OpenVpn 客户端无法 Ping 到子网,反之亦然

tag-icon tag-icon ubuntu iptables routing openvpn
OpenVpn 客户端无法 Ping 到子网,反之亦然

我有一台 VPN 服务器,它现在连接到 IP 为 10.30.0.x 的 VPN 客户端。我希望它能够 ping 另一个连接到 VPN 服务器的私人客户端。请注意,其他私人客户端是 VPN 服务器的私人子网,并且不连接到它。

因此,vpn 服务器类似于 10.20.0.95,vpn 客户端是 10.30.0.190,连接到 vpn 服务器的私有子网是 10.20.0.180。现在 10.30.0.190 无法 ping 10.20.0.180,反之亦然。我已在 server.conf 中启用客户端到客户端

还请注意,使用伪装是可行的,但我不知道究竟是哪个服务器在 ping 10.20.0.180。我只看到来自 vpn 服务器的请求。

server.conf
port 1190
proto udp
dev tun
ca ca.crt
dh dh.pem
topology subnet
server 10.10.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
push "route 10.20.0.0 255.255.0.0"
client-config-dir ccd
ifconfig 10.10.0.1 255.255.255.0
route 10.30.0.0 255.255.0.0 10.10.0.2
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 3

client.conf
client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3

route table for vpn server aka 10.20.0.95
0.0.0.0         10.20.0.1       0.0.0.0         UG    0      0        0 eth0
10.10.0.0       0.0.0.0         255.255.0.0     U     0      0        0 tun0
10.20.0.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.30.0.0       10.10.0.2       255.255.0.0     UG    0      0        0 tun0

route table for vpn client aka 10.30.x.x
0.0.0.0         10.30.0.1       0.0.0.0         UG    0      0        0 eth0
10.10.0.0       0.0.0.0         255.255.0.0     U     0      0        0 tun0
10.20.0.0       10.10.0.1       255.255.0.0     UG    0      0        0 tun0
10.30.0.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0

route table for private subnet connected to vpn server
0.0.0.0         10.20.0.1       0.0.0.0         UG    0      0        0 eth0
10.10.0.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.20.0.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0

另外,当我从 vpn 服务器上的 10.30.xx ping 10.20.0.180 时,我看到以下 tcpdump

sudo tcpdump -i eth0 'icmp[icmptype] = icmp-echo or icmp[icmptype] = icmp-echoreply'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
21:39:25.264549 IP 10.10.0.2 > 10.20.0.180: ICMP echo request, id 1709, seq 2457, length 64
21:39:25.852635 IP 10.10.0.2 > 10.20.0.180: ICMP echo request, id 1956, seq 70, length 64
21:39:26.264552 IP 10.10.0.2 > 10.20.0.180: ICMP echo request, id 1709, seq 2458, length 64
21:39:26.852661 IP 10.10.0.2 > 10.20.0.180: ICMP echo request, id 1956, seq 71, length 64

在 VPN 服务器上从 10.20.0.180 ping 10.30.xx

sudo tcpdump -i tun0 'icmp[icmptype] = icmp-echo or icmp[icmptype] = icmp-echoreply'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
21:43:56.136264 IP 10.10.0.1 > 10.30.0.190: ICMP echo request, id 6694, seq 1, length 64
21:43:57.135874 IP 10.10.0.1 > 10.30.0.190: ICMP echo request, id 6694, seq 2, length 64
21:43:58.135855 IP 10.10.0.1 > 10.30.0.190: ICMP echo request, id 6694, seq 3, length 64
21:43:59.136256 IP 10.10.0.1 > 10.30.0.190: ICMP echo request, id 6694, seq 4, length 64
21:44:00.135868 IP 10.10.0.1 > 10.30.0.190: ICMP echo request, id 6694, seq 5, length 64
21:44:01.135848 IP 10.10.0.1 > 10.30.0.190: ICMP echo request, id 6694, seq 6, length 64
21:44:02.136093 IP 10.10.0.1 > 10.30.0.190: ICMP echo request, id 6694, seq 7, length 64

任何帮助都将不胜感激。谢谢

相关内容