早上好,
我在我们的其中一台 OpenVPN 服务器上对客户端进行了以下配置:
client
dev do
proto tcp-client
persist-tun
remote XXX.XXX.XXX.XX 1194
nobind
cipher AES-128-CBC
comp-lzo yes
tls-exit
我现在的问题是,使用 OpenVPN Connect 的 Windows 客户端只能访问网络中的客户端,但 Outlook 和 Internet 不再起作用。我不想通过 VPN 路由所有流量,而只想使服务器可访问。但我现在不明白配置有什么问题。
2022-01-11 12:59:47 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-01-11 12:59:47 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:1194
2022-01-11 12:59:47 Socket Buffers: R=[131072->131072] S=[16384->16384]
2022-01-11 12:59:47 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:1194 [nonblock]
2022-01-11 12:59:47 TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:1194
2022-01-11 12:59:47 TCP_CLIENT link local: (not bound)
2022-01-11 12:59:47 TCP_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:1194
2022-01-11 12:59:47 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:1194, sid=0a30368d 98659558
2022-01-11 12:59:47 VERIFY OK: depth=1, C=DE, ST=NRW, L=xxx, CN=xx
2022-01-11 12:59:47 VERIFY OK: depth=0, C=DE, ST=NRW, L=xxx, CN=xx
2022-01-11 12:59:48 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA1
2022-01-11 12:59:48 [SSL-GP-xxxx] Peer Connection Initiated with [AF_INET]145.255.48.253:1194
2022-01-11 12:59:49 SENT CONTROL [SSL-GP-xxxx]: 'PUSH_REQUEST' (status=1)
2022-01-11 12:59:49 PUSH: Received control message: 'PUSH_REPLY,comp-lzo,route 192.168.200.0 255.255.255.0 vpn_gateway,route 192.168.220.0 255.255.255.0 vpn_gateway,dhcp-option DNS 192.168.100.9,dhcp-option WINS 192.168.100.9,route-gateway 192.168.254.1,topology subnet,ping 10,ping-restart 120,route 172.16.0.0 255.255.255.0 vpn_gateway,ifconfig 192.168.254.45 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2022-01-11 12:59:49 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-01-11 12:59:49 OPTIONS IMPORT: timers and/or timeouts modified
2022-01-11 12:59:49 OPTIONS IMPORT: compression parms modified
2022-01-11 12:59:49 OPTIONS IMPORT: --ifconfig/up options modified
2022-01-11 12:59:49 OPTIONS IMPORT: route options modified
2022-01-11 12:59:49 OPTIONS IMPORT: route-related options modified
2022-01-11 12:59:49 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-01-11 12:59:49 OPTIONS IMPORT: peer-id set
2022-01-11 12:59:49 OPTIONS IMPORT: adjusting link_mtu to 1627
2022-01-11 12:59:49 OPTIONS IMPORT: data channel crypto options modified
2022-01-11 12:59:49 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-01-11 12:59:49 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-01-11 12:59:49 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-01-11 12:59:49 net_route_v4_best_gw query: dst 0.0.0.0
2022-01-11 12:59:49 net_route_v4_best_gw result: via 172.16.0.1 dev wlp0s20f3
2022-01-11 12:59:49 ROUTE_GATEWAY 172.16.0.1/255.255.255.0 IFACE=wlp0s20f3 HWADDR=f8:5e:a0:2b:c4:5b
2022-01-11 12:59:49 TUN/TAP device tun0 opened
2022-01-11 12:59:49 net_iface_mtu_set: mtu 1500 for tun0
2022-01-11 12:59:49 net_iface_up: set tun0 up
2022-01-11 12:59:49 net_addr_v4_add: 192.168.254.45/24 dev tun0
2022-01-11 12:59:49 net_route_v4_add: 192.168.200.0/24 via 192.168.254.1 dev [NULL] table 0 metric -1
2022-01-11 12:59:49 net_route_v4_add: 192.168.220.0/24 via 192.168.254.1 dev [NULL] table 0 metric -1
2022-01-11 12:59:49 net_route_v4_add: 172.16.0.0/24 via 192.168.254.1 dev [NULL] table 0 metric -1