desculpem-me por esta questão, tentei encontrar uma solução mas nada.
Eu quero configurar clientes para usar o gateway local, não o servidor.
Eu só preciso configurar os clientes de forma que eles possam ver uns aos outros, mas usando gateways locais.
aqui está o meu arquivo server.con:
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
e arquivo client.conf no servidor:
ifconfig-push 10.8.0.99
e aqui está o client.ovpn no PC do cliente:
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote a.b.c.d 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
quando eu me conecto com essa configuração, todo o tráfego do cliente passa pelo servidor vpn. e eu não quero isso.
quando no sever eu olho em / var / log / syslog eu encontro:
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 TLS: Initial packet from [AF_INET]x.x.x.x:40795, sid=0fbd888b 778a14e6
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 CRL CHECK OK: CN=ChangeMe
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 VERIFY OK: depth=1, CN=ChangeMe
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 CRL CHECK OK: CN=gerard
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 VERIFY OK: depth=0, CN=gerard
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Nov 16 22:45:11 vpn ovpn-server[16286]: x.x.x.x:40795 [gerard] Peer Connection Initiated with [AF_INET]x.x.x.x:40795
Nov 16 22:45:11 vpn ovpn-server[16286]: MULTI: new connection by client 'gerard' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Nov 16 22:45:11 vpn ovpn-server[16286]: MULTI_sva: pool returned IPv4=10.8.0.99, IPv6=(Not enabled)
Nov 16 22:45:11 vpn ovpn-server[16286]: MULTI: Learn: 10.8.0.99 -> gerard/x.x.x.x:40795
Nov 16 22:45:11 vpn ovpn-server[16286]: MULTI: primary virtual IP for gerard/x.x.x.x:40795: 10.8.0.99
Nov 16 22:45:12 vpn ovpn-server[16286]: gerard/x.x.x.x:40795 PUSH: Received control message: 'PUSH_REQUEST'
Nov 16 22:45:12 vpn ovpn-server[16286]: gerard/x.x.x.x:40795 send_push_reply(): safe_cap=940
Nov 16 22:45:12 vpn ovpn-server[16286]: gerard/x.x.x.x:40795 SENT CONTROL [gerard]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.99 255.255.255.0' (status=1)
e no final deste arquivo existe PUSH_REPLY, route-gateway 10.8.0.1 mas você não o configurou em lugar nenhum.
o que está faltando?
por favor ajude!