Elektroda.pl
Elektroda.pl
X

Search our partners

Find the latest content on electronic components. Datasheets.com
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

OpenVPN, OSMC - Brak polaczenia z Domoticz przez Openvpn

robertmt 07 Oct 2016 18:55 1080 0
  • #1
    robertmt
    Level 2  
    Witam wszystkich.

    Probuje polaczyc (w celach odczytu danych meteo) sie z Raspbery Pi i Domoticz poprzez Openvpn

    Server postawiony na Raspberry Pi2 i OSMC za routerem TpLink 1043nd.
    Server dziala i nie ma problemu by polaczyc sie z clienta nr 1 - Windows 7.
    Client 2 - Pi i domoticz za routerem mr3420 - internet Plus na karte.

    server.conf
    ##############
    push "route 192.166.0.0 255.255.0.0"
    push "route 10.7.0.0 255.255.255.0"
    dev tun0
    proto udp
    port 1194
    dh /etc/openvpn/keys/dh2048.pem
    ca /etc/openvpn/keys/ca.crt
    cert /etc/openvpn/keys/homepi.crt
    key /etc/openvpn/keys/homepi.key
    server 10.7.0.0 255.255.255.0
    client-config-dir ccd
    #to forward traffic
    push "redirect-gateway def1 bypass-dhcp"
    client-to-client
    duplicate-cn
    keepalive 10 120
    tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
    cipher AES-128-CBC
    comp-lzo
    user nobody
    group nogroup
    persist-tun
    persist-key
    status /var/log/openvpn_status.log 30
    log /var/log/openvpn.log
    verb 3
    mute 10

    client domoticz
    #########
    client
    dev tun
    port 1194
    proto udp
    remote xxx.xxx.xxx.xxx <--- staly IP
    resolv-retry infinite
    nobind
    ca ca.crt
    cert pidomoticz.crt
    key pidomoticz.key
    tls-auth ta.key 1
    persist-key
    persist-tun
    mute-replay-warnings
    ns-cert-type server
    key-direction 1
    cipher AES-128-CBC
    comp-lzo
    verb 3
    mute 10

    reguly firewall
    tu nie bardzo rozumiem co i jak... probowalem wpisac tak jak w temacie: https://www.elektroda.pl/rtvforum/viewtopic.php?p=15065136#15065136

    a tu plik /etc/iptables.uo.rules
    ##########
    # Generated by iptables-save v1.4.21 on Fri Oct 7 16:01:40 2016
    *nat
    :PREROUTING ACCEPT [2:96]
    -t nat -A PREROUTING -p tcp -i eth0 --dport 8090 -j DNAT --to 10.7.0.9
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    -t nat -A POSTROUTING -s 10.7.0.0/24 -o eth0 -j MASQUERADE
    COMMIT
    # Completed on Fri Oct 7 16:01:40 2016
    # Generated by iptables-save v1.4.21 on Fri Oct 7 16:01:40 2016
    *filter
    :INPUT ACCEPT [4206:5782746]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [1105:70433]
    -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A FORWARD -s 10.7.0.0/24 -o eth0 -j ACCEPT
    -I FORWARD -p tcp -d 10.7.0.9 --dport 8090 -j ACCEPT
    COMMIT
    # Completed on Fri Oct 7 16:01:40 2016

    openvpn log
    #######
    OpenVPN CLIENT LIST
    Updated,Fri Oct 7 18:44:18 2016
    Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
    pidomoticz,37.7.159.72:39362,8608,8799,Fri Oct 7 18:41:52 2016
    pidomoticz,37.7.159.72:54167,8025,7971,Fri Oct 7 18:43:59 2016
    mypc,192.166.1.105:51176,11076,9661,Fri Oct 7 18:43:08 2016
    ROUTING TABLE
    Virtual Address,Common Name,Real Address,Last Ref
    10.7.0.9,pidomoticz,37.7.159.72:54167,Fri Oct 7 18:44:02 2016
    10.7.0.5,mypc,192.166.1.105:51176,Fri Oct 7 18:43:28 2016
    GLOBAL STATS
    Max bcast/mcast queue length,0
    END

    Nie moge sie polaczyc nawet przez putty po ssh.
    Dodam, ze gdy server byl na Synology mozna bylo sie polaczyc z domoticz jak i ssh. Jednakze problem byl taki, ze konfiguracja byla bez certyfikatow a Synology wywlal server a po restarcie trzeba bylo re-instalowac aplikacje.

    Jakies pomysly?
    pozdrawiam
    Do you have a problem with Raspberry? Ask question. Visit our forum Raspberry.