无法在某些 IP 池上通过 openVPN 访问互联网

tag-icon tag-icon vpn openvpn
无法在某些 IP 池上通过 openVPN 访问互联网

我目前的设置是一台运行docker的Ubuntu 20.04服务器,容器内有一个OpenVPN服务器,具体来说这个

使用默认配置运行:

server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/ip.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/ip.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup
comp-lzo no

### Route Configurations Below
#route 192.168.254.0 255.255.255.0

### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "comp-lzo no"

允许我顺利连接到 VPN 和互联网。但是我去更改 IP 池,因为我将要连接的网络是,192.168.0.0/16并且可能会发生 IP 冲突。我将配置更改为:

server 10.255.0.0 255.255.255.0 # The only line that has changed
verb 3
key /etc/openvpn/pki/private/ip.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/ip.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup
comp-lzo no

### Route Configurations Below
#route 192.168.254.0 255.255.255.0

### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "comp-lzo no"

但我无法再连接到互联网。我可以 ping 服务器创建的网关,但尝试访问类似https://ipinfo.io不起作用。我试过了https://serverfault.com/questions/761857/changing-openvpn-dhcp-pool#761976毫无效果。我不知道如何使用route配置中的选项,而且到目前为止我读过的所有东西似乎都没有用,因为我并没有尝试访问服务器后面的机器,我只是尝试访问互联网。

有人知道我可能遗漏了什么或需要添加什么吗?谢谢。

编辑:以下是客户端设备的路由表。连接前:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eno1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eno1
192.168.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eno1

连接后(使用‘10.’配置服务器端):

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.255.0.5      0.0.0.0         UG        0 0          0 tun0
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eno1
10.255.0.1      10.255.0.5      255.255.255.255 UGH       0 0          0 tun0
10.255.0.5      0.0.0.0         255.255.255.255 UH        0 0          0 tun0
92.11.250.195   192.168.0.1     255.255.255.255 UGH       0 0          0 eno1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eno1
192.168.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eno1
192.168.0.1     0.0.0.0         255.255.255.255 UH        0 0          0 eno1

相关内容