Добрый день.
Есть сервер Centos 6.8 с адресом 172.19.1252.95.
На нем установлен openvpn.
Как настроить сервер, чтобы клиенты сети 172.19.252.0/24 могли ходить до адресов доступных после организации туннеля?
[vpn ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:A9:30:9C
inet addr:172.19.252.95 Bcast:172.19.255.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:131081 errors:0 dropped:0 overruns:0 frame:0
TX packets:3236 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9731034 (9.2 MiB) TX bytes:461938 (451.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.31.0.190 P-t-P:172.31.0.189 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:410 errors:0 dropped:0 overruns:0 frame:0
TX packets:1064 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:81564 (79.6 KiB) TX bytes:64038 (62.5 KiB)
[vpn ~]# iptables -L -v -n
Chain INPUT (policy ACCEPT 1287 packets, 217K bytes)
pkts bytes target prot opt in out source destination
166 21668 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
Chain FORWARD (policy ACCEPT 117 packets, 7020 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 166 packets, 24970 bytes)
pkts bytes target prot opt in out source destination
[vpn ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
#
# Use '/sbin/sysctl -a' to list all possible parameters.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.conf.default.forwarding = 1
Средний
Простой
