我正在尝试将 Raspberry Pi 作为客户端连接到 OpenVPN 服务器(Ubuntu 14.04.3)。以下是我的服务器和客户端配置
# server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 5
# client.ovpn
client
dev tun
proto udp
remote 10.1.2.12 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert pi2.crt
key pi2.key
ns-cert-type server
log-append openvpn.log
verb 5
在客户端,我收到此日志“初始化序列已完成”。但我无法从客户端 ping 到服务器,ping 10.8.0.1
反之亦然。
如果我改变proto tcp
两端,那么它就可以正常工作。
为了解决这个问题,我做了以下事情。
测试我的网络是否能够处理 UDP 流量
在服务器上
nc -l -u 1194
在客户端上
nc -u 10.1.2.12 1194
我能够从客户端与服务器进行通信,反之亦然。
通过在两端添加以下配置来降低 mtu
tun-mtu 1000 fragment 900 mssfix
将 UDP 端口更改为更高的值,例如 25000
但我仍然无法解决这个问题。任何帮助都将不胜感激。 客户端-服务器日志
答案1
来自 OpenVPN 手册:
--topology mode
Configure virtual addressing topology when running in --dev tun mode.
This directive has no meaning in --dev tap mode, which always uses a
subnet topology.
If you set this directive on the server, the --server and --server-bridge
directives will automatically push your chosen topology setting to
clients as well. This directive can also be manually pushed to clients.
Like the --dev directive, this directive must always be compatible
between client and server.
mode can be one of:
**net30** -- Use a point-to-point topology, by allocating one /30 subnet
per client. This is designed to allow point-to-point semantics when some
or all of the connecting clients might be Windows systems. This is the
default on OpenVPN 2.0.
来自您客户端的 OpenVPN 日志:第 308 行:
Mon Aug 29 20:33:54 2016 us=826190 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
提示:您正在“ping”错误的地址。
提示2:防火墙状态如何?
提示3:您是否已通过以下方式启用 IPv4 转发:echo 1 > /proc/sys/net/ipv4/ip_forward
?