出現錯誤訊息
Options error: server and client cannot be used together
代表conf檔案內有用到不是server指令的指令
iptables restart in ubuntu
如使用ufw
sudo service ufw stop
sudo service ufw start
刪除單一chain下的規則
iptables -t nat -D POSTROUTING <number>enable forwarding in ubuntu
echo 1 >/proc/sys/net/ipv4/ip_forward
如果要兩個網路能夠成功的達成路由﹐對方網路也必須有相應的路由設定指向本地網路才行
pfsense 內 openvpn檔案存放位置/var/etc/openvpn
traceroute
mac: traceroute
dos: tracert
linux: tracepath
terminate openvpn
sudo killall openvpn
port-share
可設一個port(通常為443)如果沒有TLS handshake則導到網頁,有則連接上openvpn server
方法是在Advanced configuration > Advanced 加上以下指令
port-share x.x.x.x 443x.x.x.x為apache或web server的位址
pfsense 的ipsec設定可以參考下面的參考資料
因為後來看到似乎ipsec比較穩定,所以有用pfsense架設了一個ipsec VPN,到中國後才知道GFW(網路長城)的厲害啊...
總之現在就是openvpn PPTP ipsec輪著用,通常至少有一個能work
要push dns 到client時使用push "dhcp-option DNS <ip>"
如果是client端conf則使用dhcp-option DNS <ip>
可同時複數使用如增加google dns push "dhcp-option DNS 8.8.8.8"
這樣就可以同時使用local dns server與internet dns server
順帶一提,有問題的vpn是hola vpn。
2019/4/17更新
後來將VPN network與local network分開,導致兩邊無法互連問題,經過研究發現是因為設了ipv4 local network,這會導致直接優先在local route尋找而不是透過gateway轉遞。另外也須加上 push "route <local subnet> <local subnet netmask>"
參考資料
http://acman.bluenest.net/wordpress/archives/118
apache ssl (https) setting
https://www.bestvpn.com/blog/5919/how-to-hide-openvpn-traffic-an-introduction/
http://neidi.homeip.net/blog/cblog/index.php?id=414
http://kirby86a.pixnet.net/blog/post/95136568-ubuntu-12.04%E5%95%9F%E7%94%A8apache%E7%9A%84-ssl
openvpn port share
https://doc.pfsense.org/index.php/Sharing_a_Port_with_OpenVPN_and_a_Web_Server
pfsense ipsec
https://doc.pfsense.org/index.php/IPsec_for_road_warriors_in_PfSense_2.0.1_with_PSK_in_stead_of_xauth
https://www.shrew.net/download/vpn
https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To
iptables
http://serverfault.com/questions/431593/iptables-forwarding-between-two-interface
http://askubuntu.com/questions/161551/how-to-start-stop-iptables
http://stackoverflow.com/questions/8239047/iptables-how-to-delete-postrouting-rule
http://s2.naes.tn.edu.tw/~kv/iptables.htm
https://gigenchang.wordpress.com/2014/04/19/10%E5%88%86%E9%90%98%E5%AD%B8%E6%9C%83iptables/
http://www.pcnet.idv.tw/pcnet/network/network_ip_routing.htm
pfsense存放位置
https://forum.pfsense.org/index.php?topic=13123.0
openvpn with two interface in and out
https://forums.openvpn.net/topic11033.html
https://forums.openvpn.net/topic14072.html
http://ubuntuforums.org/showthread.php?t=1606136
route
http://yinung2.blogspot.tw/2013/05/route_17.html
bridge vs routing
https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html
chain using openvpn
http://serverfault.com/questions/512160/vpn-chaining-using-openvpn
dns server on openvpn
http://superuser.com/questions/637579/setting-dns-servers-using-openvpn-client-config-file
show route on mac
http://stackoverflow.com/questions/6782658/how-to-get-default-gateway-in-mac-osx
different subnet
https://blog.bobbyallen.me/2016/02/07/enabling-openvpn-clients-to-access-to-the-lan/
沒有留言:
張貼留言