OpenVPN 客户端使用服务器的连接(没有默认网关)

OpenVPN 客户端使用服务器的连接(没有默认网关)

我想要一个 OpenVPN 服务器,以便我可以创建一个私人 VPN 网络,供员工连接到服务器。

然而,与计划不同的是,当客户端连接到 VPN 时,它使用 VPN 的互联网连接(例如:当访问 whatsmyip.com 时,它是服务器的连接,而不是客户端的家庭连接)。

服务器配置文件

local <serverip>
port 1194
proto udp
dev tun

ca ca.crt
cert x.crt
key x.key 

dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client

keepalive 10 120
comp-lzo
persist-key
persist-tun

status openvpn-status.log

verb 9

客户端配置文件

client
dev tun
proto udp

remote <srever> 1194
resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt
cert x.crt
key x.key

ns-cert-type server
comp-lzo
verb 3

服务器的路由

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
69.64.48.0      *               255.255.252.0   U     0      0        0 eth0
default         static-ip-69-64 0.0.0.0         UG    0      0        0 eth0
default         static-ip-69-64 0.0.0.0         UG    0      0        0 eth0
default         static-ip-69-64 0.0.0.0         UG    0      0        0 eth0

服务器的 IP 表

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-proftpd  tcp  --  anywhere             anywhere            multiport dports ftp,ftp-data,ftps,ftps-data
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:20000
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  10.8.0.0/24          anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-proftpd (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

我的目标是客户端只能与服务器和其他连接的客户端对话。

希望我说得有道理。谢谢你的帮助!

相关内容