Openvpn 客户端和服务器无法互相 ping 通（连接已建立）

我在两个 VPS 之间设置了 OpenVPN 客户端和服务器。我有客户端和服务器设置，服务器使用tun 接口中的10.8.0.1IP 10.8.0.2，客户端使用tun 接口中10.8.0.6的IP 10.8.0.5。 （vps1 是客户端，vps2 是服务器。）客户端可以 ping 服务器 tun IP 10.8.0.1，但不能 ping 任何其他 IP。我无法从服务器 ping 到任何 tun IP 或客户端 tun IP。

服务器配置：

port 1194
proto udp
dev tun0

ca ca.crt
cert server.crt
key server.key
tls-server
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

keepalive 10 120

comp-lzo
user nobody
group nobody
persist-key
persist-tun

verb 3

客户端配置：

client
dev tun
proto udp
remote 198.168.XXX 1194
nobind
tun-mtu 1500
persist-key
persist-tun
keepalive 14 120
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3

根据日志连接已成功设置，

Jun  9 13:25:28 vps2 openvpn[6484]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Jun  9 13:25:28 vps2 openvpn[6484]: MULTI: Learn: 10.8.0.6 -> vps1.xxx/xxxxx:33012
Jun  9 13:25:28 vps2 openvpn[6484]: MULTI: primary virtual IP for vps1.xxx/xxxxx:33012: 10.8.0.6
Jun  9 13:25:30 vps2 openvpn[6484]: vps1.xxx/xxxxx:33012 PUSH: Received control message: 'PUSH_REQUEST'
Jun  9 13:25:30 vps2 openvpn[6484]: vps1.xxx/xxxxx:33012 send_push_reply(): safe_cap=940
Jun  9 13:25:30 vps2 openvpn[6484]: vps1.xxx/xxxxx:33012 SENT CONTROL [vps1.xxx]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

并在两端建立隧道：

服务器

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:420 (420.0 b)  TX bytes:1968 (1.9 KiB)

客户

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

客户端还可以通过网关 IP ping 和 ssh 到服务器

root@vps1:~# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=72.6 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=72.6 ms
64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=72.7 ms
^C
--- 10.8.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 72.666/72.691/72.726/0.221 ms

root@vps1:~# ssh 10.8.0.1
[email protected]'s password:

但无法从服务器和客户端 ping opnevpn ip。

root@vps1:~# ping 10.8.0.2
PING 10.8.0.2 (10.8.0.2) 56(84) bytes of data.
^C
--- 10.8.0.2 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2000ms

root@vps1:~# ping 10.8.0.5
PING 10.8.0.5 (10.8.0.5) 56(84) bytes of data.