我已经在 Ubuntu 22.04 中安装了 OpenVpn 服务器。问题是当我连接到 openvpn 服务器时,我的所有流量都会流向该服务器,从而导致互联网连接问题。我只需要将所需的流量发送到 openvpn 服务器。我尝试了互联网上提供的多种解决方案,但都不起作用。其中之一是:https://serverfault.com/questions/826541/windows-10-openvpn-client-connects-but-cant-access-anything
我的 server.conf 如下:
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
;dh dh2048.pem
dh none
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway autolocal def1"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 10.164.0.7"
push "dhcp-option DNS 10.165.0.8"
push "dhcp-option DOMAIN pk.folio3.com"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
tls-crypt ta.key
;cipher AES-256-CBC
cipher AES-256-GCM
auth SHA256
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
;max-clients 100
;user nobody
;group nobody
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
;log-append /var/log/openvpn/openvpn.log
verb 3
;mute 20
explicit-exit-notify 1
我的client.ovpn是:
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote demo5.xyz.com 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
user nobody
group nogroup
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
;ca ca.crt
;cert client.crt
;key client.key
remote-cert-tls server
;tls-auth ta.key 1
;cipher AES-256-CBC
cipher AES-256-GCM
auth SHA256
key-direction 1
verb 3
;mute 20
; script-security 2
; up /etc/openvpn/update-resolv-conf
; down /etc/openvpn/update-resolv-conf
; script-security 2
; up /etc/openvpn/update-systemd-resolved
; down /etc/openvpn/update-systemd-resolved
; down-pre
; dhcp-option DOMAIN-ROUTE .
<ca>
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIURtcUeqVZ8UUk+F6BCir1f9J2S1cwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIxMDI3MTEzMDAwWhcNMzIx
MDI0MTEzMDAwWjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALtIfI5zXeBuojW/1ivpgZf1W8PhkDTasClHVqKj
K1COnrYsAP4ANylAYeAyabkuH8eH4QC+01ssEFHj695G2fuh49Gbhiz05UpEXNzt
yAzZvVWr88fn30peyqYoFULfxZ1rIC84Hf7k9k8Tld17tdv9CNTnAnzIgLZ3QLl4
W/MgVm1ap0Cu0L6VZvyUwaimxepeW4KhqKS4AxJhE4T7nDOj8Td/HGt/fpyZugZg
bTUxIr4Lp0FnibHDXe2SgD3c0WzCZmzWOpvecnOfu6igFJcoGOeK9NitCCe4LJkd
qhH2FJ6oPTw7GYYuO27MIIruEforvg5VCqBwpmoeiYb5k/UCAwEAAaOBkDCBjTAd
BgNVHQ4EFgQU45DtJnmWa8UtJ1mcZrK5IKCRRGowUQYDVR0jBEowSIAU45DtJnmW
a8UtJ1mcZrK5IKCRRGqhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRG1xR6
pVnxRST4XoEKKvV/0nZLVzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAHnZvmbeVwOcB1j5qIILuA7RWLv4C2JNGp7WVk+s6nyvJ
rWWg7YGv/NmZrI777VU29GS6SKIl0eev2+vR0LzH5uBL+oWdTM/GemOPuuZ+oMNS
0f93qSgFq17Zm7S8ruxUDcNDByjI2PMc3qoMMEvbshRZyPzEDiLDCW0ZZ1HEDRzh
Z1DbzYd1iP0vYxP72j4Ichy/KJOaRlrsakiuHDb7tMJTKLcOr2j3/6ReiJGXViKz
D9pQYSVjdCRUfVbW7YTrShyg03mgFvuqJgMg1oySKoxzUxAeSZ9Nteda7H5QPUF0
6SWSOiser/ibFuTTjF7ABaK2nHjli+cxGOk4YTdg2Q==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b0:02:15:34:f0:8b:d0:1c:a3:a4:93:a1:0b:12:c1:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Easy-RSA CA
Validity
Not Before: Oct 27 11:39:27 2022 GMT
Not After : Jan 29 11:39:27 2025 GMT
Subject: CN=client1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c3:33:89:1e:e1:e3:cf:f2:c1:21:34:83:be:33:
34:e5:f1:0f:48:e7:2b:97:c4:7d:f0:ef:77:01:d2:
10:54:c6:17:da:6e:f1:65:41:d5:32:4a:03:06:1f:
ed:71:33:71:1b:05:b1:ca:2f:64:06:e7:b2:11:3b:
9a:66:6c:8e:02:32:42:a4:8c:1b:54:8b:a3:b8:3a:
c1:4d:f6:f7:66:1b:07:dd:af:b3:71:ae:c3:64:3e:
88:86:35:81:0e:35:20:6d:53:c9:ec:ac:b4:84:d3:
b0:0f:5a:e0:82:a0:cc:33:98:40:4d:69:a8:c3:44:
f2:95:aa:19:81:ed:2c:2e:c7:c3:e6:27:39:31:5b:
da:f0:88:6a:d2:25:60:7e:7b:2e:f2:16:f5:dc:74:
b3:a8:98:f4:78:ea:b7:a4:00:91:9a:20:85:48:3c:
ed:e9:a8:ed:b9:b8:f2:93:ac:90:32:d5:2e:d1:4e:
2c:2f:46:68:8d:57:d0:92:7e:d0:d2:e3:f4:97:fc:
fe:be:53:bf:86:1c:d3:36:be:c2:38:64:f5:fe:14:
f8:b2:f3:2a:13:21:02:68:74:d9:7a:f0:bf:da:86:
7c:97:9a:29:09:13:85:01:59:a6:6d:26:9f:5a:24:
bc:57:fb:ea:ec:3c:bc:5b:8c:0b:0e:47:4c:42:37:
ec:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
6C:AB:2B:C9:B5:E7:34:36:9F:92:DB:3A:F9:DD:B0:2A:AA:D2:FD:61
X509v3 Authority Key Identifier:
keyid:E3:90:ED:26:79:96:6B:C5:2D:27:59:9C:66:B2:B9:20:A0:91:44:6A
DirName:/CN=Easy-RSA CA
serial:46:D7:14:7A:A5:59:F1:45:24:F8:5E:81:0A:2A:F5:7F:D2:76:4B:57
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
75:2b:4b:ee:ca:a3:b3:92:79:3a:73:93:a0:a9:10:23:8b:c2:
5f:68:78:1f:f3:88:48:15:d0:9a:d7:74:80:fc:b3:54:1d:f3:
93:41:22:f7:cb:93:7b:d7:03:64:ee:4a:78:ad:aa:50:0e:b2:
57:90:de:d5:56:9f:53:05:1e:bd:0b:90:0e:44:c0:b8:ed:6c:
bb:96:1f:65:aa:19:1e:f2:b1:c2:b6:63:8f:55:9d:dd:8c:70:
b4:a1:27:77:ea:27:94:2e:d8:af:f8:dd:72:6d:8e:76:5b:4e:
5c:dc:33:40:bc:aa:da:7b:70:6b:6d:08:04:46:22:25:62:25:
2c:51:16:53:80:de:a4:7a:a0:2a:a1:e9:3c:54:b5:e3:1b:e4:
16:0b:66:cc:1f:14:81:ec:c2:e3:fb:c6:e9:af:f9:d6:8c:66:
e2:fa:58:e4:99:3e:76:6e:7b:63:b6:92:ba:fb:29:c8:8f:7d:
ab:1a:33:c8:2d:1b:31:96:ad:26:46:0e:d5:22:2e:dd:c0:d0:
7a:f2:f3:d9:44:76:52:a5:96:31:24:49:f4:42:a4:26:1f:65:
8b:eb:ca:b1:e1:2d:8f:a2:67:e7:3d:b6:a8:3b:13:40:14:a3:
61:33:30:ed:ee:bd:3e:c9:71:5d:d7:48:6f:18:31:fa:0e:6a:
4f:4f:7b:20
-----BEGIN CERTIFICATE-----
MIIDVjCCAj6gAwIBAgIRALACFTTwi9Aco6SToQsSwTAwDQYJKoZIhvcNAQELBQAw
FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjIxMDI3MTEzOTI3WhcNMjUwMTI5
MTEzOTI3WjASMRAwDgYDVQQDDAdjbGllbnQxMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwzOJHuHjz/LBITSDvjM05fEPSOcrl8R98O93AdIQVMYX2m7x
ZUHVMkoDBh/tcTNxGwWxyi9kBueyETuaZmyOAjJCpIwbVIujuDrBTfb3ZhsH3a+z
ca7DZD6IhjWBDjUgbVPJ7Ky0hNOwD1rggqDMM5hATWmow0TylaoZge0sLsfD5ic5
MVva8Ihq0iVgfnsu8hb13HSzqJj0eOq3pACRmiCFSDzt6ajtubjyk6yQMtUu0U4s
L0ZojVfQkn7Q0uP0l/z+vlO/hhzTNr7COGT1/hT4svMqEyECaHTZevC/2oZ8l5op
CROFAVmmbSafWiS8V/vq7Dy8W4wLDkdMQjfskQIDAQABo4GiMIGfMAkGA1UdEwQC
MAAwHQYDVR0OBBYEFGyrK8m15zQ2n5LbOvndsCqq0v1hMFEGA1UdIwRKMEiAFOOQ
7SZ5lmvFLSdZnGayuSCgkURqoRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU
RtcUeqVZ8UUk+F6BCir1f9J2S1cwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P
BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQB1K0vuyqOzknk6c5OgqRAji8JfaHgf
84hIFdCa13SA/LNUHfOTQSL3y5N71wNk7kp4rapQDrJXkN7VVp9TBR69C5AORMC4
7Wy7lh9lqhke8rHCtmOPVZ3djHC0oSd36ieULtiv+N1ybY52W05c3DNAvKrae3Br
bQgERiIlYiUsURZTgN6keqAqoek8VLXjG+QWC2bMHxSB7MLj+8bpr/nWjGbi+ljk
mT52bntjtpK6+ynIj32rGjPILRsxlq0mRg7VIi7dwNB68vPZRHZSpZYxJEn0QqQm
H2WL68qx4S2PomfnPbaoOxNAFKNhMzDt7r0+yXFd10hvGDH6DmpPT3sg
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDM4ke4ePP8sEh
NIO+MzTl8Q9I5yuXxH3w73cB0hBUxhfabvFlQdUySgMGH+1xM3EbBbHKL2QG57IR
O5pmbI4CMkKkjBtUi6O4OsFN9vdmGwfdr7NxrsNkPoiGNYEONSBtU8nsrLSE07AP
WuCCoMwzmEBNaajDRPKVqhmB7Swux8PmJzkxW9rwiGrSJWB+ey7yFvXcdLOomPR4
6rekAJGaIIVIPO3pqO25uPKTrJAy1S7RTiwvRmiNV9CSftDS4/SX/P6+U7+GHNM2
vsI4ZPX+FPiy8yoTIQJodNl68L/ahnyXmikJE4UBWaZtJp9aJLxX++rsPLxbjAsO
R0xCN+yRAgMBAAECggEAJdhu0CI/IzDfYWL3XO+8JI27ZyjMsqDZwxYGdn+mA22h
r8u9OSLNpTGkyvHzPPSajADrYrYT+GPBCibKbWvED6hzc8gnP1nQfPZFRqqodi8s
8/3t9k9KGjwmh5DFi/3gYtnxJxYn7K3HL37w0tq+pI0zAF9JJUzPlJVVWzOi0pG5
N0aHGztZTOWoHl1vhIPXFggh6U5IuQxZ9fc/OOn2mtV0MsIlmGr35t982rhb8k4G
VmFwBUTAyTJDot76lwVq3jGed5f1NivSS0KQafGM5h0C2cXSYsrFXYMttZZ1RgOs
lGH52/tUqRFlJodGqTgwyi8PjKHhIZOivT2cvYguPQKBgQDshvFQ1ce/RD9GMHsp
Mh6DDzVUxQuKbAzNpRyZ3W4ZZru5e0WYA595PI3gPdmgQL4y4kkbpALe/LhIucyl
5rHDJm/r87zoFQ3Km3cpxWf09gVMQPGt//LfYoZ1/ibGnIW2WHO3oWzb7rJda70j
x3AJIvBNDv6b0ABpw8zm4KMn5QKBgQDTRZuyDggOgv02Lfn7iqar4PaDa50Urea1
sorYR0f373R4Yqz+dPPQrWTHnSMTbqr0fbWZfjAEsA6xdBjLjJIOt4yL29y7e/pg
xpRjtS3GPh0pwzO5dladeW+yPnQ9ChBL1DStak6Bxu7I1Af4Pw0WU2AhiOV2Y8TN
boPYee0PPQKBgB6bw+TDFYtR6KJLqdSF8N7i+/LRYRHzs6B1KoNa3WGaItb49eOb
LGsDBBUty9jqJ/Lrx6w1CE4VBEAdEzew5/YqJjexnhOmjddXUQ9txWs03zCkAuKS
ibqQxHfGgPwYy1Dyl17/G9hGRnzCcYKMz5nPFKvUMey1+Se2t/B0x4hlAoGARW3N
obDswuAXGFP5n8lLxpYyTLPzthUECVf4OuUJ6JeffeRnl2OVsFEbGmIwYbVvptMc
96k5XIEDAxv0/gdfBEkbfeat3kr62AzKPQ4QUeKdsNi+Scdy5WM/6qKNjnWdL144
RXj2/b0DQao0SEdoJJsXr02Oot5ckWotF9nRpr0CgYEAlVDQWtS10SqaMT8hcPBo
YDReBq8HZRW7YTJXv+gZ2ROFDERlkDJ2E6awV1tKIIFR24Ewow5cjNPLyGiBooaa
FmGB88cB59HQPAYe6+ZQqp00NKZDZJgx0N92BozYRSC+H3i7KQwKKdiWGvKpK4QW
nPB6MrRn5X3LPutZroWFb94=
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
c3a02cc1eb4416a60046ac54c8a2e720
9f75e35afe138c9633d443535af82c9d
0d795769a49de558b863d59e0c9b7e5f
de443bfc44bde5de0278fd74911be3f3
cb11f699c25e2e9fddba30e74846bc21
43b987834bc233e1074ee178dcc85bdb
6017e44d9065ba3ed29c16ea32313649
868dadee07e2e6b66e8f204971918eaf
a1497b45ed28a4a4a58a4b74860f1c01
273f003284baaa17c0cc51e9cb03fe33
9bca6f24e7b29671b390cd87c5ef97e8
1749b30e497bb7fa4e8b75b4a5cb9f16
1e6cc9ea998dc82080063184c1bce1c1
4e12962211ba209d87edb331b699e591
e6024915bdfee12bc1cb9cfdbad53c06
8edcda68af9213e8e7d387eeb5f1ffbe
-----END OpenVPN Static key V1-----
</tls-crypt>