为什么我的 VPN 客户端不可用(无法交换数据)?

tag-icon tag-icon openvpn vpn
为什么我的 VPN 客户端不可用(无法交换数据)?

我已经在我的虚拟机和 Ubuntu 客户端之间建立了连接

$ sudo openvpn --config config.ovpn
Sat Nov  4 14:38:29 2017 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017
Sat Nov  4 14:38:29 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Sat Nov  4 14:38:29 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Nov  4 14:38:29 2017 UDPv4 link local: [undef]
Sat Nov  4 14:38:29 2017 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Sat Nov  4 14:38:29 2017 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 0'
Sat Nov  4 14:38:29 2017 [canard.ch] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Sat Nov  4 14:38:31 2017 TUN/TAP device tun1 opened
Sat Nov  4 14:38:31 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov  4 14:38:31 2017 /sbin/ip link set dev tun1 up mtu 1500
Sat Nov  4 14:38:31 2017 /sbin/ip addr add dev tun1 local 10.8.0.6 peer 10.8.0.5
RTNETLINK answers: File exists
Sat Nov  4 14:38:31 2017 ERROR: Linux route add command failed: external program exited with error status: 2
Sat Nov  4 14:38:31 2017 Initialization Sequence Completed

然后从服务器或客户端我看到tun界面:

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:168 (168.0 B)

但在这种情况下我无法 ping 通10.8.0.5。我无法设法在客户端和服务器之间交换数据。

我的错误是什么?

我还尝试将这些规则添加到iptables

iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT

在客户端我得到这个配置:

$ iptables -L OUTPUT -nv; ip route; ip route get 10.8.0.5
Chain OUTPUT (policy ACCEPT 7279 packets, 1483K bytes)
 pkts bytes target     prot opt in     out     source               destination
10.8.0.5 dev tun1  proto kernel  scope link  src 10.8.0.6
10.8.0.5 dev tun2  proto kernel  scope link  src 10.8.0.6
10.8.0.1 via 10.8.0.5 dev tun1
10.8.0.2 dev tun0  proto kernel  scope link  src 10.8.0.1
10.8.0.0/24 via 10.8.0.2 dev tun0
x.x.x.0/20 dev eth0  proto kernel  scope link  src x.x.x.x
default via x.x.x.x dev eth0
10.8.0.5 dev tun1  src 10.8.0.6
    cache  mtu 1500 advmss 1460 hoplimit 64

$ iptables -L OUTPUT -nv -t nat
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

$ ip rule list
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

相关内容