DD-WRT 라우터에 Dnsmasq 및 OpenVPN 서버를 설정하려고 했습니다.
내 목표는 openvpn을 통해 dd-wrt(v24-sp2 (03/25/13) 메가) 라우터에 연결하는 것입니다.
- 내 지역 자원을 사용하고,
- dnsmasq 구성에 입력한 DNS 이름을 사용하여 주소를 지정합니다.
- 모든 인터넷 트래픽을 집으로 라우팅합니다.
OpenVPN 서버와 dnsmasq의 일부 구성을 만들었고 이제 옵션 1이 작동 중입니다.
하지만 작업 옵션 2와 3을 만드는 방법을 모르겠습니다. 누군가 나를 도와줄 수 있나요?
클라이언트 구성(OpenVPN v2.3.4):
client
dev tun
proto udp
remote some.server.net 11193
redirect-gateway
cipher AES-128-CBC
auth MD5
ca ca.crt
cert client.crt
key client.key
nobind
comp-lzo
persist-key
persist-tun
verb 3
float
#resolv-retry infinite
OpenVPN 서버 구성(GUI 모드를 사용했습니다):
라우터의 방화벽 구성 명령:
iptables -I INPUT 1 -p udp --dport 11193 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.144.128/25 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.144.128/25 -o vlan2 -j SNAT --to-source XX.XX.XX.XX
DNSMasq 설정:
내 지역 설정(중요한 경우):
VPN이 연결되었을 때 ipconfig /all이 표시되는 내용(영어가 아닌 콘솔의 경우 죄송합니다):
ifconfig -a명령을 보여주는 것
br0 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:C9
inet addr:192.168.144.126 Bcast:192.168.144.127 Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1314791 errors:0 dropped:0 overruns:0 frame:0
TX packets:520087 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1212860286 (1.1 GiB) TX bytes:35424179 (33.7 MiB)
br0:0 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:C9
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:C9
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2132892 errors:0 dropped:0 overruns:0 frame:0
TX packets:1772722 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1428506146 (1.3 GiB) TX bytes:1357054830 (1.2 GiB)
Interrupt:4 Base address:0x2000
eth1 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:CB
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20244 errors:0 dropped:0 overruns:0 frame:24589427
TX packets:116648 errors:47 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1931745 (1.8 MiB) TX bytes:41642341 (39.7 MiB)
Interrupt:3 Base address:0x1000
eth2 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:CC
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:28 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:6 Base address:0x8000
etherip0 Link encap:Ethernet HWaddr 4E:A6:FB:D5:97:10
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
gre0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:612 errors:0 dropped:0 overruns:0 frame:0
TX packets:612 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:127026 (124.0 KiB) TX bytes:127026 (124.0 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:XX.XX.XX.XX P-t-P:YY.YY.YY.YY Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:328586 errors:0 dropped:0 overruns:0 frame:0
TX packets:564238 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:40074316 (38.2 MiB) TX bytes:674767309 (643.5 MiB)
teql0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.144.129 P-t-P:192.168.144.129 Mask:255.255.255.128
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:3195 errors:0 dropped:0 overruns:0 frame:0
TX packets:3725 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:251990 (246.0 KiB) TX bytes:2682328 (2.5 MiB)
tunl0 Link encap:UNSPEC HWaddr 00-00-00-00-FF-80-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vlan0 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:C9
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vlan1 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:C9
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1034054 errors:0 dropped:0 overruns:0 frame:0
TX packets:508091 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1174793178 (1.0 GiB) TX bytes:37167391 (35.4 MiB)
vlan2 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:CA
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1098545 errors:0 dropped:0 overruns:0 frame:0
TX packets:1264631 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:215018185 (205.0 MiB) TX bytes:1319887439 (1.2 GiB)
업데이트 1:
단서를 사용하여안드라스 콘옵션 2에 대한 해결책을 찾았습니다(링크). 클라이언트 VPN 구성에 줄을 추가 register-dns하고 추가 dnsmasq 옵션 필드에 줄을 추가했습니다.pullinterface=tun2
그리고 방화벽 구성 명령에 세 번째 줄을 추가했습니다.
잘못된 인터페이스(vlanX 또는 ethX)를 사용했기 때문에 일부 iptables 명령이 잘못되었다고 가정합니다.
업데이트 2:
추가 정보
route printVPN을 활성화하기 전에 명령을 표시하는 내용
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.192.254 192.168.192.147 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
192.168.192.0 255.255.255.0 On-link 192.168.192.147 281
192.168.192.147 255.255.255.255 On-link 192.168.192.147 281
192.168.192.255 255.255.255.255 On-link 192.168.192.147 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.192.147 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.192.147 281
===========================================================================
Persistent Routes:
None
VPN 활성화 후 명령을 표시하는 내용 route print(빼기 기호로 표시된 VPN과 관련된 경로)
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.192.254 192.168.192.147 25
0.0.0.0 128.0.0.0 192.168.144.129 192.168.144.131 20 ----
XX.XX.XX.XX 255.255.255.255 192.168.192.254 192.168.192.147 25 ---- To my DD-WRT router (XX.XX.XX.XX = WAN IP)
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 192.168.144.129 192.168.144.131 20 ----
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
192.168.144.128 255.255.255.128 On-link 192.168.144.131 276 ----
192.168.144.131 255.255.255.255 On-link 192.168.144.131 276 ---- Probably routes to my VPN subnet
192.168.144.255 255.255.255.255 On-link 192.168.144.131 276 ----
192.168.192.0 255.255.255.0 On-link 192.168.192.147 281
192.168.192.147 255.255.255.255 On-link 192.168.192.147 281
192.168.192.255 255.255.255.255 On-link 192.168.192.147 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.192.147 281
224.0.0.0 240.0.0.0 On-link 192.168.144.131 276 ----
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.192.147 281
255.255.255.255 255.255.255.255 On-link 192.168.144.131 276 ----
===========================================================================
Persistent Routes:
None
명령을 보여주는 것 tracert google.com:
Tracing route to google.com [188.35.142.42]
over a maximum of 30 hops:
1 10 ms 7 ms 9 ms 192.168.144.129
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
................................................
답변1
좋습니다. 귀하의 질문 중 인터넷 접속 부분에 관해서는 귀하가
iptables -t nat -A POSTROUTING -s 192.168.144.128/25 -o vlan2 -j SNAT --to-source XX.XX.XX.XX
틀렸다. (ppp0이 인터넷에 연결된 인터페이스이기 때문에) vlan2이어야 합니다 .ppp0
다음과 같은 간단한 규칙
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
또한 작동해야합니다.
답변2
Andras - 내 경우에는 vlan2일까요? 감사해요!
br0 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
inet addr:192.168.11.1 Bcast:192.168.11.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:424601 errors:0 dropped:21377 overruns:0 frame:0
TX packets:475454 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:70115596 (66.8 MiB) TX bytes:585654624 (558.5 MiB)
br0:0 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5196488 errors:0 dropped:0 overruns:0 frame:0
TX packets:848653 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:969250040 (924.3 MiB) TX bytes:639674339 (610.0 MiB)
Interrupt:5
imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:1500 Metric:1
RX packets:71971 errors:0 dropped:0 overruns:0 frame:0
TX packets:71958 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:30
RX bytes:58870852 (56.1 MiB) TX bytes:58851352 (56.1 MiB)
imq1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:16000 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:11000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1
RX packets:90 errors:0 dropped:0 overruns:0 frame:0
TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8027 (7.8 KiB) TX bytes:8027 (7.8 KiB)
ra0 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10164 errors:0 dropped:0 overruns:0 frame:0
TX packets:10826 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2261013 (2.1 MiB) TX bytes:10971684 (10.4 MiB)
Interrupt:6
tun2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.12.1 P-t-P:192.168.12.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:1203 errors:0 dropped:0 overruns:0 frame:0
TX packets:1855 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:84990 (82.9 KiB) TX bytes:1936057 (1.8 MiB)
vlan1 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:415650 errors:0 dropped:0 overruns:0 frame:0
TX packets:465320 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:68193995 (65.0 MiB) TX bytes:574645820 (548.0 MiB)
vlan2 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
inet addr:72.196.156.81 Bcast:72.196.159.255 Mask:255.255.248.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4775595 errors:0 dropped:24901 overruns:0 frame:0
TX packets:382762 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:807307551 (769.9 MiB) TX bytes:60986467 (58.1 MiB)