我在服务器(XXXX/32)上成功安装了 OpenVPN 服务器。这是我的 OpenVPN 配置文件:
port 1194
proto udp6
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh.pem
crl-verify /etc/openvpn/keys
crl-verify /etc/openvpn/keys/ca-crl.pem
tls-auth /etc/openvpn/keys/ta.key 0
tls-server
auth SHA256
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
server 10.109.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
push "route 192.168.59.0 255.255.255.0"
keepalive 5 30
compress lzo
persist-key
persist-tun
user nobody
group nogroup
status openvpn-status.log
status-version 1
log-append /var/log/openvpn.log
verb 3
在该服务器(XXXX/32)上,我有一台运行在(仅主机网络)专用网络(vm.network“private_network”)中的流浪机器,IP为192.168.59.2。
从本地主机连接到 OpenVPN 后,我想 ping 192.168.59.2。我只能 ping 通 192.168.59.1。正如你所看到的Vagrant专用网络,和OpenVPN网络是不同的。请问有人可以帮助解决这个问题吗?我还附上了我的 ovpn(片段)文件:
tls-client
auth SHA256
cipher AES-256-CBC
remote-cert-tls server
tls-version-min 1.2
proto udp
remote X.X.X.X 1194
dev tun
resolv-retry 5
nobind
keepalive 5 30
compress lzo
persist-key
persist-tun
verb 3
route-method exe
route-delay 2
key-direction 1
编辑1:我使用 192.168.59.2 因为 vagrant 显示以下警告vagrant up
:
guest: You assigned a static IP ending in ".1" to this machine. ==> guest: This is very often used by the router and can cause the ==> guest: network to not work properly. If the network doesn't work ==> guest: properly, try changing this IP.
Vagrant 机器上的路由 -n 输出:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3
10.0.2.2 0.0.0.0 255.255.255.255 UH 100 0 0 enp0s3
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.59.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8
编辑2: Vagrant 的机器 ip 更改为192.168.59.1
.我还在 ovpn 文件中添加了以下行:
route 192.168.59.0 255.255.255.0
从 localhost 我现在可以192.168.59.1
在连接到 vpn 后 ping 通,但我仍然无法 ping 通192.168.59.2
。
答案1
好的,我找到了解决方案。我的 vagrant 机器(virtualbox 提供商)位于 IP 192.168.59.2 的专用网络上,服务器 (XXXX/32) 上。
如果我想从本地主机 ping 192.168.59.2,在连接到 VPN 后,我需要首先在 vagrant 机器内执行以下命令:
ip route add 10.109.0.0/16 via 192.168.59.1 dev <VARGRANT_NETWORK_INTERFACE>
在哪里:
- 10.109.0.0 = 开放VPN网络
- 192.168.59.1 = vboxnet* IP
- VARGRANT_NETWORK_INTERFACE = 在我的例子中是
enp0s8