OpenVPN 互联网访问

tag-icon tag-icon openvpn ubuntu-14.04 centos7
OpenVPN 互联网访问

我的 VPS 安装在 CentOS7 上。我刚刚在 CentOS 机器上设置了 Openvpn。我可以从我的桌面(Ubuntu)连接到 VPN,但无法再访问互联网。可能出了什么问题?连接到 vpn 时最后几行:

Sun Aug  2 21:12:28 2015 [server] Peer Connection Initiated with [AF_INET]178.79.137.145:1194
Sun Aug  2 21:12:30 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Aug  2 21:12:35 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Aug  2 21:12:40 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Aug  2 21:12:45 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Aug  2 21:12:49 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Aug  2 21:12:49 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sun Aug  2 21:12:49 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Aug  2 21:12:49 2015 OPTIONS IMPORT: route options modified
Sun Aug  2 21:12:49 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Aug  2 21:12:49 2015 ROUTE_GATEWAY 192.168.8.1/255.255.255.0 IFACE=eth1 HWADDR=00:1e:10:1f:00:00
Sun Aug  2 21:12:49 2015 TUN/TAP device tun0 opened
Sun Aug  2 21:12:49 2015 TUN/TAP TX queue length set to 100
Sun Aug  2 21:12:49 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Aug  2 21:12:49 2015 /sbin/ip link set dev tun0 up mtu 1500
Sun Aug  2 21:12:49 2015 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Sun Aug  2 21:12:49 2015 /etc/openvpn/update-resolv-conf tun0 1500 1542 10.8.0.6 10.8.0.5 init
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
Sun Aug  2 21:12:50 2015 /sbin/ip route add 178.79.137.145/32 via 192.168.8.1
Sun Aug  2 21:12:50 2015 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Sun Aug  2 21:12:50 2015 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Sun Aug  2 21:12:50 2015 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Sun Aug  2 21:12:50 2015 Initialization Sequence Completed

在我的 Ubuntu 上:

netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.8.0.5        128.0.0.0       UG        0 0          0 tun0
0.0.0.0         192.168.8.1     0.0.0.0         UG        0 0          0 eth1
10.8.0.1        10.8.0.5        255.255.255.255 UGH       0 0          0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
128.0.0.0       10.8.0.5        128.0.0.0       UG        0 0          0 tun0
178.79.137.145  192.168.8.1     255.255.255.255 UGH       0 0          0 eth1
192.168.8.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1

答案1

OpenVPN 添加路由以重定向默认网关:

Sun Aug  2 21:12:50 2015 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Sun Aug  2 21:12:50 2015 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5

您可能已redirect-gateway def1在客户端配置中进行了此操作,或者您已从服务器推送此操作。通过将自定义路由推送到客户端也可以实现相同的目的,请检查所有push route ...节。

相关内容