Estou executando o Ubuntu 20.04 com o pacote OpenVpn mais recente. Primeira vez tentando obter um vpn sozinho.
Não é possível executar ping em nenhum host que esteja atualmente no 10.10.0.0 por meio do meu cliente de máquina Windows.
Posso fazer ping em qualquer direção quando ssh'd em qualquer sistema nessa sub-rede.
O UFW está desativado no momento.
O OpenVPN se conecta bem, no entanto, consigo fazer ping no endereço do host openvpn de 10.10.3.98.
/proc/sys/net/ipv4/ip_forward definido como 1 em todos os sistemas
Pensando em algum tipo de problema de rota, mas tentei algumas coisas sem sorte. Eu preciso do coletivo.
Obrigado!
host1:/etc/openvpn$ endereço IP
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:2a:f5:f1 brd ff:ff:ff:ff:ff:ff
inet PUBLICIP/32 scope global dynamic ens3
valid_lft 70352sec preferred_lft 70352sec
inet6 2607:5300:201:2100::fdf/56 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe2a:f5f1/64 scope link
valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:cc:88:e1 brd ff:ff:ff:ff:ff:ff
inet 10.10.3.98/16 brd 10.10.255.255 scope global dynamic ens4
valid_lft 70352sec preferred_lft 70352sec
inet6 fe80::f816:3eff:fecc:88e1/64 scope link
valid_lft forever preferred_lft forever
8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.0.0.1/24 brd 10.0.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::22db:5c7d:76e4:21c2/64 scope link stable-privacy
valid_lft forever preferred_lft forever
server.conf
port 1194
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.0.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.10.0.0 255.255.0.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_hCBOMjVqB0C2SZat.crt
key server_hCBOMjVqB0C2SZat.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
rotas ip
ip route
default via PUBLICGWIP dev ens3 proto dhcp src PUBLICIP metric 100
10.0.0.0/24 dev tun0 proto kernel scope link src 10.0.0.1
10.10.0.0/16 dev ens4 proto kernel scope link src 10.10.3.98
PUBLICGWIP dev ens3 proto dhcp scope link src PUBLICIP metric 100
169.254.169.254 via 10.10.0.1 dev ens4 proto dhcp src 10.10.3.98 metric 100
configuração do cliente (menos chaves)
client
proto udp
explicit-exit-notify
remote PUBLICIP 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_hCBOMjVqB0C2SZat name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
host2 (host não consigo fazer ping)
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:02:6e:b7 brd ff:ff:ff:ff:ff:ff
inet PUBLICIP/32 scope global dynamic ens3
valid_lft 69012sec preferred_lft 69012sec
inet6 2607:5300:201:2100::862/56 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe02:6eb7/64 scope link
valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:57:46:57 brd ff:ff:ff:ff:ff:ff
inet 10.10.3.222/16 brd 10.10.255.255 scope global dynamic ens4
valid_lft 69012sec preferred_lft 69012sec
inet6 fe80::f816:3eff:fe57:4657/64 scope link
valid_lft forever preferred_lft forever
ip route
default PUBLICGWIP dev ens3 proto dhcp src PUBLICIP metric 100
10.10.0.0/16 dev ens4 proto kernel scope link src 10.10.3.222
PUBLICGWIP dev ens3 proto dhcp scope link src PUBLICIP metric 100
169.254.169.254 via 10.10.0.2 dev ens4 proto dhcp src 10.10.3.222 metric 100
Cliente Windows ipconfig quando conectado à VPN
Unknown adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
Physical Address. . . . . . . . . : 00-FF-0B-15-88-B7
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4719:c54f:b42e:fe72%50(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 838926091
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-0C-DC-F8-3C-7C-3F-F3-68-C1
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
