OpenVPN服务器和OpenVPN客户端在同一台机器上

tag-icon tag-icon iptables openvpn
OpenVPN服务器和OpenVPN客户端在同一台机器上

我在基于 debian 的虚拟机上为多个客户端运行 OpenVPN 服务器,由于许多复杂的原因,我希望该系统连接到另一个(外部)OpenVPN 服务器,以便我的客户端流量通过我的虚拟系统和通往万维网的外部 VPN。由于外部 VPN 服务器也运行 OpenVPN,我认为我的虚拟系统可以简单地充当中间人,作为外部 VPN 提供商的 OpenVPN 客户端和我的客户的 OpenVPN 服务器。但当我尝试进行设置时,OpenVPN 实例的设备似乎相互干扰。

本质上,我想要的设置是这样的:客户端 --> [带有 openvpn 服务器的我的 VM#1] --> [带有 vpn 服务提供商客户端的我的 VM#2] -> 互联网。我希望比我更有知识的人能够就如何进行设置提供建议。

VM#1 [openvpn 服务器]

root@buster:~#cat /etc/openvpn/server/server.conf
port 1199
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem


ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.33.10  netmask 255.255.255.0  broadcast 192.168.33.255

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1


route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.33.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1

openvpn 服务器端口 1199 已转发到主机

=====================

VM#2 [已连接外部服务 VPN 客户端]

root@buster:~#cat external-client.ovpn
client
dev tun
proto tcp
remote *.*.*.* 1188
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>


ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.33.11  netmask 255.255.255.0  broadcast 192.168.33.255

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.2  netmask 255.255.255.0  destination 10.8.0.2


route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.1        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
128.0.0.0       10.8.0.1        128.0.0.0       UG    0      0        0 tun0
*external-client-ip* 10.0.2.2        255.255.255.255 UGH   0      0        0 eth0
192.168.33.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1

答案1

如果没有看到您的两台服务器配置,我的猜测是您忘记为两台 VPN 服务器提供不同的 IPv4 子网。

在配置中,您可能会看到以下行:

server 10.8.0.0 255.255.255.0

因此,在另一个中,您将需要另一个子网。例如:

server 10.9.0.0 255.255.255.0

相关内容