openvpn 正在连接,但现在正在工作

openvpn 正在连接,但现在正在工作

我有一个可以正常工作的 openvpn 设置,我将其从一台机器复制到另一台机器(当然,原始机器已关闭)。客户端连接到服务器(服务器未更改),设置 IP 和路由,但除此之外,什么都不起作用。

服务器局域网 192.168.123.0

客户端局域网 192.168.1.0

OpenVPN 客户端 IP 192.168.123.253

openvpn /etc/openvpn/client.conf 
Tue Nov  8 09:50:53 2016 OpenVPN 2.3.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 17 2016
Tue Nov  8 09:50:53 2016 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.08
Tue Nov  8 09:50:53 2016 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Nov  8 09:50:53 2016 Control Channel Authentication: using '/etc/openvpn/client/ta.key' as a OpenVPN static key file
Tue Nov  8 09:50:53 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov  8 09:50:53 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov  8 09:50:54 2016 Attempting to establish TCP connection with [AF_INET]XXX:XX940 [nonblock]
Tue Nov  8 09:50:55 2016 TCP connection established with [AF_INET]XXX:XX940
Tue Nov  8 09:50:55 2016 TCPv4_CLIENT link local: [undef]
Tue Nov  8 09:50:55 2016 TCPv4_CLIENT link remote: [AF_INET]XXX:XXXXX940
Tue Nov  8 09:50:55 2016 VERIFY OK: depth=1, C=DE, ST=Bayern, L=Munich, O=nothing, OU=private, CN=private, name=private, emailAddress=XXXX
Tue Nov  8 09:50:55 2016 VERIFY OK: depth=0, C=DE, ST=Bayern, L=Munich, O=nothing, OU=private, CN=server, name=private, emailAddress=XXX
Tue Nov  8 09:50:55 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Nov  8 09:50:55 2016 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Tue Nov  8 09:50:55 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov  8 09:50:55 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Nov  8 09:50:55 2016 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Tue Nov  8 09:50:55 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov  8 09:50:55 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Nov  8 09:50:55 2016 [server] Peer Connection Initiated with [AF_INET]84.56.32.58:11940
Tue Nov  8 09:50:57 2016 TUN/TAP device tap0 opened
Tue Nov  8 09:50:57 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Nov  8 09:50:57 2016 /bin/ip link set dev tap0 up mtu 1500
Tue Nov  8 09:50:57 2016 /bin/ip addr add dev tap0 192.168.123.253/24 broadcast 192.168.123.255
Tue Nov  8 09:50:57 2016 Initialization Sequence Completed

在客户端上,IP 设置正确,可以 ping 通

ifconfig
br0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
    inet 192.168.1.2  netmask 255.255.255.0  broadcast 192.168.1.255
    inet6 fe80::c43:1ff:fea0:26de  prefixlen 64  scopeid 0x20<link>
    ether 0e:43:01:a0:26:de  txqueuelen 1000  (Ethernet)
    RX packets 107244  bytes 65503139 (62.4 MiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 7740  bytes 2854919 (2.7 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet6 fe80::325a:3aff:fe0d:49e1  prefixlen 64  scopeid 0x20<link>
    ether 30:5a:3a:0d:49:e1  txqueuelen 1000  (Ethernet)
    RX packets 45013  bytes 7253888 (6.9 MiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 69966  bytes 62536816 (59.6 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1  (Lokale Schleife)
    RX packets 1737  bytes 155991 (152.3 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 1737  bytes 155991 (152.3 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
tap0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 192.168.123.253  netmask 255.255.255.0  broadcast 192.168.123.255
    inet6 fe80::30ff:6bff:fe1f:8503  prefixlen 64  scopeid 0x20<link>
    ether 32:ff:6b:1f:85:03  txqueuelen 100  (Ethernet)
    RX packets 1060  bytes 51338 (50.1 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 377  bytes 39122 (38.2 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

~ # route
Kernel IP Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
default         wan.localnet      0.0.0.0         UG    13     0        0 br0
loopback        0.0.0.0         255.0.0.0       U     0      0        0 lo
loopback        localhost       255.0.0.0       UG    0      0        0 lo
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.123.0   0.0.0.0         255.255.255.0   U     0      0        0 tap0

 ~ # ping 192.168.123.253
PING 192.168.123.253 (192.168.123.253) 56(84) bytes of data.
64 bytes from 192.168.123.253: icmp_seq=1 ttl=64 time=0.245 ms
--- 192.168.123.253 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms

 ~ # ping 192.168.123.150
PING 192.168.123.150 (192.168.123.150) 56(84) bytes of data.
--- 192.168.123.150 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1074ms

现在我的问题是,如果我在机器 A 上尝试此设置,一切都会正常工作,但在机器 B 上却不行。网络配置中唯一的不同点是,在机器 B 上,TAP0 接口已经从网络脚本启动并运行(这台机器还托管了 3 个使用网桥的虚拟机)

答案1

在机器B上的客户端配置文件中,更改此语句

 dev tap0

dev tap1

重新启动 OpenVPN。另外,请记住,如果您不指示 Hypervisor 使用 Openvpn 的虚拟接口(点击1),您的虚拟机将不是通过 OpenVPN 路由。我不知道你到底想要什么……

相关内容