OpenVPN Clientes usando conexão do servidor (sem gateway padrão)

1

Eu queria um servidor OpenVPN para que eu pudesse criar uma rede VPN privada para que a equipe se conectasse ao servidor.

No entanto, não como planejado, quando os clientes se conectam à VPN, ele está usando a conexão de internet da VPN (ex: quando se está indo para whatsmyip.com, é o do servidor e não a conexão inicial do cliente).

server.conf

local <serverip>
port 1194
proto udp
dev tun

ca ca.crt
cert x.crt
key x.key 

dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client

keepalive 10 120
comp-lzo
persist-key
persist-tun

status openvpn-status.log

verb 9

client.conf

client
dev tun
proto udp

remote <srever> 1194
resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt
cert x.crt
key x.key

ns-cert-type server
comp-lzo
verb 3

Rota do servidor

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
69.64.48.0      *               255.255.252.0   U     0      0        0 eth0
default         static-ip-69-64 0.0.0.0         UG    0      0        0 eth0
default         static-ip-69-64 0.0.0.0         UG    0      0        0 eth0
default         static-ip-69-64 0.0.0.0         UG    0      0        0 eth0

Tabelas IP do servidor

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-proftpd  tcp  --  anywhere             anywhere            multiport dports ftp,ftp-data,ftps,ftps-data
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:20000
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  10.8.0.0/24          anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-proftpd (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Meu objetivo é que os clientes só possam conversar com o servidor e outros clientes conectados.

Espero ter feito sentido. Obrigado pela ajuda!

    
por Branden Martin 19.09.2012 / 04:57

0 respostas

Tags