我正在设置 OpenVPN,以便能够从家里连接到办公室的服务器。
在此服务器上,安装了 KVM,并且正在运行一些 VM。我创建了一个 NAT 虚拟网络 172.16.0.0/24。我希望 VPN 客户端与我的 VM 位于同一网络上。
当我从客户端连接到 VPN 时,有两件事困扰着我:
- 我想要 OpenVPN 提供的特定 IP 地址范围(如 172.16.6.1 至 172.16.7.254)。如何操作?
- 我无法访问虚拟机,甚至无法 ping 通它们。是否需要添加特定路由或其他什么?
以下是 OpenVPN 服务器配置:
# OpenVPN Port, Protocol and the Tun
port 1194
proto udp
dev tun
# OpenVPN Server Certificate - CA, server key and certificate
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/adoc-vpn-server.crt
key /etc/openvpn/server/adoc-vpn-server.key
#DH and CRL key
dh /etc/openvpn/server/dh.pem
#crl-verify /etc/openvpn/server/crl.pem
# Network Configuration - Internal network
# Redirect all Connection through OpenVPN Server
server 172.16.0.0 255.255.0.0
push "redirect-gateway def1"
# Using the DNS from https://dns.watch
push "dhcp-option DNS 172.16.0.10"
push "dhcp-option DOMAIN adoc.local"
#Enable multiple client to connect with same Certificate key
duplicate-cn
# TLS Security
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache
# Other Configuration
keepalive 20 60
persist-key
persist-tun
comp-lzo yes
daemon
user nobody
group nobody
# OpenVPN Log
log-append /var/log/openvpn.log
verb 3
任何帮助都将不胜感激!谢谢。
答案1
我已经解决了关于 DHCP 范围的一个问题 ->更改 openvpn dhcp 池
但 VPN 客户端仍然无法 ping 通虚拟机或网络的其他主机。也许需要添加一条路由...有人知道吗?
答案2
我能够通过以下方式自动安装 OpenVPN 来解决这个问题https://github.com/angristan/openvpn-install。安装使用地址空间,我的 VPN 服务器使用和地址空间10.8.0.0/24
连接到两个 libvirt 网络。172.27.48.64/26
172.27.48.128/25
/etc/openvpn/server.conf
:
port 1194
proto udp
dev tun0
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 172.28.48.66 255.255.255.192 # << only change this line
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 172.27.48.129" # automatically generated from VPN server
push "dhcp-option DNS 172.27.48.65" # automatically generated from VPN server
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_###########.crt
key server_###########.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3