настраивал по статье http://www.lissyara.su/?id=1685
Cоединения поднимаются. есть соединения только между серверами.
при попытки пингануть с сервера офиса чтолибо из сети филиала молчание.
при обратной ситуации пинг пишет
Код: Выделить всё
PING 172.168.55.1 (172.168.55.1): 56 data bytes
ping: sendto: Invalid argument
файрвол пф.
Код: Выделить всё
pass all
server.conf
Код: Выделить всё
port 2000
proto udp
dev tun0
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh1024.pem
server 10.10.200.0 255.255.255.0
push "route 172.168.55.0 255.255.255.0"
client-config-dir ccd
route 10.10.200.0 255.255.255.252
route 172.168.56.0 255.255.255.0
tls-server
tls-auth keys/ta.key 0
tls-timeout 120
auth MD5
cipher BF-CBC
keepalive 10 120
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
Код: Выделить всё
ifconfig-push 10.10.200.2 10.10.200.1"
iroute 172.168.56.0 255.255.255.0
Конфиги клиента
client.conf
Код: Выделить всё
dev tun
proto udp
remote 62.213.117.110
port 2000
client
resolv-retry infinite
ca keys/ca.crt
cert keys/client.crt
key keys/client.key
tls-client
tls-auth keys/ta.key 1
auth MD5
cipher BF-CBC
ns-cert-type server
comp-lzo
persist-key
persist-tun
up /usr/local/etc/openvpn_up.sh
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
Код: Выделить всё
#!/bin/sh
/sbin/route add -net 172.168.55.0 10.10.200.1
Код: Выделить всё
netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 62.213.117.1 UGS 1 5258451 re0
10.10.200/30 10.10.200.2 UGS 0 0 tun0 =>
10.10.200/24 10.10.200.2 UGS 0 0 tun0
10.10.200.2 10.10.200.1 UH 3 0 tun0
62.213.117/24 link#1 UC 0 0 re0
62.213.117.1 00:07:e9:0a:da:6c UHLW 2 0 re0 892
62.213.117.110 00:1d:92:06:68:66 UHLW 1 9 lo0
127.0.0.1 127.0.0.1 UH 0 43345 lo0
172.168.55/24 link#2 UC 0 0 rl0
172.168.55.1 00:15:17:2b:5d:24 UHLW 1 51049 rl0 1044
172.168.55.10 00:19:21:6e:05:b1 UHLW 1 87112 rl0 858
172.168.55.16 00:1a:4d:25:38:93 UHLW 1 317507 rl0 1035
172.168.55.22 00:1e:8c:a1:e8:59 UHLW 1 32271 rl0 992
172.168.55.32 00:1b:24:e0:98:a4 UHLW 1 5972 rl0 603
172.168.55.34 00:1d:60:4b:6f:ad UHLW 1 37654 rl0 1178
172.168.55.36 00:1f:d0:0d:33:2a UHLW 1 117001 rl0 1073
172.168.55.254 00:80:48:2e:38:84 UHLW 1 2 lo0
172.168.56/24 10.10.200.2 UGS 0 0 tun0
Код: Выделить всё
netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 194.84.52.1 UGS 1 1843135 vr0
10.10.200.1/32 10.10.200.5 UGS 0 0 tun0
10.10.200.5 10.10.200.6 UH 1 0 tun0
127.0.0.1 127.0.0.1 UH 0 18925 lo0
172.168.55/24 10.10.200.1 UGS 0 2 vr0
172.168.56/24 link#2 UC 0 0 sk0
172.168.56.1 00:22:15:6c:f8:d3 UHLW 1 82425 sk0 1116
172.168.56.100 00:1e:58:30:b5:13 UHLW 1 344563 sk0 1086
172.168.56.145 00:1a:4d:2d:84:0d UHLW 1 7209 sk0 1017
172.168.56.147 00:1e:8c:a1:ed:19 UHLW 1 9452 sk0 649
172.168.56.148 00:1e:8c:a1:ec:87 UHLW 1 115486 sk0 769
172.168.56.149 00:1a:4d:69:ea:95 UHLW 1 76135 sk0 1140
172.168.56.254 00:16:e6:6c:99:58 UHLW 1 2 lo0
194.84.52/30 link#1 UC 0 0 vr0
194.84.52.1 00:17:5a:95:94:54 UHLW 2 0 vr0 828
194.84.52.2 00:1e:58:9f:71:09 UHLW 1 742 lo0
Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#4 UHL lo0
ff01:4::/32 fe80::1%lo0 UC lo0
ff02::%lo0/32 fe80::1%lo0 UC lo0
Код: Выделить всё
ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 62.213.117.110 netmask 0xffffff00 broadcast 62.213.117.255
ether 00:1d:92:06:68:66
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 172.168.55.254 netmask 0xffffff00 broadcast 172.168.55.255
ether 00:80:48:2e:38:84
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng3: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng4: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.10.200.1 --> 10.10.200.2 netmask 0xffffffff
Opened by PID 12374
ifconfig клиента
Код: Выделить всё
branch# ifconfig
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 194.84.52.2 netmask 0xfffffffc broadcast 194.84.52.3
ether 00:1e:58:9f:71:09
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet 172.168.56.254 netmask 0xffffff00 broadcast 172.168.56.255
ether 00:16:e6:6c:99:58
media: Ethernet autoselect (1000baseTX <full-duplex,flag0,flag1>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.10.200.6 --> 10.10.200.5 netmask 0xffffffff
Opened by PID 56079
Заранее благодарен за помощь.