API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 29th, 2014
237
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.71 KB | None | 0 0
raw download clone embed print report
  1. ############
  2. +---------------------------+ INTERNET +--------------------------+
  3. | #####+###### |
  4. | | +-------+-------+
  5. | | | 9.10.11.12 |
  6. | | ++---------------++
  7. | | | DSL Modem Router|
  8. | | +--------+--------+
  9. | | |
  10. +---+---+ +---+---+ +---+---+
  11. | eth0 | | eth0 | | LAN |
  12. +---+-------+---+ +---+-------+---+ +---+-------+---+
  13. | 5.6.7.8 | | 1.2.3.4 | | 10.0.2.15 |
  14. +--+---------------+--+ +--+---------------+--+ +--+---------------+--+
  15. | Linux | | Linux | | Windows |
  16. | OpenVPN | | OpenVPN | | OpenVPN |
  17. | Client | | Server | | Client |
  18. +--+---------------+--+ +--+---------------+--+ +--+---------------+--+
  19. | 10.8.0.200 | | 10.8.0.1 | | 10.8.0.2 |
  20. +---+-------+---+ +---+-------+---+ +---+-------+---+
  21. | tun1 | | tun0 | |tun/tap|
  22. +---+---+ +---+---+ +---+---+
  23. | | |
  24. +--------------------------------+--------------------------------+
  25.  
  26. root@10.8.0.1:/# route
  27. Kernel IP routing table
  28. Destination Gateway Genmask Flags Metric Ref Use Iface
  29. default 1.2.3.1 0.0.0.0 UG 0 0 0 eth0
  30. 10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
  31. 1.2.3.0 * 255.255.254.0 U 0 0 0 eth0
  32.  
  33. root@10.8.0.200:/# route
  34. Kernel IP routing table
  35. Destination Gateway Genmask Flags Metric Ref Use Iface
  36. default 5.6.7.1 0.0.0.0 UG 0 0 0 eth0
  37. 10.8.0.0 * 255.255.255.0 U 0 0 0 tun1
  38. 5.6.7.0 * 255.255.254.0 U 0 0 0 eth0
  39.  
  40. IPv4 Route Table
  41. ===========================================================================
  42. Active Routes:
  43. Network Destination Netmask Gateway Interface Metric
  44. 0.0.0.0 0.0.0.0 10.0.2.2 10.0.2.15 266
  45. 0.0.0.0 128.0.0.0 10.8.0.200 10.8.0.2 20
  46. 10.0.2.0 255.255.255.0 On-link 10.0.2.15 266
  47. 10.0.2.15 255.255.255.255 On-link 10.0.2.15 266
  48. 10.0.2.255 255.255.255.255 On-link 10.0.2.15 266
  49. 10.8.0.0 255.255.255.0 On-link 10.8.0.2 276
  50. 10.8.0.2 255.255.255.255 On-link 10.8.0.2 276
  51. 10.8.0.255 255.255.255.255 On-link 10.8.0.2 276
  52. 107.191.51.248 255.255.255.255 10.0.2.2 10.0.2.15 10
  53. 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
  54. 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
  55. 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
  56. 128.0.0.0 128.0.0.0 10.8.0.200 10.8.0.2 20
  57. 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
  58. 224.0.0.0 240.0.0.0 On-link 10.0.2.15 266
  59. 224.0.0.0 240.0.0.0 On-link 10.8.0.2 276
  60. 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
  61. 255.255.255.255 255.255.255.255 On-link 10.0.2.15 266
  62. 255.255.255.255 255.255.255.255 On-link 10.8.0.2 276
  63. ===========================================================================
  64.  
  65. mode server
  66. tls-server
  67. topology subnet
  68. push "topology subnet"
  69.  
  70. dev tun0
  71. local 1.2.3.4
  72. port 1194
  73. proto udp
  74.  
  75. client-to-client
  76. max-clients 200
  77.  
  78. ca ca.crt
  79. cert server.crt
  80. key server.key
  81. dh dh2048.pem
  82. tls-auth ta.key 0
  83.  
  84. ifconfig 10.8.0.1 255.255.255.0
  85. ifconfig-pool 10.8.0.2 10.8.0.199 255.255.255.0
  86. client-config-dir /etc/openvpn/clients
  87.  
  88. keepalive 10 60
  89.  
  90. comp-lzo yes
  91. push "comp-lzo yes"
  92.  
  93. user nobody
  94. group nogroup
  95.  
  96. persist-key
  97. persist-tun
  98.  
  99. status status.log
  100. verb 3
  101. mute 20
  102.  
  103. ifconfig-push 10.8.0.200 255.255.255.0
  104.  
  105. push "route-gateway 10.8.0.200"
  106. push "redirect-gateway def1"
  107.  
  108. remote 1.2.3.4 1194
  109. client
  110.  
  111. dev tun1
  112.  
  113. ca ca.crt
  114. cert linclient.crt
  115. key linclient.key
  116. tls-auth ta.key 1
  117.  
  118. remote-cert-tls server
  119.  
  120. comp-lzo
  121.  
  122. user nobody
  123. group nogroup
  124.  
  125. persist-key
  126. persist-tun
  127.  
  128. status status.log
  129. verb 3
  130. mute 20
  131.  
  132. remote 1.2.3.4 1194
  133. client
  134.  
  135. dev tun
  136.  
  137. ca ca.crt
  138. cert winclient.crt
  139. key winclient.key
  140. tls-auth ta.key 1
  141.  
  142. remote-cert-tls server
  143.  
  144. comp-lzo
  145.  
  146. user nobody
  147. group nogroup
  148.  
  149. persist-key
  150. persist-tun
  151.  
  152. status status.log
  153. verb 3
  154. mute 20
  155.  
  156. Pinging 10.8.0.1 with 32 bytes of data:
  157. Reply from 10.8.0.1: bytes=32 time=119ms TTL=64
  158. Reply from 10.8.0.1: bytes=32 time=120ms TTL=64
  159. Reply from 10.8.0.1: bytes=32 time=120ms TTL=64
  160. Reply from 10.8.0.1: bytes=32 time=119ms TTL=64
  161.  
  162. Ping statistics for 10.8.0.1:
  163. Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  164. Approximate round trip times in milli-seconds:
  165. Minimum = 119ms, Maximum = 120ms, Average = 119ms
  166.  
  167. root@10.8.0.1:/# tcpdump -i tun0
  168. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  169. listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
  170. 16:46:12.316295 IP 10.8.0.2 > 10.8.0.1: ICMP echo request, id 1, seq 3930, length 40
  171. 16:46:12.316316 IP 10.8.0.1 > 10.8.0.2: ICMP echo reply, id 1, seq 3930, length 40
  172. 16:46:13.333982 IP 10.8.0.2 > 10.8.0.1: ICMP echo request, id 1, seq 3931, length 40
  173. 16:46:13.333994 IP 10.8.0.1 > 10.8.0.2: ICMP echo reply, id 1, seq 3931, length 40
  174. 16:46:14.344666 IP 10.8.0.2 > 10.8.0.1: ICMP echo request, id 1, seq 3932, length 40
  175. 16:46:14.344678 IP 10.8.0.1 > 10.8.0.2: ICMP echo reply, id 1, seq 3932, length 40
  176. 16:46:15.356811 IP 10.8.0.2 > 10.8.0.1: ICMP echo request, id 1, seq 3933, length 40
  177. 16:46:15.356824 IP 10.8.0.1 > 10.8.0.2: ICMP echo reply, id 1, seq 3933, length 40
  178.  
  179. Pinging 10.8.0.200 with 32 bytes of data:
  180. Reply from 10.8.0.200: bytes=32 time=226ms TTL=64
  181. Reply from 10.8.0.200: bytes=32 time=226ms TTL=64
  182. Reply from 10.8.0.200: bytes=32 time=225ms TTL=64
  183. Reply from 10.8.0.200: bytes=32 time=225ms TTL=64
  184.  
  185. Ping statistics for 10.8.0.200:
  186. Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  187. Approximate round trip times in milli-seconds:
  188. Minimum = 225ms, Maximum = 226ms, Average = 225ms
  189.  
  190. root@10.8.0.200:~# tcpdump -i tun1
  191. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  192. listening on tun1, link-type RAW (Raw IP), capture size 65535 bytes
  193. 18:48:13.694836 IP 10.8.0.2 > 10.8.0.200: ICMP echo request, id 1, seq 3934, length 40
  194. 18:48:13.694862 IP 10.8.0.200 > 10.8.0.2: ICMP echo reply, id 1, seq 3934, length 40
  195. 18:48:14.706081 IP 10.8.0.2 > 10.8.0.200: ICMP echo request, id 1, seq 3935, length 40
  196. 18:48:14.706093 IP 10.8.0.200 > 10.8.0.2: ICMP echo reply, id 1, seq 3935, length 40
  197. 18:48:15.722542 IP 10.8.0.2 > 10.8.0.200: ICMP echo request, id 1, seq 3936, length 40
  198. 18:48:15.722555 IP 10.8.0.200 > 10.8.0.2: ICMP echo reply, id 1, seq 3936, length 40
  199. 18:48:16.732037 IP 10.8.0.2 > 10.8.0.200: ICMP echo request, id 1, seq 3937, length 40
  200. 18:48:16.732049 IP 10.8.0.200 > 10.8.0.2: ICMP echo reply, id 1, seq 3937, length 40
  201.  
  202. C:Windowssystem32>ping 8.8.8.8
  203.  
  204. Pinging 8.8.8.8 with 32 bytes of data:
  205. Request timed out.
  206. Request timed out.
  207. Request timed out.
  208.  
  209. Ping statistics for 8.8.8.8:
  210. Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),
  211. Control-C
  212. ^C
  213.  
  214. root@10.8.0.1:/# tcpdump -i tun0
  215. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  216. listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
  217. 16:49:55.077094 IP 10.8.0.2 > google-public-dns-a.google.com: ICMP echo request, id 1, seq 3938, length 40
  218. 16:49:59.844689 IP 10.8.0.2 > google-public-dns-a.google.com: ICMP echo request, id 1, seq 3939, length 40
  219. 16:50:04.896020 IP 10.8.0.2 > google-public-dns-a.google.com: ICMP echo request, id 1, seq 3940, length 40
  220. 16:50:09.938695 IP 10.8.0.2 > google-public-dns-a.google.com: ICMP echo request, id 1, seq 3941, length 40
  221.  
  222. root@10.8.0.200:~# tcpdump -i tun1
  223. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  224. listening on tun1, link-type RAW (Raw IP), capture size 65535 bytes
  225. ^C
  226. 0 packets captured
  227. 0 packets received by filter
  228. 0 packets dropped by kernel
  229.  
  230. root@10.8.0.200:~# cat /proc/sys/net/ipv4/ip_forward
  231. 1
  232.  
  233. root@10.8.0.200:~# iptables -L -n -v
  234. Chain INPUT (policy ACCEPT 1752 packets, 142K bytes)
  235. pkts bytes target prot opt in out source destination
  236.  
  237. Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
  238. pkts bytes target prot opt in out source destination
  239.  
  240. Chain OUTPUT (policy ACCEPT 1496 packets, 184K bytes)
  241. pkts bytes target prot opt in out source destination
  242.  
  243. root@10.8.0.200:~# iptables -t nat -L -n -v
  244. Chain PREROUTING (policy ACCEPT 7 packets, 1603 bytes)
  245. pkts bytes target prot opt in out source destination
  246.  
  247. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  248. pkts bytes target prot opt in out source destination
  249.  
  250. Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  251. pkts bytes target prot opt in out source destination
  252.  
  253. Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
  254. pkts bytes target prot opt in out source destination
  255. 0 0 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
  256.  
  257. C:Windowssystem32>tracert 10.8.0.1
  258.  
  259. Tracing route to 10.8.0.1 over a maximum of 30 hops
  260.  
  261. 1 119 ms 119 ms 120 ms 10.8.0.1
  262.  
  263. Trace complete.
  264.  
  265. C:Windowssystem32>tracert 10.8.0.200
  266.  
  267. Tracing route to 10.8.0.200 over a maximum of 30 hops
  268.  
  269. 1 226 ms 226 ms 225 ms 10.8.0.200
  270.  
  271. Trace complete.
  272.  
  273. C:Windowssystem32>tracert 8.8.8.8
  274.  
  275. Tracing route to 8.8.8.8 over a maximum of 30 hops
  276.  
  277. 1 119 ms 119 ms 119 ms 10.8.0.1
  278. 2 * * * Request timed out.
  279. 3 * * * Request timed out.
  280. 4 ^C
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!