system toolbox » router

nakon flasovanja routera sa ovim firmwareom dobije se u opcijama VPN tunneling gdje se može podesiti klijent ili server, odradio podešenje sa svojim ključevima i VPN odprve uspostavljen

evo i loga tunela

[[Sep 23 04:23:34 unknown daemon.notice openvpn⁵⁰⁸: OpenVPN 2.1_rc15 mipsel-unknown-linux-gnu [SSL] [LZO2] built on May 31 2009
Sep 23 04:23:34 unknown daemon.warn openvpn⁵⁰⁸: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sep 23 04:23:34 unknown daemon.warn openvpn⁵⁰⁸: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 23 04:23:34 unknown daemon.notice openvpn⁵⁰⁸: LZO compression initialized
Sep 23 04:23:34 unknown daemon.notice openvpn⁵⁰⁸: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sep 23 04:23:35 unknown daemon.notice openvpn⁵⁰⁸: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sep 23 04:23:35 unknown daemon.notice openvpn⁵¹²: Socket Buffers: R=[32767->65534] S=[32767->65534]
Sep 23 04:23:35 unknown daemon.notice openvpn⁵¹²: UDPv4 link local: [undef]
Sep 23 04:23:35 unknown daemon.notice openvpn⁵¹²: UDPv4 link remote: 89.146.133.222:1194
Sep 23 04:23:35 unknown daemon.notice openvpn⁵¹²: TLS: Initial packet from 89.146.133.222:1194, sid=b70229de 94454cec
Sep 23 04:23:35 unknown daemon.notice openvpn⁵¹²: VERIFY OK: depth=1, /C=BA/ST=BiH/L=Sarajevo/O=bring.out.ba/CN=hernad/Email=cs@sigma-com.net
Sep 23 04:23:35 unknown daemon.notice openvpn⁵¹²: VERIFY OK: depth=0, /C=BA/ST=BiH/L=Sarajevo/O=bring.out.ba/CN=server/Email=sa@bring.out.ba
Sep 23 04:23:37 unknown daemon.notice openvpn⁵¹²: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 23 04:23:37 unknown daemon.notice openvpn⁵¹²: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 23 04:23:37 unknown daemon.notice openvpn⁵¹²: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 23 04:23:37 unknown daemon.notice openvpn⁵¹²: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 23 04:23:37 unknown daemon.notice openvpn⁵¹²: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
Sep 23 04:23:37 unknown daemon.notice openvpn⁵¹²: [server] Peer Connection Initiated with 89.146.133.222:1194
Sep 23 04:23:38 unknown daemon.notice openvpn⁵¹²: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sep 23 04:23:38 unknown daemon.notice openvpn⁵¹²: PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.179 10.8.0.1'
Sep 23 04:23:38 unknown daemon.notice openvpn⁵¹²: OPTIONS IMPORT: timers and/or timeouts modified
Sep 23 04:23:38 unknown daemon.notice openvpn⁵¹²: OPTIONS IMPORT: --ifconfig/up options modified
Sep 23 04:23:38 unknown daemon.notice openvpn⁵¹²: OPTIONS IMPORT: route options modified
Sep 23 04:23:38 unknown daemon.notice openvpn⁵¹²: TUN/TAP device tun11 opened
Sep 23 04:23:38 unknown daemon.notice openvpn⁵¹²: TUN/TAP TX queue length set to 100
Sep 23 04:23:38 unknown daemon.notice openvpn⁵¹²: /sbin/ifconfig tun11 10.8.0.179 pointopoint 10.8.0.1 mtu 1500
Sep 23 04:23:38 unknown daemon.notice openvpn⁵¹²: updown.sh tun11 1500 1542 10.8.0.179 10.8.0.1 init
Sep 23 04:23:39 unknown daemon.info dnsmasq²⁰⁸: exiting on receipt of SIGTERM
Sep 23 04:23:39 unknown daemon.info dnsmasq⁵³⁵: started, version 2.47 cachesize 150
Sep 23 04:23:39 unknown daemon.info dnsmasq⁵³⁵: compile time options: no-IPv6 GNU-getopt no-RTC no-DBus no-I18N no-TFTP
Sep 23 04:23:39 unknown daemon.info dnsmasq⁵³⁵: DHCP, IP range 192.168.1.110 -- 192.168.1.120, lease time 1d
Sep 23 04:23:39 unknown daemon.info dnsmasq⁵³⁵: reading /etc/resolv.dnsmasq
Sep 23 04:23:39 unknown daemon.info dnsmasq⁵³⁵: using nameserver 77.239.1.5#53
Sep 23 04:23:39 unknown daemon.info dnsmasq⁵³⁵: using nameserver 77.239.1.4#53
Sep 23 04:23:39 unknown daemon.info dnsmasq⁵³⁵: read /etc/hosts - 0 addresses
Sep 23 04:23:39 unknown daemon.info dnsmasq⁵³⁵: read /etc/hosts.dnsmasq - 1 addresses
Sep 23 04:23:40 unknown daemon.notice openvpn⁵¹²: /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.1
Sep 23 04:23:40 unknown daemon.notice openvpn⁵¹²: Initialization Sequence Completed]]

pingam kraj tunela
C:\Documents and Settings\jolly>ping 10.8.0.1

Pinging 10.8.0.1 with 32 bytes of data:

Reply from 10.8.0.1: bytes=32 time=38ms TTL=63
Reply from 10.8.0.1: bytes=32 time=37ms TTL=63

hm ostaje još dodavanje rute prema bring.out, podešenja na tomatou Static Routing Table ne dozvoljavaju rutiranje kroz tunel nude samo LAN i WAN , pogledaću dali ima custom opcija

Tomato v1.25vpn3.3

BusyBox v1.14.0 (2009-05-31 18:41:13 CDT) built-in shell (ash)
Enter 'help' for a list of built-in commands.

1. ifconfig
   

   tun11      Link encap:Point-to-Point Protocol
              inet addr:10.8.0.179  P-t-P:10.8.0.1  Mask:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:4 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:288 (288.0 B)  TX bytes:288 (288.0 B)
   

ručno dodavanje rute fercera

1. /sbin/route add -net 192.168.45.0 netmask 255.255.255.0 gw 10.8.0.1
2. ip route show
   

   10.8.0.1 dev tun11  proto kernel  scope link  src 10.8.0.179
   10.8.0.0/24 via 10.8.0.1 dev tun11
   192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1
   77.239.26.0/24 dev vlan1  proto kernel  scope link  src 77.239.26.5
   192.168.45.0/24 via 10.8.0.1 dev tun11
   127.0.0.0/8 dev lo  scope link
   default via 77.239.26.1 dev vlan1
   

3. ping 192.168.45.4
   PING 192.168.45.4 (192.168.45.4): 56 data bytes
   

   64 bytes from 192.168.45.4: seq=0 ttl=64 time=65.888 ms
   64 bytes from 192.168.45.4: seq=1 ttl=64 time=41.823 ms
   

podesio i provjerio pristup bringout > bjasko

root@router-back:/etc/openvpn/clients# cat bjasko

ifconfig-push 10.8.0.179 10.8.0.1
iroute 192.168.1.0 255.255.255.0

root@router-back:/etc/openvpn/clients# grep 192.168.1.0 /etc/rc.local

ROUTES="192.168.4.0/24 192.168.11.0/24 192.168.65.0/24 192.168.66.0/24 192.168.42.0/24 192.168.43.0/24 192.168.44.0/24 192.168.55.0/24 192.168.77.0/24 192.168.14.0/24 192.168.1.0/24" 

root@router-back:/etc/openvpn/clients# grep 192.168.1.0 /var/log/syslog

Sep 23 14:44:55 router-back ovpn-server[25044]: bjasko/77.239.26.5:2050 MULTI: internal route 192.168.1.0/24 -> bjasko/77.239.26.5:2050
Sep 23 14:44:55 router-back ovpn-server[25044]: bjasko/77.239.26.5:2050 MULTI: Learn: 192.168.1.0/24 -> bjasko/77.239.26.5:2050

root@router-back:/etc/openvpn/clients# route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.8.0.2 dev tun0
root@router-back:/etc/openvpn/clients# ping 192.168.1.1

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=38.3 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=35.9 ms

--- 192.168.1.1 ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2004ms
rtt min/avg/max/mdev = 35.931/37.136/38.342/1.220 ms

root@router-back:/etc/openvpn/clients# ping 192.168.1.116

PING 192.168.1.116 (192.168.1.116) 56(84) bytes of data.
64 bytes from 192.168.1.116: icmp_seq=1 ttl=127 time=81.8 ms
64 bytes from 192.168.1.116: icmp_seq=2 ttl=127 time=37.4 ms

ostaje vidjeti kako na tomato-u automatizovati custom rutu prema bring.out

Jasmin Beganović je napisao/la:

ostaje vidjeti kako na tomato-u automatizovati custom rutu prema bring.out

rješio sam tako što sam u admin script (WAN UP) stavio

http://192.168.1.1/admin-scripts.asp

WAN UP

sleep 20
/sbin/route add -net 192.168.45.0 netmask 255.255.255.0 gw 10.8.0.1

20 sec je dovoljno da se tunel digne nakon podizanja wan-a