我在一台服务器上有多个 VPN 实例,每个实例都有不同的内部 IP。我有两个 OpenVPN 实例,我希望每个实例上的客户端能够彼此通信。以下是我的 OpenVPN 配置:
port 1194
proto tcp
dev tun0
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.10.0.0 255.255.255.0
server-ipv6 fde6:7c9e:7ab4:0cc0::/64
cipher AES-256-GCM
auth SHA512
ifconfig-pool-persist ipp.txt 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
reneg-bytes 32000000
compress lz4-v2
push "compress lz4-v2"
push "redirect-gateway"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
persist-key
persist-tun
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
duplicate-cn
client-to-client
topology subnet
log-append /var/log/openvpn.log
和
port 1194
proto tcp
dev tun0
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fd7d:89e2:ccd5:09ef::/64
cipher AES-256-GCM
auth SHA512
ifconfig-pool-persist ipp.txt 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
reneg-bytes 32000000
compress lz4-v2
push "compress lz4-v2"
push "redirect-gateway"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
persist-key
persist-tun
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
duplicate-cn
client-to-client
topology subnet
log-append /var/log/openvpn.log
这是我为 VPN 添加的唯一 iptables 规则:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o ens3 -j MASQUERADE