netstat -rn
Таблица маршутизации ядра протокола IP
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 br1
10.8.0.1 10.8.0.17 255.255.255.255 UGH 0 0 0 tun0
10.8.0.17 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-fbe7e235dd5b
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker_gwbridge
192.168.50.0 10.8.0.17 255.255.255.0 UG 0 0 0 tun0
192.168.70.0 10.8.0.17 255.255.255.0 UG 0 0 0 tun0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 br1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0ifconfig
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: TP-Link 3468 Adapter Office LAN
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether c4:e9:84:03:ad:2e
hwaddr c4:e9:84:03:ad:2e
inet 192.168.70.254 netmask 0xffffff00 broadcast 192.168.57.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
re1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 14:cc:20:05:eb:74
hwaddr 14:cc:20:05:eb:74
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (10baseT/UTP <half-duplex>)
status: no carrier
re2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: built-in Motherboard NIC Rostelecom Internet Cable (via Huawei GPON EchoLife HG8245H)
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 30:5a:3a:7e:92:f4
hwaddr 30:5a:3a:7e:92:f4
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1400
description: office <---> remote
options=80000<LINKSTATE>
tunnel inet zz.zz.zz.zz --> yy.yy.yy.yy
inet 172.16.0.50 --> 172.16.0.49 netmask 0xfffffffc
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
groups: gif
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::c6e9:84ff:fe03:ad2e%tun0 prefixlen 64 scopeid 0xb
inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffffff
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun
Opened by PID 50456
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1460
inet zz.zz.zz.zz --> xx.xx.xx.xx netmask 0xffffffff
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>[root@server01 /var/log]# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default xx.xx.xx.xx UGS ng0
10.8.0.0/24 10.8.0.2 UGS tun0
10.8.0.1 link#11 UHS lo0
10.8.0.2 link#11 UH tun0
xx.xx.xx.xx link#9 UH ng0
127.0.0.1 link#4 UH lo0
172.16.0.0/24 172.16.0.49 UGS gif0
172.16.0.49 link#5 UH gif0
172.16.0.50 link#5 UHS lo0
172.16.1.1 lo0 UHSB lo0
192.168.50.0/24 172.16.0.49 UGS gif0
192.168.70.0/24 link#1 U re0
192.168.70.254 link#1 UHS lo0
192.168.254.0/24 172.16.0.49 UGS gif0
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
::1 link#4 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
fe80::/10 ::1 UGRS lo0
fe80::%lo0/64 link#4 U lo0
fe80::1%lo0 link#4 UHS lo0
fe80::c6e9:84ff:fe03:ad2e%tun0 link#11 UHS lo0
ff02::/16port 1194
proto udp
dev tun
ca certs/ca.crt
cert certs/vpnserver.crt
key certs/vpnserver.key
dh certs/dh2048.pem
server 10.8.0.0 255.255.255.0
;ifconfig-pool-persist ipp.txt
push "route 192.168.50.0 255.255.255.0"
push "route 192.168.70.0 255.255.255.0"
;push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.70.30"
push "dhcp-option DNS 192.168.70.254"
push "dhcp-option DOMAIN contoso.local"
;client-to-client
duplicate-cn
keepalive 10 120
tls-auth certs/ta.key 0
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
;log-append openvpn.log
verb 3
;mute 20
explicit-exit-notify 1
# OpenLDAP Auth
plugin /usr/local/lib/openvpn-auth-ldap.so "/usr/local/etc/openvpn/auth-ldap.conf"
;client-cert-not-required
username-as-common-name
script-security 2
--client-connect scripts/up.sh
--client-disconnect scripts/down.shport 1194
proto udp
dev tun
ca certs/ca.crt
cert certs/vpnserver.crt
key certs/vpnserver.key
dh certs/dh2048.pem
server 10.8.0.0 255.255.255.0
;ifconfig-pool-persist ipp.txt
push "route 192.168.50.0 255.255.255.0"
push "route 192.168.70.0 255.255.255.0"
;push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.70.30"
push "dhcp-option DNS 192.168.70.254"
push "dhcp-option DOMAIN contoso.local"
;client-to-client
duplicate-cn
keepalive 10 120
tls-auth certs/ta.key 0
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
;log-append openvpn.log
verb 3
;mute 20
explicit-exit-notify 1
# OpenLDAP Auth
plugin /usr/local/lib/openvpn-auth-ldap.so "/usr/local/etc/openvpn/auth-ldap.conf"
;client-cert-not-required
username-as-common-name
script-security 2
--client-connect scripts/up.sh
--client-disconnect scripts/down.sh