打开 VPN LAN 路由。令人震惊

打开 VPN LAN 路由。令人震惊

我在从 vpn 网络到 lan(以及返回)的路由方面遇到问题。服务器操作系统 Windows Server 2012(所有防火墙都已关闭以进行测试),客户端操作系统 Windows 7。在服务器上启用了 ip 转发,向 server.ovpn 添加了静态路由,向 LAN 添加了静态路由。从我的 LAN,我可以 ping vpn 服务器(192.168.0.246,以及他的 vpn 地址 10.5.0.1)。从 vpn 网络客户端(任何)我可以 ping vpn 服务器(10.5.0.1,以及他的 lan 地址 192.168.0.246)VPN 客户端可以 ping 和访问 10.5.0.0\24 中的任何网络资源。但不能再进一步了。所以如果有人能给我一个提示,那就太好了。

port 1194

proto udp

dev tun

ca C:\\OpenVPN\\easy-rsa\\keys\\ca.crt
cert C:\\OpenVPN\\easy-rsa\\keys\\OVPN.crt
key C:\\OpenVPN\\easy-rsa\\keys\\OVPN.key  # This file should be kept secret

dh C:\\OpenVPN\\easy-rsa\\keys\\dh1024.pem

topology subnet

server 10.5.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 192.168.0.0 255.255.255.0"
push "route 10.5.0.0 255.255.255.0"


push "dhcp-option DNS 192.168.0.249"
push "dhcp-option DNS 192.168.0.251"

push "dhcp-option DOMAIN *.local"
push "dhcp-option SEARCH *.local"

client-to-client

keepalive 10 120

tls-auth C:\\OpenVPN\\easy-rsa\\ta.key 0 # This file is secret

cipher AES-256-CBC

persist-key
persist-tun

status openvpn-status.log

verb 3

服务器日志太大了,无法粘贴在这里,所以贴在这里http://pastebin.com/5zBBw2ad

客户端配置

client

dev tun

proto udp

remote here was address 1194

resolv-retry infinite

nobind

persist-key
persist-tun

ca C:\\Openvpn\\ssl\\ca.crt
cert C:\\Openvpn\\ssl\\SharanMTS.crt
key C:\\Openvpn\\ssl\\SharanMTS.key

remote-cert-tls server

tls-auth C:\\Openvpn\\ssl\\ta.key 1

cipher AES-256-CBC

verb 3

客户登录这里http://pastebin.com/VUbZN84Y

我的路线打印

0.0.0.0 0.0.0.0 192.168.0.10 192.168.0.77 20
10.5.0.0 255.255.255.0 192.168.0.246 192.168.0.77 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.77 276
192.168.0.77 255.255.255.255 On-link 192.168.0.77 276
192.168.0.255 255.255.255.255 On-link 192.168.0.77 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.77 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.77 276

客户端路线打印

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 276
10.5.0.0 255.255.255.0 10.5.0.1 10.5.0.49 20
10.5.0.49 255.255.255.255 On-link 10.5.0.49 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 10.5.0.1 10.5.0.49 20
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 10.5.0.49 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 10.5.0.49 276

服务器路由打印

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.0.10    192.168.0.246     10
         10.5.0.0    255.255.255.0    192.168.0.246    192.168.0.246     11
         10.5.0.0    255.255.255.0         On-link          10.5.0.1    276
         10.5.0.1  255.255.255.255         On-link          10.5.0.1    276
       10.5.0.255  255.255.255.255         On-link          10.5.0.1    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.246    266
    192.168.0.246  255.255.255.255         On-link     192.168.0.246    266
    192.168.0.255  255.255.255.255         On-link     192.168.0.246    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.5.0.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.0.246    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.5.0.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.0.246    266
===========================================================================

答案1

在某位聪明人的帮助下,我发现我还没有提供 VPN 子网和 LAN 网络之间的路由。因此,在我的服务器上,我添加了从一个子网到另一个子网的静态路由 route -p add 10.5.0.0/24 192.168.0.246 和 route -p add 192.168.0.0/24 10.5.0.1 ,这样现在就可以访问这两个网络了。谢谢https://superuser.com/users/619267/seth

相关内容