He estado intentando configurar VPN solo para una dirección IP específica. Lo que quiero es que todo el tráfico que se envía a una única IP (1.2.3.4 por ahora) pase a través del cliente openvpn.
Mi configuración de red actual es la siguiente:
- Mi computadora (conectada a 192.168.1.1)
- Mi servidor El servidor tiene 2 dispositivos de red:
2.1. eth0 - conexión a internet
2.2. eth1 - conexión LAN: 192.168.1.1
Configuración del cliente OpenVPN:
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 443 tcp
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<ca>**********</ca>
<cert>**********</cert>
<key>**********</key>
key-direction 1
<tls-auth>***********</tls-auth>
Inicio del cliente OpenVPN:
Wed Dec 4 15:39:24 2013 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Nov 28 2013
Wed Dec 4 15:39:24 2013 Control Channel Authentication: tls-auth using INLINE static key file
Wed Dec 4 15:39:24 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 4 15:39:24 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 4 15:39:24 2013 Socket Buffers: R=[8388608->200000] S=[212992->200000]
Wed Dec 4 15:39:24 2013 UDPv4 link local: [undef]
Wed Dec 4 15:39:24 2013 UDPv4 link remote: [AF_INET]5.152.200.199:1194
Wed Dec 4 15:39:24 2013 TLS: Initial packet from [AF_INET]5.152.200.199:1194, sid=13b5c2ca 7e02a311
Wed Dec 4 15:39:24 2013 VERIFY OK: depth=1, CN=OpenVPN CA
Wed Dec 4 15:39:24 2013 VERIFY OK: nsCertType=SERVER
Wed Dec 4 15:39:24 2013 VERIFY OK: depth=0, CN=OpenVPN Server
Wed Dec 4 15:39:24 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Dec 4 15:39:24 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 4 15:39:24 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Dec 4 15:39:24 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 4 15:39:24 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Dec 4 15:39:24 2013 [OpenVPN Server] Peer Connection Initiated with [AF_INET]5.152.200.199:1194
Wed Dec 4 15:39:27 2013 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Wed Dec 4 15:39:27 2013 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 5.5.0.1,dhcp-option DNS 10.9.0.1,dhcp-option DNS 8.8.4.4,register-dns,comp-lzo yes,ifconfig 5.5.158.58 255.255.0.0'
Wed Dec 4 15:39:27 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.2)
Wed Dec 4 15:39:27 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.2)
Wed Dec 4 15:39:27 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.2)
Wed Dec 4 15:39:27 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:16: register-dns (2.3.2)
Wed Dec 4 15:39:27 2013 OPTIONS IMPORT: timers and/or timeouts modified
Wed Dec 4 15:39:27 2013 OPTIONS IMPORT: explicit notify parm(s) modified
Wed Dec 4 15:39:27 2013 OPTIONS IMPORT: LZO parms modified
Wed Dec 4 15:39:27 2013 OPTIONS IMPORT: --ifconfig/up options modified
Wed Dec 4 15:39:27 2013 OPTIONS IMPORT: route options modified
Wed Dec 4 15:39:27 2013 OPTIONS IMPORT: route-related options modified
Wed Dec 4 15:39:27 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Dec 4 15:39:27 2013 ROUTE_GATEWAY 78.62.63.254/255.255.192.0 IFACE=eth0 HWADDR=90:2b:34:dc:f3:a8
Wed Dec 4 15:39:27 2013 TUN/TAP device tun0 opened
Wed Dec 4 15:39:27 2013 TUN/TAP TX queue length set to 100
Wed Dec 4 15:39:27 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Dec 4 15:39:27 2013 /sbin/ip link set dev tun0 up mtu 1500
Wed Dec 4 15:39:27 2013 /sbin/ip addr add dev tun0 5.5.158.58/16 broadcast 5.5.255.255
Wed Dec 4 15:39:32 2013 ROUTE remote_host is NOT LOCAL
Wed Dec 4 15:39:32 2013 /sbin/ip route add 5.152.200.199/32 via 78.62.63.254
Wed Dec 4 15:39:32 2013 /sbin/ip route add 0.0.0.0/1 via 5.5.0.1
Wed Dec 4 15:39:32 2013 /sbin/ip route add 128.0.0.0/1 via 5.5.0.1
Wed Dec 4 15:39:32 2013 /sbin/ip route add 10.10.10.0/24 via 5.5.0.1 metric 101
Wed Dec 4 15:39:32 2013 Initialization Sequence Completed
Problemas que tengo:
1. Si ejecuto openvpn client.ovpn, enruta todo el tráfico a través de VPN y My computerno tiene ninguna conexión a Internet.
2. No pude descubrir cómo enrutar solo todo el tráfico que proviene My computery tiene dirección de destino 1.2.3.4a través de una conexión VPN.
Respuesta1
Puede comenzar agregando la route-nopullopción a la configuración de su cliente. Al hacerlo, no se cambiarán rutas en su máquina cliente.
Después de eso, puede agregar declaraciones de ruta a su configuración de OpenVPN para configurar cualquier ruta estática que sea necesaria para hosts o redes específicas. Puede agregar algo como route 1.2.3.0 255.255.255.0a su configuración para que la red se enrute a través de la VPN.