无法在 OpenVPN Site-to-Site VPN 中 ping 主机

tag-icon tag-icon openvpn pfsense site-to-site-vpn
无法在 OpenVPN Site-to-Site VPN 中 ping 主机

我的日志表明连接已建立但我无法 ping 主机。

这是我的日志。

防火墙 1 日志:

May 24 10:42:57 openvpn[9163]: /etc/rc.filter_configure tun0 1500 1544 10.0.8.1 10.0.8.2 init  
May 24 10:42:57 openvpn[9163]: SIGTERM[hard,] received, process exiting  
May 24 10:42:59 openvpn[9742]: OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO] built on Dec 4 2009  
May 24 10:42:59 openvpn[9742]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible  
May 24 10:42:59 openvpn[9742]: gw 112.202.0.1  
May 24 10:42:59 openvpn[9742]: TUN/TAP device /dev/tun0 opened  
May 24 10:42:59 openvpn[9742]: /sbin/ifconfig tun0 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up  
May 24 10:42:59 openvpn[9742]: /etc/rc.filter_configure tun0 1500 1544 10.0.8.1 10.0.8.2 init  
May 24 10:43:00 openvpn[9757]: Listening for incoming TCP connection on [undef]:1194  
May 24 10:43:00 openvpn[9757]: TCPv4_SERVER link local (bound): [undef]:1194  
May 24 10:43:00 openvpn[9757]: TCPv4_SERVER link remote: [undef]  
May 24 10:43:00 openvpn[9757]: Initialization Sequence Completed  
May 24 10:43:02 openvpn[9757]: Re-using SSL/TLS context  
May 24 10:43:02 openvpn[9757]: LZO compression initialized  
May 24 10:43:02 openvpn[9757]: TCP connection established with 119.93.150.4:47750  
May 24 10:43:02 openvpn[9757]: TCPv4_SERVER link local: [undef]  
May 24 10:43:02 openvpn[9757]: TCPv4_SERVER link remote: 119.93.150.4:47750  
May 24 10:43:06 openvpn[9757]: 119.93.150.4:47750 [client] Peer Connection Initiated with 119.93.150.4:47750

防火墙 2 日志:

May 24 10:42:57 openvpn[7489]: Connection reset, restarting [0]  
May 24 10:42:57 openvpn[7489]: SIGUSR1[soft,connection-reset] received, process restarting  
May 24 10:43:02 openvpn[7489]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.  
May 24 10:43:02 openvpn[7489]: Re-using SSL/TLS context  
May 24 10:43:02 openvpn[7489]: LZO compression initialized  
May 24 10:43:02 openvpn[7489]: Attempting to establish TCP connection with 112.202.103.45:1194  
May 24 10:43:02 openvpn[7489]: TCP connection established with 112.202.103.45:1194  
May 24 10:43:02 openvpn[7489]: TCPv4_CLIENT link local: [undef]  
May 24 10:43:02 openvpn[7489]: TCPv4_CLIENT link remote: 112.202.103.45:1194  
May 24 10:43:06 openvpn[7489]: [server] Peer Connection Initiated with 112.202.103.45:1194  
May 24 10:43:08 openvpn[7489]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: 112.202.103.45 (2.0.6)  
May 24 10:43:08 openvpn[7489]: Preserving previous TUN/TAP instance: tun0  
May 24 10:43:08 openvpn[7489]: Initialization Sequence Completed

可能是什么问题?

答案1

看起来,即使你似乎在防火墙 2 的配置文件中有一个“推送”选项,但它存在一个语法问题:

May 24 10:43:08 openvpn[7489]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: 112.202.103.45 (2.0.6)

一旦解决这个问题,您就应该可以通过隧道进行路由,这将使防火墙 2 能够访问隧道另一端的机器。

答案2

我们在使用 OpenVPN 时也遇到了同样的问题。我们发现的解决办法是,OpenVPN 必须始终以管理员身份运行。我知道这听起来很荒谬,但确实有效。

答案3

除了推送可能不足以中断连接之外,日志看起来正常。您可能在一端或两端都错过了路线,或者路线错误。

相关内容