CarTer Posted November 7, 2013 Posted November 7, 2013 (edited) Не удается настроить доступность openvpn по двум каналам одновременно Настраиваю шлюз с двумя интернет каналами eth0 - 91.0.0.1 и ppp0 - 84.0.0.1. Внутренняя сеть eth1 - 192.168.0.0/24. На шлюзе установлен и настроен OpenVPN tun - 10.8.0.1. Часть внутренних клиентов ходит через 1-ого провайдер, другая через 2-ого провайдера. Определение маршрута происходит через iproute2: /etc/iproute2/rt_tables 101 isp1 102 isp2 #!/bin/bash ip1=91.0.0.2 ip2=84.0.0.2 gw1=91.0.0.1 gw2=82.0.0.1 if1=eth0 if2=ppp0 t1=isp1 t2=isp2 # Default route for Tables isp1 and isp2 ip route add default via $gw1 dev $if1 table $t1 ip route add default via $gw2 dev $if2 table $t2 ip rule add from $ip1 table $t1 ip rule add from $ip2 table $t2 # VPN route for tables isp1 and isp2 ip route add 10.8.0.0/24 via 10.8.0.2 dev tun0 table $t1 ip route add 10.8.0.0/24 via 10.8.0.2 dev tun0 table $t2 # Smena default route ip route del default ip route add default via 91.0.0.1 # Marking packets ip rule add fwmark 10 table $t1 ip rule add fwmark 20 table $t2 # PC to table ISP1 Table 1 ip rule add from 192.168.0.3 table $t1 ip rule add from 192.168.0.11 table $t1 ip rule add from 192.168.0.12 table $t1 ip rule add from 192.168.0.14 table $t1 ip rule add from 192.168.0.56 table $t1 ip rule add from 192.168.0.59 table $t1 ip rule add from 192.168.0.63 table $t1 # PC to table ISP2 Table 2 ip rule add from 192.168.0.10 table $t2 ip rule add from 192.168.0.15 table $t2 iptables: # NAT iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Markarovka iptables -t mangle -A PREROUTING -i eth0 -m state --state NEW -j CONNMARK --set-mark 0x1 iptables -t mangle -A PREROUTING -j CONNMARK --restore iptables -t mangle -A OUTPUT -j CONNMARK --restore iptables -t mangle -A PREROUTING -i ppp0 -m state --state NEW -j CONNMARK --set-mark 0x2 iptables -t mangle -A PREROUTING -j CONNMARK --restore iptables -t mangle -A OUTPUT -j CONNMARK --restore Подскажите в чем может быть проблема? Решение проблемы банально добавить в конфиг сервера опцию multihome Edited November 10, 2013 by CarTer Вставить ник Quote
Bloodoff Posted November 8, 2013 Posted November 8, 2013 а openvpn оба интерфейса слушает? покажите конфиг Вставить ник Quote
CarTer Posted November 8, 2013 Author Posted November 8, 2013 server.conf port 1194 proto udp dev tun ca /etc/openvpn/key/ca.crt cert /etc/openvpn/key/server.crt key /etc/openvpn/key/server.key dh /etc/openvpn/key/dh1024.pem server 10.8.0.0 255.255.255.0 auth-user-pass-verify /etc/openvpn/verify.sh via-file client-cert-not-required username-as-common-name tmp-dir /etc/openvpn/tmp script-security 2 tls-server tls-auth /etc/openvpn/key/ta.key 0 tls-timeout 120 auth MD5 cipher BF-CBC keepalive 10 120 comp-lzo max-clients 50 user nobody group nogroup persist-key persist-tun client-to-client push "redirect-gateway" push "dhcp-option DNS 192.168.0.1" push "route 10.115.200.0 255.255.255.0" push "route 192.168.0.0 255.255.255.0" #client-config-dir ccd ifconfig-pool-persist /etc/openvpn/config/ipp.txt status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log verb 3 mute 20 netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:953 *:* LISTEN tcp 0 0 localhost:mysql *:* LISTEN tcp 0 0 *:1198 *:* LISTEN tcp 0 0 *:1199 *:* LISTEN tcp 0 0 *:http-alt *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 gw1.lotsman.loca:domain *:* LISTEN tcp 0 0 localhost:domain *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:60915 localhost:1199 ESTABLISHED tcp 0 0 localhost:54091 gw1:1198 TIME_WAIT tcp 0 0 gw1:1199 localhost:41523 ESTABLISHED tcp 0 52 gw1.lotsman.local:ssh 192.168.0.10:50732 ESTABLISHED tcp 0 0 localhost:41519 gw1:1199 ESTABLISHED tcp 0 0 localhost:54198 localhost:1198 ESTABLISHED tcp 0 0 localhost:38323 localhost:mysql ESTABLISHED tcp 0 0 localhost:mysql localhost:38575 ESTABLISHED tcp 0 0 localhost:1198 localhost:54198 ESTABLISHED tcp 0 0 localhost:41523 gw1:1199 ESTABLISHED tcp 0 0 localhost:mysql localhost:38323 ESTABLISHED tcp 0 0 localhost:38575 localhost:mysql ESTABLISHED tcp 0 0 localhost:1199 localhost:60915 ESTABLISHED tcp 0 0 gw1:1199 localhost:41519 ESTABLISHED tcp 0 0 localhost:54092 gw1:1198 ESTABLISHED tcp 0 0 gw1:1198 localhost:54092 ESTABLISHED tcp6 0 0 ip6-localhost:953 [::]:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN udp 0 0 *:20002 *:* udp 0 0 localhost:20003 *:* udp 0 0 gw1.lotsman.loca:domain *:* udp 0 0 localhost:domain *:* udp 0 0 *:56377 *:* udp 0 0 *:bootps *:* udp 0 0 *:openvpn *:* raw 0 0 *:icmp *:* 7 Вставить ник Quote
The Ripper Posted November 8, 2013 Posted November 8, 2013 man openvpn в районе --multihome Вставить ник Quote
CarTer Posted November 10, 2013 Author Posted November 10, 2013 man openvpn в районе --multihome Спасибо большое, помогло Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.