如何让 OpenVPN 的流量通过其自己的接口而不是默认路由器的接口?

tag-icon tag-icon openvpn
如何让 OpenVPN 的流量通过其自己的接口而不是默认路由器的接口?

我在 Linux/Debian 上设置了一个 OpenVPN 服务器。它应该是一个仅用于游戏目的的虚拟网络。这意味着我希望让它们的常规流量通过它们的默认路由器,并仅通过 OpenVPN 的连接引导游戏流量。以下是服务器配置

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
client-to-client
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

客户端配置

client
dev tap
proto udp
remote <MY_SERVER'S_IP> 1194 #CHANGEME
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert client3.crt
key client3.key
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
mute 20

我的所有客户端都位于 NAT 后面,本地子网为 192.168.1.0/24 或 192.168.0.0/24。作为客户端(Win10),我可以成功连接到服务器。至少 OpenVPN 的 GUI 框会弹出并显示已连接。但我甚至无法 ping 服务器(10.8.0.1),因为所有流量都经过默认路由 192.168.0.1。以下是路线-4 打印命令输出,然后连接到 OpenVPN 服务器。

===========================================================================
Список интерфейсов
 23...d8 97 ba 08 5d 16 ......Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30)
 11...00 ff 55 13 9e 5f ......TAP-Windows Adapter V9
 30...12 10 b3 ed e0 6c ......Microsoft Wi-Fi Direct Virtual Adapter #5
 22...22 10 b3 ed e0 6c ......Microsoft Wi-Fi Direct Virtual Adapter #6
 21...42 10 b3 ed e0 6c ......Microsoft Hosted Network Virtual Adapter #2
  8...30 10 b3 ed e0 6c ......Qualcomm Atheros AR956x Wireless Network Adapter
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес           Маска сети      Адрес шлюза       Интерфейс  Метрика
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.14     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.14    311
     192.168.0.14  255.255.255.255         On-link      192.168.0.14    311
    192.168.0.255  255.255.255.255         On-link      192.168.0.14    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.14    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.14    311
===========================================================================
Постоянные маршруты:
  Отсутствует

还有路线-4 打印连接成功后的输出:

===========================================================================
Список интерфейсов
 23...d8 97 ba 08 5d 16 ......Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30)
 11...00 ff 55 13 9e 5f ......TAP-Windows Adapter V9
 30...12 10 b3 ed e0 6c ......Microsoft Wi-Fi Direct Virtual Adapter #5
 22...22 10 b3 ed e0 6c ......Microsoft Wi-Fi Direct Virtual Adapter #6
 21...42 10 b3 ed e0 6c ......Microsoft Hosted Network Virtual Adapter #2
  8...30 10 b3 ed e0 6c ......Qualcomm Atheros AR956x Wireless Network Adapter
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес           Маска сети      Адрес шлюза       Интерфейс  Метрика
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.14     55
         10.8.0.0    255.255.255.0         On-link          10.8.0.2    281
         10.8.0.2  255.255.255.255         On-link          10.8.0.2    281
       10.8.0.255  255.255.255.255         On-link          10.8.0.2    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.14    311
     192.168.0.14  255.255.255.255         On-link      192.168.0.14    311
    192.168.0.255  255.255.255.255         On-link      192.168.0.14    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link          10.8.0.2    281
        224.0.0.0        240.0.0.0         On-link      192.168.0.14    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link          10.8.0.2    281
  255.255.255.255  255.255.255.255         On-link      192.168.0.14    311
===========================================================================
Постоянные маршруты:
  Отсутствует

我尝试过设置不同的度量到 0.0.0.0 或 10.8.0.0 路由,但没有到达目的地。 tracert.exe 10.8.0.1仍然通过 192.168.0.1。

$>tracert 10.8.0.1

Трассировка маршрута к 10.8.0.1 [10.8.0.1]
с максимальным числом прыжков 30:

  1     1 ms     1 ms     1 ms  rt [192.168.0.1]
  2    15 ms    14 ms    12 ms
--SNIPPED----

如果需要任何其他信息,我会更新此帖子。

答案1

看来,那设置dev tundev tap服务器配置解决了问题。还没有测试过,但是双向工作。

相关内容