O cliente está conectado, mas não há conexão com a Internet.
Configurações EC2:
Alterar verificação de origem/destino - Parado
Grupo de segurança:
Regras de entrada
Regras de saída:
ip asaída
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
link/ether 0a:ff:cd:eb:b7:33 brd ff:ff:ff:ff:ff:ff
inet 172.31.19.143/20 metric 100 brd 172.31.31.255 scope global dynamic ens5
valid_lft 1926sec preferred_lft 1926sec
inet6 fe80::8ff:cdff:feeb:b733/64 scope link
valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::24ec:9277:58c2:c0da/64 scope link stable-privacy
valid_lft forever preferred_lft forever
iptables-savesaída:
# Generated by iptables-save v1.8.10 (nf_tables) on Fri Jun 21 02:08:53 2024
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [7640:598644]
-A POSTROUTING -s 0.0.0.0/2 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
sysctl net.ipv4.ip_forwarddá
net.ipv4.ip_forward = 1
configuração do servidor:
port 1194
proto udp
dev tun
ca ca.crt
cert myservername.crt
key myservername.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
Configuração do cliente:
client
dev tun
proto udp
remote ec2-...amazonaws.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
key-direction 1
cipher AES-256-CBC
verb 3
sudo iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 162 packets, 18513 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any eth0 0.0.0.0/2 anywhere
0 0 MASQUERADE all -- any eth0 ip-10-8-0-0.ec2.internal/24 anywhere
tracert 8.8.8.8vai com todos os tempos limite
Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:
1 11 ms 10 ms 14 ms 10.8.0.1
2 * * * Request timed out.
30 * * * Request timed out.
Alguma idéia do que verificar?