OpenVPN ו-FW של OPENSUSE

היי שימי,

המון תודה על תגובתך המהירה.
הנה הפלט של iptables -L -v:

קוד:

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target	 prot opt in	 out	 source			   destination		 
   21  2227 ACCEPT	 all  --  lo	 any	 anywhere			 anywhere			
50640   60M ACCEPT	 all  --  any	any	 anywhere			 anywhere			state ESTABLISHED 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			state RELATED 
 3502  309K input_ext  all  --  eth0   any	 anywhere			 anywhere			
	1	60 input_ext  all  --  tun0   any	 anywhere			 anywhere			
	0	 0 input_ext  all  --  any	any	 anywhere			 anywhere			
	0	 0 LOG		all  --  any	any	 anywhere			 anywhere			limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET ' 
	0	 0 DROP	   all  --  any	any	 anywhere			 anywhere			

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target	 prot opt in	 out	 source			   destination		 
	0	 0 TCPMSS	 tcp  --  any	any	 anywhere			 anywhere			tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
	0	 0 forward_ext  all  --  eth0   any	 anywhere			 anywhere			
  494 30121 forward_ext  all  --  tun0   any	 anywhere			 anywhere			
	0	 0 LOG		all  --  any	any	 anywhere			 anywhere			limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING ' 
	0	 0 DROP	   all  --  any	any	 anywhere			 anywhere			

Chain OUTPUT (policy ACCEPT 1 packets, 52 bytes)
 pkts bytes target	 prot opt in	 out	 source			   destination		 
   21  2227 ACCEPT	 all  --  any	lo	  anywhere			 anywhere			
38640 3538K ACCEPT	 all  --  any	any	 anywhere			 anywhere			state NEW,RELATED,ESTABLISHED 
	1	52 LOG		all  --  any	any	 anywhere			 anywhere			limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR ' 

Chain forward_ext (2 references)
 pkts bytes target	 prot opt in	 out	 source			   destination		 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			state RELATED,ESTABLISHED icmp echo-reply 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			state RELATED,ESTABLISHED icmp destination-unreachable 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			state RELATED,ESTABLISHED icmp time-exceeded 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			state RELATED,ESTABLISHED icmp parameter-problem 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			state RELATED,ESTABLISHED icmp timestamp-reply 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			state RELATED,ESTABLISHED icmp address-mask-reply 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			state RELATED,ESTABLISHED icmp protocol-unreachable 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			state RELATED,ESTABLISHED icmp redirect 
	0	 0 LOG		all  --  any	any	 anywhere			 anywhere			limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' 
	0	 0 DROP	   all  --  any	any	 anywhere			 anywhere			PKTTYPE = multicast 
	0	 0 DROP	   all  --  any	any	 anywhere			 anywhere			PKTTYPE = broadcast 
  145  8856 LOG		all  --  any	any	 anywhere			 anywhere			limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' 
  494 30121 DROP	   all  --  any	any	 anywhere			 anywhere			

Chain input_ext (3 references)
 pkts bytes target	 prot opt in	 out	 source			   destination		 
 3269  301K DROP	   all  --  any	any	 anywhere			 anywhere			PKTTYPE = broadcast 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			icmp source-quench 
	1	60 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			icmp echo-request 
	0	 0 ACCEPT	 icmp --  any	any	 anywhere			 anywhere			
	0	 0 LOG		tcp  --  any	any	 anywhere			 anywhere			limit: avg 3/min burst 5 tcp dpt:openvpn flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' 
	0	 0 ACCEPT	 tcp  --  any	any	 anywhere			 anywhere			tcp dpt:openvpn 
	7   294 ACCEPT	 udp  --  any	any	 anywhere			 anywhere			udp dpt:openvpn 
	0	 0 LOG		tcp  --  any	any	 10.8.0.0			 anywhere			state NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC ' 
	0	 0 ACCEPT	 tcp  --  any	any	 10.8.0.0			 anywhere			
	0	 0 LOG		udp  --  any	any	 10.8.0.0			 anywhere			state NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC ' 
	0	 0 ACCEPT	 udp  --  any	any	 10.8.0.0			 anywhere			
  208  6144 LOG		all  --  any	any	 anywhere			 anywhere			limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' 
  208  6144 DROP	   all  --  any	any	 anywhere			 anywhere			PKTTYPE = multicast 
	0	 0 DROP	   all  --  any	any	 anywhere			 anywhere			PKTTYPE = broadcast 
   15   624 LOG		all  --  any	any	 anywhere			 anywhere			limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' 
   18   744 DROP	   all  --  any	any	 anywhere			 anywhere			

Chain reject_func (0 references)
 pkts bytes target	 prot opt in	 out	 source			   destination		 
	0	 0 REJECT	 tcp  --  any	any	 anywhere			 anywhere			reject-with tcp-reset 
	0	 0 REJECT	 udp  --  any	any	 anywhere			 anywhere			reject-with icmp-port-unreachable 
	0	 0 REJECT	 all  --  any	any	 anywhere			 anywhere			reject-with icmp-proto-unreachable

הפלט של ifconfig -a;

קוד:

eth0	  Link encap:Ethernet  HWaddr 00:11:11:24:FA:C4  
		  inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
		  inet6 addr: fe80::211:11ff:fe24:fac4/64 Scope:Link
		  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
		  RX packets:364309 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:341934 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:1000 
		  RX bytes:187820410 (179.1 Mb)  TX bytes:29640726 (28.2 Mb)

lo		Link encap:Local Loopback  
		  inet addr:127.0.0.1  Mask:255.0.0.0
		  inet6 addr: ::1/128 Scope:Host
		  UP LOOPBACK RUNNING  MTU:16436  Metric:1
		  RX packets:69765 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:69765 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:0 
		  RX bytes:37070040 (35.3 Mb)  TX bytes:37070040 (35.3 Mb)

tun0	  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
		  inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
		  UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
		  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:100

קובץ ה-CONFIG של ה-VPN:

קוד:

   	 	 	 	 	 	  


 ;local 192.168.1.100 

 port 1194 

  proto udp 

  ;dev tap 

 dev tun 

  ;dev-node MyTap 

  

 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt 

 cert /etc/openvpn/easy-rsa/2.0/keys/server.crt 

 key /etc/openvpn/easy-rsa/2.0/keys/server.key  # This file should be kept secret 

  dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem 

  server 10.8.0.0 255.255.255.0 

  ifconfig-pool-persist ipp.txt 

  ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 

  ;server-bridge 

  push "route 192.168.1.0 255.255.255.0"	 

 ;push "route 192.168.20.0 255.255.255.0" 

  keepalive 10 120 

  ;tls-auth ta.key 0 # This file is secret 

  ;cipher BF-CBC        # Blowfish (default) 

 ;cipher AES-128-CBC   # AES 

 ;cipher DES-EDE3-CBC  # Triple-DES 

  comp-lzo 

    persist-key 

 persist-tun 

 status openvpn-status.log 

  verb 3 

  mute 20

תודה על העזרה

כן, אני גם אהבתי את הסרטון

בברכה,
SonyEricsson.

כלי אשכול	חפש באשכול זה
הצג גירסת הדפסה שלח דף זה ב E-Mail	חפש באשכול זה: חיפוש מתקדם
מצבי תצוגה	דרג אשכול זה
עבור למצב לינארי מצב כלאיים עבור למצב משורשר	דרג אשכול זה:

הדף נוצר ב 0.04 שניות עם 11 שאילתות
צור קשר - Fresh - למעלה