Bonjour Pyrite,
voici un plan du réseau VPN que je souhaite mettre en place.
Quelques petites precisions:
- le serveur qui va servir de serveur VPN est une Machine Virtuel, il a une seul carte réseau configuré avec une IP Publique 103.4.X.X masque: 255.255.255.0
- dans les réseau clients il n'y a pas de PC, ce sont des appareils avec IP.
Pour le moment j’effectue des tests avec la VM serveur et un réseau derriere un routeur ADSL, le client est un windows 7.
je pense qu’il y a un problème avec les routes je ne vois que ça, mais je suis pas un spécialiste, je te met les routes du serveur et client un fois connecté.
j’arrive bien a faire des ping sur les IP du VPN, meme depuis le serveur si je fais un excuté : \\10.8.0.6 je vois bien les partages sur le client mais si je fais la meme chose avec l’adresse IP privé par \\192.168.2.X cela ne fonctionne pas.
Comme je te l’ai expliqué dans un post précédant mon but est que le serveur puisse voir l’ensemble du réseau client01, client02 etc……
je te met le maximum d’informations:
Voici les conf:
serveur:
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert certif_serveur_VMTEST.crt
key certif_serveur_VMTEST.key # This file should be kept secret
dh dh1024.pem
;topology subnet
server 10.8.0.0 255.255.255.0
route-delay 1
route-method exe
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
client-config-dir ccd #j’ai créer un fichier: client01 (sans extension) avec les infos suivantes : iroute 192.168.2.0 255.255.255.0
route 192.168.2.0 255.255.255.0
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4 »
client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
Client:
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote 103.4.X.X 1194
;remote my-server-2 1194
route-delay 1
route-method exe
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client01.crt
key client01.key
remote-cert-tls server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20
Status du serveur une fois lancé ( sans client connecté)
Fri Feb 13 18:48:59 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [iPv6] built on Dec 1 2014
Fri Feb 13 18:48:59 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Fri Feb 13 18:48:59 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 13 18:48:59 2015 Need hold release from management interface, waiting...
Fri Feb 13 18:49:00 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 13 18:49:00 2015 MANAGEMENT: CMD 'state on'
Fri Feb 13 18:49:00 2015 MANAGEMENT: CMD 'log all on'
Fri Feb 13 18:49:00 2015 MANAGEMENT: CMD 'hold off'
Fri Feb 13 18:49:00 2015 MANAGEMENT: CMD 'hold release'
Fri Feb 13 18:49:00 2015 Diffie-Hellman initialized with 1024 bit key
Fri Feb 13 18:49:00 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 13 18:49:00 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 13 18:49:00 2015 MANAGEMENT: >STATE:1423813740,ASSIGN_IP,,10.8.0.1,
Fri Feb 13 18:49:00 2015 open_tun, tt->ipv6=0
Fri Feb 13 18:49:00 2015 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{5A28B56F-2769-4BB4-B767-EBBFB4A2575F}.tap
Fri Feb 13 18:49:00 2015 TAP-Windows Driver Version 9.21
Fri Feb 13 18:49:00 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {5A28B56F-2769-4BB4-B767-EBBFB4A2575F} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Fri Feb 13 18:49:00 2015 Sleeping for 1 seconds...
Fri Feb 13 18:49:01 2015 Successful ARP Flush on interface [17] {5A28B56F-2769-4BB4-B767-EBBFB4A2575F}
Fri Feb 13 18:49:01 2015 MANAGEMENT: >STATE:1423813741,ADD_ROUTES,,,
Fri Feb 13 18:49:01 2015 C:\Windows\system32\route.exe ADD 192.168.2.0 MASK 255.255.255.0 10.8.0.2
Fri Feb 13 18:49:01 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 13 18:49:01 2015 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Fri Feb 13 18:49:01 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 13 18:49:01 2015 UDPv4 link local (bound): [undef]
Fri Feb 13 18:49:01 2015 UDPv4 link remote: [undef]
Fri Feb 13 18:49:01 2015 MULTI: multi_init called, r=256 v=256
Fri Feb 13 18:49:01 2015 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Fri Feb 13 18:49:01 2015 ifconfig_pool_read(), in='client01,10.8.0.4', TODO: IPv6
Fri Feb 13 18:49:01 2015 succeeded -> ifconfig_pool_set()
Fri Feb 13 18:49:01 2015 IFCONFIG POOL LIST
Fri Feb 13 18:49:01 2015 client01,10.8.0.4
Fri Feb 13 18:49:01 2015 Initialization Sequence Completed
Fri Feb 13 18:49:01 2015 MANAGEMENT: >STATE:1423813741,CONNECTED,SUCCESS,10.8.0.1,
La suite du serveur une fois le client01 connecté
Fri Feb 13 18:52:18 2015 118.179.X.X:57035 TLS: Initial packet from [AF_INET]118.179.X.X:57035, sid=492c4a5b 23ad4cbc
Fri Feb 13 18:52:19 2015 118.179.X.X:57035 VERIFY OK: depth=1, C=FR, ST=PS, L=Tontouta, O=TID, OU=xxxx, CN=Ista F, name=xxxx, emailAddress=xxxx@xxxx.com
Fri Feb 13 18:52:19 2015 118.179.X.X:57035 VERIFY OK: depth=0, C=FR, ST=PS, L=Tontouta, O=TID, OU=xxxxx, CN=client01, name=xxxx, emailAddress=xxx@xxxxxx.com
Fri Feb 13 18:52:19 2015 118.179.X.X:57035 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 13 18:52:19 2015 118.179.X.X:57035 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 13 18:52:19 2015 118.179.X.X:57035 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 13 18:52:19 2015 118.179.X.X:57035 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 13 18:52:19 2015 118.179.X.X:57035 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 13 18:52:19 2015 118.179.X.X:57035 [client01] Peer Connection Initiated with [AF_INET]118.X.X.104:57035
Fri Feb 13 18:52:19 2015 client01/118.179.X.X:57035 OPTIONS IMPORT: reading client specific options from: ccd\client01
Fri Feb 13 18:52:19 2015 client01/118.179.X.X:57035 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Fri Feb 13 18:52:19 2015 client01/118.179.X.X:57035 MULTI: Learn: 10.8.0.6 -> client01/118.179.x.x:57035
Fri Feb 13 18:52:19 2015 client01/118.179.X.X:57035 MULTI: primary virtual IP for client01/118.179.X.X:57035: 10.8.0.6
Fri Feb 13 18:52:19 2015 client01/118.179.X.X:57035 MULTI: internal route 192.168.2.0/24 -> client01/118.179.X.X:57035
Fri Feb 13 18:52:19 2015 client01/118.179.X.X:57035 MULTI: Learn: 192.168.2.0/24 -> client01/118.179.X.X:57035
Fri Feb 13 18:52:21 2015 client01/118.179.X.X:57035 PUSH: Received control message: 'PUSH_REQUEST'
Fri Feb 13 18:52:21 2015 client01/118.179.X.X:57035 send_push_reply(): safe_cap=940
Fri Feb 13 18:52:21 2015 client01/118.179.X.X:57035 SENT CONTROL [client01]: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Status du client01
Fri Feb 13 18:52:19 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [iPv6] built on Dec 1 2014
Fri Feb 13 18:52:19 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Fri Feb 13 18:52:19 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 13 18:52:19 2015 Need hold release from management interface, waiting...
Fri Feb 13 18:52:19 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 13 18:52:19 2015 MANAGEMENT: CMD 'state on'
Fri Feb 13 18:52:19 2015 MANAGEMENT: CMD 'log all on'
Fri Feb 13 18:52:19 2015 MANAGEMENT: CMD 'hold off'
Fri Feb 13 18:52:19 2015 MANAGEMENT: CMD 'hold release'
Fri Feb 13 18:52:20 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 13 18:52:20 2015 UDPv4 link local: [undef]
Fri Feb 13 18:52:20 2015 UDPv4 link remote: [AF_INET]103.4.x.x:1194
Fri Feb 13 18:52:20 2015 MANAGEMENT: >STATE:1423813940,WAIT,,,
Fri Feb 13 18:52:20 2015 MANAGEMENT: >STATE:1423813940,AUTH,,,
Fri Feb 13 18:52:20 2015 TLS: Initial packet from [AF_INET]103.4.x.x:1194, sid=f8fbd675 f93e64a0
Fri Feb 13 18:52:20 2015 VERIFY OK: depth=1, C=FR, ST=PS, L=Tontouta, O=TID, OU=xxxx, CN=Ista F, name=xxxx, emailAddress=xxxx@xxxx.com
Fri Feb 13 18:52:20 2015 Validating certificate key usage
Fri Feb 13 18:52:20 2015 ++ Certificate has key usage 00a0, expects 00a0
Fri Feb 13 18:52:20 2015 VERIFY KU OK
Fri Feb 13 18:52:20 2015 Validating certificate extended key usage
Fri Feb 13 18:52:20 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Feb 13 18:52:20 2015 VERIFY EKU OK
Fri Feb 13 18:52:20 2015 VERIFY OK: depth=0, C=FR, ST=PS, L=Tontouta, O=TID, OU=xxxx, CN=serveur, name=xxxx, emailAddress=xxxxt@xxxx.com
Fri Feb 13 18:52:20 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 13 18:52:20 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 13 18:52:20 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 13 18:52:20 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 13 18:52:20 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 13 18:52:20 2015 [serveur] Peer Connection Initiated with [AF_INET]103.4.x.x:1194
Fri Feb 13 18:52:21 2015 MANAGEMENT: >STATE:1423813941,GET_CONFIG,,,
Fri Feb 13 18:52:22 2015 SENT CONTROL [serveur]: 'PUSH_REQUEST' (status=1)
Fri Feb 13 18:52:23 2015 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Fri Feb 13 18:52:23 2015 OPTIONS IMPORT: timers and/or timeouts modified
Fri Feb 13 18:52:23 2015 OPTIONS IMPORT: --ifconfig/up options modified
Fri Feb 13 18:52:23 2015 OPTIONS IMPORT: route options modified
Fri Feb 13 18:52:23 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Feb 13 18:52:23 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 13 18:52:23 2015 MANAGEMENT: >STATE:1423813943,ASSIGN_IP,,10.8.0.6,
Fri Feb 13 18:52:23 2015 open_tun, tt->ipv6=0
Fri Feb 13 18:52:23 2015 TAP-WIN32 device [Connexion au réseau local 2] opened: \\.\Global\{C8F3F5D9-0DBD-42E5-8559-0C43FE749186}.tap
Fri Feb 13 18:52:23 2015 TAP-Windows Driver Version 9.21
Fri Feb 13 18:52:23 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {C8F3F5D9-0DBD-42E5-8559-0C43FE749186} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Fri Feb 13 18:52:23 2015 Successful ARP Flush on interface [19] {C8F3F5D9-0DBD-42E5-8559-0C43FE749186}
Fri Feb 13 18:52:24 2015 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Fri Feb 13 18:52:24 2015 MANAGEMENT: >STATE:1423813944,ADD_ROUTES,,,
Fri Feb 13 18:52:24 2015 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Fri Feb 13 18:52:24 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 13 18:52:24 2015 Initialization Sequence Completed
Fri Feb 13 18:52:24 2015 MANAGEMENT: >STATE:1423813944,CONNECTED,SUCCESS,10.8.0.6,103.4.X.X
Route Serveur:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 103.4.X.1 103.4.X.X 15
10.8.0.0 255.255.255.0 10.8.0.2 10.8.0.1 21
10.8.0.0 255.255.255.252 On-link 10.8.0.1 276
10.8.0.1 255.255.255.255 On-link 10.8.0.1 276
10.8.0.3 255.255.255.255 On-link 10.8.0.1 276
103.4.X.0 255.255.255.0 On-link 103.4.X.X 261
103.4.X.X 255.255.255.255 On-link 103.4.X.X 261
103.4.X.255 255.255.255.255 On-link 103.4.X.X 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 10.8.0.2 10.8.0.1 21
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.8.0.1 276
224.0.0.0 240.0.0.0 On-link 103.4.X.X 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.8.0.1 276
255.255.255.255 255.255.255.255 On-link 103.4.X.X 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 103.4.X.1 10
===========================================================================
route client:
IPv4 Table de routage
===========================================================================
Itinéraires actifs :
Destination réseau Masque réseau Adr. passerelle Adr. interface Métriqu
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.91 356
10.8.0.0 255.255.255.0 10.8.0.5 10.8.0.6 31
10.8.0.4 255.255.255.252 On-link 10.8.0.6 286
10.8.0.6 255.255.255.255 On-link 10.8.0.6 286
10.8.0.7 255.255.255.255 On-link 10.8.0.6 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.91 356
192.168.2.91 255.255.255.255 On-link 192.168.2.91 356
192.168.2.255 255.255.255.255 On-link 192.168.2.91 356
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.91 356
224.0.0.0 240.0.0.0 On-link 10.8.0.6 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.91 356
255.255.255.255 255.255.255.255 On-link 10.8.0.6 286
===========================================================================
Itinéraires persistants :
Adresse réseau Masque réseau Adresse passerelle Métrique
0.0.0.0 0.0.0.0 192.168.2.1 Par défaut
===========================================================================