我正在尝试让 Windows Server 2019 上的 OpenVPN 服务器正确地将流量路由到内部 LAN,但到目前为止,我根本无法让它工作,无法 ping 服务器的 LAN IP 或 LAN 内的任何其他 IP。我尝试使用 NetHack,但无法让它工作(暂时撤消了它),我也启用了 IP 转发,但也没有成功。
- 网络设置很简单:
服务器:192.168.44.2
网关:192.168.44.254[USG Pro 4]
LAN:192.168.44.0/24
VPN:192.168.10.0/24 server.conf:local 192.168.44.2 port 1194 proto udp4 dev tun ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" cert "C:\\Program Files\\OpenVPN\\config\\server.crt" key "C:\\Program Files\\OpenVPN\\config\\server.key" dh "C:\\Program Files\\OpenVPN\\config\\dh.pem" topology subnet server 192.168.10.0 255.255.255.0 ifconfig-pool-persist ipp.txt route-method exe route-delay push "route 192.168.44.0 255.255.255.0" push "route 192.168.10.0 255.255.255.0" client-to-client duplicate-cn keepalive 10 120 cipher AES-256-GCM persist-key persist-tun status openvpn-status.log verb 3 explicit-exit-notify 1 client-config-dir "C:\\Program Files\\OpenVPN\\config\\ccd" ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\log\\ipp.txt" 5client.conf:client dev tun proto udp remote **.**.**.** 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-256-CBC verb 3 route 192.168.44.0 255.255.255.0
- 服务器路由表:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.44.254 192.168.44.2 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.10.0 255.255.255.0 On-link 192.168.44.2 26 192.168.10.255 255.255.255.255 On-link 192.168.44.2 281 192.168.44.0 255.255.255.0 On-link 192.168.44.2 281 192.168.44.0 255.255.255.0 On-link 192.168.137.1 26 192.168.44.2 255.255.255.255 On-link 192.168.44.2 281 192.168.44.255 255.255.255.255 On-link 192.168.44.2 281 192.168.44.255 255.255.255.255 On-link 192.168.137.1 281 192.168.137.0 255.255.255.0 On-link 192.168.137.1 281 192.168.137.1 255.255.255.255 On-link 192.168.137.1 281 192.168.137.255 255.255.255.255 On-link 192.168.137.1 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.137.1 281 224.0.0.0 240.0.0.0 On-link 192.168.44.2 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.137.1 281 255.255.255.255 255.255.255.255 On-link 192.168.44.2 281 - 客户端路由表:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.140 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.1.0 255.255.255.0 On-link 192.168.1.140 281 192.168.1.140 255.255.255.255 On-link 192.168.1.140 281 192.168.1.255 255.255.255.255 On-link 192.168.1.140 281 192.168.10.0 255.255.255.0 On-link 192.168.10.2 281 192.168.10.0 255.255.255.0 192.168.10.1 192.168.10.2 25 192.168.10.2 255.255.255.255 On-link 192.168.10.2 281 192.168.10.255 255.255.255.255 On-link 192.168.10.2 281 192.168.44.0 255.255.255.0 192.168.10.1 192.168.10.2 25 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.10.2 281 224.0.0.0 240.0.0.0 On-link 192.168.1.140 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.10.2 281 255.255.255.255 255.255.255.255 On-link 192.168.1.140 281 ===========================================================================
解决方案 @JW0194 从客户端配置中删除路由(已推送)。如果无法解决,请添加到服务器配置:推送 dhcp-option DNS 192.168.44.254(如果 .254 是路由器的 LAN 接口)并推送 dhcp-option WINS 192.168.44.254