首先,我是服务器方面的新手,但对编程之类的东西却不是,所以对命令行等并不完全陌生。
其次,我想在我的远程服务器上运行 openvpn 并从我的 ubuntu 桌面连接,以绕过广播和电视等方面的地理限制。
到目前为止,我已经设法进行了一些简单的教程设置,我可以 ping 我的远程服务器,但现在我在使用 vpn 进行所有互联网活动时遇到了问题,并且无法转发我的 ip。使用我当前的设置,我可以成功 ping 服务器,但当我尝试使用 Firefox 时,它会反复尝试获取页面而不移动任何地方。
我认为可能是我的客户端日志中存在此错误
Sat Sep 19 15:45:17 2009 us=102181 WARNING: potential route subnet conflict between local LAN [10.1.1.0/255.255.255.0] and remote VPN [10.1.1.1/255.255.255.25$
我为客户端执行了 ifconfig,但在任何地方都看不到 10.1.1.x,所以不知道它为什么会抱怨。(请原谅我的日语)
客户端 ifconig
eth0 Link encap:イーサネット ハードウェアアドレス 00:23:54:0d:37:61
inetアドレス:192.168.11.2 ブロードキャスト:192.168.11.255 マスク:255.255.255.0
inet6アドレス: fe80::223:54ff:fe0d:3761/64 範囲:リンク
UP BROADCAST RUNNING MULTICAST MTU:1500 メトリック:1
RXパケット:149701 エラー:0 損失:0 オーバラン:0 フレーム:0
TXパケット:132252 エラー:0 損失:0 オーバラン:0 キャリア:11
衝突(Collisions):0 TXキュー長:1000
RXバイト:168148922 (168.1 MB) TXバイト:18294134 (18.2 MB)
割り込み:251
lo Link encap:ローカルループバック
inetアドレス:127.0.0.1 マスク:255.0.0.0
inet6アドレス: ::1/128 範囲:ホスト
UP LOOPBACK RUNNING MTU:16436 メトリック:1
RXパケット:68 エラー:0 損失:0 オーバラン:0 フレーム:0
TXパケット:68 エラー:0 損失:0 オーバラン:0 キャリア:0
衝突(Collisions):0 TXキュー長:0
RXバイト:7608 (7.6 KB) TXバイト:7608 (7.6 KB)
tun0 Link encap:不明なネット ハードウェアアドレス 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inetアドレス:10.1.1.6 P-t-P:10.1.1.5 マスク:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 メトリック:1
RXパケット:4 エラー:0 損失:0 オーバラン:0 フレーム:0
TXパケット:4 エラー:0 損失:0 オーバラン:0 キャリア:0
衝突(Collisions):0 TXキュー長:100
RXバイト:336 (336.0 B) TXバイト:336 (336.0 B)
可能是那个错误吗?如果是,我该如何解决它。如果失败了,我不确定它可能是什么,所以这里是我的配置文件
客户端配置
client
dev tun
proto tcp
remote ***.***.**.*** 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
cipher BF-CBC
comp-lzo
status /etc/openvpn/openvpn-status.log
log /etc/openvpn/openvpn.log
verb 5
服务器配置
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.1.1.0 255.255.255.128
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
serverChain INPUT 的 iftables(策略 DROP 1 个数据包,40 字节)
pkts bytes target prot opt in out source destination
199 14380 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT all -- lo any anywhere anywhere
333 64149 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
11 924 ACCEPT all -- tun+ any anywhere anywhere
0 0 ACCEPT udp -- venet0 any anywhere anywhere udp dpt:openvpn
6 360 ACCEPT tcp -- venet0 any anywhere anywhere tcp dpt:openvpn
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
27 1620 ACCEPT all -- tun0 venet0 anywhere anywhere
0 0 ACCEPT all -- venet0 tun0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 441 packets, 50749 bytes)
pkts bytes target prot opt in out source destination
11 924 ACCEPT all -- any tun+ anywhere anywhere
最后客户端日志显示我的服务器 IP 被注释掉了
pkts bytes taSat Sep 19 16:12:03 2009 us=410978 Current Parameter Settings:
Sat Sep 19 16:12:03 2009 us=411095 config = 'client.conf'
Sat Sep 19 16:12:03 2009 us=411117 mode = 0
Sat Sep 19 16:12:03 2009 us=411134 persist_config = DISABLED
Sat Sep 19 16:12:03 2009 us=411151 persist_mode = 1
Sat Sep 19 16:12:03 2009 us=411168 show_ciphers = DISABLED
Sat Sep 19 16:12:03 2009 us=411185 show_digests = DISABLED
Sat Sep 19 16:12:03 2009 us=411201 show_engines = DISABLED
Sat Sep 19 16:12:03 2009 us=411217 genkey = DISABLED
Sat Sep 19 16:12:03 2009 us=411233 key_pass_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411249 show_tls_ciphers = DISABLED
Sat Sep 19 16:12:03 2009 us=411268 Connection profiles [default]:
Sat Sep 19 16:12:03 2009 us=411285 proto = tcp-client
Sat Sep 19 16:12:03 2009 us=411301 local = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411317 local_port = 0
Sat Sep 19 16:12:03 2009 us=411334 remote = '***.***.**.***'
Sat Sep 19 16:12:03 2009 us=411350 remote_port = 1194
Sat Sep 19 16:12:03 2009 us=411366 remote_float = DISABLED
Sat Sep 19 16:12:03 2009 us=411382 bind_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=411398 bind_local = DISABLED
Sat Sep 19 16:12:03 2009 us=411415 connect_retry_seconds = 5
Sat Sep 19 16:12:03 2009 us=411431 connect_timeout = 10
Sat Sep 19 16:12:03 2009 us=411447 connect_retry_max = 0
Sat Sep 19 16:12:03 2009 us=411464 socks_proxy_server = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411480 socks_proxy_port = 0
Sat Sep 19 16:12:03 2009 us=411496 socks_proxy_retry = DISABLED
Sat Sep 19 16:12:03 2009 us=411515 Connection profiles END
Sat Sep 19 16:12:03 2009 us=411531 remote_random = DISABLED
Sat Sep 19 16:12:03 2009 us=411548 ipchange = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411564 dev = 'tun'
Sat Sep 19 16:12:03 2009 us=411580 dev_type = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411596 dev_node = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411612 lladdr = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411628 topology = 1
Sat Sep 19 16:12:03 2009 us=411644 tun_ipv6 = DISABLED
Sat Sep 19 16:12:03 2009 us=411661 ifconfig_local = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411677 ifconfig_remote_netmask = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=411694 ifconfig_noexec = DISABLED
Sat Sep 19 16:12:03 2009 us=411710 ifconfig_nowarn = DISABLED
Sat Sep 19 16:12:03 2009 us=411726 shaper = 0
Sat Sep 19 16:12:03 2009 us=411742 tun_mtu = 1500
Sat Sep 19 16:12:03 2009 us=411758 tun_mtu_defined = ENABLED
Sat Sep 19 16:12:03 2009 us=411774 link_mtu = 1500
Sat Sep 19 16:12:03 2009 us=411790 link_mtu_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=411807 tun_mtu_extra = 0
Sat Sep 19 16:12:03 2009 us=411823 tun_mtu_extra_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=411839 fragment = 0
Sat Sep 19 16:12:03 2009 us=411855 mtu_discover_type = -1
Sat Sep 19 16:12:03 2009 us=411876 mtu_test = 0
Sat Sep 19 16:12:03 2009 us=411894 mlock = DISABLED
Sat Sep 19 16:12:03 2009 us=411910 keepalive_ping = 0
Sat Sep 19 16:12:03 2009 us=411927 keepalive_timeout = 0
Sat Sep 19 16:12:03 2009 us=411943 inactivity_timeout = 0
Sat Sep 19 16:12:03 2009 us=411959 ping_send_timeout = 0
Sat Sep 19 16:12:03 2009 us=411975 ping_rec_timeout = 0
Sat Sep 19 16:12:03 2009 us=411994 ping_rec_timeout_action = 0
Sat Sep 19 16:12:03 2009 us=412010 ping_timer_remote = DISABLED
Sat Sep 19 16:12:03 2009 us=412026 remap_sigusr1 = 0
Sat Sep 19 16:12:03 2009 us=412042 explicit_exit_notification = 0
Sat Sep 19 16:12:03 2009 us=412058 persist_tun = ENABLED
Sat Sep 19 16:12:03 2009 us=412074 persist_local_ip = DISABLED
Sat Sep 19 16:12:03 2009 us=412090 persist_remote_ip = DISABLED
Sat Sep 19 16:12:03 2009 us=412106 persist_key = ENABLED
Sat Sep 19 16:12:03 2009 us=412123 mssfix = 1450
Sat Sep 19 16:12:03 2009 us=412138 passtos = DISABLED
Sat Sep 19 16:12:03 2009 us=412155 resolve_retry_seconds = 1000000000
Sat Sep 19 16:12:03 2009 us=412171 username = 'nobody'
Sat Sep 19 16:12:03 2009 us=412187 groupname = 'nogroup'
Sat Sep 19 16:12:03 2009 us=412203 chroot_dir = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412219 cd_dir = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412248 writepid = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412265 up_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412282 down_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412298 down_pre = DISABLED
Sat Sep 19 16:12:03 2009 us=412314 up_restart = DISABLED
Sat Sep 19 16:12:03 2009 us=412330 up_delay = DISABLED
Sat Sep 19 16:12:03 2009 us=412346 daemon = DISABLED
Sat Sep 19 16:12:03 2009 us=412362 inetd = 0
Sat Sep 19 16:12:03 2009 us=412378 log = ENABLED
Sat Sep 19 16:12:03 2009 us=412394 suppress_timestamps = DISABLED
Sat Sep 19 16:12:03 2009 us=412411 nice = 0
Sat Sep 19 16:12:03 2009 us=412427 verbosity = 5
Sat Sep 19 16:12:03 2009 us=412443 mute = 0
Sat Sep 19 16:12:03 2009 us=412459 gremlin = 0
Sat Sep 19 16:12:03 2009 us=412475 status_file = '/etc/openvpn/openvpn-status.log'
Sat Sep 19 16:12:03 2009 us=412491 status_file_version = 1
Sat Sep 19 16:12:03 2009 us=412507 status_file_update_freq = 60
Sat Sep 19 16:12:03 2009 us=412523 occ = ENABLED
Sat Sep 19 16:12:03 2009 us=412540 rcvbuf = 65536
Sat Sep 19 16:12:03 2009 us=412556 sndbuf = 65536
Sat Sep 19 16:12:03 2009 us=412572 sockflags = 0
Sat Sep 19 16:12:03 2009 us=412588 fast_io = DISABLED
Sat Sep 19 16:12:03 2009 us=412605 lzo = 7
Sat Sep 19 16:12:03 2009 us=412621 route_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412637 route_default_gateway = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412653 route_default_metric = 0
Sat Sep 19 16:12:03 2009 us=412669 route_noexec = DISABLED
Sat Sep 19 16:12:03 2009 us=412685 route_delay = 0
Sat Sep 19 16:12:03 2009 us=412701 route_delay_window = 30
Sat Sep 19 16:12:03 2009 us=412717 route_delay_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=412733 route_nopull = DISABLED
Sat Sep 19 16:12:03 2009 us=412750 route_gateway_via_dhcp = DISABLED
Sat Sep 19 16:12:03 2009 us=412766 allow_pull_fqdn = DISABLED
Sat Sep 19 16:12:03 2009 us=412782 management_addr = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412799 management_port = 0
Sat Sep 19 16:12:03 2009 us=412815 management_user_pass = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412832 management_log_history_cache = 250
Sat Sep 19 16:12:03 2009 us=412848 management_echo_buffer_size = 100
Sat Sep 19 16:12:03 2009 us=412864 management_write_peer_info_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412881 management_flags = 0
Sat Sep 19 16:12:03 2009 us=412897 shared_secret_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=412914 key_direction = 0
Sat Sep 19 16:12:03 2009 us=412931 ciphername_defined = ENABLED
Sat Sep 19 16:12:03 2009 us=412947 ciphername = 'BF-CBC'
Sat Sep 19 16:12:03 2009 us=412964 authname_defined = ENABLED
Sat Sep 19 16:12:03 2009 us=412980 authname = 'SHA1'
Sat Sep 19 16:12:03 2009 us=412996 keysize = 0
Sat Sep 19 16:12:03 2009 us=413012 engine = DISABLED
Sat Sep 19 16:12:03 2009 us=413029 replay = ENABLED
Sat Sep 19 16:12:03 2009 us=413045 mute_replay_warnings = DISABLED
Sat Sep 19 16:12:03 2009 us=413068 replay_window = 64
Sat Sep 19 16:12:03 2009 us=413085 replay_time = 15
Sat Sep 19 16:12:03 2009 us=413102 packet_id_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413118 use_iv = ENABLED
Sat Sep 19 16:12:03 2009 us=413134 test_crypto = DISABLED
Sat Sep 19 16:12:03 2009 us=413151 tls_server = DISABLED
Sat Sep 19 16:12:03 2009 us=413167 tls_client = ENABLED
Sat Sep 19 16:12:03 2009 us=413183 key_method = 2
Sat Sep 19 16:12:03 2009 us=413200 ca_file = 'ca.crt'
Sat Sep 19 16:12:03 2009 us=413216 ca_path = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413232 dh_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413248 cert_file = 'client1.crt'
Sat Sep 19 16:12:03 2009 us=413265 priv_key_file = 'client1.key'
Sat Sep 19 16:12:03 2009 us=413281 pkcs12_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413297 cipher_list = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413313 tls_verify = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413329 tls_remote = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413346 crl_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413375 ns_cert_type = 64
Sat Sep 19 16:12:03 2009 us=413392 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413409 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413425 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413441 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413457 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413473 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413489 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413504 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413520 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413536 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413552 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413568 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413584 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413599 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413615 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413631 remote_cert_ku[i] = 0
Sat Sep 19 16:12:03 2009 us=413647 remote_cert_eku = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413664 tls_timeout = 2
Sat Sep 19 16:12:03 2009 us=413680 renegotiate_bytes = 0
Sat Sep 19 16:12:03 2009 us=413696 renegotiate_packets = 0
Sat Sep 19 16:12:03 2009 us=413713 renegotiate_seconds = 3600
Sat Sep 19 16:12:03 2009 us=413729 handshake_window = 60
Sat Sep 19 16:12:03 2009 us=413745 transition_window = 3600
Sat Sep 19 16:12:03 2009 us=413761 single_session = DISABLED
Sat Sep 19 16:12:03 2009 us=413777 tls_exit = DISABLED
Sat Sep 19 16:12:03 2009 us=413793 tls_auth_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=413810 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413826 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413843 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413859 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413875 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413891 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413907 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413923 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413939 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413955 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413971 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=413987 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=414002 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=414018 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=414034 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=414051 pkcs11_protected_authentication = DISABLED
Sat Sep 19 16:12:03 2009 us=414067 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414084 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414100 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414116 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414132 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414149 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414165 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414181 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414197 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414213 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414229 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414245 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414261 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414277 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414294 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414309 pkcs11_private_mode = 00000000
Sat Sep 19 16:12:03 2009 us=414325 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414341 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414369 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414386 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414402 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414418 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414434 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414450 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414466 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414482 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414498 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414514 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414530 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414546 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414563 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414578 pkcs11_cert_private = DISABLED
Sat Sep 19 16:12:03 2009 us=414595 pkcs11_pin_cache_period = -1
Sat Sep 19 16:12:03 2009 us=414611 pkcs11_id = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414627 pkcs11_id_management = DISABLED
Sat Sep 19 16:12:03 2009 us=414655 server_network = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414674 server_netmask = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414691 server_bridge_ip = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414709 server_bridge_netmask = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414726 server_bridge_pool_start = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414743 server_bridge_pool_end = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414760 ifconfig_pool_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=414777 ifconfig_pool_start = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414795 ifconfig_pool_end = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414812 ifconfig_pool_netmask = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=414828 ifconfig_pool_persist_filename = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414849 ifconfig_pool_persist_refresh_freq = 600
Sat Sep 19 16:12:03 2009 us=414867 n_bcast_buf = 256
Sat Sep 19 16:12:03 2009 us=414883 tcp_queue_limit = 64
Sat Sep 19 16:12:03 2009 us=414899 real_hash_size = 256
Sat Sep 19 16:12:03 2009 us=414915 virtual_hash_size = 256
Sat Sep 19 16:12:03 2009 us=414932 client_connect_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414948 learn_address_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414965 client_disconnect_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414981 client_config_dir = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=414997 ccd_exclusive = DISABLED
Sat Sep 19 16:12:03 2009 us=415014 tmp_dir = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=415030 push_ifconfig_defined = DISABLED
Sat Sep 19 16:12:03 2009 us=415047 push_ifconfig_local = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=415065 push_ifconfig_remote_netmask = 0.0.0.0
Sat Sep 19 16:12:03 2009 us=415081 enable_c2c = DISABLED
Sat Sep 19 16:12:03 2009 us=415098 duplicate_cn = DISABLED
Sat Sep 19 16:12:03 2009 us=415114 cf_max = 0
Sat Sep 19 16:12:03 2009 us=415131 cf_per = 0
Sat Sep 19 16:12:03 2009 us=415147 max_clients = 1024
Sat Sep 19 16:12:03 2009 us=415164 max_routes_per_client = 256
Sat Sep 19 16:12:03 2009 us=415180 client_cert_not_required = DISABLED
Sat Sep 19 16:12:03 2009 us=415196 username_as_common_name = DISABLED
Sat Sep 19 16:12:03 2009 us=415213 auth_user_pass_verify_script = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=415229 auth_user_pass_verify_script_via_file = DISABLED
Sat Sep 19 16:12:03 2009 us=415245 port_share_host = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=415262 port_share_port = 0
Sat Sep 19 16:12:03 2009 us=415278 client = ENABLED
Sat Sep 19 16:12:03 2009 us=415294 pull = ENABLED
Sat Sep 19 16:12:03 2009 us=415311 auth_user_pass_file = '[UNDEF]'
Sat Sep 19 16:12:03 2009 us=415328 OpenVPN 2.1_rc11 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 9 2009
Sat Sep 19 16:12:03 2009 us=416184 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Sat Sep 19 16:12:03 2009 us=542574 LZO compression initialized
Sat Sep 19 16:12:03 2009 us=542740 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Sep 19 16:12:03 2009 us=542839 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Sep 19 16:12:03 2009 us=542877 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Sep 19 16:12:03 2009 us=542895 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Sep 19 16:12:03 2009 us=542929 Local Options hash (VER=V4): '69109d17'
Sat Sep 19 16:12:03 2009 us=542954 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sat Sep 19 16:12:03 2009 us=543531 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Sep 19 16:12:03 2009 us=543582 Attempting to establish TCP connection with ***.***.**.***:1194 [nonblock]
Sat Sep 19 16:12:04 2009 us=543727 TCP connection established with ***.***.**.***:1194
Sat Sep 19 16:12:04 2009 us=543788 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sat Sep 19 16:12:04 2009 us=543812 TCPv4_CLIENT link local: [undef]
Sat Sep 19 16:12:04 2009 us=543841 TCPv4_CLIENT link remote: ***.***.**.***:1194
WRSat Sep 19 16:12:04 2009 us=544185 TLS: Initial packet from ***.***.**.***:1194, sid=b7baae8e 3f7be9ea
WRWWRRWRRRWWRWRWRRWWRWRWRRWWRWRWRRWWRWRWRSat Sep 19 16:12:08 2009 us=724208 VERIFY OK: depth=1, /C=UK/ST=GM/L=Manchester/O=YoFelix/CN=YoFelix_CA/[email protected]
Sat Sep 19 16:12:08 2009 us=724381 VERIFY OK: nsCertType=SERVER
Sat Sep 19 16:12:08 2009 us=724404 VERIFY OK: depth=0, /C=UK/ST=GM/L=Manchester/O=YoFelix/CN=server/[email protected]
RWWRWRWRRWWWWWRWRRRWWWRWRWRRWWRWRWRRWWRWRWRRWWRWRRRRWWWWRRRRRRSat Sep 19 16:12:14 2009 us=580994 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Sep 19 16:12:14 2009 us=581035 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Sep 19 16:12:14 2009 us=581123 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Sep 19 16:12:14 2009 us=581143 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WWSat Sep 19 16:12:14 2009 us=581210 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Sep 19 16:12:14 2009 us=581245 [server] Peer Connection Initiated with ***.***.**.***:1194
Sat Sep 19 16:12:15 2009 us=829569 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
WRRRSat Sep 19 16:12:16 2009 us=392662 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,route 10.1.1.1,ping 10,ping-restart 120,ifconfig 10.1.1.6 10.1.1.5'
Sat Sep 19 16:12:16 2009 us=392720 OPTIONS IMPORT: timers and/or timeouts modified
Sat Sep 19 16:12:16 2009 us=392738 OPTIONS IMPORT: --ifconfig/up options modified
Sat Sep 19 16:12:16 2009 us=392755 OPTIONS IMPORT: route options modified
Sat Sep 19 16:12:16 2009 us=392930 ROUTE default_gateway=192.168.11.1
Sat Sep 19 16:12:16 2009 us=393740 TUN/TAP device tun0 opened
Sat Sep 19 16:12:16 2009 us=393779 TUN/TAP TX queue length set to 100
Sat Sep 19 16:12:16 2009 us=393818 /sbin/ifconfig tun0 10.1.1.6 pointopoint 10.1.1.5 mtu 1500
Sat Sep 19 16:12:16 2009 us=397075 /sbin/route add -net ***.***.**.*** netmask 255.255.255.255 gw 192.168.11.1
Sat Sep 19 16:12:16 2009 us=398944 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Sat Sep 19 16:12:16 2009 us=400546 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.1.1.5
Sat Sep 19 16:12:16 2009 us=402024 WARNING: potential route subnet conflict between local LAN [10.1.1.0/255.255.255.0] and remote VPN [10.1.1.1/255.255.255.255]
Sat Sep 19 16:12:16 2009 us=402073 /sbin/route add -net 10.1.1.1 netmask 255.255.255.255 gw 10.1.1.5
Sat Sep 19 16:12:16 2009 us=403326 GID set to nogroup
Sat Sep 19 16:12:16 2009 us=403367 UID set to nobody
Sat Sep 19 16:12:16 2009 us=403388 Initialization Sequence Completed
WWrWRwrWRwrWRwrWRwWRWRrWrWrWrWrWrWRrWRWrWRrWrWrWRrWRrWRWRWrWRWRrWRWRWrWrWrWrWrWrWRrWrWRWrWRWrWRrWrWRrWRrWrWRWRrWRWRWrWRrWrWRWrWRrWRWRWrWrWRrWrWRWRrWrWRWRrWrWRWRWrWRrWrget
我按照 pqd 的建议将 nat 规则添加到 iptables 中,这样我就可以访问网页,但速度非常慢。我不知道这是否是常态,但我有一种隐隐的怀疑,我上面提到的子网冲突正在导致一些问题。从那时起,我尝试将我的 vpn 网络地址更改为 10.2.2.0,看看它是否会改变任何东西,但消息是一样的。它说的这个本地网络是什么???路由器和台式电脑之间的那个???如果我在本地桌面上执行 ifconfig,我看不到任何 10.2.2。?
这是路线-r
10.2.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.2.2.0 10.2.2.2 255.255.255.128 UG 0 0 0 tun0
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0
******************** 耶!!!!!!!!! *********************
是的,我让它工作了,并且速度也提高了。
答案1
做一些事情
1 确保您已在 vpn 服务器上启用 pkt 转发:
cat /proc/sys/net/ipv4/ip_forward
如果没有运行,则应为 1:
echo 1 > /proc/sys/net/ipv4/ip_forward
2 为了更好地衡量,请添加 [ 其实不需要,因为您允许来自/到 tun0 的流量。]
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
3 最后 - 对来自 vpn 的流量进行 nat - 即:用服务器地址替换连接的源 ip 地址
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
我认为最后一点是缺失的……