kaskadierte VPN-Verbindung über iptables mit OpenVPN

HolerT

New Member
Guten Tag.

Ich hoffe ihr könnt mir weiter helfen. Komme seit Tagen nicht weiter. Meine Linux Kenntnisse gehen zur Zeit leider noch gegen Null.

Ziel:
Auf Ubuntu 16.04 eine kaskadierte VPN-Verbindung über iptables mit OpenVPN aufbauen.

Wo ich stehe:
IPv6 deaktiviert. Iptables Bash Skript angepasst (funktioniert perfekt mit dem PP-VPN Tool). OpenVPN nach eurer aktuellen Anleitung installiert. Wenn ich nun OpenVPN starte, bekomme ich folgenden Meldung ausgegeben (Die letzten paar Zeilen):
Code:
Thu Jan 25 13:11:47 2017 us=754866 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp3s0 HWADDR=10:xx:xx:xx:xx:xx
Thu Jan 25 13:11:47 2017 us=754910 ROUTE6: default_gateway=UNDEF
Thu Jan 25 13:11:47 2017 us=755417 TUN/TAP device tun1 opened
Thu Jan 25 13:11:47 2017 us=755481 TUN/TAP TX queue length set to 100
Thu Jan 25 13:11:47 2017 us=755536 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Thu Jan 25 13:11:47 2017 us=755621 /sbin/ip link set dev tun1 up mtu 1500
Thu Jan 2513:11:47 2017 us=760750 /sbin/ip addr add dev tun1 10.0.50.22/24 broadcast 10.0.50.255
Thu Jan 25 13:11:47 2017 us=768165 /sbin/ip -6 addr add fdbf:1d37:bbe0:0:3:2:0:122/112 dev tun1
RTNETLINK answers: Operation not supported
Thu Jan 25 13:11:47 2017 us=771862 Linux ip -6 addr add failed: external program exited with error status: 2
Thu Jan 25 13:11:47 2017 us=771925 Exiting due to fatal error

Meine OpenVPN config schaut so aus:
Code:
#################################################
# Sample OpenVPN 2.0 config file for            #
# multi-client server.                          #
#                                               #
# This file is for the server side              #
# of a many-clients <-> one-server              #
# OpenVPN configuration.                        #
#                                               #
# OpenVPN also supports                         #
# single-machine <-> single-machine             #
# configurations (See the Examples page         #
# on the web site for more info).               #
#                                               #
# This config should work on Windows            #
# or Linux/BSD systems.  Remember on            #
# Windows to quote pathnames and use            #
# double backslashes, e.g.:                     #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
#                                               #
# Comments are preceded with '#' or ';'         #
#################################################

# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one.  You will need to
# open up this port on your firewall.
port 1194

# TCP or UDP server?
;proto tcp
proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
[...]

Meine iptables schaut so aus:
Code:
#!/bin/bash

sudo iptables -t filter -A OUTPUT -o wlp3s0 -p udp -m multiport --dports 1194,1149,149,1150,150,1151,151,53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t filter -A OUTPUT -o wlp3s0 -p tcp -m multiport --dports 1194,1152,152 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t filter -A INPUT -i wlp3s0 -p udp -m multiport --sports 1194,1149,149,1150,150,1151,151,53 -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t filter -A INPUT -i wlp3s0 -p tcp -m multiport --sports 1194,1152,152 -m state --state ESTABLISHED,RELATED -j ACCEPT

sudo iptables -t filter -A OUTPUT --dst 192.168.0.0/16 -j ACCEPT
sudo iptables -t filter -A INPUT --src 192.168.0.0/16 -j ACCEPT
sudo iptables -t filter -A OUTPUT --dst 10.0.0.0/8 -j ACCEPT
sudo iptables -t filter -A INPUT --src 10.0.0.0/8 -j ACCEPT
sudo iptables -t filter -A OUTPUT --dst 172.16.0.0/12 -j ACCEPT
sudo iptables -t filter -A INPUT --src 172.16.0.0/12 -j ACCEPT

sudo iptables -t filter -A OUTPUT -o wlp3s0 -j DROP
sudo iptables -t filter -A INPUT -i wlp3s0 -j DROP
sudo iptables -t filter -A OUTPUT -o wlp3s0 -j DROP
sudo iptables -t filter -A INPUT -i wlp3s0 -j DROP

Bevor ich mit der Kaskade anfangen kann muss ich OpenVPN zum laufen bringen.
Wäre klasse wenn da jemand einen Tipp für mich hat.

Gruß Holger
 
Back
Top