DD-WRTルーターでOpenVPNを使用してインターネットとローカルDNSサーバーにアクセスできません
DD-WRTルーターにDnsmasqとOpenVPNサーバーをセットアップしようとしました。
私の目標は、openvpnを介してdd-wrt(v24-sp2(03/25/13)メガ)ルーターに接続することです。
- 私の地元のリソースを使用して、
- dnsmasqconfigに入力したDNS名を使用してそれらにアドレス指定します
- すべてのインターネットトラフィックを自宅にルーティングします。
OpenVPNサーバーとdnsmasqの設定をいくつか行いましたが、オプション1が機能しています。
しかし、私は仕事の選択肢を2と3にする方法がわかりません。誰かが私を助けることができますか?
クライアント構成(OpenVPN v2.3.4):
client
dev tun
proto udp
remote some.server.net 11193
redirect-gateway
cipher AES-128-CBC
auth MD5
ca ca.crt
cert client.crt
key client.key
nobind
comp-lzo
persist-key
persist-tun
verb 3
float
#resolv-retry infinite
OpenVPNサーバー構成(私はGUIモードを使用しました): 
ルーターのファイアウォール構成コマンド:
iptables -I INPUT 1 -p udp --dport 11193 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.144.128/25 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.144.128/25 -o vlan2 -j SNAT --to-source XX.XX.XX.XX
DNSMasq設定: 
私のローカルエリアの設定(問題がある場合): 
VPNが接続されているときにipconfig/allが表示されるもの(英語以外のコンソールでは申し訳ありません): 
何がifconfig -aコマンド
br0 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:C9
inet addr:192.168.144.126 Bcast:192.168.144.127 Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1314791 errors:0 dropped:0 overruns:0 frame:0
TX packets:520087 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1212860286 (1.1 GiB) TX bytes:35424179 (33.7 MiB)
br0:0 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:C9
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:C9
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2132892 errors:0 dropped:0 overruns:0 frame:0
TX packets:1772722 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1428506146 (1.3 GiB) TX bytes:1357054830 (1.2 GiB)
Interrupt:4 Base address:0x2000
eth1 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:CB
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20244 errors:0 dropped:0 overruns:0 frame:24589427
TX packets:116648 errors:47 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1931745 (1.8 MiB) TX bytes:41642341 (39.7 MiB)
Interrupt:3 Base address:0x1000
eth2 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:CC
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:28 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:6 Base address:0x8000
etherip0 Link encap:Ethernet HWaddr 4E:A6:FB:D5:97:10
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
gre0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:612 errors:0 dropped:0 overruns:0 frame:0
TX packets:612 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:127026 (124.0 KiB) TX bytes:127026 (124.0 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:XX.XX.XX.XX P-t-P:YY.YY.YY.YY Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:328586 errors:0 dropped:0 overruns:0 frame:0
TX packets:564238 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:40074316 (38.2 MiB) TX bytes:674767309 (643.5 MiB)
teql0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.144.129 P-t-P:192.168.144.129 Mask:255.255.255.128
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:3195 errors:0 dropped:0 overruns:0 frame:0
TX packets:3725 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:251990 (246.0 KiB) TX bytes:2682328 (2.5 MiB)
tunl0 Link encap:UNSPEC HWaddr 00-00-00-00-FF-80-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vlan0 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:C9
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vlan1 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:C9
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1034054 errors:0 dropped:0 overruns:0 frame:0
TX packets:508091 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1174793178 (1.0 GiB) TX bytes:37167391 (35.4 MiB)
vlan2 Link encap:Ethernet HWaddr C0:C1:C0:D1:0F:CA
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1098545 errors:0 dropped:0 overruns:0 frame:0
TX packets:1264631 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:215018185 (205.0 MiB) TX bytes:1319887439 (1.2 GiB)
UPDATE1:
AndrásKorn からの手がかりを使用して、オプション2( link )の解決策を見つけました。追加した register-dnsおよびpull行のクライアントVPN構成およびinterface=tun2追加のdnsmasqオプションフィールドの行。
そして、ファイアウォール構成コマンドに3行目を追加しました。
間違ったインターフェイス(vlanXまたはethX)を使用したため、iptablesコマンドの一部が間違っていると思います。
UPDATE2:
追加情報
何がroute printVPNをアクティブ化する前のコマンド
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.192.254 192.168.192.147 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
192.168.192.0 255.255.255.0 On-link 192.168.192.147 281
192.168.192.147 255.255.255.255 On-link 192.168.192.147 281
192.168.192.255 255.255.255.255 On-link 192.168.192.147 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.192.147 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.192.147 281
===========================================================================
Persistent Routes:
None
何がroute print VPNをアクティブ化した後のコマンド(マイナス記号でマークされたVPNに関連している可能性のあるルート)
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.192.254 192.168.192.147 25
0.0.0.0 128.0.0.0 192.168.144.129 192.168.144.131 20 ----
XX.XX.XX.XX 255.255.255.255 192.168.192.254 192.168.192.147 25 ---- To my DD-WRT router (XX.XX.XX.XX = WAN IP)
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 192.168.144.129 192.168.144.131 20 ----
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
192.168.144.128 255.255.255.128 On-link 192.168.144.131 276 ----
192.168.144.131 255.255.255.255 On-link 192.168.144.131 276 ---- Probably routes to my VPN subnet
192.168.144.255 255.255.255.255 On-link 192.168.144.131 276 ----
192.168.192.0 255.255.255.0 On-link 192.168.192.147 281
192.168.192.147 255.255.255.255 On-link 192.168.192.147 281
192.168.192.255 255.255.255.255 On-link 192.168.192.147 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.192.147 281
224.0.0.0 240.0.0.0 On-link 192.168.144.131 276 ----
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.192.147 281
255.255.255.255 255.255.255.255 On-link 192.168.144.131 276 ----
===========================================================================
Persistent Routes:
None
何がtracert google.comコマンド:
Tracing route to google.com [188.35.142.42]
over a maximum of 30 Hops:
1 10 ms 7 ms 9 ms 192.168.144.129
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
................................................
OK、あなたの質問のインターネットアクセスの部分に関して、私はあなたの
iptables -t nat -A POSTROUTING -s 192.168.144.128/25 -o vlan2 -j SNAT --to-source XX.XX.XX.XX
間違っている。 vlan2はppp0である必要があります(ppp0はインターネットに面したインターフェイスであるため)。
次のような単純なルール
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
また動作するはずです。
アンドラス-私の場合はvlan2でしょうか?ありがとう!
br0 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
inet addr:192.168.11.1 Bcast:192.168.11.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:424601 errors:0 dropped:21377 overruns:0 frame:0
TX packets:475454 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:70115596 (66.8 MiB) TX bytes:585654624 (558.5 MiB)
br0:0 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5196488 errors:0 dropped:0 overruns:0 frame:0
TX packets:848653 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:969250040 (924.3 MiB) TX bytes:639674339 (610.0 MiB)
Interrupt:5
imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:1500 Metric:1
RX packets:71971 errors:0 dropped:0 overruns:0 frame:0
TX packets:71958 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:30
RX bytes:58870852 (56.1 MiB) TX bytes:58851352 (56.1 MiB)
imq1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:16000 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:11000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1
RX packets:90 errors:0 dropped:0 overruns:0 frame:0
TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8027 (7.8 KiB) TX bytes:8027 (7.8 KiB)
ra0 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10164 errors:0 dropped:0 overruns:0 frame:0
TX packets:10826 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2261013 (2.1 MiB) TX bytes:10971684 (10.4 MiB)
Interrupt:6
tun2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.12.1 P-t-P:192.168.12.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:1203 errors:0 dropped:0 overruns:0 frame:0
TX packets:1855 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:84990 (82.9 KiB) TX bytes:1936057 (1.8 MiB)
vlan1 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:415650 errors:0 dropped:0 overruns:0 frame:0
TX packets:465320 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:68193995 (65.0 MiB) TX bytes:574645820 (548.0 MiB)
vlan2 Link encap:Ethernet HWaddr CC:E1:D5:3A:B2:80
inet addr:72.196.156.81 Bcast:72.196.159.255 Mask:255.255.248.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4775595 errors:0 dropped:24901 overruns:0 frame:0
TX packets:382762 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:807307551 (769.9 MiB) TX bytes:60986467 (58.1 MiB)