OpenVPN 通过隧道路由问题

OpenVPN 通过隧道路由问题

我知道这个问题已经被问过很多次了,但我就是无法让它工作:我有一个 raspberry pi 作为 stunnel 和 openvpn 服务器和一个 ubuntu 客户端,但尽管连接似乎正确,但每当我使用 VPN 时,我的所有互联网都会在客户端丢失。通过大量的搜索和阅读,这似乎是一个路由问题,但我不知道在哪里(raspberry pi 位于 193.168.2.31,启用了 ipv4 转发,公共 ip fake.ddns.net)。配置文件如下:

服务器隧道:

foreground=yes
chroot = /var/lib/stunnel4
pid = /stunnel4.pid
setuid = stunnel4
setgid = stunnel4
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
cert = /etc/stunnel/stunnel.pem
[openvpn]
accept = 443
connect = localhost:1194
cert = /etc/stunnel/stunnel.pem

服务器 openvpn:

port 1194
proto tcp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "192.168.2.31 255.255.255.255 net_gateway"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

客户端隧道:

foreground = yes
[openvpn]
client = yes  
accept = 1194
connect = fake.ddns.net:443
cert = stunnel.pem

客户端 openvpn

client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote localhost 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>...</ca>
<cert>...</cert>
<key>...</key>
<tls-auth>...</tls-auth>

值得注意的是,我在树莓派上也安装了 privoxy,当我只使用 stunnel 时(其他配置,更好的解释这里)一切正常

感谢您的耐心!!

根据@Andy的建议,以下是输出ip route show

0.0.0.0/1 通过 10.8.0.1 dev tun0 默认通过 192.168.2.1 dev wlp2s0 proto dhcp 度量 600 10.8.0.0/24 dev tun0 proto 内核范围链接源 10.8.0.2 127.0.0.1 通过 192.168.2.1 dev wlp2s0 128.0.0.0/1 通过 10.8.0.1 dev tun0 169.254.0.0/16 dev wlp2s0 范围链接度量 1000 192.168.2.0/24 dev wlp2s0 proto 内核范围链接源 192.168.2.100 度量 600 192.168.2.31 dev wlp2s0 范围链接

答案1

最后“强行”找到了答案,随机添加或删除配置参数,尽管这偏向于路由问题。我将route 192.168.2.31 255.255.255.255 net_gateway服务器更改为客户端,现在它可以正常工作了。因此,现在 openvpn 配置如下:

服务器 openvpn:

port 1194
proto tcp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

客户端 openvpn

client
dev tun
proto tcp
sndbuf 0
rcvbuf 0
remote localhost 1194
route fake.ddns.net 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>...</ca>
<cert>...</cert>
<key>...</key>
<tls-auth>...</tls-auth>

我不知道有什么区别,所以请任何理解的人添加到这个解决方案中

相关内容