我有一个 openvz vps 并设置了一个 openvpn 服务器,并且我成功连接到我的 ubuntu 14.10 客户端中的服务器。
服务器.conf:
port 1199
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
客户端.conf: 我连接到 ubuntu 网络管理器(证书文件)。并且它连接:
服务器 ifconfig 输出:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:302 errors:0 dropped:0 overruns:0 frame:0
TX packets:302 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25915 (25.9 KB) TX bytes:25915 (25.9 KB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:1684490 errors:0 dropped:0 overruns:0 frame:0
TX packets:1440377 errors:0 dropped:38 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1024239432 (1.0 GB) TX bytes:970689644 (970.6 MB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:162.244.77.247 P-t-P:162.244.77.249 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
服务器route -n
输出:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 venet0
客户端 ifconfig:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:41 overruns:0 frame:0
TX packets:700 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:48424 (48.4 KB)
wlan0 Link encap:Ethernet HWaddr 1c:4b:d6:a6:7d:9f
inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::1e4b:d6ff:fea6:7d9f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:411257 errors:0 dropped:0 overruns:0 frame:0
TX packets:422855 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:277308751 (277.3 MB) TX bytes:72325565 (72.3 MB)
客户端route -n
输出:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.8.0.5 0.0.0.0 UG 0 0 0 tun0
0.0.0.0 10.8.0.5 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
162.244.77.247 192.168.1.1 255.255.255.255 UGH 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0
但在客户端我无法访问ping 8.8.8.8
任何目的地,在服务器也无法访问。 我该怎么办? 谢谢。ping 10.8.0.1
ping 10.8.0.5
ping 10.8.0.6
答案1
我不是原始发帖人,但我已经遇到同样的问题一个多小时了。我终于在这篇文章中看到了 Tero Kilkanen 的评论,并决定试一试。系统日志中有一些看似无害的消息
nm-openvpn[xxxxx]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
所以我更改了配置并设法解决了这个问题。为了以防万一,我会将评论提升为答案。
答案2
您必须打开 openvpn 端口(在我的情况下是 UDP 443)。
iptables -I INPUT -p udp --dport 443 -j ACCEPT