在 openvpn tun 上启用互联网 - azure linux

tag-icon tag-icon linux networking vpn iptables openvpn
在 openvpn tun 上启用互联网 - azure linux

我正在尝试通过OpenVPN TUN一个Azure Linux实例来执行此操作:

-=Android Client=- --> -=VPS=- --> -=Internet=-

客户端已连接但无法访问互联网。

Iptables 命令

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to 191.236.xxx.xxx

(来自 Azure 的公共虚拟互联网 IP)

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to 100.75.xxx.xxx

eth0(来自的 ip ifconfig- 内部 Azure ip)

Iptables 输出

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  10.0.0.0/24          anywhere             to:191.236.xxx.xxx
SNAT       all  --  10.0.0.0/24          anywhere             to:191.236.xxx.xxx
SNAT       all  --  10.0.0.0/24          anywhere             to:191.236.xxx.xxx
SNAT       all  --  10.0.0.0/24          anywhere             to:191.236.xxx.xxx
SNAT       all  --  10.0.0.0/24          anywhere             to:100.75.xxx.xxx

转发

# cat /etc/sysctl.conf | grep forw
net.ipv4.ip_forward=1

服务器配置文件

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

系统日志

Nov  2 17:19:58 azu-1 ovpn-server[1711]: 109.242.144.133:11810 [azu1-mx4] Peer Connection Initiated with [AF_INET]109.242.144.133:11810
Nov  2 17:19:58 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Nov  2 17:19:58 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 MULTI: Learn: 10.8.0.6 -> azu1-mx4/109.242.144.133:11810
Nov  2 17:19:58 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 MULTI: primary virtual IP for azu1-mx4/109.242.144.133:11810: 10.8.0.6
Nov  2 17:19:59 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 PUSH: Received control message: 'PUSH_REQUEST'
Nov  2 17:19:59 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 send_push_reply(): safe_cap=940
Nov  2 17:19:59 azu-1 ovpn-server[1711]: azu1-mx4/109.242.144.133:11810 SENT CONTROL [azu1-mx4]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

我究竟做错了什么?

答案1

好吧,真幸运——很快就找到了解决方案:)

如果有人受益,请发布 - 这是对我有用的方法:

iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

相关内容