Difference between revisions of "OpenVPN: routing LAN"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "Sumber: https://openvpn.net/community-resources/expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet/ Including multiple machin...") |
Onnowpurbo (talk | contribs) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Sumber: https://openvpn.net/community-resources/expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet/ | Sumber: https://openvpn.net/community-resources/expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet/ | ||
| − | + | == Banyak mesin di belakang OpenVPN (dev tun)== | |
| − | |||
| − | + | Tambahkan di config server OpenVPN | |
| − | + | push "route 10.66.0.0 255.255.255.0" | |
| − | + | Asumsinya IP LAN di belakang OpenVPN server adalah 10.66.0.0/24 | |
| − | |||
| − | + | Alternatif lain, disisi client OpenVPN tambahkan | |
| − | + | route 10.66.0.0 255.255.255.0 | |
| − | |||
| − | + | Atau via CLI secara manual | |
| − | |||
| − | + | route add -net 10.66.0.0/24 gw ip-server-OpenVPN dev tun0 | |
| − | + | == LAN Client di broadcast ke OpenVPN (dev tun) == | |
| − | + | Pastikan | |
| − | + | * setiap client mempunya Common Name yang unik di sertifikat-nya. | |
| − | + | * IP & TUN/TAP forwarding di enable di client machine. | |
| + | * buat directiry ccd di server OpenVPN (di Linux biasanya di bawah /etc/openvpn) | ||
| − | + | Tambahkan di konfigurasi server ada reference ke client configuration directory, seperti di bawah ini | |
| − | client-config-dir ccd | + | client-config-dir ccd |
| − | |||
| − | + | Lakukan | |
| + | * buat file client2 (misalnya) di directory ccd, | ||
| + | * isi file client2 dengan, misalnya, | ||
| − | iroute 192.168.4.0 255.255.255.0 | + | iroute 192.168.4.0 255.255.255.0 |
| − | |||
| − | + | ini akan memberitahukan OpenVPN server bahwa 192.168.4.0/24 akan melalui client2. | |
| + | * Tambahkan di konfigurasi server, | ||
| − | route 192.168.4.0 255.255.255.0 | + | route 192.168.4.0 255.255.255.0 |
| − | |||
| − | + | Mengapa ada perintah route dan iroute yang berlebihan? Alasannya adalah, | |
| − | + | * route mengontrol perutean dari kernel ke server OpenVPN (melalui interface TUN) | |
| − | + | * iroute mengontrol perutean dari server OpenVPN ke remote client. | |
| − | + | * kedua-nya di perlukan. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | Jika kita ingin agar LAN OpenVPN client dapat dihubungi oleh client lainnya, maka tambahkan perintah berikut di config server, | ||
| + | client-to-client | ||
| + | push "route 192.168.4.0 255.255.255.0" | ||
==Referensi== | ==Referensi== | ||
* https://openvpn.net/community-resources/expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet/ | * https://openvpn.net/community-resources/expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet/ | ||
Latest revision as of 07:50, 5 December 2022
Banyak mesin di belakang OpenVPN (dev tun)
Tambahkan di config server OpenVPN
push "route 10.66.0.0 255.255.255.0"
Asumsinya IP LAN di belakang OpenVPN server adalah 10.66.0.0/24
Alternatif lain, disisi client OpenVPN tambahkan
route 10.66.0.0 255.255.255.0
Atau via CLI secara manual
route add -net 10.66.0.0/24 gw ip-server-OpenVPN dev tun0
LAN Client di broadcast ke OpenVPN (dev tun)
Pastikan
- setiap client mempunya Common Name yang unik di sertifikat-nya.
- IP & TUN/TAP forwarding di enable di client machine.
- buat directiry ccd di server OpenVPN (di Linux biasanya di bawah /etc/openvpn)
Tambahkan di konfigurasi server ada reference ke client configuration directory, seperti di bawah ini
client-config-dir ccd
Lakukan
- buat file client2 (misalnya) di directory ccd,
- isi file client2 dengan, misalnya,
iroute 192.168.4.0 255.255.255.0
ini akan memberitahukan OpenVPN server bahwa 192.168.4.0/24 akan melalui client2.
- Tambahkan di konfigurasi server,
route 192.168.4.0 255.255.255.0
Mengapa ada perintah route dan iroute yang berlebihan? Alasannya adalah,
- route mengontrol perutean dari kernel ke server OpenVPN (melalui interface TUN)
- iroute mengontrol perutean dari server OpenVPN ke remote client.
- kedua-nya di perlukan.
Jika kita ingin agar LAN OpenVPN client dapat dihubungi oleh client lainnya, maka tambahkan perintah berikut di config server,
client-to-client push "route 192.168.4.0 255.255.255.0"