openvpn.conf
Код: Выделить всё
dev tun5
port 5005
proto udp
remote 213.242.xxx.xxx
local 192.168.5.qqq
ifconfig 1.0.5.2 1.0.5.1
secret /usr/local/etc/ovpn/ovpn.key
log /var/log/openvpn.log
ping 10
verb 3
tun-mtu 1480
user nobody
group nogroup
auth MD5
cipher DES-CBC
shaper 512000
comp-lzo
route-up "route add 192.168.5.0 1.0.5.1"
Код: Выделить всё
OUT_IF="rl0" - внешний
INT_IF="re0" - внутренний
/sbin/ipfw -f flush
/sbin/ipfw -q add 100 check-state
/sbin/ipfw -q add 200 allow log ip from any to any via lo0
#/sbin/ipfw -q add 300 deny ip from any to 127.0.0.0/8
#/sbin/ipfw -q add 400 deny ip from 127.0.0.0/8 to any
/sbin/ipfw -q add 400 allow log logamount 10000 ip from me to 213.242.xxx.xxx
/sbin/ipfw -q add 450 allow log logamount 10000 ip from 213.242.xxx.xxx to me
/sbin/ipfw -q add 500 allow log logamount 10000 ip from any to any
############################################################
/sbin/ipfw pipe 1 config bw 96Mbit/s
/sbin/ipfw add 1000 pipe 1 ip from any to any via ${OUT_IF}
#
/sbin/ipfw pipe 2 config bw 96Mbit/s
/sbin/ipfw add 2000 pipe 2 ip from any to any via ${INT_IF}
#
/sbin/ipfw pipe 3 config bw 96Mbit/s
/sbin/ipfw add 3000 pipe 3 ip from any to any via ng0
#
/sbin/ipfw pipe 4 config bw 1Mbit/s
/sbin/ipfw add 4000 pipe 4 ip from any to any via tun5
Компьютер не раздает интернет, хотя стоит gateway_enable="YES"
rc.conf
Код: Выделить всё
#defaultrouter="10.3.0.1"
gateway_enable="YES"
hostname="volgograd"
ifconfig_re0="inet 192.168.5.252 netmask 255.255.255.0"
ifconfig_rl0="inet 10.3.2.100 netmask 255.255.0.0"
#router="/sbin/routed"
#router_enable="YES"
#router_flags="-q"
saver="logo"
scrnmap="koi8-r2cp866"
sshd_enable="YES"
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
firewall_logging="YES"
static_routes="dns vpn dns2"
route_dns="-net 83.167.65.2/32 10.3.0.1"
route_vpn="-net 83.167.72.1/32 10.3.0.1"
route_dns2="-net 83.167.66.166/32 10.3.0.1"
mpd_enable="YES"
#mpd_flags="-b"
#natd_enable="YES"
#natd_flags="-f /etc/natd.conf"
при запуске
openvpn -- config /usr/local/etc/ovpn/ovpn.conf &
сам туннель создается, но ни пинги, ни другое не идет.
лог
Код: Выделить всё
Wed Apr 29 06:59:05 2009 OpenVPN 2.0.6 i386-portbld-freebsd7.1 [SSL] [LZO] built on Apr 28 2009
Wed Apr 29 06:59:05 2009 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Wed Apr 29 06:59:05 2009 WARNING: you are using user/group/chroot without persist-key/persist-tun -- this may cause restarts to fail
Wed Apr 29 06:59:05 2009 WARNING: file '/usr/local/etc/ovpn/ovpn.key' is group or others accessible
Wed Apr 29 06:59:05 2009 Static Encrypt: Cipher 'DES-CBC' initialized with 64 bit key
Wed Apr 29 06:59:05 2009 Static Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Wed Apr 29 06:59:05 2009 Static Decrypt: Cipher 'DES-CBC' initialized with 64 bit key
Wed Apr 29 06:59:05 2009 Static Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Wed Apr 29 06:59:05 2009 LZO compression initialized
Wed Apr 29 06:59:05 2009 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1480)
Wed Apr 29 06:59:05 2009 TUN/TAP device /dev/tun5 opened
Wed Apr 29 06:59:05 2009 /sbin/ifconfig tun5 1.0.5.2 1.0.5.1 mtu 1480 netmask 255.255.255.255 up
route: writing to routing socket: File exists
add net 192.168.5.0: gateway 1.0.5.1: route already in table
Wed Apr 29 06:59:05 2009 Route script failed: shell command exited with error status: 1
Wed Apr 29 06:59:05 2009 Data Channel MTU parms [ L:1521 D:1450 EF:41 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Apr 29 06:59:05 2009 Local Options hash (VER=V4): 'e370e3a7'
Wed Apr 29 06:59:05 2009 Expected Remote Options hash (VER=V4): '4bb42537'
Wed Apr 29 06:59:05 2009 Output Traffic Shaping initialized at 512000 bytes per second
Wed Apr 29 06:59:05 2009 GID set to nogroup
Wed Apr 29 06:59:05 2009 UID set to nobody
Wed Apr 29 06:59:05 2009 UDPv4 link local (bound): 192.168.5.qqq:5005
Wed Apr 29 06:59:05 2009 UDPv4 link remote: 213.242.xxx.xxx:5005
Wed Apr 29 06:59:33 2009 event_wait : Interrupted system call (code=4)
Код: Выделить всё
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 83.167.72.1 UGS 0 27282 ng0
1.0.5.1 1.0.5.2 UH 1 0 tun5
10.3.0.0/16 link#2 UC 0 0 rl0
10.3.0.1 00:1c:0f:5d:e6:80 UHLW 5 0 rl0 750
83.167.65.2/32 10.3.0.1 UGS 0 5876 rl0
83.167.66.166/32 10.3.0.1 UGS 0 0 rl0
83.167.72.1 10.3.0.1 UGHS 1 36300 rl0 =>
83.167.72.1/32 10.3.0.1 UGS 0 11 rl0
127.0.0.1 127.0.0.1 UH 0 6 lo0
192.168.5.0/24 link#1 UC 0 0 re0
192.168.100.0/24 1.0.5.1 UGS 0 0 tun5
Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#3 UHL lo0
ff01:3::/32 fe80::1%lo0 UC lo0
ff02::%lo0/32 fe80::1%lo0 UC lo0
PS На другом компе со статическим внешним IP все поднялось за 10 минут