允许以桥接模式使用 DD-WRT OpenVPN 访问互联网

tag-icon tag-icon routing openvpn dd-wrt
允许以桥接模式使用 DD-WRT OpenVPN 访问互联网

我在 DD-WRT 上配置 OpenVPN 时遇到问题。所有流量都必须通过隧道路由。DD-WRT 设备不直接暴露在互联网上,因此防火墙被禁用。

我的服务器配置文件:

mode server
proto udp 
port 1194 
dev tap0 
server-bridge 192.168.0.2 255.255.255.0 192.168.0.20 192.168.0.29 
# Gateway (VPN Server)   Subnetmask   Start-IP   End-IP 
push "dhcp-option DNS 195.130.130.4"
push "dhcp-option DNS 195.130.131.4"
push "redirect-gateway"
keepalive 10 120 
daemon 
verb 5 
client-to-client 
dh /tmp/openvpn/dh.pem 
ca /tmp/openvpn/ca.crt 
cert /tmp/openvpn/cert.pem 
key /tmp/openvpn/key.pem

我的客户端配置文件:

remote xxxx.no-ip.org 1194

client 
dev tap0 
proto udp 
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
float 
verb 5 

ca ca.crt 
cert client1.crt 
key client1.key 

ns-cert-type server

我的网络如下所示:

                                                             ------------
DD-WRT Device (functions as a switch) ----- Router ----------| Internet |
192.168.0.2                                 192.168.0.1      ------------

当我按下设置“default-gateway def1”时,客户端上的路由表如下所示(netstat -rn):

IPv4 routing table
===========================================================================
Active routes:
Network Address    Netmask            Gateway        Interface       Metric
          0.0.0.0          0.0.0.0     192.168.43.1    192.168.43.57     25
          0.0.0.0        128.0.0.0      192.168.0.2     192.168.0.20     30
    84.197.216.14  255.255.255.255     192.168.43.1    192.168.43.57     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0      192.168.0.2     192.168.0.20     30
      192.168.0.0    255.255.255.0         On-link      192.168.0.20    286
     192.168.0.20  255.255.255.255         On-link      192.168.0.20    286
    192.168.0.255  255.255.255.255         On-link      192.168.0.20    286
     192.168.43.0    255.255.255.0         On-link     192.168.43.57    281
    192.168.43.57  255.255.255.255         On-link     192.168.43.57    281
   192.168.43.255  255.255.255.255         On-link     192.168.43.57    281
    192.168.221.0    255.255.255.0         On-link     192.168.221.1    276
    192.168.221.1  255.255.255.255         On-link     192.168.221.1    276
  192.168.221.255  255.255.255.255         On-link     192.168.221.1    276
    192.168.233.0    255.255.255.0         On-link     192.168.233.1    276
    192.168.233.1  255.255.255.255         On-link     192.168.233.1    276
  192.168.233.255  255.255.255.255         On-link     192.168.233.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.20    286
        224.0.0.0        240.0.0.0         On-link     192.168.43.57    281
        224.0.0.0        240.0.0.0         On-link     192.168.221.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.233.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.20    286
  255.255.255.255  255.255.255.255         On-link     192.168.43.57    281
  255.255.255.255  255.255.255.255         On-link     192.168.221.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.233.1    276
===========================================================================

如您所见,所需的路由仍然被覆盖(另一条不安全的路由具有较低的度量)。

但是,当我只按“default-gateway”(不按“def1”)时,我的路由表如下所示:

IPv4 routing table
===========================================================================
Active routes:
Network Address    Netmask            Gateway        Interface       Metric
          0.0.0.0          0.0.0.0      192.168.0.2     192.168.0.20     30
    84.197.216.14  255.255.255.255     192.168.43.1    192.168.43.57     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.20    286
     192.168.0.20  255.255.255.255         On-link      192.168.0.20    286
    192.168.0.255  255.255.255.255         On-link      192.168.0.20    286
     192.168.43.0    255.255.255.0         On-link     192.168.43.57    281
    192.168.43.57  255.255.255.255         On-link     192.168.43.57    281
   192.168.43.255  255.255.255.255         On-link     192.168.43.57    281
    192.168.221.0    255.255.255.0         On-link     192.168.221.1    276
    192.168.221.1  255.255.255.255         On-link     192.168.221.1    276
  192.168.221.255  255.255.255.255         On-link     192.168.221.1    276
    192.168.233.0    255.255.255.0         On-link     192.168.233.1    276
    192.168.233.1  255.255.255.255         On-link     192.168.233.1    276
  192.168.233.255  255.255.255.255         On-link     192.168.233.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.20    286
        224.0.0.0        240.0.0.0         On-link     192.168.43.57    281
        224.0.0.0        240.0.0.0         On-link     192.168.221.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.233.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.20    286
  255.255.255.255  255.255.255.255         On-link     192.168.43.57    281
  255.255.255.255  255.255.255.255         On-link     192.168.221.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.233.1    276
===========================================================================

我认为这是正确的。

但我仍然无法连接到互联网,甚至无法再拨打内部地址......

任何帮助是极大的赞赏!

相关内容