Crearea de punte pe Linux folosind dispozitive TAP (Virtuallbox)

Question

Puncte:0

Server

Crearea de punte pe Linux folosind dispozitive TAP (Virtuallbox)

Marat Gainutdinov

11.03.2023, 08:48

Crearea de punte pe Linux folosind dispozitive TAP

Buna ziua, am urmatoarea schema:

Pentru a putea face ping la gazdele de la distanță, separatehost1 în cazul meu, aduc dispozitivul bridge br0 care combină tap0 + eth2 pe server și trebuie să pună rețeaua locală (192.168.111.0/24) cu clientul openvpn la distanță (vpn2), dar tot nu am avut noroc, ai putea te rog sa sugerezi ce am gresit

pot da ping: vpn1 -> vpn2 vpn2 -> vpn1 vpn1 -> separatehost1 Nu pot da ping separathost1 de vpn2 (client) și invers (Destination Host Unreachable).

Server.conf

#Configurare server
proto udp
portul 1194
cheie-persiste
persist-tun
menține în viață 10 60
tls-auth /etc/openvpn/movpn/ta.key 0
client remote-cert-tls
dh /etc/openvpn/movpn/dh2048.pem
ca /etc/openvpn/movpn/ca.crt
cert /etc/openvpn/movpn/server.crt
cheie /etc/openvpn/movpn/server.key
utilizator nimeni
grup fără grup
# utilizați âgroup nogroupâ pe Debian/Ubuntu
verbul 3
demonul
log-append /var/log/openvpn.log
#client-la-client
dev tap0
server-bridge 192.168.111.101 255.255.255.0 192.168.111.128 192.168.111.200

Toată schema este creată folosind Vagrantfile + net.ipv4.ip_forward = 1.

Scenariul care apare br0 interfata:

 #!/bin/bash
 br="br0"
 tap="tap0"
 eth="eth2"
 br_ip="192.168.111.101"
 br_netmask="255.255.255.0"
 br_broadcast="192.168.111.255"
 # Creați adaptorul de robinet
 openvpn --mktun --dev $tap
 # Creați puntea și adăugați interfețe
 brctl addbr $br
 brctl addif $br $eth
 brctl addif $br $tap
 # Configurați puntea
 ifconfig $tap 0.0.0.0 promisc up
 ifconfig $eth 0.0.0.0 promisc up
 ifconfig $br $br_ip netmask $br_netmask difuzare $br_broadcast

pe baza depanării mele, serverul nu trimite pachete icmp către separatehost1, nu știu de ce...

root@vpn1:/etc/openvpn/movpn# ip -d link arată br0
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT grup implicit qlen 1000
    link/ether 08:00:27:6c:77:40 brd ff:ff:ff:ff:ff:ff promiscuitate 0 
    Bridge Forward_Delay 1500 Hello_Time 200 MAX_AGE 2000 AGEING_TIME 30000 STP_STE 0 Prioritate 32768 VLAN_FILTERING 0 VLAN_PROTOCOL 802.1Q Bridge_id 8000.8: 0: 27: 6C: 77: 40 Desemnat_root 8000.8: 0: 27: 6C: 77: 40 Root_Port 0 Root_Path_Chys 0: 27: 6C: 77: 40 Root_Port 0 Root_Path_Path 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer  150.00 vlan_default_pvid 1 vlan_stats_enabled 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 4 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables_enabled 0 nf_call_arptables 0 addonsi5_gmp_models 5 euquergens_6_models 0 so_max_segs 65535 
root@vpn1:/etc/openvpn/movpn# link ip
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state modul NECUNOSCUT DEFAULT grup implicit qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT grup implicit qlen 1000
    link/ether 08:00:27:b4:26:99 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT grup implicit qlen 1000
    link/ether 08:00:27:db:97:af brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP mode DEFAULT grup implicit qlen 1000
    link/ether 08:00:27:6c:77:40 brd ff:ff:ff:ff:ff:ff
11: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP mode DEFAULT grup implicit qlen 100
    link/ether d6:df:32:8a:b0:5e brd ff:ff:ff:ff:ff:ff
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT grup implicit qlen 1000
    link/ether 08:00:27:6c:77:40 brd ff:ff:ff:ff:ff:ff

root@separatehosts1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue stare UNKNOWN grup implicit qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft pentru totdeauna preferred_lft pentru totdeauna
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:b4:26:99 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 76182sec preferred_lft 76182sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:a5:4b:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.102/24 brd 192.168.111.255 scope global eth1
       valid_lft pentru totdeauna preferred_lft pentru totdeauna

root@vpn1:/etc/openvpn/movpn# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue stare UNKNOWN grup implicit qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft pentru totdeauna preferred_lft pentru totdeauna
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:b4:26:99 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 75325sec preferred_lft 75325sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:db:97:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.33.101/24 brd 192.168.33.255 scope global eth1
       valid_lft pentru totdeauna preferred_lft pentru totdeauna
4: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 08:00:27:6c:77:40 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a00:27ff:fe6c:7740/64 scope link 
       valid_lft pentru totdeauna preferred_lft pentru totdeauna
11: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 100
    link/ether d6:df:32:8a:b0:5e brd ff:ff:ff:ff:ff:ff
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue stare UP grup implicit qlen 1000
    link/ether 08:00:27:6c:77:40 brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.101/24 brd 192.168.111.255 scope global br0
       valid_lft pentru totdeauna preferred_lft pentru totdeauna
root@vpn2:/etc/openvpn/movpn# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue stare UNKNOWN grup implicit qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft pentru totdeauna preferred_lft pentru totdeauna
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:b4:26:99 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 75777sec preferred_lft 75777sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:d8:ad:47 brd ff:ff:ff:ff:ff:ff
    inet 192.168.33.102/24 brd 192.168.33.255 scope global eth1
       valid_lft pentru totdeauna preferred_lft pentru totdeauna
9: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state NECUNOSCUT grup implicit qlen 100
    link/ether 2a:2f:98:b3:34:81 brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.128/24 brd 192.168.111.255 scope global tap0
       valid_lft pentru totdeauna preferred_lft pentru totdeauna

107

0 + 0

virtualbox

rețea linux

vagabond

Answer 1

0

Răspunde

Answer 2

0

Răspunde

Answer 3

0

Răspunde

Answer 4

0

Răspunde

Answer 5

0

Răspunde

Crearea de punte pe Linux folosind dispozitive TAP (Virtuallbox)

Postează un răspuns