openVPN 질문 있습니다
작성자 정보
- 김종호 작성
- 작성일
컨텐츠 정보
- 3,734 조회
- 0 추천
- 목록
본문
안녕하세요
리눅스 서버보안관리실무 575p "(2)PKI를 활용한 NAT 사무실과 서버간 VPN 연동" 을 보면 vpn client 가 vpn server를 통해서 server 뒤에 있는 NAT IP(192.168.10.x)대역을 바로 악세스 할수 있는것으로 이해 하고 있습니다.
그런데 576p 의 서버의 설정 예를 보면 지금 제가 setting 하려고 하는 windows 최신 버전과는 내용이 다른것 같아서 몇일을 해메다 질문을 드립니다
vpn client가 vpn server로 일대일 접속은 잘 됩니다
왜 server 뒤의 비공인 ip로 바로 접속이 되지 않는지 꼭좀 알려주세요
server config화일을 같이 첨부합니다
Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.10.0 255.255.255.0"-->vpn에 또다른 내부 네트웍 ip 을 설정했습니다
이렇게 하닌깐 client에서 192.168.10.1로 ping을 하면 ping 이 됩니다
이부분을 막으면 10.8.0.1로는 ping 이 되지만 192.168.10.1로는 ping 이 안됩니다
이제는 192.168.10.66같은 다른 ip로 직접 접속되기를 원하는거데
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
client-config-dir ccd
route 10.8.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
이부분을 정의하는것 같은데 아무리 해도 않되네요
어디가 잘못됬는지 꼭좀 알려주세요
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
push "redirect-gateway"
여기는 아닌것 같은데....
그럼 안녕히 계세요
관련자료
-
이전
-
다음