openvpn 连接已建立但无法 ping 服务器

openvpn 连接已建立但无法 ping 服务器

我有一个 openvz vps 并设置了一个 openvpn 服务器,并且我成功连接到我的 ubuntu 14.10 客户端中的服务器。
服务器.conf:

port 1199
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3  

客户端.conf: 我连接到 ubuntu 网络管理器(证书文件)。并且它连接:

服务器 ifconfig 输出:

lo        Link encap:Local Loopback  
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:16436  Metric:1
      RX packets:302 errors:0 dropped:0 overruns:0 frame:0
      TX packets:302 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0 
      RX bytes:25915 (25.9 KB)  TX bytes:25915 (25.9 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
      UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
      RX packets:1684490 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1440377 errors:0 dropped:38 overruns:0 carrier:0
      collisions:0 txqueuelen:0 
      RX bytes:1024239432 (1.0 GB)  TX bytes:970689644 (970.6 MB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:162.244.77.247  P-t-P:162.244.77.249  Bcast:0.0.0.0  Mask:255.255.255.255
      UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

服务器route -n输出:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 venet0

客户端 ifconfig:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:41 overruns:0 frame:0
      TX packets:700 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:0 (0.0 B)  TX bytes:48424 (48.4 KB)

wlan0     Link encap:Ethernet  HWaddr 1c:4b:d6:a6:7d:9f  
      inet addr:192.168.1.101  Bcast:192.168.1.255  Mask:255.255.255.0
      inet6 addr: fe80::1e4b:d6ff:fea6:7d9f/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:411257 errors:0 dropped:0 overruns:0 frame:0
      TX packets:422855 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000 
      RX bytes:277308751 (277.3 MB)  TX bytes:72325565 (72.3 MB)

客户端route -n输出:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.5        0.0.0.0         UG    0      0        0 tun0
0.0.0.0         10.8.0.5        0.0.0.0         UG    0      0        0 tun0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
162.244.77.247  192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     9      0        0 wlan0

但在客户端我无法访问ping 8.8.8.8任何目的地,在服务器也无法访问。 我该怎么办? 谢谢。ping 10.8.0.1ping 10.8.0.5ping 10.8.0.6

答案1

我不是原始发帖人,但我已经遇到同样的问题一个多小时了。我终于在这篇文章中看到了 Tero Kilkanen 的评论,并决定试一试。系统日志中有一些看似无害的消息

nm-openvpn[xxxxx]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

所以我更改了配置并设法解决了这个问题。为了以防万一,我会将评论提升为答案。

答案2

您必须打开 openvpn 端口(在我的情况下是 UDP 443)。

iptables -I INPUT -p udp --dport 443 -j ACCEPT

相关内容