OpenVPN-将公共 IP 桥接到客户端

2024-6-18 • tag-icon

[从 Serverfault 复制，因为该问题在那里被搁置]

我一直在尝试使用 OpenVPN 将分配给我的服务器的公共 IP 桥接到家中的服务器。与 OpenVPN 服务器的连接正常，但连接后，我的客户端（家中的服务器）无法与外部建立任何连接。

两台机器都运行 Debian 8。以下是配置文件：

/etc/network/interfaces（服务器）：

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
auto eth0
iface eth0 inet manual
iface eth0 inet6 manual

auto br0
iface br0 inet static
    address 84.200.68.136
    netmask 255.255.255.0
    network 84.200.68.0
    gateway 84.200.68.126
    broadcast 84.200.68.255
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 8.8.8.8
    dns-search tobisoft.de
    pre-up openvpn --mktun --dev tap0
    bridge_ports eth0 tap0
    bridge_fd 3

iface br0 inet6 static
    address 2001:1608:10:190::1194
    address 2001:1608:10:190::1195
    netmask 64
    gateway 2001:1608:10:190::1
    bridge_ports eth0 tap0
    bridge_fd 3

/etc/network/interfaces（客户端）

# The loopback network interface
auto lo eth0 eth1 eth2
iface lo inet loopback


# The primary network interface
iface eth1 inet dhcp
# This is an autoconfigured IPv6 interface
iface eth1 inet6 auto

iface eth0 inet dhcp
iface eth0 inet6 auto


iface eth2 inet static
    address 192.168.10.1
    netmask 255.255.255.0

OpenVPN服务器配置：

port 1194
proto udp
dev tap
ca ca.crt
cert vpn.tobi-soft.de.crt
key vpn.tobi-soft.de.key  # This file should be kept secret
dh dh2048.pem
server-bridge 84.200.68.126 255.255.255.0 84.200.68.135 84.200.68.135
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

连接到 VPN 时客户端上显示 ip route：

0.0.0.0/1 via 84.200.68.126 dev tap0 
default via 192.168.0.1 dev eth0 
84.200.68.0/24 dev tap0  proto kernel  scope link  src 84.200.68.135 
84.200.68.136 via 192.168.0.1 dev eth0 
128.0.0.0/1 via 84.200.68.126 dev tap0 
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.194 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.101 
192.168.10.0/24 dev eth2  proto kernel  scope link  src 192.168.10.1

连接时服务器上显示 ip route:

default via 84.200.68.126 dev br0 
84.200.68.0/24 dev br0  proto kernel  scope link  src 84.200.68.136

两台服务器均已启用 IP 转发。目前服务器或客户端上均未启用防火墙。

为了澄清起见，客户端 IP 应该是 .135，服务器 IP 应该是 .136。

我是否错过了路线或者我做错了什么？

相关内容