niekde zahadovat:

--------------------------------------%<--------------------------------------
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
23.45.67.89     12.34.56.78     255.255.255.255 UGH   0      0        0 eth0
10.0.0.1        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
12.34.56.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 tun0
0.0.0.0         12.34.56.1      0.0.0.0         UG    0      0        0 eth0
--------------------------------------%<--------------------------------------


-- 
Lubomir Host 'rajo' <rajo AT platon.sk>        ICQ #:  257322664
Platon Software Development Group              http://platon.sk/
http://www.gnu.org/philosophy/no-word-attachments.html




Další informace o konferenci linux