Como configurar um cliente OpenVPN como gateway para outras pessoas?

0

Eu tento configurar minha rede OpenVPN e agora tenho:

  • 10.9.1.1 - servidor (manjaro linux)
  • 10.9.1.8 - cliente (ubuntu 16.04)
  • 10.9.1.12 - cliente

Eu quero definir 10.9.1.8 como gateway para o cliente 10.9.1.12.

Como conseguir isso?

O que eu infelizmente fiz:

  1. habilitado net.ipv4.ip_forward no 10.9.1.1 e 10.9.1.8
  2. configurar o iptables no 10.9.1.1 com:

    # Generated by iptables-save v1.6.2 on Fri Apr 27 23:50:30 2018
    *mangle
    :PREROUTING ACCEPT [110603:60535351]
    :INPUT ACCEPT [100907:58448049]
    :FORWARD ACCEPT [740:50674]
    :OUTPUT ACCEPT [95123:49910955]
    :POSTROUTING ACCEPT [95825:49957792]
    -A PREROUTING -s 10.9.1.12/32 -i tun0 -j MARK --set-xmark 0xc8/0xffffffff
    -A PREROUTING -s 10.9.1.12/32 -i tun0 -j MARK --set-xmark 0xc8/0xffffffff
    COMMIT
    # Completed on Fri Apr 27 23:50:30 2018
    # Generated by iptables-save v1.6.2 on Fri Apr 27 23:50:30 2018
    *nat
    :PREROUTING ACCEPT [10463:2162687]
    :INPUT ACCEPT [1080:96754]
    :OUTPUT ACCEPT [2086:138622]
    :POSTROUTING ACCEPT [2088:139166]
    -A POSTROUTING -m mark --mark 0xc8 -j SNAT --to-source 10.9.1.1
    COMMIT
    # Completed on Fri Apr 27 23:50:30 2018
    # Generated by iptables-save v1.6.2 on Fri Apr 27 23:50:30 2018
    *filter
    :INPUT ACCEPT [108740:59988331]
    :FORWARD ACCEPT [740:50674]
    :OUTPUT ACCEPT [102931:52099400]
    COMMIT
    # Completed on Fri Apr 27 23:50:30 2018

  1. Configurar rotas e regras no 10.9.1.1
# ip route show table ovpn
default via 10.9.1.8 dev tun0

# ip rule show
0:      from all lookup local
32764:  from all fwmark 0xc8 lookup ovpn
32765:  from all fwmark 0xc8 lookup ovpn
32766:  from all lookup main
32767:  from all lookup default
  1. Mascaramento em 10.9.1.8
*nat
-A POSTROUTING -s 10.9.1.0/24 -o eth0 -j MASQUERADE

Mas quando eu conectar 10.9.1.12 e fazer ping 8.8.8.8 eu tenho isso em tcp_dump:

00:01:58.643578  In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2073, seq 1, length 64
00:02:00.680303  In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2074, seq 1, length 64
00:02:00.680377 Out 10.9.1.1 > 10.9.1.12: ICMP time exceeded in-transit, length 92
00:02:00.695581  In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2075, seq 1, length 64
00:02:00.695621 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2075, seq 1, length 64
00:02:02.727047  In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2076, seq 1, length 64
00:02:02.727106 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2076, seq 1, length 64
00:02:04.764913  In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2077, seq 1, length 64
00:02:04.764969 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2077, seq 1, length 64
00:02:06.798658  In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2078, seq 1, length 64
00:02:06.798719 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2078, seq 1, length 64
00:02:08.820212  In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2079, seq 1, length 64
00:02:08.820269 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2079, seq 1, length 64
00:02:10.844821  In 10.9.1.12 > 8.8.8.8: ICMP echo request, id 2080, seq 1, length 64
00:02:10.844878 Out 10.9.1.1 > 8.8.8.8: ICMP echo request, id 2080, seq 1, length 64

e 100% de pacotes perdidos.

    
por bvn13 28.04.2018 / 09:17

0 respostas