建筑1:10.1.0.0 255.255.0.0
楼2:10.10.0.0 255.255.0.0 192.168.0.0 255.255.0.0
建筑物之间通过 1G 城域以太网连接。
我住在1号楼。
192.168.0.0 被防火墙阻隔。OpenVPN 处于 10.10.230.0 OpenVPN 处于桥接模式,因此当我连接时,我得到的是 10.10.230.x 地址。任何拥有 10.10.xx 地址的人都可以访问 192.168.0.0。
我使用“推送重定向网关”选项连接 OpenVPN,一切正常。但是,我不希望这成为我的 DFG。我只想将此隧道用于特定子网,因此我使用“推送路由”选项,如下所示:
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
并关闭“重定向网关”
我无法访问 192.168.0.0 子网。
例子:
C:\Users\me>tracert -d 192.168.2.6
Tracing route to 192.168.2.6 over a maximum of 30 hops
1 * * * Request timed out.
2 * 10.10.230.181 reports: Destination host unreachable.
Trace complete.
Route table: The routes are added. It looks like they are trying to be used by what the tracert shows.
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.150.1 10.1.150.62 10
5.0.0.0 255.0.0.0 On-link 5.227.46.162 9256
5.227.46.162 255.255.255.255 On-link 5.227.46.162 9256
5.255.255.255 255.255.255.255 On-link 5.227.46.162 9256
10.1.150.0 255.255.255.0 On-link 10.1.150.62 266
10.1.150.62 255.255.255.255 On-link 10.1.150.62 266
10.1.150.255 255.255.255.255 On-link 10.1.150.62 266
10.10.230.0 255.255.255.0 On-link 10.10.230.181 286
10.10.230.181 255.255.255.255 On-link 10.10.230.181 286
10.10.230.255 255.255.255.255 On-link 10.10.230.181 286
10.10.231.0 255.255.255.0 10.10.230.179 10.10.230.181 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 10.10.230.179 10.10.230.181 30
192.168.3.0 255.255.255.0 10.10.230.179 10.10.230.181 30
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.150.62 266
224.0.0.0 240.0.0.0 On-link 10.10.230.181 286
224.0.0.0 240.0.0.0 On-link 5.227.46.162 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.150.62 266
255.255.255.255 255.255.255.255 On-link 10.10.230.181 286
255.255.255.255 255.255.255.255 On-link 5.227.46.162 9256
===========================================================================
我遗漏了什么?再次,使用“redirect-gateway”,我可以访问我需要访问的所有内容。怎么回事?
启用重定向网关的路由表
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.230.179 10.10.230.180 30
10.1.150.0 255.255.255.0 On-link 10.1.150.62 266
10.1.150.62 255.255.255.255 On-link 10.1.150.62 266
10.1.150.255 255.255.255.255 On-link 10.1.150.62 266
10.10.230.0 255.255.255.0 On-link 10.10.230.180 286
10.10.230.179 255.255.255.255 10.1.150.1 10.1.150.62 10
10.10.230.180 255.255.255.255 On-link 10.10.230.180 286
10.10.230.255 255.255.255.255 On-link 10.10.230.180 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.150.62 266
224.0.0.0 240.0.0.0 On-link 10.10.230.180 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.150.62 266
255.255.255.255 255.255.255.255 On-link 10.10.230.180 286
===========================================================================
答案1
当你启用重定向网关时(查看上面的 rt),会出现一个条目,显示为 OpenVPN 网关后的下一跳:
10.10.230.179 255.255.255.255 10.1.150.1 10.1.150.62 10
您的第一个路由表没有这个,所以您的客户端可能不知道如何路由您的 OpenVPN 流量本身。这是我启用 OpenVPN 时的路由表(无重定向网关)
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.46.0 255.255.255.0 On-link 192.168.46.1 276
192.168.46.1 255.255.255.255 On-link 192.168.46.1 276
192.168.46.255 255.255.255.255 On-link 192.168.46.1 276
192.168.100.0 255.255.255.0 192.168.200.1 192.168.200.10 31
192.168.192.0 255.255.255.0 On-link 192.168.192.1 276
192.168.192.1 255.255.255.255 On-link 192.168.192.1 276
192.168.192.255 255.255.255.255 On-link 192.168.192.1 276
192.168.200.0 255.255.255.0 On-link 192.168.200.10 286
192.168.200.10 255.255.255.255 On-link 192.168.200.10 286
192.168.200.255 255.255.255.255 On-link 192.168.200.10 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.200.10 286
224.0.0.0 240.0.0.0 On-link 192.168.192.1 276
224.0.0.0 240.0.0.0 On-link 192.168.46.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.200.10 286
255.255.255.255 255.255.255.255 On-link 192.168.192.1 276
255.255.255.255 255.255.255.255 On-link 192.168.46.1 276
===========================================================================
我已经添加了
push route "192.168.100.0 255.255.255.0"
到我的 openvpn 服务器配置,这样我就可以连接到我的 openvpn 服务器另一侧的另一个子网,该子网 openvpn 服务器未开启但已设置为路由。有关上述 rt 的更多信息:
我的 openvpn 服务器 IP 是 192.168.200.1 我的 openvpn 客户端 IP 是 192.168.200.10
因此,任何发往 192.168.100.0 的流量都会通过 OpenVPN 接口,但最终会发往 200.1,因为我的 OpenVPN 盒子有 2 个 eth 连接,并且设置了 iptables 来路由该流量。因此,对于您的情况(重新阅读您的问题),我会检查您的 OpenVPN 服务器上两个接口之间是否有路由,以便将流量从一个接口路由到另一个接口。