我已经为远程客户端设置了一个 OpenVPN 服务器,以便其访问将向其发送多播流量的服务器,但是我无法接收任何多播流量。应用程序成功连接到相关服务器,但流量没有流动。在 TUN 设置中是否可能出现这种情况?如果可能的话,我想避免使用桥接设置。
网络拓扑结构 内部局域网 172.30.66.0/24
VPN IP 172.30.66.157 公共 IP xxx.xxx.xxx.167 VPN TUN IP 10.8.0.1
路由器/防火墙/网关 172.30.66.1(与 VPN 服务器分开的服务器)公共 IP xxx.xxx.xxx.161
服务器配置 端口 1195 proto udp dev tun ca ca.crt cert server.crt 密钥 server.key dh dh2048.pem 拓扑子网服务器 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt 推送“路由 172.30.66.0 255.255.255.0”保持活动 10 120 tls-auth ta.key 0 密码 AES-256-CBC 用户 nobody 组 nobody 持久密钥 persist-tun 状态 openvpn-status.log log-append openvpn.log 动词 4 显式退出通知 1
客户端配置 客户端 dev tun proto udp 远程 xxx.xxx.xxx.167 1195 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key 远程证书tls 服务器 tls-auth ta.key 1 密码 AES-256-CBC 动词 4
路由和防火墙信息
网关/路由器的网络和路由信息
eth0 Link encap:Ethernet HWaddr 00:15:17:B8:E0:34
inet addr:172.30.66.1 Bcast:172.30.66.255 Mask:255.255.255.0
inet6 addr: fe80::215:17ff:feb8:e034/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60590989 errors:0 dropped:0 overruns:0 frame:0
TX packets:124713096 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4959044399 (4.6 GiB) TX bytes:79112208698 (73.6 GiB)
Interrupt:28 Memory:da020000-da040000
eth1 Link encap:Ethernet HWaddr 00:15:17:B8:E0:35
inet addr:xxx.xxx.xxx.62 Bcast:xxx.xxx.xxx.63 Mask:255.255.255.252
inet6 addr: fe80::215:17ff:feb8:e035/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:143591842 errors:0 dropped:0 overruns:0 frame:0
TX packets:433909800 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:87043706669 (81.0 GiB) TX bytes:166155469966 (154.7 GiB)
Interrupt:36 Memory:da060000-da080000
eth2 Link encap:Ethernet HWaddr 00:15:17:B8:E0:36
inet addr:xxx.xxx.xxx.161 Bcast:xxx.xxx.xxx.175 Mask:255.255.255.240
inet6 addr: fe80::215:17ff:feb8:e036/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:374270778 errors:0 dropped:0 overruns:0 frame:0
TX packets:2437893 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:158649519904 (147.7 GiB) TX bytes:552647203 (527.0 MiB)
Interrupt:36 Memory:da120000-da140000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:688 (688.0 b) TX bytes:688 (688.0 b)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
xxx.xxx.xxx.60 * 255.255.255.252 U 0 0 0 eth1
xxx.xxx.xxx.160 * 255.255.255.240 U 0 0 0 eth2
172.30.66.0 * 255.255.255.0 U 0 0 0 eth0
10.8.0.0 172.30.66.157 255.255.255.0 UG 0 0 0 eth0
default xxx.xxx.xxx.61. 0.0.0.0 UG 0 0 0 eth1
VPN 服务器的网络和路由信息
eth2 Link encap:Ethernet HWaddr A0:36:9F:E2:B3:2E
inet addr:xxx.xxx.xxx.167 Bcast:xxx.xxx.xxx.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8222 errors:0 dropped:0 overruns:0 frame:0
TX packets:2009 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1235747 (1.1 MiB) TX bytes:462680 (451.8 KiB)
eth3 Link encap:Ethernet HWaddr A0:36:9F:E2:B3:2F
inet addr:172.30.66.157 Bcast:172.30.66.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:38220 errors:0 dropped:0 overruns:0 frame:0
TX packets:696 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9821255 (9.3 MiB) TX bytes:64314 (62.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:424 errors:0 dropped:0 overruns:0 frame:0
TX packets:424 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:36072 (35.2 KiB) TX bytes:228498 (223.1 KiB)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
209.117.52.160 * 255.255.255.240 U 0 0 0 eth2
172.30.66.0 * 255.255.255.0 U 0 0 0 eth3
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
default Router-Eth0-P 0.0.0.0 UG 0 0 0 eth3
VPN 上的当前 IPTABLES
Chain INPUT (policy ACCEPT 34819 packets, 9286K bytes)
pkts bytes target prot opt in out source destination
5659 1040K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 115 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1 52 ACCEPT tcp -- * * 172.30.66.0/24 0.0.0.0/0 tcp dpt:22
2 104 ACCEPT tcp -- * * 10.8.0.0/24 0.0.0.0/0 tcp dpt:22
4 160 DROP tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT udp -- eth3 * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:1195
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 4 packets, 160 bytes)
pkts bytes target prot opt in out source destination
24 3232 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ eth3 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
21 4265 ACCEPT all -- eth3 tun+ 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 2426 packets, 520K bytes)
pkts bytes target prot opt in out source destination
448 231K ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
路由器/网关上的当前 IPTABLES
Chain INPUT (policy ACCEPT 1607 packets, 117K bytes)
pkts bytes target prot opt in out source destination
289 254K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
10 688 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- eth0 * 172.30.66.0/24 0.0.0.0/0 udp dpt:161
0 0 ACCEPT tcp -- eth0 * 172.30.66.0/24 0.0.0.0/0 tcp dpt:161
221K 13M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10050
101M 59G ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6732 431K ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
285 12124 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
973 58340 ACCEPT tcp -- * * 172.30.66.0/24 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
17337 1158K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
1200 394K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10050
0 0 ACCEPT esp -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp spt:4500 dpt:4500
0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
0 0 ACCEPT 2 -- tun0 * 0.0.0.0/0 0.0.0.0/0
235K 57M DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
5168 226K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
Chain FORWARD (policy ACCEPT 26053 packets, 1581K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth1 * 172.20.176.64/28 172.30.66.0/24 policy match dir in pol ipsec reqid 2 proto 50
0 0 ACCEPT all -- * eth1 172.30.66.0/24 172.20.176.64/28 policy match dir out pol ipsec reqid 2 proto 50
86M 44G ACCEPT all -- eth1 * 172.20.168.64/28 172.30.66.0/24 policy match dir in pol ipsec reqid 1 proto 50
39M 1833M ACCEPT all -- * eth1 172.30.66.0/24 172.20.168.64/28 policy match dir out pol ipsec reqid 1 proto 50
0 0 ACCEPT all -- eth1 * 172.20.176.64/28 172.30.66.0/24 policy match dir in pol ipsec reqid 2 proto 50
0 0 ACCEPT all -- * eth1 172.30.66.0/24 172.20.176.64/28 policy match dir out pol ipsec reqid 2 proto 50
0 0 ACCEPT all -- eth1 * 172.20.168.64/28 172.30.66.0/24 policy match dir in pol ipsec reqid 1 proto 50
0 0 ACCEPT all -- * eth1 172.30.66.0/24 172.20.168.64/28 policy match dir out pol ipsec reqid 1 proto 50
12M 1317M ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
14M 22G ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
149K 9702K ACCEPT all -- eth0 eth2 0.0.0.0/0 0.0.0.0/0
173K 246M ACCEPT all -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth2 eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth0 eth2 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
313M 128G ACCEPT all -- eth2 eth1 0.0.0.0/0 0.0.0.0/0
2039K 458M ACCEPT all -- eth1 eth2 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 172.30.66.157 udp dpt:1195 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- tun0 eth3 10.8.0.0/24 172.30.66.0/24 ctstate NEW
28 1568 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 103K packets, 7158K bytes)
pkts bytes target prot opt in out source destination
46M 5245M ACCEPT esp -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * eth1 0.0.0.0/0 0.0.0.0/0
18 2960 ACCEPT udp -- * eth1 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500
0 0 ACCEPT udp -- * eth1 0.0.0.0/0 0.0.0.0/0 udp spt:4500 dpt:4500
任何帮助我都非常感谢。谢谢。