我在基于 debian 的虚拟机上为多个客户端运行 OpenVPN 服务器,由于许多复杂的原因,我希望该系统连接到另一个(外部)OpenVPN 服务器,以便我的客户端流量通过我的虚拟系统和通往万维网的外部 VPN。由于外部 VPN 服务器也运行 OpenVPN,我认为我的虚拟系统可以简单地充当中间人,作为外部 VPN 提供商的 OpenVPN 客户端和我的客户的 OpenVPN 服务器。但当我尝试进行设置时,OpenVPN 实例的设备似乎相互干扰。
本质上,我想要的设置是这样的:客户端 --> [带有 openvpn 服务器的我的 VM#1] --> [带有 vpn 服务提供商客户端的我的 VM#2] -> 互联网。我希望比我更有知识的人能够就如何进行设置提供建议。
VM#1 [openvpn 服务器]
root@buster:~#cat /etc/openvpn/server/server.conf
port 1199
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.33.10 netmask 255.255.255.0 broadcast 192.168.33.255
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
openvpn 服务器端口 1199 已转发到主机
=====================
VM#2 [已连接外部服务 VPN 客户端]
root@buster:~#cat external-client.ovpn
client
dev tun
proto tcp
remote *.*.*.* 1188
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.33.11 netmask 255.255.255.0 broadcast 192.168.33.255
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.2 netmask 255.255.255.0 destination 10.8.0.2
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
*external-client-ip* 10.0.2.2 255.255.255.255 UGH 0 0 0 eth0
192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
答案1
如果没有看到您的两台服务器配置,我的猜测是您忘记为两台 VPN 服务器提供不同的 IPv4 子网。
在配置中,您可能会看到以下行:
server 10.8.0.0 255.255.255.0
因此,在另一个中,您将需要另一个子网。例如:
server 10.9.0.0 255.255.255.0