我正在尝试使用本指南配置我的服务器https://openvpn.net/community-resources/static-key-mini-howto/也在这里https://blog.eldernode.com/setup-an-ope... ntu-22-04/
一切正常,服务器和客户端都已连接,但缺少了一些东西。客户端仍然具有与以前相同的 IP,是的,它可以 ping 服务器的 IP,但仅此而已。我尝试添加 --push "redirect-gateway def1",这是我从这里获得的https://openvpn.net/community-resources/how-to/#routing-all-client-traffic- including-web-traffic-through-the-vpn到服务器端代码的中间,但没有任何变化。
编辑 :添加日志
这是来自服务器端的日志
2023-02-16 08:06:12 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
2023-02-16 08:06:12 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-02-16 08:06:12 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-02-16 08:06:12 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 08:06:12 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 08:06:12 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 08:06:12 TUN/TAP device tun0 opened
2023-02-16 08:06:12 net_iface_mtu_set: mtu 1500 for tun0
2023-02-16 08:06:12 net_iface_up: set tun0 up
2023-02-16 08:06:12 net_addr_ptp_v4_add: 10.8.0.1 peer 10.8.0.2 dev tun0
2023-02-16 08:06:12 Could not determine IPv4/IPv6 protocol. Using AF_INET
2023-02-16 08:06:12 UDPv4 link local (bound): [AF_INET][undef]:1194
2023-02-16 08:06:12 UDPv4 link remote: [AF_UNSPEC]
2023-02-16 08:08:23 Peer Connection Initiated with [AF_INET]:My_IP:1194
2023-02-16 08:08:24 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-02-16 08:08:24 Initialization Sequence Completed`
这是来自客户端的日志
2023-02-16 10:45:17 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
2023-02-16 10:45:17 WARNING: file 'static-OpenVPN.key' is group or others accessible
2023-02-16 10:45:17 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-02-16 10:45:17 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-02-16 10:45:17 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 10:45:17 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 10:45:17 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-02-16 10:45:17 TUN/TAP device tun0 opened
2023-02-16 10:45:17 net_iface_mtu_set: mtu 1500 for tun0
2023-02-16 10:45:17 net_iface_up: set tun0 up
2023-02-16 10:45:17 net_addr_ptp_v4_add: 10.8.0.2 peer 10.8.0.1 dev tun0
2023-02-16 10:45:17 TCP/UDP: Preserving recently used remote address: [AF_INET]My_Server_IP:1194
2023-02-16 10:45:17 UDP link local (bound): [AF_INET][undef]:1194
2023-02-16 10:45:17 UDP link remote: [AF_INET]My_Server_IP:1194
2023-02-16 10:45:20 Peer Connection Initiated with [AF_INET]My_Server_IP:1194
2023-02-16 10:45:21 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-02-16 10:45:21 Initialization Sequence Completed