我想要一个 OpenVPN 服务器,以便我可以创建一个私人 VPN 网络,供员工连接到服务器。
然而,与计划不同的是,当客户端连接到 VPN 时,它使用 VPN 的互联网连接(例如:当访问 whatsmyip.com 时,它是服务器的连接,而不是客户端的家庭连接)。
服务器配置文件
local <serverip>
port 1194
proto udp
dev tun
ca ca.crt
cert x.crt
key x.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 9
客户端配置文件
client
dev tun
proto udp
remote <srever> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert x.crt
key x.key
ns-cert-type server
comp-lzo
verb 3
服务器的路由
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
69.64.48.0 * 255.255.252.0 U 0 0 0 eth0
default static-ip-69-64 0.0.0.0 UG 0 0 0 eth0
default static-ip-69-64 0.0.0.0 UG 0 0 0 eth0
default static-ip-69-64 0.0.0.0 UG 0 0 0 eth0
服务器的 IP 表
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-proftpd tcp -- anywhere anywhere multiport dports ftp,ftp-data,ftps,ftps-data
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:20000
ACCEPT tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-proftpd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
我的目标是客户端只能与服务器和其他连接的客户端对话。
希望我说得有道理。谢谢你的帮助!