只有一个客户端可以连接到我的 LAN 上的 OpenVPN 服务器

只有一个客户端可以连接到我的 LAN 上的 OpenVPN 服务器

前几天我在 Raspberry Pi 上设置了 OpenVPN。一开始很艰难,因为我完全不懂,但我还是成功了。

.ovpn为我的 iPhone、iPad 和 MacBook 创建了客户端文件。出于某种原因,在我的本地网络上,一次只能将一台设备连接到 VPN。例如,如果我的 iPhone 已连接,我的 Mac 和 iPad 就无法连接,但如果我的 Mac 已连接,我的 iPhone 和 iPad 就无法连接。但是,我尝试连接到不同的网络,我的三台设备都连接正常。

我关注了读写教程以及英国广播公司教程。

以防万一,我的server.conf文件如下所示:

local 192.168.1.238 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto tcp
port 443
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/RaspiVPN.crt # SWAP XX WITH YOUR SERVER NAME
key /etc/openvpn/easy-rsa/keys/RaspiVPN.key # SWAP XX WITH YOUR SERVER NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # IF YOU CHANGED YOUR ENCRYPTION TO 2048, CHANGE THAT HERE
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.238 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 8.8.8.8" # THIS SHOULD ALREADY MATCH YOUR OWN ROUTER ADDRESS AND SHOULD NOT NEED TO BE CHANGED
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
duplicate-cn
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1

我的client.ovpn:(显然每个设备都是不同的,但这是“基础”。)

client
dev tun
proto tcp
remote REMOVED 443
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
<ca>
-----BEGIN CERTIFICATE-----
REMOVED
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
REMOVED
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
REMOVED
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
REMOVED
-----END OpenVPN Static key V1-----
</tls-auth>

答案1

您的问题似乎出现在以下几行:

# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"

基本上,您正确配置了 10.8.0.1,但错误配置了 .2,因此据我所知,只有 10.8.0.1 被正确使用,然后所有插槽都已满。更改此设置应该可以解决您的问题。

相关内容