Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1

#1 Le 06/10/2015, à 19:26

lekeb

openVPN et acces ressource local

Bonjour a tous,

je suis en train de configurer un serveurvPN pour avoir aces a internet et a mes ressources locales. Depuis mon client (sous windows 7, openVPN en mode administrateur) je peux me connecter au serveur et avoir acces a internet mais pas a mon réseau local. Je reste sur le réseau ou est localise mon client.

Mon serveur VPN (10.8.0.1) en mode TUN tourne sur la machine physique 192.168.1.8. Tout mon réseau est connecte a un routeur sur DD-WRT avec pour adresse LAN 192.168.1.1 et adresse WAN 192.168.0.2 (passerelle 192.168.0.1) car relie a une livebox 192.168.0.1 (DMZ sur l'adresse du dd-WRT 192.168.0.2).

Depuis mon client windows je peux pinger :
le serveur VPN 10.8.0.1
la machine hote 192.168.1.8

Depuis le serveur, je peux pinger  (apres desactivation du parefeu windows)
l'interface VPN client 10.8.0.5 ou 6
la machine hote adress LAN

Je ne comprends pas ce que je dois faire pour avoir acces au reseau local ou se situe mon serveurVPN. J'ai lue qu'il etait necessaire de rajouter des routes statiques sur mon routeur et de modifier iptables, mais je suis perdu. De la meme facon je ne comprends pas pourquoi la table de routage de mon serveur mentionne 10.8.0.2 (voir en dessous)?
Pouvez vous m'aider?

Je rajoute les differentes table de routage presentes
serveur
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0                UG    0      0        0 eth0
10.8.0.0        10.8.0.2        255.255.255.0      UG    0      0        0 tun0
10.8.0.2        0.0.0.0         255.255.255.255   UH    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0     U     1      0        0 eth0

routeur dd-WRT
IP Destination sur le LAN     Masque de sous-réseau     Passerelle     Interface
192.168.0.1                             255.255.255.255               0.0.0.0                WAN
10.8.0.0                                        255.255.255.0     192.168.1.8    LAN & WLAN
192.168.1.0                             255.255.255.0           0.0.0.0    LAN & WLAN
192.168.0.0                             255.255.255.0             0.0.0.0    WAN
169.254.0.0                                 255.255.0.0             0.0.0.0    LAN & WLAN
0.0.0.0                                              0.0.0.0    1           92.168.0.1     WAN

le fichier conf serveur

port 1194

proto udp

dev tun

#topology subnet

ca ca.crt
cert server.crt
key server.key  # This file should be kept secret

dh dh2048.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge

#push "route 192.168.1.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

comp-lzo

;max-clients 100

user nobody
group nogroup

persist-key
persist-tun

status openvpn-status.log

verb 4

#push "redirect-gateway def1"

fichier conf client

client

dev tun

proto udp

remote jbacquec.ddns.net 1194

resolv-retry infinite

nobind

user nobody
group nogroup

persist-key
persist-tun

ns-cert-type server

comp-lzo

verb 3
route-method exe
route-delay 2
redirect-gateway def1

push "dhcp-options DNS 10.8.0.1"

<ca>
-----BEGIN CERTIFICATE-----
...
</ca>
<cert>
... 
-----END CERTIFICATE-----
</cert>
<key>
...
-----END PRIVATE KEY-----
</key>

et les log,

cote client

 Tue Oct 06 12:24:59 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
Tue Oct 06 12:24:59 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Management Password:
Tue Oct 06 12:24:59 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Oct 06 12:24:59 2015 Need hold release from management interface, waiting...
Tue Oct 06 12:25:00 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Oct 06 12:25:00 2015 MANAGEMENT: CMD 'state on'
Tue Oct 06 12:25:00 2015 MANAGEMENT: CMD 'log all on'
Tue Oct 06 12:25:00 2015 MANAGEMENT: CMD 'hold off'
Tue Oct 06 12:25:00 2015 MANAGEMENT: CMD 'hold release'
Tue Oct 06 12:25:00 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Oct 06 12:25:00 2015 MANAGEMENT: >STATE:1444148700,RESOLVE,,,
Tue Oct 06 12:25:00 2015 UDPv4 link local: [undef]
Tue Oct 06 12:25:00 2015 UDPv4 link remote: [AF_INET]92.146.195.10:1194
Tue Oct 06 12:25:00 2015 MANAGEMENT: >STATE:1444148700,WAIT,,,
Tue Oct 06 12:25:00 2015 MANAGEMENT: >STATE:1444148700,AUTH,,,
Tue Oct 06 12:25:00 2015 TLS: Initial packet from [AF_INET]92.146.195.10:1194, sid=55561b58 ac384eca
Tue Oct 06 12:25:01 2015 VERIFY OK: depth=1, C=FR, ST=GD, L=Bordeaux, O=lekeborg, OU=lekebunit, CN=lekeborg CA, name=server, emailAddress=jbacquec33@gmail.com
Tue Oct 06 12:25:01 2015 VERIFY OK: nsCertType=SERVER
Tue Oct 06 12:25:01 2015 VERIFY OK: depth=0, C=FR, ST=GD, L=Bordeaux, O=lekeborg, OU=lekebunit, CN=server, name=server, emailAddress=jbacquec33@gmail.com
Tue Oct 06 12:25:04 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Oct 06 12:25:04 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 06 12:25:04 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Oct 06 12:25:04 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 06 12:25:04 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Oct 06 12:25:04 2015 [server] Peer Connection Initiated with [AF_INET]92.146.195.10:1194
Tue Oct 06 12:25:05 2015 MANAGEMENT: >STATE:1444148705,GET_CONFIG,,,
Tue Oct 06 12:25:06 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Oct 06 12:25:06 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ifconfig 10.8.0.6 10.8.0.5'
Tue Oct 06 12:25:06 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Oct 06 12:25:06 2015 OPTIONS IMPORT: route options modified
Tue Oct 06 12:25:06 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Oct 06 12:25:06 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Oct 06 12:25:06 2015 MANAGEMENT: >STATE:1444148706,ASSIGN_IP,,10.8.0.6,
Tue Oct 06 12:25:06 2015 open_tun, tt->ipv6=0
Tue Oct 06 12:25:06 2015 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{89D470A8-CEFF-425A-B293-9370F738B17C}.tap
Tue Oct 06 12:25:06 2015 TAP-Windows Driver Version 9.21 
Tue Oct 06 12:25:06 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {89D470A8-CEFF-425A-B293-9370F738B17C} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Oct 06 12:25:06 2015 Successful ARP Flush on interface [16] {89D470A8-CEFF-425A-B293-9370F738B17C}
Tue Oct 06 12:25:08 2015 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Oct 06 12:25:08 2015 C:\Windows\system32\route.exe ADD 92.146.195.10 MASK 255.255.255.255 131.96.40.1
Tue Oct 06 12:25:08 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 06 12:25:08 2015 C:\Windows\system32\route.exe ADD 131.96.6.237 MASK 255.255.255.255 131.96.40.1
Tue Oct 06 12:25:08 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 06 12:25:08 2015 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Oct 06 12:25:08 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 06 12:25:08 2015 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Oct 06 12:25:08 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 06 12:25:08 2015 MANAGEMENT: >STATE:1444148708,ADD_ROUTES,,,
Tue Oct 06 12:25:08 2015 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Oct 06 12:25:08 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Oct 06 12:25:08 2015 Initialization Sequence Completed
Tue Oct 06 12:25:08 2015 MANAGEMENT: >STATE:1444148708,CONNECTED,SUCCESS,10.8.0.6,92.146.195.10

cote serveur:
status.log

 OpenVPN CLIENT LIST
Updated,Tue Oct  6 19:15:21 2015
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
jbacquec,192.168.1.1:62758,105075,281585,Tue Oct  6 18:25:01 2015
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,jbacquec,192.168.1.1:62758,Tue Oct  6 19:11:20 2015
GLOBAL STATS
Max bcast/mcast queue length,0
END

log (dont je ne comprends pas l'erreur)

Sat Aug 22 15:14:39 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Sat Aug 22 15:14:39 2015 Control Channel Authentication: using '/etc/openvpn/ta.key' as a OpenVPN static key file
Sat Aug 22 15:14:39 2015 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.1.8:1194: Cannot assign requested address
Sat Aug 22 15:14:39 2015 Exiting due to fatal error
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Options error: --chroot directory fails with '/etc/openvpn/jail': No such file or directory
Options error: Please correct these errors.
Use --help for more information.


Merci

Dernière modification par lekeb (Le 06/10/2015, à 19:27)

Hors ligne

Pages : 1