我尝试在我的 raspberry-pi(最小的 raspbian-wheezy 发行版)上配置 OpenVPN。
我在路由器后面运行 OpenVPN,并希望从 Windows 客户端进行连接。
我可以连接到服务器,但我想管理与树莓(服务器)连接到同一网络的其他客户端。
当我连接到服务器时,我既无法 PING 服务器也无法 PING 路由器。
服务器.conf:
port 1194
proto udp
dev tapo
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/VPNServer.crt
key /etc/openvpn/easy-rsa/keys/VPNServer.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server-bridge 192.168.178.1 255.255.255.0 192.168.178.111 192.168.178.120
push "route-gateway 192.168.178.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 192.168.178.1"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 3
客户端配置:
port 1194
client
dev tap
proto udp
remote mydyndns
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3
接口配置:
auto lo
iface lo inet loopback
allow-hotplug eth0
auto br0
iface br0 inet static
address 192.168.178.123
netmask 255.255.255.0
gateway 192.168.178.1
bridge_ports eth0
dns-nameservers 192.168.178.1
iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
rc.local:
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
我的 sysctl net.ipv4.ip_forward 输出是 net.ipv4.ip_forward = 1
客户端日志:
Sun Sep 14 09:26:36 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 7 2014
Sun Sep 14 09:26:36 2014 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
Enter Management Password:
Sun Sep 14 09:26:36 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Sep 14 09:26:36 2014 Need hold release from management interface, waiting...
Sun Sep 14 09:26:36 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'state on'
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'log all on'
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'hold off'
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'hold release'
Sun Sep 14 09:26:37 2014 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Sep 14 09:26:37 2014 MANAGEMENT: >STATE:1410679597,RESOLVE,,,
Sun Sep 14 09:26:49 2014 UDPv4 link local: [undef]
Sun Sep 14 09:26:49 2014 UDPv4 link remote: [AF_INET]86.103.187.46:1194
Sun Sep 14 09:26:49 2014 MANAGEMENT: >STATE:1410679609,WAIT,,,
Sun Sep 14 09:26:51 2014 MANAGEMENT: >STATE:1410679611,AUTH,,,
Sun Sep 14 09:26:51 2014 TLS: Initial packet from [AF_INET]86.103.187.46:1194, sid=9f41fab9 08d0d2e0
Sun Sep 14 09:26:53 2014 VERIFY OK: depth=1, C=DE, ST=SH, L=Kiel, OU=changeme, CN=j0chn.spdns.de, name=changeme, [email protected]
Sun Sep 14 09:26:53 2014 VERIFY OK: nsCertType=SERVER
Sun Sep 14 09:26:53 2014 VERIFY OK: depth=0, C=DE, ST=SH, L=Kiel, OU=changeme, CN=j0chn.spdns.de, name=changeme, [email protected]
Sun Sep 14 09:26:54 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 14 09:26:54 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 14 09:26:54 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 14 09:26:54 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 14 09:26:54 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Sep 14 09:26:54 2014 [j0chn.spdns.de] Peer Connection Initiated with [AF_INET]86.103.187.46:1194
Sun Sep 14 09:26:55 2014 MANAGEMENT: >STATE:1410679615,GET_CONFIG,,,
Sun Sep 14 09:26:56 2014 SENT CONTROL [j0chn.spdns.de]: 'PUSH_REQUEST' (status=1)
Sun Sep 14 09:26:56 2014 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.178.1,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 192.168.178.1,route-gateway 192.168.178.1,ping 10,ping-restart 120,ifconfig 192.168.178.111 255.255.255.0'
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: route options modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: route-related options modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Sep 14 09:26:56 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Sep 14 09:26:56 2014 MANAGEMENT: >STATE:1410679616,ASSIGN_IP,,192.168.178.111,
Sun Sep 14 09:26:56 2014 open_tun, tt->ipv6=0
Sun Sep 14 09:26:56 2014 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{4DD19686-B673-493E-99DB-23F3D1AF7239}.tap
Sun Sep 14 09:26:56 2014 TAP-Windows Driver Version 9.21
Sun Sep 14 09:26:56 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.178.111/255.255.255.0 on interface {4DD19686-B673-493E-99DB-23F3D1AF7239} [DHCP-serv: 192.168.178.0, lease-time: 31536000]
Sun Sep 14 09:26:56 2014 Successful ARP Flush on interface [25] {4DD19686-B673-493E-99DB-23F3D1AF7239}
Sun Sep 14 09:27:01 2014 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=1 u/d=up
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 86.103.187.46 MASK 255.255.255.255 192.168.42.129
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 192.168.42.129 MASK 255.255.255.255 192.168.42.129 IF 24
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.178.1
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.178.1
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 Initialization Sequence Completed
Sun Sep 14 09:27:01 2014 MANAGEMENT: >STATE:1410679621,CONNECTED,SUCCESS,192.168.178.111,86.103.187.46
我的服务器日志处于动词 9 级别,因此整个日志太长了。
这是一个简短的表格和我认为相关的部分。
Sun Sep 14 09:32:11 2014 us=597464 j0chns/86.103.187.46:62416 UDPv4 WRITE [114] to [AF_INET]86.103.187.46:62416: P_CONTROL_V1 kid=0 sid=d208a276 08284fa3 [ ] pid=33 DATA 2abf4ce5 423061a0 6684f614 0e4e44cc 2396d879 291ae535 2614f98f a728f4b[more...]
Sun Sep 14 09:32:11 2014 us=597920 j0chns/86.103.187.46:62416 UDPv4 write returned 114
Sun Sep 14 09:32:11 2014 us=598287 j0chns/86.103.187.46:62416 TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=d208a276 08284fa3, stored-sid=808ba04b a86602bb, stored-ip=[AF_INET]86.103.187.46:62416
Sun Sep 14 09:32:11 2014 us=598470 j0chns/86.103.187.46:62416 TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
Sun Sep 14 09:32:11 2014 us=598646 j0chns/86.103.187.46:62416 ACK reliable_can_send active=2 current=0 : [34] 32 33
Sun Sep 14 09:32:11 2014 us=598858 j0chns/86.103.187.46:62416 BIO read tls_read_ciphertext 98 bytes
Sun Sep 14 09:32:11 2014 us=599026 j0chns/86.103.187.46:62416 ACK mark active outgoing ID 34
Sun Sep 14 09:32:11 2014 us=599174 j0chns/86.103.187.46:62416 Outgoing Ciphertext -> Reliable
Sun Sep 14 09:32:11 2014 us=599333 j0chns/86.103.187.46:62416 TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
Sun Sep 14 09:32:11 2014 us=599816 j0chns/86.103.187.46:62416 ACK reliable_can_send active=3 current=1 : [35] 32 33 34
Sun Sep 14 09:32:11 2014 us=599999 j0chns/86.103.187.46:62416 ACK reliable_send ID 34 (size=102 to=4)
Sun Sep 14 09:32:11 2014 us=600201 j0chns/86.103.187.46:62416 Reliable -> TCP/UDP
Sun Sep 14 09:32:11 2014 us=600435 j0chns/86.103.187.46:62416 ACK reliable_send_timeout 2 [35] 32 33 34
Sun Sep 14 09:32:11 2014 us=600595 j0chns/86.103.187.46:62416 TLS: tls_process: timeout set to 2
Sun Sep 14 09:32:11 2014 us=600841 j0chns/86.103.187.46:62416 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=51294eab a8e9490a, stored-sid=00000000 00000000, stored-ip=[undef]
Sun Sep 14 09:32:11 2014 us=601082 j0chns/86.103.187.46:62416 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Sun Sep 14 09:32:11 2014 us=601277 PO_CTL rwflags=0x0002 ev=4 arg=0x00086d38
Sun Sep 14 09:32:11 2014 us=601441 PO_CTL rwflags=0x0000 ev=5 arg=0x00086ca4
Sun Sep 14 09:32:11 2014 us=601632 I/O WAIT Tr|Tw|Sr|SW [2/97493]
Sun Sep 14 09:32:11 2014 us=601955 PO_WAIT[0,0] fd=4 rev=0x00000004 rwflags=0x0002 arg=0x00086d38
Sun Sep 14 09:32:11 2014 us=602120 event_wait returned 1
Sun Sep 14 09:32:11 2014 us=602280 I/O WAIT status=0x0002
Sun Sep 14 09:32:13 2014 us=696485 j0chns/86.103.187.46:62416 TUN WRITE [175]
Sun Sep 14 09:32:13 2014 us=696842 j0chns/86.103.187.46:62416 write to TUN/TAP returned 175
Sun Sep 14 09:32:13 2014 us=697058 PO_CTL rwflags=0x0001 ev=4 arg=0x00086d38
Sun Sep 14 09:32:13 2014 us=697224 PO_CTL rwflags=0x0001 ev=5 arg=0x00086ca4
Sun Sep 14 09:32:13 2014 us=697418 I/O WAIT TR|Tw|SR|Sw [6/97493]
Sun Sep 14 09:32:17 2014 us=367901 PO_WAIT[0,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x00086d38
Sun Sep 14 09:32:17 2014 us=368196 event_wait returned 1
Sun Sep 14 09:32:17 2014 us=368364 I/O WAIT status=0x0001
Sun Sep 14 09:32:17 2014 us=368525 MULTI: REAP range 224 -> 240
Sun Sep 14 09:32:17 2014 us=368737 UDPv4 read returned 133
Sun Sep 14 09:32:17 2014 us=369044 TLS State Error: No TLS state for client [AF_INET]109.47.195.40:46476, opcode=6
Sun Sep 14 09:32:17 2014 us=369276 GET INST BY REAL: 109.47.195.40:46476 [failed]
Sun Sep 14 09:32:17 2014 us=369460 PO_CTL rwflags=0x0001 ev=4 arg=0x00086d38
Sun Sep 14 09:32:17 2014 us=369623 PO_CTL rwflags=0x0001 ev=5 arg=0x00086ca4
Sun Sep 14 09:32:17 2014 us=369815 I/O WAIT TR|Tw|SR|Sw [2/97493]
Sun Sep 14 09:32:17 2014 us=387726 PO_WAIT[0,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x00086d38
Sun Sep 14 09:32:17 2014 us=387988 event_wait returned 1
Sun Sep 14 09:32:17 2014 us=388160 I/O WAIT status=0x0001
答案1
解决办法很简单。您没有注意使tap0
openvpn 接口成为网桥的一部分br0
。详细说明您可以找到这里。
HTH,干杯
答案2
ping
有一个特殊的接口:
ping -I em1 8.8.8.8
OR
ping -I br0 8.8.8.8