OpenVPN 可以 ping 通互联网但无法浏览

tag-icon tag-icon openvpn
OpenVPN 可以 ping 通互联网但无法浏览

我的 OpenVPN 服务器配置两年来一直都是一样的,每次升级服务器时我都只是复制粘贴。但这次它不再起作用了。

我可以连接我的客户,也可以 ping 外部互联网:使用域名或 IP 地址(这意味着域名解析有效)。我还可以 ping 到 vpn 服务器 IP,或服务器网络中的路由器。

但我无法浏览外部互联网或 openvpn 网络内部。我唯一可以浏览的网站是 openvpn 路由器(位于 192.168.45.1)。

我的 openvpn 配置:

dev tun
#dev tap0
client-config-dir ccd
local 192.168.45.5 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS 
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194 
crl-verify /etc/openvpn/crl.pem
ca /etc/openvpn/easy-rsa/pki/ca.crt 
cert /etc/openvpn/easy-rsa/pki/issued/server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/pki/private/server.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/pki/dh2048.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0 
# server and remote endpoints 
ifconfig 10.8.0.1 10.8.0.2 
# Add route to Client routing table for the OpenVPN Server 
push "route 10.8.0.1 255.255.255.255" 
# Add route to Client routing table for the OpenVPN Subnet 
push "route 10.8.0.0 255.255.255.0" 
# your local subnet 
push "route 192.168.45.5 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router 
# If your router does not do DNS, you can use Google DNS 8.8.8.8 
push "dhcp-option DNS 192.168.45.1" # This should already match your router address and not need to be changed.
# Override the Client default gateway by using 0.0.0.0/1 and 
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of 
# overriding but not wiping out the original default gateway. 
push "redirect-gateway def1" 
client-to-client 
duplicate-cn 
keepalive 5 30 
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0 
cipher AES-256-CBC 
comp-lzo 
user nobody 
group nogroup 
persist-key 
persist-tun 
status /var/log/openvpn-status.log 20 
log /var/log/openvpn.log 
verb 3

我有一个文件/etc/firewall-openvpn-rules.sh

#!/bin/sh
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.45.5

并且/etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto eth0
allow-hotplug eth0
iface eth0 inet static
        pre-up /etc/firewall-openvpn-rules.sh
 address 192.168.45.5
 gateway 192.168.45.1
 netmask 255.255.255.0
 network 192.168.45.0
 broadcast 192.168.0.255

iptables -L -v返回:

Chain INPUT (policy ACCEPT 18750 packets, 4000K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 14757 packets, 6103K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  eth0   dns0    anywhere             anywhere             state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  dns0   eth0    anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 20662 packets, 8124K bytes)
 pkts bytes target     prot opt in     out     source               destination

提前致谢!

相关内容