Softether。客户端可以连接,但我无法访问服务器

tag-icon tag-icon ubuntu vpn openvpn softether
Softether。客户端可以连接,但我无法访问服务器

我跟着本指南在 Digital Ocean Ubuntu 14.04 实例上设置 Softether VPN 服务器。我在笔记本电脑(ubuntu 14.10)上安装了 Softether vpn 客户端和 openvpn。

服务器日志显示两个客户端都可以正常连接,但我无法 ping 或 telnet 到服务器。此外,当我使用 openvpn 连接时,除了 skype 之外,我失去了所有互联网连接。

使用 openvpn 客户端 netstat -nr 报告如下。

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.30.14   128.0.0.0       UG        0 0          0 tun0
0.0.0.0         192.168.4.1     0.0.0.0         UG        0 0          0 eth0
54.158.28.151   192.168.4.1     255.255.255.255 UGH       0 0          0 eth0
128.0.0.0       192.168.30.14   128.0.0.0       UG        0 0          0 tun0
192.168.4.0     0.0.0.0         255.255.252.0   U         0 0          0 eth0
192.168.30.14   0.0.0.0         255.255.255.255 UH        0 0          0 tun0

使用 Softether 客户端,netstat -nr 报告以下内容:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.4.1     0.0.0.0         UG        0 0          0 eth0
192.168.4.0     0.0.0.0         255.255.252.0   U         0 0          0 eth0

对 192.168.30.14 进行 telnet 操作时超时。

Softether vpn 客户端 ifconfig -a 报告以下内容。

vpn_markadapter Link encap:Ethernet HWaddr 00:ac:c5:ff:ce:ec 
 inet6 addr: fe80::2ac:c5ff:feff:ceec/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1620 errors:0 dropped:0 overruns:0 frame:0
TX packets:1234 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:500 
RX bytes:118928 (118.9 KB) TX bytes:104989 (104.9 KB)

openvpn 客户端,ifconfig -a:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:192.168.30.13  P-t-P:192.168.30.14      Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:280 errors:0 dropped:0 overruns:0 frame:0
      TX packets:534 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:38199 (38.1 KB)  TX bytes:60461 (60.4 KB)

OpenVPN控制台:

Thu May 28 19:10:12 2015 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu May 28 19:10:12 2015 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu May 28 19:10:12 2015 Attempting to establish TCP connection with [AF_INET]128.199.126.151:5555 [nonblock]
Thu May 28 19:10:13 2015 TCP connection established with [AF_INET]128.199.126.151:5555
Thu May 28 19:10:13 2015 TCPv4_CLIENT link local: [undef]
Thu May 28 19:10:13 2015 TCPv4_CLIENT link remote: [AF_INET]128.199.126.151:5555
Thu May 28 19:10:13 2015 TLS: Initial packet from [AF_INET]128.199.126.151:5555, sid=16ccbc28 f3c5eca8
Thu May 28 19:10:13 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu May 28 19:10:14 2015 VERIFY OK: depth=0, CN=[128.199.126.151], O=[128.199.126.151], OU=[128.199.126.151], C=US
Thu May 28 19:10:14 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 28 19:10:14 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu May 28 19:10:14 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 28 19:10:14 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu May 28 19:10:14 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu May 28 19:10:14 2015 [[128.199.126.151]] Peer Connection Initiated with [AF_INET]128.199.126.151:5555
Thu May 28 19:10:16 2015 SENT CONTROL [[128.199.126.151]]: 'PUSH_REQUEST' (status=1)
Thu May 28 19:10:16 2015 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 192.168.30.1,route-gateway 192.168.30.14,redirect-gateway def1'
Thu May 28 19:10:16 2015 OPTIONS IMPORT: timers and/or timeouts modified
Thu May 28 19:10:16 2015 OPTIONS IMPORT: --ifconfig/up options modified
Thu May 28 19:10:16 2015 OPTIONS IMPORT: route options modified
Thu May 28 19:10:16 2015 OPTIONS IMPORT: route-related options modified
Thu May 28 19:10:16 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu May 28 19:10:16 2015 ROUTE_GATEWAY 192.168.4.1/255.255.252.0 IFACE=eth0 HWADDR=b8:ac:6f:50:18:af
Thu May 28 19:10:16 2015 TUN/TAP device tun0 opened
Thu May 28 19:10:16 2015 TUN/TAP TX queue length set to 100
Thu May 28 19:10:16 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu May 28 19:10:16 2015 /sbin/ip link set dev tun0 up mtu 1500
Thu May 28 19:10:16 2015 /sbin/ip addr add dev tun0 local 192.168.30.13 peer 192.168.30.14
Thu May 28 19:10:16 2015 /sbin/ip route add 128.199.126.151/32 via 192.168.4.1
Thu May 28 19:10:16 2015 /sbin/ip route add 0.0.0.0/1 via 192.168.30.14
Thu May 28 19:10:16 2015 /sbin/ip route add 128.0.0.0/1 via 192.168.30.14
Thu May 28 19:10:16 2015 Initialization Sequence Completed

答案1

如果客户端是 Linux,则需要在 Softether 启动脚本末尾添加“dhclient tunx”命令。添加睡眠延迟时间也有助于确保在启动 dhclient 命令之前 vpn 已经连接。

答案2

您的配置没问题。看起来好像有什么东西阻止了您的传出流量。我不确定是什么原因,可能是防火墙。

答案3

我需要在服务器上安装 Softether vpnclient,然后在 vpnserver 中安装 DhcpEnable,最后重新启动 SSH。DhcpTable 向我显示了我连接的 IP 地址。

在我的笔记本电脑上,我需要在适配器上运行 dhclient 来获取 IP 地址。然后我就可以 ssh 进入我的服务器了。

相关内容