Почему не видно хостов через openvpn?

Question

[DVoropaev]

# route -N
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         <IP_СКРЫТ>   0.0.0.0         UG    100    0        0 enp3s0
10.<IP_СКРЫТ>.0     0.0.0.0         255.255.255.224 U     0      0        0 tap0
172.20.64.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0
192.168.124.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
192.168.208.0   10.<IP_СКРЫТ>.1     255.255.255.0   UG    0      0        0 tap0

208.service - OpenVPN
   Loaded: loaded (/etc/systemd/system/208.service; disabled; vendor preset: disabled)
   Active: active (running) since Ср 2017-09-13 18:55:31 SAMT; 49min ago
  Process: 7781 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --cd /home/user/.cert/208/ --config client.conf --askpass /home/user/.cert/208/passw (code=exited, status=0/SUCCESS)
 Main PID: 7783 (openvpn)
   CGroup: /system.slice/208.service
           └─7783 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --cd /home/user/.cert/208/ --config client.conf --askpass /home/user/.cert/208/passw

сен 13 18:55:32 localhost.localdomain openvpn[7783]: TCPv4_CLIENT link remote: [AF_INET]31.<IP_СКРЫТ>:8208
сен 13 18:55:32 localhost.localdomain openvpn[7783]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
сен 13 18:55:32 localhost.localdomain openvpn[7783]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
сен 13 18:55:32 localhost.localdomain openvpn[7783]: [Server-name] Peer Connection Initiated with [AF_INET]31.<IP_СКРЫТ>:8208
сен 13 18:55:35 localhost.localdomain openvpn[7783]: TUN/TAP device tap0 opened
сен 13 18:55:35 localhost.localdomain openvpn[7783]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
сен 13 18:55:35 localhost.localdomain openvpn[7783]: /usr/sbin/ip link set dev tap0 up mtu 1500
сен 13 18:55:35 localhost.localdomain openvpn[7783]: /usr/sbin/ip addr add dev tap0 10.<IP_СКРЫТ>.6/27 broadcast 10.<IP_СКРЫТ>.31
сен 13 18:55:35 localhost.localdomain openvpn[7783]: Initialization Sequence Completed
сен 13 18:55:39 localhost.localdomain systemd[1]: Started OpenVPN.

nmap 192.168.208.0-255 

Starting Nmap 7.12 ( https://nmap.org ) at 2017-09-13 19:43 SAMT
sendto in send_ip_packet_sd: sendto(4, packet, 40, 0, 192.168.208.91, 16) => Operation not permitted
Offending packet: TCP 10.20.208.6:40806 > 192.168.208.91:80 A ttl=39 id=5894 iplen=40  seq=0 win=1024 
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, 192.168.208.117, 16) => Operation not permitted
Offending packet: TCP 10.20.208.6:40806 > 192.168.208.117:443 S ttl=38 id=47003 iplen=44  seq=2887762721 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, 192.168.208.166, 16) => Operation not permitted
Offending packet: TCP 10.20.208.6:40805 > 192.168.208.166:443 S ttl=57 id=48634 iplen=44  seq=2887697184 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, 192.168.208.166, 16) => Operation not permitted
Offending packet: TCP 10.20.208.6:40806 > 192.168.208.166:443 S ttl=37 id=25270 iplen=44  seq=2887762721 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 40, 0, 192.168.208.206, 16) => Operation not permitted
Offending packet: TCP 10.20.208.6:40805 > 192.168.208.206:80 A ttl=46 id=55418 iplen=40  seq=0 win=1024 
sendto in send_ip_packet_sd: sendto(4, packet, 40, 0, 192.168.208.244, 16) => Operation not permitted
Offending packet: TCP 10.20.208.6:40806 > 192.168.208.244:80 A ttl=37 id=47295 iplen=40  seq=0 win=1024 
sendto in send_ip_packet_sd: sendto(4, packet, 40, 0, 192.168.208.248, 16) => Operation not permitted
Offending packet: TCP 10.20.208.6:40806 > 192.168.208.248:80 A ttl=54 id=51473 iplen=40  seq=0 win=1024 
sendto in send_ip_packet_sd: sendto(4, packet, 40, 0, 192.168.208.249, 16) => Operation not permitted
Offending packet: TCP 10.20.208.6:40806 > 192.168.208.249:80 A ttl=47 id=54581 iplen=40  seq=0 win=1024 
sendto in send_ip_packet_sd: sendto(4, packet, 40, 0, 192.168.208.101, 16) => Operation not permitted
Offending packet: TCP 10.20.208.6:40806 > 192.168.208.101:80 A ttl=48 id=51081 iplen=40  seq=0 win=1024 
sendto in send_ip_packet_sd: sendto(4, packet, 40, 0, 192.168.208.158, 16) => Operation not permitted
Offending packet: TCP 10.20.208.6:40805 > 192.168.208.158:80 A ttl=52 id=7595 iplen=40  seq=0 win=1024 
Omitting future Sendto error messages now that 10 have been shown.  Use -d2 if you really want to see them.
Nmap done: 256 IP addresses (0 hosts up) scanned in 206.33 seconds

Comments

[Wexter]

от рута запустите nmap и будет вам счастье

[DVoropaev]

Wexter, nmap запущен был от рута

[Wexter]

dableproger, в iptables трафик разрешён?

[DVoropaev]

Wexter, не знаю. как это проверить/исправить?

Answer 1

[silverjoe]

В настройках сервера проверьте опцию разрешающую клиентам опенвпн общаться между собой. Потом проверяйте файерволл и далее - маршрутизацию

Comments

[aphazel]

А что за опция, не подскажете?