OPENVPN:MULTI:客户端的源地址错误

OPENVPN:MULTI:客户端的源地址错误

我为这个问题挣扎了两天,但问题仍然存在。希望有人能提供建议或诊断方法。

我想要的是让所有客户端都通过 OpenVPN 服务器访问互联网。因此,我首先按照说明通过 VPN 路由所有客户端流量(包括网络流量)。配置完毕,设置好iptables,VPN服务器和客户端连接成功,但客户端无法访问任何网站(浏览器挂了)。服务器ping和客户端都正常。

我检查了服务器日志,发现有一些记录,例如:

   Oct  3 09:16:21 iZbp15fejv9adv7o3izfm1Z ovpn-delta[1827]: laptop/131.202.XX.XX:59701 UDPv4 READ [93] from [AF_INET]131.202.XX.XX:59701: P_DATA_V1 kid=0 DATA len=92
    Oct  3 09:16:21 iZbp15fejv9adv7o3izfm1Z ovpn-delta[1827]: laptop/131.202.XX.XX:59701 MULTI: bad source address from client [131.202.XX.XX], packet dropped

其中 IP:131.202.XX.XX 是我的笔记本电脑 IP 地址。此记录的解释如下“MULTI:来自客户端的错误源地址,数据包丢失”或“GET INST BY VIRT:[失败]”,为什么我的笔记本上这个IP不是10.8.0.6(tun0),具体实现方式是什么?我的笔记本是用WIFI连接网络的,是一个运行的设备openvpn --config client.conf

由于这是一个非常简单的例子,我有没有办法避免这个错误,或者任何示例来配置client-config-dir and create a ccd file

/etc/openvpn/delta.conf服务器上:

# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d

port 1194

proto udp

dev tun

;dev-node MyTap

ca ca.crt
cert delta.crt
key delta.key  # This file should be kept secret

dh dh2048.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script

;push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"

;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

keepalive 10 120

;tls-auth ta.key 0 # This file is secret

;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nogroup
persist-key
persist-tun
status openvpn-status.log
;log         openvpn.log
;log-append  openvpn.log
verb 3
;mute 20

client.conf是:

   client
dev tun
proto udp
remote 116.62.193.49 1194
;remote my-server-2 1194
;remote-random

resolv-retry infinite

nobind

persist-key
persist-tun
ca ca.crt
cert laptop.crt
key laptop.key
ns-cert-type server

;tls-auth ta.key 1
comp-lzo

verb 3
;mute 20

对于 IP 路由器配置,我将 iptables 添加到/etc/rc.local,以便可以在服务器启动时更改 iptables。

root@iZbp15fejv9adv7o3izfm1Z:/var/log# cat /etc/rc.local 
#!/bin/sh -e
#
# rc.local
#I also tried comment out first three instructions, but still does not work 
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

service dnsmasq restart

exit 0

/etc/sysctl.conf

net.ipv4.ip_forward=1

telnet serverIP 80没问题。在服务器中:/var/logs/syslog:

有什么解决办法吗?

相关内容