所以我之前在 AWS EC2 上遇到了这个问题 - 我仍在学习网络和 VPS - 以及一般的系统管理员知识
我的设置过程:
AWS 仪表板 > EC2(俄亥俄州)> AMI > 选择 Openvpn 2 设备 > 所有默认配置 > 午餐 > shh 进入实例(openvpn ubuntu 20.04 服务器)> 所有默认设置
`
Will this be the primary Access Server node?
(enter 'no' to configure as a backup or standby node)
> Press ENTER for default [yes]:
Please specify the network interface and IP address to be
used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) eth0: 172.31.5.247
Please enter the option number from the list above (1-2).
> Press Enter for default [1]:
Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]:
Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [443]:
Should client traffic be routed by default through the VPN?
> Press ENTER for default [no]:
Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [no]:
Use local authentication via internal DB?
> Press ENTER for default [yes]:
Private subnets detected: ['172.31.0.0/16']
Should private subnets be accessible to clients by default?
> Press ENTER for EC2 default [yes]:
To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).
You can login to the Admin Web UI as "openvpn" or specify
a different user account to use for this purpose.
Do you wish to login to the Admin UI as "openvpn"?
> Press ENTER for default [yes]: no
> Specify the username for an existing user or for the new user account: user
Type the password for the 'user' account:
Confirm the password for the 'user' account:
> Please specify your Activation key (or leave blank to specify later): _I LEFT IT BLANK
Initializing OpenVPN...
Removing Cluster Admin user login...
userdel "admin_c"
Adding new user login...
useradd -s /sbin/nologin "user"
Writing as configuration file...
Perform sa init...
Wiping any previous userdb...
Creating default profile...
Modifying default profile...
Adding new user to userdb...
Modifying new user as superuser in userdb...
Getting hostname...
Hostname: 3.139.105.00 [SERVER IP]
Preparing web certificates...
Getting web user account...
Adding web group account...
Adding web group...
Adjusting license directory ownership...
Initializing confdb...
Generating PAM config...
Enabling service
Starting openvpnas...
NOTE: Your system clock must be correct for OpenVPN Access Server
to perform correctly. Please ensure that your time and date
are correct on this system.
Initial Configuration Complete!
然后我使用实例 IP 进入用户面板并下载文件.ovpn并连接
一切看起来都很好,直到我尝试检查我的 IP 却没有任何变化 - 并且在 OpenVPN 客户端上似乎没有流量进入服务器!
哪里错了?我没有改变任何东西,一切都保持默认
我应该提供什么信息/日志?
答案1
您需要检查两件事:
如果启用了拆分隧道,OpenVPN 只会通过 VPN 隧道发送本地流量。因此,为了让您的流量通过 VPN,您需要任何一个在 VPN 服务器配置中将目标 IP 地址添加到有趣的流量中或者确保全部您的流量正在通过 VPN 隧道路由。
确保禁用 EC2 实例的源/目标检查(在 AWS 控制台上)。