Não pode nem PING LAN nem quando está conectado ao OpenVPN

1

Eu tento configurar o OpenVPN no meu raspberry-pi (distro raspberry-wheezy mínimo).
Eu corro OpenVPN por trás de um roteador e quero se conectar de um cliente Windows.
Posso me conectar ao servidor, mas quero gerenciar outros clientes conectados à mesma rede que o framboesa (servidor).
Quando me conecto ao servidor, não consigo nem PING nem o servidor nem o roteador.

server.conf:

port 1194  
proto udp  
dev tapo  
ca /etc/openvpn/easy-rsa/keys/ca.crt  
cert /etc/openvpn/easy-rsa/keys/VPNServer.crt  
key /etc/openvpn/easy-rsa/keys/VPNServer.key  
dh /etc/openvpn/easy-rsa/keys/dh1024.pem  
server-bridge 192.168.178.1 255.255.255.0 192.168.178.111 192.168.178.120
push "route-gateway 192.168.178.0 255.255.255.0" 
push "redirect-gateway def1 bypass-dhcp" 
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 192.168.178.1"
client-to-client  
duplicate-cn  
keepalive 10 120  
comp-lzo  
persist-key  
persist-tun  
status openvpn-status.log  
log         openvpn.log  
log-append  openvpn.log  
verb 3  

configuração do cliente:

port 1194
client  
dev tap  
proto udp  
remote mydyndns
resolv-retry infinite  
nobind  
persist-key  
persist-tun  
ca ca.crt  
cert client.crt    
key client.key
ns-cert-type server  
comp-lzo  
verb 3  

configuração da interface:

auto lo
iface lo inet loopback

allow-hotplug eth0

auto br0
iface br0 inet static
address 192.168.178.123
netmask 255.255.255.0
gateway 192.168.178.1
bridge_ports eth0
dns-nameservers 192.168.178.1

iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down

rc.local:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE

E minha saída sysctl net.ipv4.ip_forward é net.ipv4.ip_forward = 1

log do cliente:

Sun Sep 14 09:26:36 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  7 2014
Sun Sep 14 09:26:36 2014 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
Enter Management Password:
Sun Sep 14 09:26:36 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Sep 14 09:26:36 2014 Need hold release from management interface, waiting...
Sun Sep 14 09:26:36 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'state on'
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'log all on'
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'hold off'
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'hold release'
Sun Sep 14 09:26:37 2014 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Sep 14 09:26:37 2014 MANAGEMENT: >STATE:1410679597,RESOLVE,,,
Sun Sep 14 09:26:49 2014 UDPv4 link local: [undef]
Sun Sep 14 09:26:49 2014 UDPv4 link remote: [AF_INET]86.103.187.46:1194
Sun Sep 14 09:26:49 2014 MANAGEMENT: >STATE:1410679609,WAIT,,,
Sun Sep 14 09:26:51 2014 MANAGEMENT: >STATE:1410679611,AUTH,,,
Sun Sep 14 09:26:51 2014 TLS: Initial packet from [AF_INET]86.103.187.46:1194, sid=9f41fab9 08d0d2e0
Sun Sep 14 09:26:53 2014 VERIFY OK: depth=1, C=DE, ST=SH, L=Kiel, OU=changeme, CN=j0chn.spdns.de, name=changeme, [email protected]
Sun Sep 14 09:26:53 2014 VERIFY OK: nsCertType=SERVER
Sun Sep 14 09:26:53 2014 VERIFY OK: depth=0, C=DE, ST=SH, L=Kiel, OU=changeme, CN=j0chn.spdns.de, name=changeme, [email protected]
Sun Sep 14 09:26:54 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 14 09:26:54 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 14 09:26:54 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 14 09:26:54 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 14 09:26:54 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Sep 14 09:26:54 2014 [j0chn.spdns.de] Peer Connection Initiated with [AF_INET]86.103.187.46:1194
Sun Sep 14 09:26:55 2014 MANAGEMENT: >STATE:1410679615,GET_CONFIG,,,
Sun Sep 14 09:26:56 2014 SENT CONTROL [j0chn.spdns.de]: 'PUSH_REQUEST' (status=1)
Sun Sep 14 09:26:56 2014 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.178.1,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 192.168.178.1,route-gateway 192.168.178.1,ping 10,ping-restart 120,ifconfig 192.168.178.111 255.255.255.0'
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: route options modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: route-related options modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Sep 14 09:26:56 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Sep 14 09:26:56 2014 MANAGEMENT: >STATE:1410679616,ASSIGN_IP,,192.168.178.111,
Sun Sep 14 09:26:56 2014 open_tun, tt->ipv6=0
Sun Sep 14 09:26:56 2014 TAP-WIN32 device [Ethernet 2] opened: \.\Global\{4DD19686-B673-493E-99DB-23F3D1AF7239}.tap
Sun Sep 14 09:26:56 2014 TAP-Windows Driver Version 9.21 
Sun Sep 14 09:26:56 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.178.111/255.255.255.0 on interface {4DD19686-B673-493E-99DB-23F3D1AF7239} [DHCP-serv: 192.168.178.0, lease-time: 31536000]
Sun Sep 14 09:26:56 2014 Successful ARP Flush on interface [25] {4DD19686-B673-493E-99DB-23F3D1AF7239}
Sun Sep 14 09:27:01 2014 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=1 u/d=up
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 86.103.187.46 MASK 255.255.255.255 192.168.42.129
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 192.168.42.129 MASK 255.255.255.255 192.168.42.129 IF 24
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.178.1
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.178.1
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 Initialization Sequence Completed
Sun Sep 14 09:27:01 2014 MANAGEMENT: >STATE:1410679621,CONNECTED,SUCCESS,192.168.178.111,86.103.187.46

Meu log do servidor está no nível do verbo 9, portanto, todo o log seria muito longo.
Então, aqui está uma forma resumida e a parte que eu acho relevante.

Sun Sep 14 09:32:11 2014 us=597464 j0chns/86.103.187.46:62416 UDPv4 WRITE [114] to [AF_INET]86.103.187.46:62416: P_CONTROL_V1 kid=0 sid=d208a276 08284fa3 [ ] pid=33 DATA 2abf4ce5 423061a0 6684f614 0e4e44cc 2396d879 291ae535 2614f98f a728f4b[more...]
Sun Sep 14 09:32:11 2014 us=597920 j0chns/86.103.187.46:62416 UDPv4 write returned 114
Sun Sep 14 09:32:11 2014 us=598287 j0chns/86.103.187.46:62416 TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=d208a276 08284fa3, stored-sid=808ba04b a86602bb, stored-ip=[AF_INET]86.103.187.46:62416
Sun Sep 14 09:32:11 2014 us=598470 j0chns/86.103.187.46:62416 TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
Sun Sep 14 09:32:11 2014 us=598646 j0chns/86.103.187.46:62416 ACK reliable_can_send active=2 current=0 : [34] 32 33
Sun Sep 14 09:32:11 2014 us=598858 j0chns/86.103.187.46:62416 BIO read tls_read_ciphertext 98 bytes
Sun Sep 14 09:32:11 2014 us=599026 j0chns/86.103.187.46:62416 ACK mark active outgoing ID 34
Sun Sep 14 09:32:11 2014 us=599174 j0chns/86.103.187.46:62416 Outgoing Ciphertext -> Reliable
Sun Sep 14 09:32:11 2014 us=599333 j0chns/86.103.187.46:62416 TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
Sun Sep 14 09:32:11 2014 us=599816 j0chns/86.103.187.46:62416 ACK reliable_can_send active=3 current=1 : [35] 32 33 34
Sun Sep 14 09:32:11 2014 us=599999 j0chns/86.103.187.46:62416 ACK reliable_send ID 34 (size=102 to=4)
Sun Sep 14 09:32:11 2014 us=600201 j0chns/86.103.187.46:62416 Reliable -> TCP/UDP
Sun Sep 14 09:32:11 2014 us=600435 j0chns/86.103.187.46:62416 ACK reliable_send_timeout 2 [35] 32 33 34
Sun Sep 14 09:32:11 2014 us=600595 j0chns/86.103.187.46:62416 TLS: tls_process: timeout set to 2
Sun Sep 14 09:32:11 2014 us=600841 j0chns/86.103.187.46:62416 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=51294eab a8e9490a, stored-sid=00000000 00000000, stored-ip=[undef]
Sun Sep 14 09:32:11 2014 us=601082 j0chns/86.103.187.46:62416 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Sun Sep 14 09:32:11 2014 us=601277 PO_CTL rwflags=0x0002 ev=4 arg=0x00086d38
Sun Sep 14 09:32:11 2014 us=601441 PO_CTL rwflags=0x0000 ev=5 arg=0x00086ca4
Sun Sep 14 09:32:11 2014 us=601632 I/O WAIT Tr|Tw|Sr|SW [2/97493]
Sun Sep 14 09:32:11 2014 us=601955 PO_WAIT[0,0] fd=4 rev=0x00000004 rwflags=0x0002 arg=0x00086d38
Sun Sep 14 09:32:11 2014 us=602120  event_wait returned 1
Sun Sep 14 09:32:11 2014 us=602280 I/O WAIT status=0x0002
Sun Sep 14 09:32:13 2014 us=696485 j0chns/86.103.187.46:62416 TUN WRITE [175]
Sun Sep 14 09:32:13 2014 us=696842 j0chns/86.103.187.46:62416  write to TUN/TAP returned 175
Sun Sep 14 09:32:13 2014 us=697058 PO_CTL rwflags=0x0001 ev=4 arg=0x00086d38
Sun Sep 14 09:32:13 2014 us=697224 PO_CTL rwflags=0x0001 ev=5 arg=0x00086ca4
Sun Sep 14 09:32:13 2014 us=697418 I/O WAIT TR|Tw|SR|Sw [6/97493]
Sun Sep 14 09:32:17 2014 us=367901 PO_WAIT[0,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x00086d38
Sun Sep 14 09:32:17 2014 us=368196  event_wait returned 1
Sun Sep 14 09:32:17 2014 us=368364 I/O WAIT status=0x0001
Sun Sep 14 09:32:17 2014 us=368525 MULTI: REAP range 224 -> 240
Sun Sep 14 09:32:17 2014 us=368737 UDPv4 read returned 133
Sun Sep 14 09:32:17 2014 us=369044 TLS State Error: No TLS state for client [AF_INET]109.47.195.40:46476, opcode=6
Sun Sep 14 09:32:17 2014 us=369276 GET INST BY REAL: 109.47.195.40:46476 [failed]
Sun Sep 14 09:32:17 2014 us=369460 PO_CTL rwflags=0x0001 ev=4 arg=0x00086d38
Sun Sep 14 09:32:17 2014 us=369623 PO_CTL rwflags=0x0001 ev=5 arg=0x00086ca4
Sun Sep 14 09:32:17 2014 us=369815 I/O WAIT TR|Tw|SR|Sw [2/97493]
Sun Sep 14 09:32:17 2014 us=387726 PO_WAIT[0,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x00086d38
Sun Sep 14 09:32:17 2014 us=387988  event_wait returned 1
Sun Sep 14 09:32:17 2014 us=388160 I/O WAIT status=0x0001
    
por j0chn 14.09.2014 / 09:41

2 respostas

0

A solução é fácil. Você não cuidou de fazer tap0 , uma interface openvpn que faz parte de br0 bridge. Instruções detalhadas você pode encontrar aqui .

HTH, elogios

    
por 14.09.2014 / 14:09
0

ping com uma interface especial:

ping -I em1 8.8.8.8
OR 
ping -I br0 8.8.8.8
    
por 14.09.2014 / 14:32