我已按照本教程使用 Pi-Hole 设置 VPN。 https://docs.pi-hole.net/guides/vpn/overview/ 到此页面 https://docs.pi-hole.net/guides/vpn/firewall/ 本教程的其余部分都是一般信息。
完成后,我可以使用 OpenVPN Connect 连接到 VPN,也可以通过 VPN 访问安装在 Digital Ocean Droplet 上的 Ubuntu 18.04 上的 pi-hole 管理页面。
但连接到 vpn 后,我无法访问互联网或打开任何网站。
这是 openvpn 服务器配置:
local 165.22.194.235
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
#push "dhcp-option DNS 165.22.194.235"
#push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
log /var/log/openvpn.log
verb 3
我的 iptable 规则:
root@crownedeagle:~# iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere
2 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
3 ACCEPT udp -- anywhere anywhere udp dpt:openvpn
4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
5 ACCEPT udp -- anywhere anywhere udp dpt:domain
6 ACCEPT tcp -- anywhere anywhere tcp dpt:http
7 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
8 ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
9 ACCEPT udp -- anywhere anywhere udp dpt:openvpn
10 REJECT udp -- anywhere anywhere udp dpt:80 reject-with icmp-port-unreachable
11 REJECT tcp -- anywhere anywhere tcp dpt:https reject-with tcp-reset
12 REJECT udp -- anywhere anywhere udp dpt:443 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT all -- 10.8.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
root@crownedeagle:~#
我想使用这个 vpn 访问 pi-hole 来屏蔽广告。
我遗漏了什么或做错了什么。我应该在 OpenVPN 服务器配置文件中使用哪个 IP 地址,10.8.0.1 还是 Digital Ocean Droplet 的 IP 地址?
请帮忙..