Eu tento configurar minha rede OpenVPN e agora tenho:
Eu quero definir 10.9.1.8 como gateway para o cliente 10.9.1.12.
Como conseguir isso?
O que eu infelizmente fiz:
# Generated by iptables-save v1.6.2 on Fri Apr 27 23:50:30 2018 *mangle :PREROUTING ACCEPT [110603:60535351] :INPUT ACCEPT [100907:58448049] :FORWARD ACCEPT [740:50674] :OUTPUT ACCEPT [95123:49910955] :POSTROUTING ACCEPT [95825:49957792] -A PREROUTING -s 10.9.1.12/32 -i tun0 -j MARK --set-xmark 0xc8/0xffffffff -A PREROUTING -s 10.9.1.12/32 -i tun0 -j MARK --set-xmark 0xc8/0xffffffff COMMIT # Completed on Fri Apr 27 23:50:30 2018 # Generated by iptables-save v1.6.2 on Fri Apr 27 23:50:30 2018 *nat :PREROUTING ACCEPT [10463:2162687] :INPUT ACCEPT [1080:96754] :OUTPUT ACCEPT [2086:138622] :POSTROUTING ACCEPT [2088:139166] -A POSTROUTING -m mark --mark 0xc8 -j SNAT --to-source 10.9.1.1 COMMIT # Completed on Fri Apr 27 23:50:30 2018 # Generated by iptables-save v1.6.2 on Fri Apr 27 23:50:30 2018 *filter :INPUT ACCEPT [108740:59988331] :FORWARD ACCEPT [740:50674] :OUTPUT ACCEPT [102931:52099400] COMMIT # Completed on Fri Apr 27 23:50:30 2018
# ip route show table ovpn default via 10.9.1.8 dev tun0 # ip rule show 0: from all lookup local 32764: from all fwmark 0xc8 lookup ovpn 32765: from all fwmark 0xc8 lookup ovpn 32766: from all lookup main 32767: from all lookup default
*nat -A POSTROUTING -s 10.9.1.0/24 -o eth0 -j MASQUERADE
Mas quando eu conectar 10.9.1.12 e fazer ping 8.8.8.8 eu tenho isso em tcp_dump:
00:01:58.643578 In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2073, seq 1, length 64 00:02:00.680303 In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2074, seq 1, length 64 00:02:00.680377 Out 10.9.1.1 > 10.9.1.12: ICMP time exceeded in-transit, length 92 00:02:00.695581 In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2075, seq 1, length 64 00:02:00.695621 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2075, seq 1, length 64 00:02:02.727047 In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2076, seq 1, length 64 00:02:02.727106 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2076, seq 1, length 64 00:02:04.764913 In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2077, seq 1, length 64 00:02:04.764969 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2077, seq 1, length 64 00:02:06.798658 In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2078, seq 1, length 64 00:02:06.798719 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2078, seq 1, length 64 00:02:08.820212 In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2079, seq 1, length 64 00:02:08.820269 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2079, seq 1, length 64 00:02:10.844821 In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2080, seq 1, length 64 00:02:10.844878 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2080, seq 1, length 64
e 100% de pacotes perdidos.
Tags networking openvpn routing gateway linux