Autor
Después de mucho tiempo sin pasarme demasiado, por fin me ha surgido una duda que claramente no logro solucionar con la ayuda de google ni demás puesto que realmente no se ni como plantearla correctamente.
Intentaré esforzarme.
Actualmente, dispongo de un servido físico remoto en el cual tengo instalado un Proxmox y diversas máquinas virtuales.
Mi idea, era conectar ese servidor a la red local, para poder ejecutar tareas de computo pesadas sin tener que depender de un servidor local siempre encendida, asi que decidí montar una OpenVPN.
Código:
cat /etc/openvpn/server.conf
local 192.168.1.60
dev tun
proto tcp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_xxxxxxxx.crt
key /etc/openvpn/easy-rsa/pki/private/server_xxxxxxx.key
dh /etc/openvpn/easy-rsa/pki/dhxxxx.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 10 120
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# Generated for use by PiVPN.io
local 192.168.1.60
dev tun
proto tcp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_xxxxxxxx.crt
key /etc/openvpn/easy-rsa/pki/private/server_xxxxxxx.key
dh /etc/openvpn/easy-rsa/pki/dhxxxx.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 10 120
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# Generated for use by PiVPN.io
Código:
root@xxxxx:~# ip route
default via 192.168.1.1 dev eth0
default via 192.168.1.1 dev eth0 metric 202
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.60 metric 202
192.168.1.60 via 127.0.0.1 dev lo metric 202
192.168.42.0/24 dev wlan0 proto kernel scope link src 192.168.42.1
default via 192.168.1.1 dev eth0
default via 192.168.1.1 dev eth0 metric 202
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.60 metric 202
192.168.1.60 via 127.0.0.1 dev lo metric 202
192.168.42.0/24 dev wlan0 proto kernel scope link src 192.168.42.1
Mi problema es que aunque mi servidor remoto (Centos 7)si puede connectar a la VPN correctamente, pero no puede comunicarse ni con la red interna, ni reseolver dns.
Tambien intenté montar otra diferente en mi Router OpenWRT para permitir trafico no IP, pero creo que aun va peor, porque aunque conecta el server, no me llega a la red interna.
Código:
root@Linksys1900ACS:/# cat /etc/config/openvpn
config openvpn 'myvpn'
option enabled '1'
option verb '3'
option proto 'udp'
option port '1194'
option dev 'tap'
option mode 'server'
option tls_server '1'
list push 'route-gateway dhcp'
list push 'redirect-gateway def1'
option keepalive '10 120'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/my-server.crt'
option key '/etc/openvpn/my-server.key'
option dh '/etc/openvpn/dh2048.pem'
config openvpn 'myvpn'
option enabled '1'
option verb '3'
option proto 'udp'
option port '1194'
option dev 'tap'
option mode 'server'
option tls_server '1'
list push 'route-gateway dhcp'
list push 'redirect-gateway def1'
option keepalive '10 120'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/my-server.crt'
option key '/etc/openvpn/my-server.key'
option dh '/etc/openvpn/dh2048.pem'
Código:
root@Linksys1900ACS:/# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 254.pool85-56-2 0.0.0.0 UG 0 0 0 eth0.832
10.8.0.0 192.168.1.60 255.255.255.255 UGH 0 0 0 br-lan
85.56.216.0 * 255.255.254.0 U 0 0 0 eth0.832
85.56.217.254 * 255.255.255.255 UH 0 0 0 eth0.832
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 254.pool85-56-2 0.0.0.0 UG 0 0 0 eth0.832
10.8.0.0 192.168.1.60 255.255.255.255 UGH 0 0 0 br-lan
85.56.216.0 * 255.255.254.0 U 0 0 0 eth0.832
85.56.217.254 * 255.255.255.255 UH 0 0 0 eth0.832
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
Espero que me podáis dar alguna idea de como solucionarlo. Con lo poco que se de redes me parece que seguramente será algo de rutas, pero no tengo mucha idea de networking.
Si me dejo alguna cosa, no dudéis en preguntar!
Muchas gracias por vuestro tiempo!
En línea
