我终于让 OpenVPN 允许服务器与客户端通信。问题是客户端无法响应来自服务器的请求。当我运行
sudo tcpdump -i tun0
在客户端上,然后 ping 它,我得到
20:11:39.215473 IP gateblogs.com > 10.10.0.2: ICMP echo request, id 8489, seq 83, length 64
但 ping 请求没有得到答复。我也无法从服务器访问托管在其上的网站,但其他客户端可以。我的服务器 OpenVPN 配置是:
port 1194
proto tcp
dev tun0
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.10.0.0 255.255.255.0
route 10.10.0.0 255.255.255.0
push "iroute 10.10.0.0 255.255.255.0"
push "route 10.10.0.0 255.255.255.0"
cipher AES-256-GCM
auth SHA512
ifconfig-pool-persist ipp.txt
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
reneg-bytes 32000000
compress lz4-v2
push "compress lz4-v2"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
duplicate-cn
client-to-client
topology subnet
log-append /var/log/openvpn.log
tcpudump -i tun0在从服务器 ping 期间在客户端上:
19:56:48.834510 IP gateblogs.com > 10.10.0.2: ICMP echo request, id 3878, seq 3, length 64
它似乎正在获取外部 IP,并对域执行反向 DNS,我认为这是导致问题的原因。
sudo route在客户端上:
Destination Gateway Genmask Flags Metric Ref Use
Iface
default 10.10.0.1 0.0.0.0 UG 50 0 0
tun0
default 192.168.2.1 0.0.0.0 UG 100 0 0
enxb827ebd854fa
default 192.168.2.1 0.0.0.0 UG 600 0 0
wlan0
10.10.0.0 10.10.0.1 255.255.255.0 UG 0 0 0
tun0
10.10.0.0 * 255.255.255.0 U 50 0 0
tun0
gateblogs.com 192.168.2.1 255.255.255.255 UGH 100 0 0
enxb827ebd854fa
link-local * 255.255.0.0 U 1000 0 0
tun0
192.168.2.0 * 255.255.255.0 U 100 0 0
enxb827ebd854fa
192.168.2.0 * 255.255.255.0 U 600 0 0
wlan0
答案1
如果您不能,但您网络之外的客户端可以,您是否检查过确保您是该 VPN 网络的一部分?
- 您的路由正确吗?
- 您是否检查过防火墙没有过滤 TAN/TUN?
- 您转发正确吗?
- 您是否路由至了默认网关?