这几天我很难弄清楚 openVPN 出了什么问题。几天前,我在 Debian 服务器和 Ubuntu 客户端上安装并配置了 openVPN。我面临着一个奇怪的行为:OpenVPN 服务器可以随时对传入流量进行 NAT,但并非总是如此!
看起来iptablesDebian 服务器上的规则每天都会在某个指定时间被删除(但我不确定),因为第二天,如果我重新输入 iptable 规则(用于 NAT 和 DNS 查询转发),如下所示,
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -i tun+ -p udp --dport 53 -j DNAT --to-destination 8.8.8.8
并强制重新加载 openvpn 守护进程并重新启动 openvpn (在两端),流量将按预期路由。我已将 iptables 规则保存在文件中/etc/iptables.conf我在启动时重新加载它(/etc/rc.local),但问题仍然存在。这是我的内容/etc/iptables.conf:
# Generated by iptables-save v1.4.14 on Tue Apr 15 13:50:46 2014
*security
:INPUT ACCEPT [166249:16762540]
:FORWARD ACCEPT [3659:1318578]
:OUTPUT ACCEPT [165776:17724102]
COMMIT
# Completed on Tue Apr 15 13:50:46 2014
# Generated by iptables-save v1.4.14 on Tue Apr 15 13:50:46 2014
*raw
:PREROUTING ACCEPT [169911:18081298]
:OUTPUT ACCEPT [165776:17724102]
COMMIT
# Completed on Tue Apr 15 13:50:46 2014
# Generated by iptables-save v1.4.14 on Tue Apr 15 13:50:46 2014
*nat
:PREROUTING ACCEPT [42:2524]
:INPUT ACCEPT [1:40]
:OUTPUT ACCEPT [24:1504]
:POSTROUTING ACCEPT [24:1504]
-A PREROUTING -i tun+ -p udp -m udp --dport 53 -j DNAT --to-destination 8.8.8.8
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Apr 15 13:50:46 2014
# Generated by iptables-save v1.4.14 on Tue Apr 15 13:50:46 2014
*mangle
:PREROUTING ACCEPT [169911:18081298]
:INPUT ACCEPT [166249:16762540]
:FORWARD ACCEPT [3659:1318578]
:OUTPUT ACCEPT [165776:17724102]
:POSTROUTING ACCEPT [169435:19042680]
COMMIT
# Completed on Tue Apr 15 13:50:46 2014
# Generated by iptables-save v1.4.14 on Tue Apr 15 13:50:46 2014
*filter
:INPUT ACCEPT [166249:16762540]
:FORWARD ACCEPT [3659:1318578]
:OUTPUT ACCEPT [165776:17724102]
COMMIT
# Completed on Tue Apr 15 13:50:46 2014
这里我已经发布了我的配置文件。我的工作 client.conf 和 server.conf 与该帖子中的差异如下:
# client.conf
user nobody
group nogroup
redirect-gateway def1 #bypass-dns bypass-dhcp
服务器:
# server.conf
; duplicate-cn #not needed, commented out
user nobody
group nogroup
如果你能把我从这场混乱中解救出来,我将不胜感激!