OpenVPN 在 CentOS 6 上无法正确路由

OpenVPN 在 CentOS 6 上无法正确路由

我正在尝试在我的 CentOS 6.2 VPS 上设置 OpenVPN 2.2.1。这是我第一次设置,一切都很顺利。服务正在运行,客户端能够连接。我的目的是将所有流量从客户端转发到我的 VPS,再转发到互联网。然而,我遇到了一个问题。

当 ping VPS IP 时,一切正常。但是,当 ping 互联网上的任何其他 IP/名称服务器时,它拒绝连接。

过去 5 个小时里,我阅读了各种帖子,寻找解决方案,但都没有对我有用。问题的性质让我相信这是流量路由不正确导致的问题。

OpenVPN服务器配置:

local 5.34.244.*** (asterisks applied for privacy)
port 443
proto tcp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 1.2.4.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 4.2.2.1"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

OpenVPN 客户端配置:

client
dev tun
proto tcp
remote 5.34.244.*** 443
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
cert sample.crt
key sample.key
comp-lzo
verb 3
route-method exe
route-delay 2

IP表:

# iptables -L -t nat -v
Chain PREROUTING (policy ACCEPT 6706 packets, 397K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 6406 packets, 377K bytes)
 pkts bytes target     prot opt in     out     source               destination
 2386  145K SNAT       all  --  any    any     1.2.4.0/24           anywhere            

to:5.34.244.***
    0     0 SNAT       all  --  any    any     1.2.4.0/24           anywhere            

to:5.34.244.***
    0     0 MASQUERADE  all  --  any    eth0    1.2.4.0/24           anywhere

Chain OUTPUT (policy ACCEPT 5270 packets, 312K bytes)
 pkts bytes target     prot opt in     out     source               destination

# iptables -L -v
Chain INPUT (policy ACCEPT 1377 packets, 415K bytes)
 pkts bytes target     prot opt in     out     source               destination
    4   216 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp 

dpt:87
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp 

dpt:87
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp 

dpt:87
    1    60 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp 

dpt:87
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp 

dpt:87
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp 

dpt:87
    0     0 ACCEPT     all  --  tun0   any     anywhere             anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  tun0   any     anywhere             anywhere

Chain OUTPUT (policy ACCEPT 140K packets, 3823K bytes)
 pkts bytes target     prot opt in     out     source               destination

在我的 sysctl.conf 文件中,我启用了 IP 转发:

net.ipv4.ip_forward = 1

我尝试在 OpenVPN 论坛上发帖寻求支持,但我的帖子被神秘删除了。如能得到任何帮助,我将不胜感激。

编辑:从 /var/log/messages 添加重复日志条目(为保护隐私添加了星号):

Aug 11 03:53:27 vps openvpn[28055]: mac/**.233.229.93:50840 Need IPv6 code in mroute_extract_addr_from_packet

编辑:添加所需信息:

# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key

-

# cat /proc/sys/net/ipv4/ip_forward
1

-

# tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
05:24:30.574250 IP resolver1.opendns.com.domain > 1.2.4.6.62511: 20077 2/0/0 CNAME teredo.ipv6.microsoft.com.ns
atc.net., A 94.245.121.253 (108)
05:24:32.328193 IP a.resolvers.level3.net.domain > 1.2.4.6.62511: 20077 2/0/0 CNAME teredo.ipv6.microsoft.com.n
satc.net., A 65.55.158.118 (108)
05:24:34.027459 IP google-public-dns-a.google.com > 1.2.4.6: ICMP echo reply, id 1, seq 1242, length 40
05:24:37.848645 IP google-public-dns-a.google.com > 1.2.4.6: ICMP echo reply, id 1, seq 1243, length 40
05:24:38.729543 IP 63-225-240-44.hlrn.qwest.net.30160 > 1.2.4.6.51958: Flags [S.], seq 784307014, ack 187668555
9, win 14600, options [mss 1452,nop,nop,sackOK,nop,wscale 4], length 0
05:24:39.132105 IP 63-225-240-44.hlrn.qwest.net.30160 > 1.2.4.6.51960: Flags [S.], seq 3810646056, ack 33965940
38, win 14600, options [mss 1452,nop,nop,sackOK,nop,wscale 4], length 0
05:24:42.866762 IP google-public-dns-a.google.com > 1.2.4.6: ICMP echo reply, id 1, seq 1244, length 40
05:24:48.065918 IP google-public-dns-a.google.com > 1.2.4.6: ICMP echo reply, id 1, seq 1245, length 40
05:24:58.234720 IP google-public-dns-a.google.com > 1.2.4.6: ICMP echo reply, id 1, seq 1247, length 40
05:25:02.852886 IP google-public-dns-a.google.com > 1.2.4.6: ICMP echo reply, id 1, seq 1248, length 40

10 packets captured
10 packets received by filter

-

客户端日志(星号表示隐私):

Sat Aug 11 02:53:46 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Sat Aug 11 02:53:50 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Aug 11 02:53:50 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Aug 11 02:53:50 2012 LZO compression initialized
Sat Aug 11 02:53:50 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Aug 11 02:53:50 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Aug 11 02:53:50 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Aug 11 02:53:50 2012 Local Options hash (VER=V4): '2547efd2'
Sat Aug 11 02:53:50 2012 Expected Remote Options hash (VER=V4): '77cf0943'
Sat Aug 11 02:53:50 2012 Attempting to establish TCP connection with 5.34.244.***:443
Sat Aug 11 02:53:51 2012 TCP connection established with 5.34.244.***:443
Sat Aug 11 02:53:51 2012 TCPv4_CLIENT link local: [undef]
Sat Aug 11 02:53:51 2012 TCPv4_CLIENT link remote: 5.34.244.***:443
Sat Aug 11 02:53:51 2012 TLS: Initial packet from 5.34.244.***:443, sid=41dd99fd d7cc097e
Sat Aug 11 02:53:51 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Aug 11 02:53:54 2012 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=macvpn/name=changeme/[email protected]
Sat Aug 11 02:53:54 2012 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=Build_Diffie_Hellman/name=changeme/[email protected]
Sat Aug 11 02:53:56 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 11 02:53:56 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 11 02:53:56 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 11 02:53:56 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 11 02:53:56 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Aug 11 02:53:56 2012 [Build_Diffie_Hellman] Peer Connection Initiated with 5.34.244.***:443
Sat Aug 11 02:53:58 2012 SENT CONTROL [Build_Diffie_Hellman]: 'PUSH_REQUEST' (status=1)
Sat Aug 11 02:53:59 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 4.2.2.1,route 1.2.4.1,topology net30,ping 5,ping-restart 30,ifconfig 1.2.4.6 1.2.4.5'
Sat Aug 11 02:53:59 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sat Aug 11 02:53:59 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sat Aug 11 02:53:59 2012 OPTIONS IMPORT: route options modified
Sat Aug 11 02:53:59 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Aug 11 02:53:59 2012 ROUTE default_gateway=192.168.1.1
Sat Aug 11 02:53:59 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{3A817AE1-696B-4DEB-BD4F-8BE01F11FC47}.tap
Sat Aug 11 02:53:59 2012 TAP-Win32 Driver Version 9.9 
Sat Aug 11 02:53:59 2012 TAP-Win32 MTU=1500
Sat Aug 11 02:53:59 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1.2.4.6/255.255.255.252 on interface {3A817AE1-696B-4DEB-BD4F-8BE01F11FC47} [DHCP-serv: 1.2.4.5, lease-time: 31536000]
Sat Aug 11 02:53:59 2012 Successful ARP Flush on interface [25] {3A817AE1-696B-4DEB-BD4F-8BE01F11FC47}
Sat Aug 11 02:54:01 2012 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sat Aug 11 02:54:01 2012 C:\WINDOWS\system32\route.exe ADD 5.34.244.*** MASK 255.255.255.255 192.168.1.1
 OK!
Sat Aug 11 02:54:01 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 1.2.4.5
 OK!
Sat Aug 11 02:54:01 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 1.2.4.5
 OK!
Sat Aug 11 02:54:01 2012 C:\WINDOWS\system32\route.exe ADD 1.2.4.1 MASK 255.255.255.255 1.2.4.5
 OK!
Sat Aug 11 02:54:01 2012 Initialization Sequence Completed
Sat Aug 11 03:53:56 2012 TLS: soft reset sec=0 bytes=429941/0 pkts=4470/0
Sat Aug 11 03:54:00 2012 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=macvpn/name=changeme/[email protected]
Sat Aug 11 03:54:00 2012 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=Build_Diffie_Hellman/name=changeme/[email protected]
Sat Aug 11 03:54:02 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 11 03:54:02 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 11 03:54:02 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 11 03:54:02 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 11 03:54:02 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Aug 11 04:34:50 2012 TCP/UDP: Closing socket
Sat Aug 11 04:34:50 2012 C:\WINDOWS\system32\route.exe DELETE 1.2.4.1 MASK 255.255.255.255 1.2.4.5
 OK!
Sat Aug 11 04:34:50 2012 C:\WINDOWS\system32\route.exe DELETE 5.34.244.*** MASK 255.255.255.255 192.168.1.1
 OK!
Sat Aug 11 04:34:50 2012 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 1.2.4.5
 OK!
Sat Aug 11 04:34:50 2012 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 1.2.4.5
 OK!
Sat Aug 11 04:34:50 2012 Closing TUN/TAP interface
Sat Aug 11 04:34:50 2012 SIGTERM[hard,] received, process exiting
Sat Aug 11 04:39:00 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Sat Aug 11 04:39:07 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Aug 11 04:39:07 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Aug 11 04:39:07 2012 LZO compression initialized
Sat Aug 11 04:39:07 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Aug 11 04:39:07 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Aug 11 04:39:07 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Aug 11 04:39:07 2012 Local Options hash (VER=V4): '2547efd2'
Sat Aug 11 04:39:07 2012 Expected Remote Options hash (VER=V4): '77cf0943'
Sat Aug 11 04:39:07 2012 Attempting to establish TCP connection with 5.34.244.***:443
Sat Aug 11 04:39:08 2012 TCP connection established with 5.34.244.***:443
Sat Aug 11 04:39:08 2012 TCPv4_CLIENT link local: [undef]
Sat Aug 11 04:39:08 2012 TCPv4_CLIENT link remote: 5.34.244.***:443
Sat Aug 11 04:39:08 2012 TLS: Initial packet from 5.34.244.***:443, sid=c86d779b e406746d
Sat Aug 11 04:39:08 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Aug 11 04:39:12 2012 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=macvpn/name=changeme/[email protected]
Sat Aug 11 04:39:12 2012 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=Build_Diffie_Hellman/name=changeme/[email protected]
Sat Aug 11 04:39:14 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 11 04:39:14 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 11 04:39:14 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 11 04:39:14 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 11 04:39:14 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Aug 11 04:39:14 2012 [Build_Diffie_Hellman] Peer Connection Initiated with 5.34.244.***:443
Sat Aug 11 04:39:16 2012 SENT CONTROL [Build_Diffie_Hellman]: 'PUSH_REQUEST' (status=1)
Sat Aug 11 04:39:16 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 4.2.2.1,route 1.2.4.1,topology net30,ping 5,ping-restart 30,ifconfig 1.2.4.6 1.2.4.5'
Sat Aug 11 04:39:16 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sat Aug 11 04:39:16 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sat Aug 11 04:39:16 2012 OPTIONS IMPORT: route options modified
Sat Aug 11 04:39:16 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Aug 11 04:39:16 2012 ROUTE default_gateway=192.168.1.1
Sat Aug 11 04:39:16 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{3A817AE1-696B-4DEB-BD4F-8BE01F11FC47}.tap
Sat Aug 11 04:39:16 2012 TAP-Win32 Driver Version 9.9 
Sat Aug 11 04:39:16 2012 TAP-Win32 MTU=1500
Sat Aug 11 04:39:16 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1.2.4.6/255.255.255.252 on interface {3A817AE1-696B-4DEB-BD4F-8BE01F11FC47} [DHCP-serv: 1.2.4.5, lease-time: 31536000]
Sat Aug 11 04:39:16 2012 Successful ARP Flush on interface [25] {3A817AE1-696B-4DEB-BD4F-8BE01F11FC47}
Sat Aug 11 04:39:18 2012 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sat Aug 11 04:39:18 2012 C:\WINDOWS\system32\route.exe ADD 5.34.244.*** MASK 255.255.255.255 192.168.1.1
 OK!
Sat Aug 11 04:39:18 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 1.2.4.5
 OK!
Sat Aug 11 04:39:18 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 1.2.4.5
 OK!
Sat Aug 11 04:39:18 2012 C:\WINDOWS\system32\route.exe ADD 1.2.4.1 MASK 255.255.255.255 1.2.4.5
 OK!
Sat Aug 11 04:39:18 2012 Initialization Sequence Completed

ipconfig:

Windows IP Configuration


Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::7590:fe5e:9de3:cb2d%25
   IPv4 Address. . . . . . . . . . . : 1.2.4.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . : 

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : WAG320N

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : WAG320N
   Link-local IPv6 Address . . . . . : fe80::607e:9cac:93a7:78d5%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3466:31c3:fefd:fbf9
   Link-local IPv6 Address . . . . . : fe80::3466:31c3:fefd:fbf9%13
   Default Gateway . . . . . . . . . : 

Tunnel adapter isatap.WAG320N:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter isatap.{3A817AE1-696B-4DEB-BD4F-8BE01F11FC47}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2002:102:406::102:406
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301

Tunnel adapter isatap.{ADF8B671-A3A2-4908-B5D0-4150F860DCDB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : WAG320N

route print(星号表示隐私):

===========================================================================
Interface List
 25...00 ff 3a 81 7a e1 ......TAP-Win32 Adapter V9
 12...00 13 e8 4b 12 61 ......Intel(R) Wireless WiFi Link 4965AGN
 11...00 1b 38 18 41 aa ......Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 28...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.104     20
          0.0.0.0        128.0.0.0          1.2.4.5          1.2.4.6     31
          1.2.4.1  255.255.255.255          1.2.4.5          1.2.4.6     31
          1.2.4.4  255.255.255.252         On-link           1.2.4.6    286
          1.2.4.6  255.255.255.255         On-link           1.2.4.6    286
          1.2.4.7  255.255.255.255         On-link           1.2.4.6    286
     5.34.244.***  255.255.255.255      192.168.1.1    192.168.1.104     21
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0          1.2.4.5          1.2.4.6     31
      192.168.1.0    255.255.255.0         On-link     192.168.1.104    276
    192.168.1.104  255.255.255.255         On-link     192.168.1.104    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.104    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.104    276
        224.0.0.0        240.0.0.0         On-link           1.2.4.6    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.104    276
  255.255.255.255  255.255.255.255         On-link           1.2.4.6    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 28   1140 ::/0                     2002:c058:6301::c058:6301
  1    306 ::1/128                  On-link
 28   1040 2002::/16                On-link
 28    296 2002:102:406::102:406/128
                                    On-link
 11    276 fe80::/64                On-link
 25    286 fe80::/64                On-link
 11    276 fe80::607e:9cac:93a7:78d5/128
                                    On-link
 25    286 fe80::7590:fe5e:9de3:cb2d/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
 25    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

更新:发生了一些奇怪的事情。首先介绍一下背景:我使用 Skype 将文件从客户端计算机传输到我现在正在使用的计算机以进行故障排除。我通常会先断开与 VPN 的连接(假设它不起作用),然而,在将 .txt 文件发送到故障排除机器以处理最近的请求时,我意识到它正在运行尽管连接到 VPN。为了确保这不是一个意外,我重新发送了一个更大的文件,果然我收到的 IP 与 VPN 的 IP 相匹配。这给了我希望,相信一切还不算完。希望这能为解决这个问题提供一些启示。

操作:连接到 VPN 后通过 Skype 发送文件,仅有的如果 Skype 已经登录VPN 连接已建立。

我**不能*做的事情:使用 VPN 登录/连接 Skype。

答案1

好吧,伙计们,我的账户目前遇到了一些技术问题,希望很快就能解决。不过,重大更新:

我现在可以 ping/tracert 到 1.2.4.1

我意识到 IPtables 中的第一个规则POSTROUTING配置错误,所以我删除了它并重新添加。现在一切都正常了!感谢大家的帮助,如果没有你们的帮助,我永远也找不到解决方案。

@cjc @Alex @Kilo

相关内容