Snažím se docílit toho, abych mohl přistupoval z počítače který je připojení přes OpenVPN do lokální sítě (sdílet soubory, streamovat Steam hry, atp). Bohužel se mi toho nějak nedaří docílit. Konfigurace je výchozí přes Foris. vpn i lan jsem dal do lan zony ve firewallu.
Z počítače v Lan, mimo vpn, se dostanu na počítač, který je připojený přes vpn a zároven v Lan přes jeho Lan IP. Naopak ale nikoliv ani přes Lan Ip ani přes vpn IP.
Ideální by bylo kdyby počítače připojené přes vpn mohli mít i stejný rozsah ip jako v lan, ale to už bych chtěl asi moc.
Neví někdo jak na to?
config/openvpn
config openvpn 'custom_config'
option enabled '0'
option config '/etc/openvpn/my-vpn.conf'
config openvpn 'sample_server'
option enabled '0'
option port '1194'
option proto 'udp'
option dev 'tun'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/server.crt'
option key '/etc/openvpn/server.key'
option dh '/etc/openvpn/dh1024.pem'
option server '10.8.0.0 255.255.255.0'
option ifconfig_pool_persist '/tmp/ipp.txt'
option keepalive '10 120'
option comp_lzo 'yes'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option status '/tmp/openvpn-status.log'
option verb '3'
config openvpn 'sample_client'
option enabled '0'
option client '1'
option dev 'tun'
option proto 'udp'
list remote 'my_server_1 1194'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option comp_lzo 'yes'
option verb '3'
config openvpn 'server_turris'
option enabled '1'
option port '1194'
option proto 'udp'
option dev 'tun_turris'
option ca '/etc/ssl/ca/openvpn/ca.crt'
option crl_verify '/etc/ssl/ca/openvpn/ca.crl'
option cert '/etc/ssl/ca/openvpn/01.crt'
option key '/etc/ssl/ca/openvpn/01.key'
option dh '/etc/dhparam/dh-default.pem'
option server '192.168.30.0 255.255.255.0'
option ifconfig_pool_persist '/tmp/ipp.txt'
option duplicate_cn '0'
option keepalive '10 120'
option comp_lzo 'yes'
option persist_key '1'
option persist_tun '1'
option status '/tmp/openvpn-status.log'
option verb '3'
option mute '20'
option topology 'subnet'
list push 'route 192.168.20.0 255.255.255.0'
list push 'redirect-gateway def1'
list push 'dhcp-option DNS 192.168.30.1'
config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan vpn_turris'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 WAN wwan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include
option path '/usr/share/firewall/turris'
option reload '1'
config include
option path '/etc/firewall.d/with_reload/firewall.include.sh'
option reload '1'
config include
option path '/etc/firewall.d/without_reload/firewall.include.sh'
option reload '0'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '22'
option dest_port '58732'
option name 'SSH honeypot'
config rule
option target 'ACCEPT'
option src 'wan'
option dest_port '443'
option name '443'
option proto 'tcp udp'
option enabled '0'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp udp'
option dest_port '8443'
option name '8443'
option enabled '0'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp udp'
option dest_port '822'
option name '822'
option enabled '0'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '443'
option dest_port '443'
option name '443'
option dest_ip '192.168.20.1'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '27016'
option dest_ip '192.168.20.161'
option dest_port '27016'
option name '27016'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '8766'
option dest_ip '192.168.20.161'
option dest_port '8766'
option name '8766'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option dest_ip '192.168.20.174'
option src_dport '13353'
option dest_port '13353'
option name 'simutrans128'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_port '80'
option name 'web'
option dest_ip '88.86.121.6'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '13354'
option dest_ip '192.168.20.174'
option dest_port '13354'
option name 'simutrans64'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '3979'
option dest_ip '192.168.20.174'
option dest_port '3979'
option name 'openttd'
config rule 'vpn_turris_rule'
option name 'vpn_turris_rule'
option target 'ACCEPT'
option proto 'udp'
option src 'wan'
option dest_port '1194'
config forwarding
option dest 'wan'
option src 'lan'