leider habe ich ein Routing Problem und bräuchte Eure Unterstützung. Erstmal zur Netzdokumentation. Ich besitze eine Fritzbox mit folgenden Netzen:
=> 192.168.10.0/24 internes Netz
=> 192.168.20.0/24 dmz Netz
=> 192.168.30.0/24 wireless Netz
Die Netze wurden von mir in der ar7.cfg von AVM getrennt und zwischen den Netzen ist IP Forwarding aktiv
Code: Alles auswählen
cat /proc/sys/net/ipv4/ip_forward
1=> 192.168.192.0/24 Servernetz
=> 192.168.193.0/24 Erstes OpenVPN Clientnetz
=> 192.168.194.0/24 Zweites OpenVPN Clientnetz
Die server.conf
Code: Alles auswählen
local dsme01.xyz.de
port 1194
proto tcp-server
dev tun
<ca>
-----BEGIN CERTIFICATE-----
xyz
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xyz
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xyz
-----END PRIVATE KEY-----
</key>
<dh>
-----BEGIN DH PARAMETERS-----
xyz
-----END DH PARAMETERS-----
</dh>
server 192.168.192.0 255.255.255.0
tun-mtu 1500
push "route 192.168.10.0 255.255.255.0"
push "route 192.168.20.0 255.255.255.0"
push "route 192.168.30.0 255.255.255.0"
push "route 192.168.192.0 255.255.255.0"
push "route 192.168.193.0 255.255.255.0"
push "route 192.168.194.0 255.255.255.0"
route 192.168.193.0 255.255.255.0
route 192.168.194.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
push "dhcp-option DNS 192.168.192.1"
push "dhcp-option DOMAIN xyz.de"
client-to-client
keepalive 10 120
tls-server
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
xyz
-----END OpenVPN Static key V1-----
</tls-auth>
cipher DES-EDE3-CBC # Triple-DES
comp-lzo
max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /dev/null
status /dev/null
# Additional config directives
## plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn
## plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf
Code: Alles auswählen
iroute 192.168.193.0 255.255.255.0
Code: Alles auswählen
dev tun
proto tcp-client
remote dsme01.xyz.de 1194
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
xyz
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xyz
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xyz
-----END PRIVATE KEY-----
</key>
ns-cert-type server
tls-client
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
xyz
-----END OpenVPN Static key V1-----
</tls-auth>
cipher DES-EDE3-CBC
comp-lzo
log /dev/null
status /dev/null
tun-mtu 1500
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
pull
Code: Alles auswählen
xx.19.92.180 0.0.0.0 255.255.255.255 UH 2 0 0 dsl
217.0.43.49 0.0.0.0 255.255.255.255 UH 2 0 0 dsl
217.0.43.33 0.0.0.0 255.255.255.255 UH 2 0 0 dsl
xxx.158.132.189 0.0.0.0 255.255.255.255 UH 4 0 0 dsl
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 dmz
192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 lan
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 intern
192.168.192.0 0.0.0.0 255.255.252.0 U 0 0 0 dmz
xx.38.128.0 0.0.0.0 255.255.192.0 U 4 0 0 dsl
xx.141.128.0 0.0.0.0 255.255.128.0 U 4 0 0 dsl
0.0.0.0 0.0.0.0 0.0.0.0 U 2 0 0 dsl
Code: Alles auswählen
0.0.0.0 192.168.20.1 0.0.0.0 UG 0 0 0 bond0
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
192.168.192.0 192.168.192.2 255.255.255.0 UG 0 0 0 tun0
192.168.192.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.193.0 192.168.192.2 255.255.255.0 UG 0 0 0 tun0
192.168.194.0 192.168.192.2 255.255.255.0 UG 0 0 0 tun0
Code: Alles auswählen
0.0.0.0 xx.227.232.254 0.0.0.0 UG 0 0 0 wlan0
xx.227.232.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0
192.168.10.0 192.168.192.5 255.255.255.0 UG 0 0 0 tun0
192.168.20.0 192.168.192.5 255.255.255.0 UG 0 0 0 tun0
192.168.30.0 192.168.192.5 255.255.255.0 UG 0 0 0 tun0
192.168.192.0 192.168.192.5 255.255.255.0 UG 0 0 0 tun0
192.168.192.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.194.0 192.168.192.5 255.255.255.0 UG 0 0 0 tun0
Könnt Ihr mir helfen?
Lieben Gruß von Stefan Harbich
