已连接到 OpenVPN,但没有互联网连接,也无客户端到客户端的连接

已连接到 OpenVPN,但没有互联网连接,也无客户端到客户端的连接

我刚刚在 Raspberry pi v3 上安装了以下设置,其 IP 为 192.168.1.2:

  1. 首先,我安装了 PiHole
  2. 然后我安装了 PiVPN
  3. 做了一个调整/etc/openvpn/server.conf:我注释掉了现有的dhcp-options并添加了push "dhcp-option DNS 192.168.1.2"192.168.1.2PiHole_IP 在哪里
  4. 我为我的手机创建了一个证书

我能够从手机连接到 VPN,但如果我尝试打开任何网站,我都不会收到任何响应。如果我尝试在 LAN 上查找任何客户端,我也不会收到任何响应。

以下是从我手机的开放式 VPN 应用程序中获取的日志:

2018-02-10 14:02:41 1

2018-02-10 14:02:41 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04

2018-02-10 14:02:41 Frame=512/2048/512 mssfix-ctrl=1250

2018-02-10 14:02:41 UNUSED OPTIONS
4 [resolv-retry] [infinite] 
5 [nobind] 
6 [persist-key] 
7 [persist-tun] 
10 [verify-x509-name] [server_HASH] [name] 
14 [verb] [3] 

2018-02-10 14:02:41 EVENT: RESOLVE

2018-02-10 14:02:41 Contacting [MY_EXTERNAL_IP]:1194/UDP via UDP

2018-02-10 14:02:41 EVENT: WAIT

2018-02-10 14:02:41 Connecting to [MY_DNS_NAME]:1194 (MY_EXTERNAL_IP) via UDPv4

2018-02-10 14:02:41 EVENT: CONNECTING

2018-02-10 14:02:41 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client

2018-02-10 14:02:41 Creds: UsernameEmpty/PasswordEmpty

2018-02-10 14:02:41 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1


2018-02-10 14:02:42 VERIFY OK : depth=1
cert. version     : 3
serial number     : A7:A9:F2:46:05:5B:BD:D8
issuer name       : CN=ChangeMe
subject name      : CN=ChangeMe
issued  on        : 2018-10-10 16:04:51
expires on        : 2028-10-07 16:04:51
signed using      : RSA with SHA-256
RSA key size      : 4096 bits
basic constraints : CA=true
key usage         : Key Cert Sign, CRL Sign


2018-02-10 14:02:42 VERIFY OK : depth=0
cert. version     : 3
serial number     : 01
issuer name       : CN=ChangeMe
subject name      : CN=server_HASH
issued  on        : 2018-10-10 16:05:10
expires on        : 2028-10-07 16:05:10
signed using      : RSA with SHA-256
RSA key size      : 4096 bits
basic constraints : CA=false
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication


2018-02-10 14:02:42 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

2018-02-10 14:02:42 Session is ACTIVE

2018-02-10 14:02:42 EVENT: GET_CONFIG

2018-02-10 14:02:42 Sending PUSH_REQUEST to server...

2018-02-10 14:02:42 OPTIONS:
0 [dhcp-option] [DNS] [192.168.1.2] 
1 [block-outside-dns] 
2 [redirect-gateway] [def1] 
3 [route-gateway] [10.8.0.1] 
4 [topology] [subnet] 
5 [ping] [1800] 
6 [ping-restart] [3600] 
7 [ifconfig] [10.8.0.2] [255.255.255.0] 
8 [peer-id] [0] 
9 [cipher] [AES-256-GCM] 


2018-02-10 14:02:42 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA256
  compress: COMP_STUB
  peer ID: 0

2018-02-10 14:02:42 EVENT: ASSIGN_IP

2018-02-10 14:02:42 NIP: preparing TUN network settings

2018-02-10 14:02:42 NIP: init TUN network settings with endpoint: MY_EXTERNAL_IP

2018-02-10 14:02:42 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0

2018-02-10 14:02:42 NIP: adding (included) IPv4 route 10.8.0.0/24

2018-02-10 14:02:42 NIP: redirecting all IPv4 traffic to TUN interface

2018-02-10 14:02:42 NIP: adding DNS 192.168.1.2

2018-02-10 14:02:42 Connected via NetworkExtensionTUN

2018-02-10 14:02:42 LZO-ASYM init swap=0 asym=1

2018-02-10 14:02:42 Comp-stub init swap=1

2018-02-10 14:02:42 EVENT: CONNECTED MY_DNS_NAME.com:1194 (MY_EXTERNAL_IP) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

这是server.conf我通过添加/删除 dhcp-options 稍微修改过的,如上所述:

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_HASH.crt
key /etc/openvpn/easy-rsa/pki/private/server_HASH.key
dh none
ecdh-curve secp384r1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
#push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 192.168.1.2"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
compress lz4
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device. 
#duplicate-cn
# Generated for use by PiVPN.io

此外,我可以看到 PiHole 正在从 IP 10.0.8.2 接收请求,这些请求未被阻止。我不确定从哪里开始进行故障排除,并期待任何提示和指导 :-)

答案1

除了删除默认的 Google DNS 服务器和推“dhcp 选项 DNS 192.168.1.2”服务器配置文件,您已经完成了,请执行以下操作:

  • 转到/etc/dnsmasq.d并创建一个新文件,例如自定义配置文件sudo nano custom.conf),内容如下:

    listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1
    

    在哪里192.168.1.2是你的 Pi-hole DNS 地址,10.8.0.1是 PiVPN 网关。

    这确保了如果 Pi-hole 更新,其他配置文件的更改不会被覆盖。

  • 运行以下命令重启 OpenVPN 服务

    sudo service openvpn restart
    

现在,当您从客户端连接到 PiVPN 时,您应该能够访问互联网,并且 Pi-hole 应该会过滤所有广告。

相关内容