我在 FW(Centos8)上按如下方式配置了 OpenVPN:
Remote Client
↓dev ens6
Server (OpenVpn + Firewalld) 10.14.128.29
↓dev ens7
Internal Lan (10.14.128.0/24)
↓ ↓
A (10.14.128.13) B(10.14.128.14)
A可以 ping 通B。A/B无法 ping 通服务器。为什么?
我怀疑服务器的路由表中缺少某些内容。我的/etc/openvpn/server.conf
# OpenVPN Port, Protocol, and the Tun
port 1194
proto udp
dev tun
# OpenVPN Server Certificate - CA, server key and certificate
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/ca.crt
key /etc/openvpn/server/pkki.key
#DH and CRL key
dh /etc/openvpn/server/dh.pem
# Redirect all Connection through OpenVPN Server
server 10.14.128.0 255.255.255.0
push "route 10.14.128.0 255.255.255.0"
push "redirect-gateway def1"
# Using the DNS from https://dns.watch
push "dhcp-option DNS 84.200.69.80"
push "dhcp-option DNS 84.200.70.40"
# Redirect all Connection through OpenVPN Server
server 10.14.128.0 255.255.255.0
push "route 10.14.128.0 255.255.255.0"
push "redirect-gateway def1"
# Using the DNS from https://dns.watch
push "dhcp-option DNS 84.200.69.80"
push "dhcp-option DNS 84.200.70.40"
#Enable multiple clients to connect with the same certificate key
duplicate-cn
# TLS Security
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache
生成的路由表
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 xxx.xxx.xxx.1 0.0.0.0 UG 100 0 0 ens6
0.0.0.0 xxx.xxx.xxx.1 0.0.0.0 UG 101 0 0 ens7
10.14.128.0 10.14.128.2 255.255.255.0 UG 0 0 0 tun0
10.14.128.0 0.0.0.0 255.255.255.0 U 101 0 0 ens7
10.14.128.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
xxx.xxx.xxx.1 0.0.0.0 255.255.255.255 UH 100 0 0 ens6
xxx.xxx.xxx.1 0.0.0.0 255.255.255.255 UH 101 0 0 ens7
答案1
错误很简单。我对两个子网络(远程子网络和内部子网络)使用了相同的地址空间。只需更改此行即可:
server 10.14.128.0 255.255.255.0
到
server 10.15.128.0 255.255.255.0