OPENVPN en mode TUN

[mystere689]

Bonjour,

je dois relier 2 sites éloignés sur un site centrale.
Chaque poste windows de chaque reseau eloigné doit pouvoir acceder au
serveur centrale et poste windows sur le reseau centrale et vise
versa.
Chaque reseau à acces au net à travers d'un firewal/routeur SME
(dérivé de redhat/fedoera).
Je souhaiterai monter un reseau VPN avec OPENVPN pour relier tout
cela.
Schématiquement on a cela

PC XP usine SME7usine SME7siege PC XP siege
192.168.62.2 ---> eth0 : 192.168.62.40 ---> internet--> eth0 : 192.168.60.40 -----> 192.168.60.2
eth1 : ip non fixe eth1 : siege.dyndns.org
on utiliseusine.dyndns.org

J'ai configuré mon VPN (cf les fichier ci dessous). J'ai bien un
tunel, dont je peux pinger les extrémité.
De SME7 usine je peux pingé SME7 siege et pc XP siege (ok)
DE SM7 siege je ne ping pas SME7 usine ni PCXP usine (pas ok)

1) Comment faire ?????? Il semblerais d'après mes test de cela soit un
problème de table de routage mais voilà 5 semaines que je tourne en
rond. Pitié aidez moi.
2) Autre chose que je comprend pas.
coté siege = inet adr:192.168.100.1 P-t-P:192.168.100.2
coté usine = inet adr:192.168.100.6 P-t-P:192.168.100.5
à quoi correspond le coté p-t-p ?? Mon tunel est bien avec les
extrémité 100.1 et 100.6 ???

Voici tous les fichiers de configuration (si il vous manque quelques
chose dite le moi):
coté siege et usine :
# echo /proc/sys/net/ipv4/ip_forward me donne bien 1

<gras>server.conf</gras>

port 1595
proto udp
dev tun
dh dh1024.pem
ca ca.crt
cert siegevpn.crt
key siegevpn.key
cipher AES-128-CBC
up ./openvpn.up
server 192.168.100.0 255.255.255.0
keepalive 10 120
persist-key
persist-tun
push "route 192.168.60.0 255.255.255.0 192.168.100.1" # add route to
to protected network
client-to-client
comp-lzo
status-version 2
status openvpn-status.log
log-append openvpn.log
verb 6

<gras>openvpn.up</gras>
#!/bin/sh
route add -net 192.168.62.0 netmask 255.255.255.0 gw 192.168.100.1
route del -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.60.40
route del -net 192.168.100.0 netmask 255.255.255.0 dev tun0
route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.100.1

iptables -I INPUT -i tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT

<gras>configuration des interfaces :</gras>
eth0 Link encap:Ethernet HWaddr 00:0C:29:7A:AC:D9
inet adr:192.168.60.40 Bcast:192.168.60.255 Masque:
255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:2578381 errors:0 dropped:0 overruns:0 frame:0
TX packets:2079643 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:2290363919 (2.1 GiB) TX bytes:886832497 (845.7
MiB)
Interruption:185 Adresse de base:0x1400

eth1 Link encap:Ethernet HWaddr 00:0C:29:7A:AC:E3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:83670 errors:0 dropped:0 overruns:0 frame:0
TX packets:68786 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:50849739 (48.4 MiB) TX bytes:12920841 (12.3 MiB)
Interruption:169 Adresse de base:0x1480

lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:23371 errors:0 dropped:0 overruns:0 frame:0
TX packets:23371 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:6298009 (6.0 MiB) TX bytes:6298009 (6.0 MiB)

ppp0 Link encap:Protocole Point-à-Point
inet adr:202.90.85.249 P-t-P:202.90.80.1 Masque:
255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:68620 errors:0 dropped:0 overruns:0 frame:0
TX packets:68241 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:3
RX bytes:47807726 (45.5 MiB) TX bytes:11403126 (10.8 MiB)

tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:192.168.100.1 P-t-P:192.168.100.2 Masque:
255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:251 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:0 (0.0 b) TX bytes:20704 (20.2 KiB)

<ital><souligne>coté client :</souligne></ital>
<gras>client.conf</gras>

client
dev tun
proto udp
port 1595
remote siege.dyndns.org

resolv-retry infinite
nobind
persist-tun
persist-key

ca ca.crt
cert sofapvpn.crt
key sofapvpn.key

pull
comp-lzo

up ./openvpn.up
cipher AES-128-CBC
log-append openvpn.log
verb 6
mute 20
keepalive 20 60

<gras>openvpn.up</gras>

#!/bin/sh
route add -net 192.168.60.0 netmask 255.255.255.0 gw 192.168.100.6 #
permet l'acces au poste cient du reseau d'en face
route del -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.62.40
route del -net 192.168.100.0 netmask 255.255.255.0 dev tun0
route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.100.6

iptables -I INPUT -i tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT

<gras>configuration des interfaces :</gras>
eth0 Link encap:Ethernet HWaddr 00:0C:29:7A:AC:D9
inet adr:192.168.62.40 Bcast:192.168.62.255 Masque:
255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:2578381 errors:0 dropped:0 overruns:0 frame:0
TX packets:2079643 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:2290363919 (2.1 GiB) TX bytes:886832497 (845.7
MiB)
Interruption:185 Adresse de base:0x1400

eth1 Link encap:Ethernet HWaddr 00:0C:29:7A:AC:E3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:83670 errors:0 dropped:0 overruns:0 frame:0
TX packets:68786 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:50849739 (48.4 MiB) TX bytes:12920841 (12.3 MiB)
Interruption:169 Adresse de base:0x1480

lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:23371 errors:0 dropped:0 overruns:0 frame:0
TX packets:23371 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:6298009 (6.0 MiB) TX bytes:6298009 (6.0 MiB)

ppp0 Link encap:Protocole Point-à-Point
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:68620 errors:0 dropped:0 overruns:0 frame:0
TX packets:68241 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:3
RX bytes:47807726 (45.5 MiB) TX bytes:11403126 (10.8 MiB)

tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:192.168.100.6 P-t-P:192.168.100.5 Masque:
255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:251 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:0 (0.0 b) TX bytes:20704 (20.2 KiB)

Table de routage IP
coté usine (client) :
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
192.168.100.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
123.50.80.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.100.0 192.168.100.6 255.255.255.0 UG 0 0 0 tun0
192.168.62.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.60.0 192.168.100.6 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0

coté siege (serveur) :
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
192.168.100.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
123.50.80.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.100.0 192.168.100.1 255.255.255.0 UG 0 0 0 tun0
192.168.62.0 192.168.100.1 255.255.255.0 UG 0 0 0 tun0
192.168.60.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0

<gras>Résumé des ping : (j espere que c'est lisible) faire un copier/
coller dans le bloc note ou une feuille de calcul :</gras>

PC USINE SME7 usine VPN VPN SME7 siege PC SIEGE
192.168.62.2 192.168.62.40 192.168.100.6 192.168.100.1
192.168.60.40 192.168.60.2
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
255.255.255.0 255.255.255.0
<----------------- --------- OK OK
------------------- ----------------->

OK --------------- -------->
OK
--------------------- ------------------- ------------------- --------

OK
--------------------- ------------------- ------------------- ------------------- ------------------- --------

OK
--------------------- ------------------- ------------------- ------------------- ------------------- ------------------- ------------------- --------


OK ------------------- -------->
OK ------------------- ------------------- ------------------- --------

PAS OK
------------------- ------------------- ------------------- ------------------- ------------------- ---------

PAS OK
------------------- ------------------- --------------------------- ------------------- ------------------- ------------------- ------------------- ---------

PAS OK
------------------- ------------------- --------------------------- ------------------- ------------------- ------------------- --------------------- ------------------- ------------------------- ---------


<----------------- --------------- OK

<----------------- ------------------- ------------------- ---------------
OK

<----------------- ------------------- ------------------- ------------------- ------------------- ---------------
PAS OK

<----------------- --------------------------- ------------------- ------------------- ------------------- ------------------- ------------------- ---------------
PAS OK

<----------------- --------------------------- ------------------- ------------------- ------------------- ------------------- ------------------- ------------------- ------------------- --
PAS OK

<----------------- ------------------- ------------------- ------------------- ------------------- ------------------- ------------------- --
PAS OK

<----------------- ------------------- ------------------- ------------------- ------------------- --
PAS OK
<----------------- ------------------- ------------------- --
PAS OK
<----------------- -- PAS OK