我的一个朋友家里有一台树莓派,上面安装了 OpenVPN 服务器。他可以通过互联网上的 VPN 访问本地网络(打印机、WiFi 设置等)。但出于某种原因,他无法路由回它。以下是本地 OpenVPN 配置文件:
client
dev tun
proto udp
remote <server ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_MrmH0gFjOV3xl3NZ name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<public keys...>
本地网络为 192.168.0.x/24,VPN 子网为 10.8.0.x/24。如果您需要我们尚未想到的更多详细信息来帮助我们,请告知我们。
编辑(添加路由表和服务器配置):
路由表[路线-n]
Target Router Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
打开 VPN 服务器配置:
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_xxxxxx.crt
key /etc/openvpn/easy-rsa/pki/private/server_xxxxxx.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io