我在从 vpn 网络到 lan(以及返回)的路由方面遇到问题。服务器操作系统 Windows Server 2012(所有防火墙都已关闭以进行测试),客户端操作系统 Windows 7。在服务器上启用了 ip 转发,向 server.ovpn 添加了静态路由,向 LAN 添加了静态路由。从我的 LAN,我可以 ping vpn 服务器(192.168.0.246,以及他的 vpn 地址 10.5.0.1)。从 vpn 网络客户端(任何)我可以 ping vpn 服务器(10.5.0.1,以及他的 lan 地址 192.168.0.246)VPN 客户端可以 ping 和访问 10.5.0.0\24 中的任何网络资源。但不能再进一步了。所以如果有人能给我一个提示,那就太好了。
port 1194
proto udp
dev tun
ca C:\\OpenVPN\\easy-rsa\\keys\\ca.crt
cert C:\\OpenVPN\\easy-rsa\\keys\\OVPN.crt
key C:\\OpenVPN\\easy-rsa\\keys\\OVPN.key # This file should be kept secret
dh C:\\OpenVPN\\easy-rsa\\keys\\dh1024.pem
topology subnet
server 10.5.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0"
push "route 10.5.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.0.249"
push "dhcp-option DNS 192.168.0.251"
push "dhcp-option DOMAIN *.local"
push "dhcp-option SEARCH *.local"
client-to-client
keepalive 10 120
tls-auth C:\\OpenVPN\\easy-rsa\\ta.key 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
服务器日志太大了,无法粘贴在这里,所以贴在这里http://pastebin.com/5zBBw2ad
客户端配置
client
dev tun
proto udp
remote here was address 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca C:\\Openvpn\\ssl\\ca.crt
cert C:\\Openvpn\\ssl\\SharanMTS.crt
key C:\\Openvpn\\ssl\\SharanMTS.key
remote-cert-tls server
tls-auth C:\\Openvpn\\ssl\\ta.key 1
cipher AES-256-CBC
verb 3
客户登录这里http://pastebin.com/VUbZN84Y
我的路线打印
0.0.0.0 0.0.0.0 192.168.0.10 192.168.0.77 20
10.5.0.0 255.255.255.0 192.168.0.246 192.168.0.77 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.77 276
192.168.0.77 255.255.255.255 On-link 192.168.0.77 276
192.168.0.255 255.255.255.255 On-link 192.168.0.77 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.77 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.77 276
客户端路线打印
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 276
10.5.0.0 255.255.255.0 10.5.0.1 10.5.0.49 20
10.5.0.49 255.255.255.255 On-link 10.5.0.49 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 10.5.0.1 10.5.0.49 20
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 10.5.0.49 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 10.5.0.49 276
服务器路由打印
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.10 192.168.0.246 10
10.5.0.0 255.255.255.0 192.168.0.246 192.168.0.246 11
10.5.0.0 255.255.255.0 On-link 10.5.0.1 276
10.5.0.1 255.255.255.255 On-link 10.5.0.1 276
10.5.0.255 255.255.255.255 On-link 10.5.0.1 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.246 266
192.168.0.246 255.255.255.255 On-link 192.168.0.246 266
192.168.0.255 255.255.255.255 On-link 192.168.0.246 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.5.0.1 276
224.0.0.0 240.0.0.0 On-link 192.168.0.246 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.5.0.1 276
255.255.255.255 255.255.255.255 On-link 192.168.0.246 266
===========================================================================
答案1
在某位聪明人的帮助下,我发现我还没有提供 VPN 子网和 LAN 网络之间的路由。因此,在我的服务器上,我添加了从一个子网到另一个子网的静态路由 route -p add 10.5.0.0/24 192.168.0.246 和 route -p add 192.168.0.0/24 10.5.0.1 ,这样现在就可以访问这两个网络了。谢谢https://superuser.com/users/619267/seth