hii all
i just trying to setup a site to site VPN with OpenVPN
im using ClearOS as OpenVPN Server and i user Mikrotik RouterOS as Client and router
i setup my clearos as standalone-nofirewall server
the topology :
[img]
the Openvpn connection handshake is successfully establish
it need some modification in /etc/openvpn/client.conf
1. removing comp-lzo, coz mikrotik not support it
2. change proto from udp to tcp, coz mirkotik not support udp it too
and adding this iptables
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -j MASQUERADE
from mikrotik and client network, i can access remote network without any problem
but when i try to access client network it not working
from 172.16.99.10 i cant ping to 192.168.88.1
but i still can ping to openvpn server and client virtual ip 172.16.0.1 and 172.16.0.10
from ClearOS server
i still stunk with this case and still trying to googling around to find the answer
fyi here is my configuration
a have another question
why everytime i start the openvpn servis
automaticaly tun0 was define ip 172.16.0.1
but in route only it define ip 172.16.0.2
ClearOS-client.conf
| Code: |
port 1194
proto tcp
dev tun
ca /etc/ssl/ca-cert.pem
cert /etc/ssl/sys-0-cert.pem
key /etc/ssl/private/sys-0-key.pem
dh /etc/ssl/dh1024.pem
auth-nocache
server 172.16.0.0 255.255.255.0
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt
status /var/lib/openvpn/openvpn-status.log
verb 3
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-ldap.so /etc/openvpn/auth-ldap
push "dhcp-option DNS 172.16.99.3"
push "dhcp-option WINS 172.16.99.3"
push "dhcp-option DOMAIN terminix.co.id"
push "route 172.16.99.0 255.255.255.0"
|
ClearOS-iptables
| Code: |
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain drop-lan (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
|
ClearOS-Route
| Code: |
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.16.0.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0
172.16.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 172.16.99.1 0.0.0.0 UG 0 0 0 eth0
|
ClearOS-ipp-txt
| Code: |
router01,172.16.0.8
|
ClearOS-ifconfig tun0
| Code: |
ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.0.1 P-t-P:172.16.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:575 errors:0 dropped:0 overruns:0 frame:0
TX packets:685 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:54007 (52.7 KiB) TX bytes:82286 (80.3 KiB)
|
Mikrotik OpenVPN client Configuration
-- IPAddress --
| Code: |
# ADDRESS NETWORK INTERFACE
0 192.168.88.1/24 192.168.88.0 bridge-local
1 D 182.4.252.25/32 10.112.112.130 ppp-out1 -- Dial Up Modem
2 D 172.16.0.10/32 172.16.0.1 ovpn-out2 -- interface OpenVpn client
|
-- IP Route --
| Code: |
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 10.112.112.130 1
1 ADC 10.112.112.130/32 182.4.252.25 ppp-out1 0
2 ADC 172.16.0.1/32 172.16.0.10 ovpn-out2 0
3 A S 172.16.99.0/24 ovpn-out2 1
4 ADC 192.168.88.0/24 192.168.88.1 bridge-local 0
|
