无法在 Tomato OpenVPN 服务器设置上 ping 网关

2024-6-16 • tag-icon

我在 WNR3500L 路由器上从 tomato 固件（v1.28.9054 MIPSR2-beta K26 USB vpn3.6）配置 Open VPN 服务器时遇到了一些问题。

我已经像这样设置了服务器：

在此处输入图片描述

并且，当从客户端（ubuntu 14.04）连接时。我的 /var/log/syslog 上出现了这个

Jul 30 14:08:51 thinkpad nm-openvpn[17467]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb  4 2014
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: ******* WARNING *******: null MAC specified, no authentication will be used
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: UDPv4 link local: [undef]
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: UDPv4 link remote: [AF_INET]82.239.XX.XXX:1194
Jul 30 14:08:53 thinkpad nm-openvpn[17467]: [Bob] Peer Connection Initiated with [AF_INET]82.239.XX.XXX:1194
Jul 30 14:08:55 thinkpad nm-openvpn[17467]: TUN/TAP device tun0 opened
Jul 30 14:08:55 thinkpad nm-openvpn[17467]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper tun0 1500 1538 10.8.0.6 10.8.0.5 init
Jul 30 14:08:55 thinkpad NetworkManager[1147]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Jul 30 14:08:55 thinkpad NetworkManager[1147]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> VPN connection 'home' (IP Config Get) reply received.
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> VPN connection 'home' (IP4 Config Get) reply received.
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> VPN Gateway: 82.239.XX.XXX
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Tunnel Device: tun0
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> IPv4 configuration:
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info>   Internal Gateway: 10.8.0.5
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info>   Internal Address: 10.8.0.6
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info>   Internal Prefix: 32
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info>   Internal Point-to-Point Address: 10.8.0.5
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info>   Maximum Segment Size (MSS): 0
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info>   Static Route: 192.168.0.0/24   Next Hop: 192.168.0.0
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info>   Static Route: 10.8.0.1/32   Next Hop: 10.8.0.1
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info>   Forbid Default Route: no
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info>   Internal DNS: 192.168.0.1
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info>   DNS Domain: '(none)'
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> No IPv6 configuration
Jul 30 14:08:55 thinkpad nm-openvpn[17467]: Initialization Sequence Completed
Jul 30 14:08:56 thinkpad NetworkManager[1147]: <info> VPN connection 'home' (IP Config Get) complete.
Jul 30 14:08:56 thinkpad NetworkManager[1147]: <info> Policy set 'home' (tun0) as default for IPv4 routing and DNS.
Jul 30 14:08:56 thinkpad NetworkManager[1147]: <info> Writing DNS information to /sbin/resolvconf
Jul 30 14:08:56 thinkpad dnsmasq[2571]: setting upstream servers from DBus
Jul 30 14:08:56 thinkpad dnsmasq[2571]: using nameserver 192.168.0.1#53

看起来很棒，但是我给出的网关没有响应：

~ ping 10.8.0.5
PING 10.8.0.5 (10.8.0.5) 56(84) bytes of data.
^C
--- 10.8.0.5 ping statistics ---
32 packets transmitted, 0 received, 100% packet loss, time 31248ms

ping 10.8.0.1 也没有响应。只有该网络上的我的 IP（10.8.0.6）有响应。

因此，连接到该 VPN 后，我无法连接（无法 ping 本地网络，也无法访问互联网）。

另外，这是我的路线：

~  route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.8.0.5        0.0.0.0         UG    0      0        0 tun0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
10.8.0.5        *               255.255.255.255 UH    0      0        0 tun0
82.239.XX.XXX   192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
192.168.0.0     10.8.0.5        255.255.255.0   UG    0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     1      0        0 eth0

我家里的局域网是 192.168.0.0，而我从网络 192.168.1.0 进行连接，因此那里应该不会发生冲突。

知道什么地方出了问题吗？

答案1

查看路由器的日志时，我发现了以下几行：

Aug  1 14:14:57 tomato-router daemon.err openvpn[3785]: thinkpad/88.169.xx.xxx:53216
Authenticate/Decrypt packet error: packet HMAC authentication failed

因此我将 HMAC 客户端配置从“无”更改为“默认”，从而解决了该问题！

答案1

相关内容