我在 CentOS 8 上安装了 SSL OpenVPN。客户端连接成功,并且能够 ping 通远程 LAN,但无法访问远程 LAN 上的 Web 服务器。这是我的配置:
服务器
port 1194
proto udp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/My.crt
key /etc/openvpn/server/My.key
dh /etc/openvpn/server/dh.pem
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1"
push "route 200.200.200.0 255.255.255.0"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
duplicate-cn
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE- RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache
keepalive 20 60
persist-key
persist-tun
compress lz4
daemon
user nobody
group nobody
log-append /var/log/openvpn.log
verb 3
客户
client
dev tun
proto udp
remote my-public-ip 1194
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE- RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3
IP路由
default via 200.200.200.1 dev eno1 proto dhcp metric 100
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
200.200.200.0/24 dev eno1 proto kernel scope link src 200.200.200.3 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
答案1
如果我理解正确的话,您正在尝试让客户端访问网络服务器,如下所示:
(Client) --- VPN --> (VPN Server) --- LAN ---> (Webserver)
怀疑您的问题是未启用 IPv4 转发或有防火墙规则阻止数据包。这两个中IPv4数据包转发是比较常见的问题。
注意“ping 局域网”如果您正在 ping VPN 服务器的 LAN IP,则可能仍然有效,因为这些数据包不需要转发到另一台计算机。
在命令行输入:
sysctl net.ipv4.ip_forward
如果设置为,net.ipv4.ip_forward = 0那么您将需要启用它。编辑/etc/sysctl.conf并找到匹配的行并将其编辑为(删除任何#):
net.ipv4.ip_forward = 1
然后在命令行输入:
sysctl --system
如果不是这样,那么我接下来会看看您的iptables(防火墙)设置:
iptables -L