Jump to content

Странности с OpenVPN и iptables из entware

Recommended Posts

Всем привет. Не могу решить проблему с OpenVPN и iptables.

Имеется OpenVPN сервер на Debian 10 и 2 клиента (KN1910 и ZK Ultra1).

Проблема заключается в том, что я не могу пропинговать IP OVPN клиента ZK Ultra1. 

Для ZK Ultra1 конфигурация взята под копирку от KN1910, изменены только IP и ключи.

В остальном все идентично. С самого клиента сервер нормально пингуется.

На обоих клиентах в каталогах "/opt/etc/ndm/netfilter.d" создан скрипт "filter.sh"



[ "$table" != "filter" ] && exit 0

# OpenVPN Tun
iptables -A INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
~ #

Что заметил, если отправить ZK Ultra1, то в момент её загрузки успевает пройти несколько пакетов, но затем все прекращается.

~ # ping
PING ( 56 data bytes
64 bytes from seq=636 ttl=64 time=7.960 ms
64 bytes from seq=637 ttl=64 time=5.706 ms
64 bytes from seq=638 ttl=64 time=7.400 ms
64 bytes from seq=639 ttl=64 time=8.075 ms
64 bytes from seq=640 ttl=64 time=9.381 ms
64 bytes from seq=641 ttl=64 time=6.326 ms
64 bytes from seq=642 ttl=64 time=7.234 ms
64 bytes from seq=643 ttl=64 time=8.452 ms
64 bytes from seq=644 ttl=64 time=6.350 ms
64 bytes from seq=645 ttl=64 time=8.631 ms
64 bytes from seq=646 ttl=64 time=5.479 ms
--- ping statistics ---
665 packets transmitted, 11 packets received, 98% packet loss
round-trip min/avg/max = 5.479/7.363/9.381 ms

Ощущение, что режет фаервол на ZK Ultra1. Если правила вбить в консоле руками, то ничего не происходит.

По tcpdump вижу входящие запросы но нет ответов, но сервер пингуется:

~ # tcpdump -i tun0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
14:03:48.830292 IP > ICMP echo request, id 29049, seq 151, length 64
14:03:49.854493 IP > ICMP echo request, id 29049, seq 152, length 64
14:03:50.878867 IP > ICMP echo request, id 29049, seq 153, length 64
14:03:51.902835 IP > ICMP echo request, id 29049, seq 154, length 64
4 packets captured
4 packets received by filter
0 packets dropped by kernel
~ # ping
PING ( 56 data bytes
64 bytes from seq=0 ttl=63 time=2.261 ms
64 bytes from seq=1 ttl=63 time=2.168 ms
64 bytes from seq=2 ttl=63 time=2.012 ms
--- ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 2.012/2.147/2.261 ms
~ #

@Le ecureuil, может это быть баг 2.16.D.2.0-0?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...