nog even ter aanvullen bij deze de inhoud van een aantal configuratie bestanden.
mijn openvpn cliƫnt configuratie ziet er als volgt uit.
LETOP: sleutels en dergelijke zijn vervangen door knip knip knip
Code: Selecteer alles
# OpenVPN configuration and certificate for pd9enp.ampr.org
#
# Please use recent OpenVPN software, can be downloaded from:
# https://openvpn.net/community-downloads/
client
dev tun
remote gw-44-137-ext.ampr.org
remote-cert-tls server
explicit-exit-notify 3
reneg-sec 0
comp-lzo
passtos
nobind
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
knip knip knip
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
knip knip knip
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
knip knip knip
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
knip knip knip
-----END OpenVPN Static key V1-----
</tls-auth>
men /etc/network/interface ziet er als volgt uit
Code: Selecteer alles
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
auto eth1
auto eth2
iface eth0 inet static
address 172.16.0.1
netmask 255.255.0.0
iface eth1 inet static
address 172.17.0.1
netmask 255.255.0.0
iface eth2 inet static
address 192.168.178.253
netmask 255.255.255.0
gateway 192.168.178.1
men dhcp server config ziet er als volgt uit
Code: Selecteer alles
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
#ping true;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option domain-name "example.com";
authorative;
log-facility local7;
subnet 172.16.0.0 netmask 255.255.0.0 {
range 172.16.248.1 172.16.254.254;
option subnet-mask 255.255.248.0;
option domain-name-servers 8.8.8.8 , 8.8.4.4;
option domain-name "gastnet.jenp.net";
option routers 172.16.0.1;
# option netbios-name-servers 192.168.1.3;
option netbios-node-type 8;
get-lease-hostnames true;
use-host-decl-names true;
default-lease-time 600;
max-lease-time 7200;
}
# hamnet
group {
option domain-name-servers 8.8.8.8 , 8.8.4.4;
option domain-name "local.jenp.net";
option subnet-mask 255.255.254.0;
option routers 172.16.0.1;
# laptop (172.17.1.1)
host DESKTOP-SOKOKC1 {
hardware ethernet 00:23:18:46:b2:92;
fixed-address 172.16.1.1;
}
# streamingpc 172.16.1.2
host DESKTOP-85OTU3D {
hardware ethernet 9c:5c:8e:7a:5a:eb;
fixed-address 172.16.1.2;
}
}
# local
group {
option domain-name-servers 8.8.8.8 , 8.8.4.4;
option domain-name "localnet.jenp.net";
option subnet-mask 255.255.255.0;
option routers 172.16.0.1;
}
men shorewall zones ziet er als volgt uit
Code: Selecteer alles
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
dmz ipv4
hn ipv4
men shorewall interfaces ziet er als volgd uit
Code: Selecteer alles
###############################################################################
?FORMAT 2
###############################################################################
#ZONE INTERFACE OPTIONS
net eth2 tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0
loc eth0 tcpflags,nosmurfs,routefilter,logmartians
dmz eth1 tcpflags,nosmurfs,routefilter,logmartians
hn tun+ dhcp,routefilter,tcpflags,logmartians,nosmurfs,sourceroute=0
en men shorewall policy ziet er dan nog als volgt uit
Code: Selecteer alles
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc hn ACCEPT
loc net ACCEPT
$FW hn ACCEPT
$FW net ACCEPT
loc $FW ACCEPT
$FW loc ACCEPT
net all DROP info
hn all REJECT info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
[code]
en als laatste configuratie bestand nog men shorewall ruls
[code]
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER
# PORT PORT(S) DEST LIMIT GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
# ACCEPT loc:172.16.1.1-172.16.1.254 hn:44.0.0.0/8 all
# Don't allow connection pickup from the net
#
Invalid(DROP) net all tcp
#
# Accept DNS connections from the firewall to the Internet
#
DNS(ACCEPT) $FW net
#
#
# Accept SSH connections from the local network to the firewall and DMZ
#
SSH(ACCEPT) loc $FW
SSH(ACCEPT) loc dmz
#
# DMZ DNS access to the Internet
#
DNS(ACCEPT) dmz net
# Drop Ping from the "bad" net zone.
Ping(DROP) net $FW
#
# Make ping work bi-directionally between the dmz, net, Firewall and local zone
# (assumes that the loc-> net policy is ACCEPT).
#
Ping(ACCEPT) loc $FW
Ping(ACCEPT) dmz $FW
Ping(ACCEPT) loc dmz
Ping(ACCEPT) dmz loc
Ping(ACCEPT) dmz net
ACCEPT $FW net icmp
ACCEPT $FW loc icmp
ACCEPT $FW dmz icmp
# Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
# the net zone to the dmz and loc
#Ping(ACCEPT) net dmz
#Ping(ACCEPT) net loc
ACCEPT all fw tcp 22
ACCEPT all fw tcp 10000
ACCEPT all fw tcp 33890
ACCEPT all fw tcp 5015
ACCEPT all fw tcp 5000-5001
ACCEPT all fw tcp 5060
ACCEPT all fw tcp 5090
ACCEPT all fw tcp 9000-9398
ACCEPT all fw tcp 10600-10998
ACCEPT all fw udp 5000-5001
ACCEPT all fw udp 5060
ACCEPT all fw udp 5090
ACCEPT all fw udp 9000-9398
ACCEPT all fw udp 10600-10998
verder nog even de autpout van route -n
Code: Selecteer alles
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.178.1 0.0.0.0 UG 0 0 0 eth2
44.0.0.0 44.137.0.1 255.128.0.0 UG 0 0 0 tun0
44.128.0.0 44.137.0.1 255.192.0.0 UG 0 0 0 tun0
44.137.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
en men ifconfig geeft dan nog
Code: Selecteer alles
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.1 netmask 255.255.0.0 broadcast 172.16.255.255
inet6 fe80::213:3bff:fe0f:4fc8 prefixlen 64 scopeid 0x20<link>
ether 00:13:3b:0f:4f:c8 txqueuelen 1000 (Ethernet)
RX packets 103229 bytes 13481180 (12.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 150896 bytes 126308877 (120.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 00:13:3b:0f:4f:c9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.178.253 netmask 255.255.255.0 broadcast 192.168.178.255
inet6 fe80::4261:86ff:fe61:f4f8 prefixlen 64 scopeid 0x20<link>
ether 40:61:86:61:f4:f8 txqueuelen 1000 (Ethernet)
RX packets 519404 bytes 205579722 (196.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 226387 bytes 44704832 (42.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 1 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 276982 bytes 136343713 (130.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 276982 bytes 136343713 (130.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 44.137.80.25 netmask 255.255.0.0 destination 44.137.80.25
inet6 fe80::5975:d175:cfea:f4cb prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 6094 bytes 597018 (583.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 333 bytes 28572 (27.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
hopelijk is dan meteen men netwerk structuur beetje duidelijk en kan teven s iemand me verder helpen zodat de openvpn verkeer ook goed te krijgen is