openvpn не видит сеть за клиетом
Собственно, сабж.. Сервера друг друга видят по openvpn тунелю и по локальным айпишникам. Друг друга пингуют. Из сети клиента видно сеть сервера. Всё пингуется. Из сети сервера не видно сеть клиента, но пингуется сервер клиента (обидно, блин).
Оба сервера как маршрутизаторы.
Конфиги сервера
/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet dhcp
pre-up iptables-restore < /etc/fire.wall/etc/fire.wall
# Generated by iptables-save v1.4.4 on Mon Jul 4 14:35:58 2011
*nat
:PREROUTING ACCEPT [65:6684]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Jul 4 14:35:58 2011
# Generated by iptables-save v1.4.4 on Mon Jul 4 14:35:58 2011
*filter
:INPUT ACCEPT [149:15476]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [80:8683]
COMMIT
# Completed on Mon Jul 4 14:35:58 2011 /etc/openvpn/openvpn.conf
port 3333
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
server 10.1.0.0 255.255.255.0
push "route 192.168.10.0 255.255.255.0"
route 192.168.20.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn-r2.log
verb 3
mute 10/etc/openvpn/ccd/client
iroute 192.168.20.0 255.255.255.0Конфиги клиента
/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.0.0.140
netmask 255.255.255.0
gateway 10.0.0.1
auto eth1
iface eth1 inet static
address 192.168.20.1
netmask 255.255.255.0
network 192.168.20.0
broadcast 192.168.20.255
pre-up iptables-restore < /etc/fire.wall/etc/fire.wall
# Generated by iptables-save v1.4.4 on Tue Jul 5 16:48:03 2011
*nat
:PREROUTING ACCEPT [10:669]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Jul 5 16:48:03 2011
# Generated by iptables-save v1.4.4 on Tue Jul 5 16:48:03 2011
*filter
:INPUT ACCEPT [12:747]
:FORWARD ACCEPT [70:5506]
:OUTPUT ACCEPT [11:1019]
COMMIT
# Completed on Tue Jul 5 16:48:03 2011/etc/openvpn/openvpn.conf
client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 3333
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client.crt
key /etc/openvpn/keys/client.key
ns-cert-type server
comp-lzo
verb 3
log /var/log/openvpn-r2.log
mute 4Очень хочу побороть openvpn. Помогите, граждане.