openvpn À¸·Î Áö»ç¸Á ¿¬°áÇϱâ Áú¹® ÀÔ´Ï´Ù.

ÀÏ´Þ   
   Á¶È¸ 6810   Ãßõ 0    


위와 같은 네트워크 구성을 하려고 하는데, 안되는 부분이 고수님에게 질문의 구합니다.

openvpn 을 통해서 vpn server - vpn client 연결을 했습니다.

iptables -t nat -I POSTROUTING -o enp1s0 -s 10.8.0.0/24 -j MASQUERADE
설정을 하고 난 뒤에,
ping 을 통해서 vpn server 에서 ofice COM1 으로 연결이 됩니다.

그러나 IDC SERVER 1 ----- OFFICE COM1 으로 연결이 안됩니다.
이와 같은 경우에는 어떻게 잡아야 되나요?

OFFICE COM1 - IDC SERVER 1 로 연결하고 싶습니다.

2주동안 이것저것 해보고 있는데 보통 작동이 이뤄지지 않네요.

사용 OS는 centos 를 사용하고 있습니다.



¼ÛÁÖȯ 2020-02
Áö±Ý ±¸¼ºÀº 1:1 ¿¬°áÀε¥, Site to Site VPNÀÌ ÇÊ¿äÇÑ °ÍÀ¸·Î º¸ÀÔ´Ï´Ù.
     
ÀÏ´Þ 2020-02
³×. site to site ·Î ±¸¼ºÇÏ·Á°í Çß½À´Ï´Ù.
maronet 2020-02
¶ó¿ìÆà Å×À̺í Á¤È®È÷ ±¸¼ºµÇ¾î ÀÖ´ÂÁö È®ÀÎÇغ¸¼¼¿ä
     
ÀÏ´Þ 2020-02
¶ó¿ìÆà Å×À̺íÀ» Á¦´ë·Î ±¸¼ºÇß´Ù°í »ý°¢Çß´Àµ¥ ¹¹°¡ Ʋ¸° Á¡ÀÌ ÀÖ³ªº¾´Ï´Ù.
ÂùÀÌ 2020-02
IDCÀÇ VPN Server¿¡¼­
ip route add 192.168.21.0/24 via 10.8.0.1 dev tun0 onlink
IDCÀÇ PC(Server 1)¿¡¼­
ip route add 192.168.21.0/24 via 192.168.20.50

OFFICEÀÇ vpn client¿¡¼­
ip route add 192.168.20.0/24 via 10.8.0.2 dev tun0 onlink
OFFICEÀÇ COM1¿¡¼­
ip route add 192.168.20.0/24 via 192.168.21.100

ÀÌ·±½ÄÀ¸·Î Çغ¸¼¼¿ä.
Åë½Å¹æÇâ »ó°ü¾øÀÌ ¼­·Î ¶ó¿ìÆü³Á¤ÀÌ µÇ¾î¾ß ÇÏ´Â°Ô Áß¿äÇÕ´Ï´Ù.
Åë½Å¹æÇâÀº iptables Æ÷¿öµù ·ê·Î Á¤ÇØ¾ß Çϱ¸¿ä.
     
ÀÏ´Þ 2020-02
server1 server2 com1 com2 ¿¡ ¸ðµÎ ¶ó¿ìÆà ¼¼ÆÃÀ» ÇØÁà¾ß ÇÏ´Â °Ç°¡¿ä?
Ȥ½Ã À­´Ü¿¡ ÀÖ´Â router ¿¡¼­ ¼¼ÆÃÀ» Çؼ­ ÇÒ ¼ö´Â ¾ø³ª¿ä?
          
ÂùÀÌ 2020-02
À§ ¼³Á¤¿¡¼­ Server 1¼³Á¤À» IDCÀÇ Default Gateway¿¡,
Com 1¼³Á¤À» OfficeÀÇ Default Gateway¿¡ µ¿ÀÏÇÏ°Ô ¼³Á¤ÇÏ½Ã¸é µË´Ï´Ù.
               
ÀÏ´Þ 2020-02
¾î·Æ³×¿ä.
ÀÌ°ÍÀú°Í ÇØ ºÁµµ ¾ÈµÇ°í, ½Ã°£ ³¯¶§¸¶´Ù Çغ¸°í Àִµ¥ Àß ¾ÈµÇ³×¿ä.
±âº» Áö½ÄÀ» ´õ °øºÎÇÏ°í ÇØ ºÁ¾ß µÇ°Ú½À´Ï´Ù.
nat´Â ¾Æ´Õ´Ï´Ù.
COM1ÀÌ Å¬¶óÀ̾ðÆ®·Î ¿¬°áµÆÀ» ¶§ 192.168.20.51À̳ª ³×Æ®¿öÅ© ´ë¿ª¿¡ ´ëÇÑ ¶ó¿ìÆÃÅ×À̺íÀ» °¡Áö°í ÀÖÀ¸¸é SERVER¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ½À´Ï´Ù.
COM1¿¡¼­ ¿¬°áÇÒ ¶§ ¸¶´Ù ÀÏÀÏÀÌ ¶ó¿ìÆÃÀ» ¿Ã¸®°í ³»¸®´Â ´ë½Å OpenVPNÀÇ µ¥¸óÀÌ À̸¦ COM1¿¡ °­Á¦ÇÏ´Â ¿É¼ÇÀÌ ÀÖ½À´Ï´Ù.
OpenVPN ¼­¹öÂÊ¿¡ µÐ´Ù¸é ´ÙÀ½(´ë¿ª ¿¹)ÀÔ´Ï´Ù.
push "route 192.168.20.0 255.255.255.0"
COM1ÀÇ ¼³Á¤ ÆÄÀÏ¿¡ ³Ö°Ú´Ù¸é ´ÙÀ½(´ë¿ª ¿¹) ÀÔ´Ï´Ù.
route 192.168.20.0 255.255.255.0
OpenVPN¿¡¼­ push, route°¡ ¹ºÁö ¾Æ½Ã¸®¶ó º¾´Ï´Ù.
     
ÀÏ´Þ 2020-02
Áö±Ý »óȲÀÌ ssh ¿¬°á Á¢¼Ó »óÅ°¡
success ... vpn server -----> cpn client, com1, com2, com3
success ... vpn client -----> vpn server, server1, server2, server 3 ....
failed ... com1 -----> server1
failed ... server1 -----> com1
ÀÌ·± »óÅÂ ÀÔ´Ï´Ù Àú´Â
com1 ---> server1, server ·Î ¿¬°áÇÏ°í ½ÍÀºµ¥ route Á¤º¸¸¸ ¼¼ÆÃÇÏ°í iptables ´Â ¼³Á¤ ÇÒ ÇÊ¿ä´Â ¾ø¾ú´ø °Ç°¡¿ä?
          
°Å±â¼­ nat´Â ÇÊ¿ä¾ø½À´Ï´Ù.
À§ ±×¸²ÀÌ natÇÒ ÇÊ¿ä°¡ ÀÖ´ÂÁö¸¦ Çѹø ´Ù½Ã º¸½Ê½Ã¿À.
±Ý¹æ ´äÀÌ ³ª¿É´Ï´Ù.
¿ÜºÎ¿¡¼­ OpenVPN¿¡ Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï Æ÷Æ®¸¸ Çã¿ëÇÏ¸é ±×¸¸ÀÎ °ÍÀÔ´Ï´Ù.
Á¢¼ÓÀÌ µÇ¸é ÅͳÎÀº ¿­¸° °ÍÀÔ´Ï´Ù.
com1ÀÌ server1 À̳ª server °¡ ÀÖ´Â ³×Æ®¿öÅ©¿Í Åë½ÅÇÏ·Á¸é ÇØ´ç ¶ó¿ìÆà °æ·Î¸¦ Áö´Ï°í ÀÖ¾î¾ß ÇÕ´Ï´Ù.
ÀÏÀÏÀÌ com1¿¡¼­ route add Çصµ µÇ°ÚÁö¸¸ À̸¦ OpenVPNÀÇ µ¥¸ó¿¡ ¸Ã±â¶ó´Â °ÍÀÔ´Ï´Ù.
OpenVPN ¼­¹ö ÂÊ ¼³Á¤ ÆÄÀÏ¿¡,
push "route 192.168.20.0 255.255.255.0"  ÁÙÀ» ³ÖÀ¸¸é, *¹°·Ð conf ÆÄÀÏÀ» ¼öÁ¤Çϸé OpenVPN Àç½ÃÀÛ
com1ÀÌ Á¢¼ÓÇÒ ¶§ ¸¶´Ù ÀÌ ³×Æ®¿öÅ© ´ë¿ªÀ» com1ÀÇ ¶ó¿ìÆÃÅ×ÀÌºí¿¡ OpenVPN ¼­¹ö°¡ Áý¾î ³Ö½À´Ï´Ù.
Á¢¼ÓÀ» ²÷À¸¸é ¿ª½Ã OpenVPN ¼­¹ö°¡ ÇØ´ç °æ·Î¸¦ Á¦°ÅÇϱâ À§Çؼ­ route delÀ» ½ÇÇàÇÕ´Ï´Ù.
À̸¦ ¼­¹öÂÊ¿¡¼­ ÇÏÁö ¸»°í com1ÀÇ Å¬¶óÀ̾ðÆ® ÂÊ OpenVPNÀÌ ÇÏ°Ô ÇÏ·Á¸é .ovpn ÆÄÀÏ¿¡ route 192.168.20.0 255.255.255.0 ÁÙÀ» ³Ö½À´Ï´Ù.
               
ÀÏ´Þ 2020-02
°¢ Ŭ¶óÀ̾ðÆ®(com1, com2) ¸¶´Ù openvpn ·Î Á¢¼ÓÇÏ¿©¾ß ÇÑ´Ù´Â ¸»¾¸À̽Ű¡¿ä?
                    
³×, À§ À̹ÌÁö´Â ¼­¹ö¿Í Ŭ¶óÀ̾ðÆ® °ü°è¶ó¼­ ÀÔ´Ï´Ù.
Áï, 192.168.21.100 À̶ó´Â com1À» Ŭ¶óÀ̾ðÆ®·Î OpenVPN¿¡ Á¢¼ÓÇÑ °ÍÀÔ´Ï´Ù.
ÀÌ·±(Stite To Site°¡ ¾Æ´Ñ) ½ÄÀ̶ó¸é com2µµ º°µµ·Î OpenVPN¿¡ Ŭ¶óÀ̾ðÆ®·Î ¿¬°áÇØ¾ß ÇÕ´Ï´Ù.
Ȥ½Ã, Site To Site¸¦ ±¸¼ºÇÏ·Á°í Çß½À´Ï±î?
±×·¸´Ù¸é IDC¿Í Áö»ç °¢°¢¿¡ ÀÖ´Â OpenVPNÀÌ Site To Stie ¿¬°á¸¸À¸·Î ³¡³ªÁö ¾Ê½À´Ï´Ù.
server1, server2¿¡¼­´Â Áö»ç ÂÊ ¶ó¿ìÆà Á¤º¸¸¦ Áö´Ï°í ÀÖ¾î¾ß ÇÕ´Ï´Ù.
°¢°¢¿¡¼­ route add ÇØÁà¾ß ÇÕ´Ï´Ù.
À̶§ G/W´Â ¶ó¿ìÅÍ°¡ ¾Æ´Ï°í OpenVPNÀÇ NIC ½ÇÁ¦ ÁÖ¼ÒÀÔ´Ï´Ù.
com1,  com2¿¡¼­µµ ¿ªÀ¸·Î ¸¶Âú°¡ÁöÀÔ´Ï´Ù.
OpenVPN¿¡¼­´Â ¼³Á¤À¸·Î ÀÚü ¶ó¿ìÆà Á¤º¸¸¦ Áö´Ï°Ô µÇ±â ¶§¹®¿¡ µû·Î ¶ó¿ìÆø¦ ¼³Á¤ÇÒ ÇÊ¿ä´Â ¾ø°í Æ÷¿öµùÀÌ µÇµµ·Ï ÇÕ´Ï´Ù.
±×¸®°í °Å±â router¿¡¼­´Â ¹¹ ÇÒ °Ô ¾ø½À´Ï´Ù.
Th2n 2020-02
Ȥ½Ã ÇØ°á Çϼ̳ª¿ä? °°Àº °æÇéÀ¸·Î ±¸Ãà ÇÑ °æÇèÀÌ ÀÖ½À´Ï´Ù.
°¢°¢ IDS ¼­¹öµéÀÌ °ÔÀÌÆ®¸¦ ¸ø ã±â ¶§¹® ÀÌ·± Çö»óÀÌ ³³´Ï´Ù.
Router(20.50) ¿¡ 10.8.0.1 ´Â VPN °ÔÀÌÆ®¿þÀÌ Ãß°¡ ÇØ ÁÖ½Ã¸é µË´Ï´Ù.
     
ÀÏ´Þ 2020-02
¾Æ´Ï¿ä!! ¾ÆÁ÷ ÇØ°á ¸ø Çß¾î¿ä!
À±ÅÊÀÌ 2020-02
ÇöÀç ¸»¾¸°ú ¼³Á¤»óȲÀ» º¸´Ï,

Site to Site ·Î µÇ¾îÀÖ´Â°Ô¾Æ´Ï°í ¹Ý´ëÆíÀ¸·Î ³Ñ¾î°¥¶§ NAT µÇ¾î¼­ ³Ñ¾î°¡´Â°Í °°½À´Ï´Ù.
À±ÅÊÀÌ 2020-02
°æ·Î¸¦ º¸½Ã·Á¸é routeprint ·Î ºÁº¸½Ã¸é ÁÁ½À´Ï´Ù.
ÀÏ´Þ 2020-02
serverÂÊ ¼³Á¤
# server
# proto udp
proto tcp4-server
port 443
dev tun

key /etc/openvpn/keys/vpn.server.key
cert /etc/openvpn/keys/vpn.server.crt
ca /etc/openvpn/keys/ca.crt
dh /etc/openvpn/keys/dh2048.pem

cipher AES-256-CBC
tls-crypt /etc/openvpn/keys/vpn.tlsauth
crl-verify /etc/openvpn/keys/crl.pem
topology subnet
client-to-client

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

client-config-dir ccd
route 192.168.21.0 255.255.255.0 10.8.0.10

#persist-key
#persist-tun
#status openvpn-status.log
#log /var/log/openvpn.log
~

//// ccd/vpn.client
ifconfig-push 10.8.0.10 255.255.255.0
iroute 192.168.21.0 255.255.255.0
push "route 192.168.10.0 255.255.255.128"
push "route 192.168.20.0 255.255.255.128"
push "route 192.168.30.0 255.255.255.128"
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
     
client-to-client´Â com1°ú com2°¡ °¢°¢ OpenVPN ¼­¹ö¿¡ Á¢¼ÓÇßÀ» ¶§ ¼­·Î Åë½ÅÇÏ´Â ¿É¼ÇÀ¸·Î À§ °æ¿ì¿¡´Â ÇÊ¿ä¾ø½À´Ï´Ù.
route 192.168.21.0 255.255.255.0 10.8.0.10Àº ¹æÇâÀÌ ¹Ù²î¾ú½À´Ï´Ù.
vpn.clientÀÇ ¾ÆÀÌÇÇ´Â ccd¿¡ ÀÇÇØ Á¢¼Ó½Ã À§ ±×¸²¿¡¼­ 10.8.0.2°¡ ¾Æ´Ï°í 10.8.0.10À̾î¾ß ÇÕ´Ï´Ù.
push "redirect-gateway def1"¿Í push "dhcp-option DNS 10.8.0.1"´Â ÇÊ¿äÇÑ °æ¿ì°¡ ¾Æ´Õ´Ï´Ù.
redirect-gateway def1 ¶§¹®¿¡ ¶ó¿ìÆÃÀÌ ²¿ÀÏ ¼ö ÀÖÀ¸´Ï Á¦°ÅÇÕ´Ï´Ù.
          
ÀÏ´Þ 2020-02
10.8.0.10 Àº Çϵµ ¾ÈµÇ¼­ Á¦°¡ ¹Ù²ã ºÃ¾î¿ä.
               
°³³äÀº ´Ù ¾ð±ÞÇÑ °Í °°½À´Ï´Ù.
À§ À̹ÌÁö¸¦ ±âÁØÀ¸·Î Á¤¸®ÇÏÀÚ¸é ´ÙÀ½ÀÔ´Ï´Ù.
OpenVPN µ¥¸óÀº ÀÚ±âÀÇ ¹é±×¶ó¿îµå ³×Æ®¿öÅ©°¡ ÀÖ´Ù´Â °ÍÀ» Ŭ¶óÀ̾ðÆ®¿¡°Ô ¾Ë·Á¾ß ÇÕ´Ï´Ù.
route ÀÔ´Ï´Ù.
¹æÈ­º®¿¡¼­´Â OpenVPN ¼­ºñ½º Æ÷Æ®¸¸ Çã¿ëÇÏ¸é µË´Ï´Ù.
nat´Â ÇÏÁö ¾Ê°í ½ÇÁ¦ ¼­¹öÀÇ Ä¿³Î¿¡¼­ ÆÐŶ¸¸ Æ÷¿öµùÇÕ´Ï´Ù.
net.ipv4.ip_forward=1 ÀÔ´Ï´Ù.
IDC¿¡ ÀÖ´Â °¢ ¼­¹ö´Â OpenVPN ³×Æ®¿öÅ©ÀÇ ¶ó¿ìÆà Á¤º¸¸¦ Áö³à¾ß ÇÕ´Ï´Ù.
(Ŭ¶óÀ̾ðÆ® ÂÊÀº route ·Î ÇØ°áµÈ »óÅÂ)
OpenVPN ¼­¹ö ¼³Á¤¿¡¼­ OpenVPNÀÇ ³×Æ®¿öÅ©(server¿Í push route ¿É¼Ç)¸¸ ÀÖÀ¸¸é µÇÁö ccd ¿É¼ÇÀ¸·Î ¹» ³ÖÀ» ÇÊ¿ä±îÁö´Â ¾ø½À´Ï´Ù.
¸¸¾à,
Site To Site¶ó¸é IDCÀÇ ¼­¹ö¿Í Ŭ¶óÀ̾ðÆ® ÄÄÇ»ÅÍ °¢°¢Àº ¾çÂÊ ³×Æ®¿öÅ©ÀÇ ¶ó¿ìÆÃÀ» OpenVPN ¼­¹öÀÇ ½ÇÁ¦ ÁÖ¼Ò·Î ÇØ¾ß ÇÕ´Ï´Ù.


Á¦¸ñPage 53/105
2020-02   6811   ÀÏ´Þ
2020-01   4333   helloju
2020-01   4926   gowork
2020-01   5115   Andrew
2020-01   4039   chin
2020-01   3522   re0201
2020-01   4355   SiCMOS
2020-01   6163   Àå¿î±â
2020-01   5402   audacity
2020-01   4456   MikroTikÀÌÁø
2020-01   9115   µþ±á²¿¸¶
2020-01   3791   ÄÚÄÚ¯
2020-01   3481   NeTe
2020-01   3968   Malice
2020-01   11520   ÁÖÁêŬ·´
2020-01   3540   Ballrok
2020-01   3468   ±èJason
2020-01   6237   ÃÖâÇö
2020-01   7676   MikroTikÀÌÁø
2020-01   6825   Ȧ¸¯0o0