我的计划是通过隧道(通过互联网)将 Android 手机连接到我家里的 LAN。我在(路由器)LAN 后面设置了 OpenVPN 服务器(IP 地址为 192.168.1.3)。还有我的笔记本电脑。路由器上的端口 1194 UDP 已打开。以下是我的配置:
服务器:
local 192.168.1.3
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/open_ipp.txt
keepalive 10 120
tls-auth /etc/openvpn/easy_rsa/keys/ta.key 0
cipher AES-256-CBC
comp-lzo
max-clients 10
persist-key
persist-tun
status /var/log/openvpn_status.log
verb 3
push "route 192.168.1.0 255.255.255.0"
安卓:
client
dev tun
remote my ip in the world 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.rt
cert android.crt
key android.key
tls-auth ta.key 1
ns-cert-type server
cipher AES-256-CBC
comp-lzo yes
verb 3
mute 20
当我启动 openvpn 守护进程时,这里有来自 Ubuntu 服务器的 syslog 的一些信息:
Sep 19 13:35:48 Pavillion ovpn-server[2737]: /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
Sep 19 13:35:48 Pavillion NetworkManager[751]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)
Sep 19 13:35:48 Pavillion ovpn-server[2737]: SIGTERM[hard,] received, process exiting
Sep 19 13:35:48 Pavillion ovpn-server[3146]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Sep 19 13:35:48 Pavillion ovpn-server[3146]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sep 19 13:35:48 Pavillion ovpn-server[3146]: Diffie-Hellman initialized with 2048 bit key
Sep 19 13:35:48 Pavillion ovpn-server[3146]: Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
Sep 19 13:35:48 Pavillion ovpn-server[3146]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 19 13:35:48 Pavillion ovpn-server[3146]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 19 13:35:48 Pavillion ovpn-server[3146]: Socket Buffers: R=[212992->131072] S=[212992->131072]
Sep 19 13:35:48 Pavillion ovpn-server[3146]: ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlan0 HWADDR=00:21:5d:b2:4f:88
Sep 19 13:35:48 Pavillion ovpn-server[3146]: TUN/TAP device tun0 opened
Sep 19 13:35:48 Pavillion ovpn-server[3146]: TUN/TAP TX queue length set to 100
Sep 19 13:35:48 Pavillion ovpn-server[3146]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sep 19 13:35:48 Pavillion ovpn-server[3146]: /sbin/ip link set dev tun0 up mtu 1500
Sep 19 13:35:48 Pavillion NetworkManager[751]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Sep 19 13:35:48 Pavillion NetworkManager[751]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Sep 19 13:35:48 Pavillion NetworkManager[751]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...
Sep 19 13:35:48 Pavillion ovpn-server[3146]: /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sep 19 13:35:48 Pavillion ovpn-server[3146]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sep 19 13:35:48 Pavillion ovpn-server[3152]: UDPv4 link local (bound): [AF_INET]192.168.1.3:1194
Sep 19 13:35:48 Pavillion ovpn-server[3152]: UDPv4 link remote: [undef]
Sep 19 13:35:48 Pavillion ovpn-server[3152]: MULTI: multi_init called, r=256 v=256
Sep 19 13:35:48 Pavillion ovpn-server[3152]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sep 19 13:35:48 Pavillion ovpn-server[3152]: IFCONFIG POOL LIST
Sep 19 13:35:48 Pavillion ovpn-server[3152]: Initialization Sequence Completed
这个警告看起来不太好,但初始化已完成。我还将静态路由放入了路由器:
目标:10.8.0.0
子网掩码:255.255.255.0
网关:192.168.1.3
我的笔记本在局域网内可以 ping 通 10.8.0.1。请帮帮我 :-( 这是我最后的机会了...