服务器没有响应通过 VPN 路由的 ping

2024-6-1 • tag-icon

我上面有服务器和虚拟机。我在这个服务器上托管 OpenVPN。虚拟机有两个接口：ens18 - 用于公共 IP，ens19 - 用于内部网络。我试图通过 VPN ping 10.2.0.3（ens19 上的虚拟机 ip），但它没有响应。当我tcpdump -i ens19 icmp在虚拟机上运行时，它返回以下内容：

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens19, link-type EN10MB (Ethernet), capture size 262144 bytes
16:50:25.931910 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 80, length 40
16:50:29.381784 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 81, length 40

Ping 输出：

Pinging 10.2.0.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

机器 tcpdump 输出：

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
15:58:15.007090 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 45, length 40

我的 iptables 规则：

Chain INPUT (policy ACCEPT 2806K packets, 1097M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  eth0   any     anywhere             anywhere             state RELATED,ESTABLISHED
 198K   27M ACCEPT     udp  --  vmbr0  any     anywhere             anywhere             udp dpt:[my openvn port]
   40  2429 ACCEPT     all  --  tun0   any     anywhere             anywhere            
    0     0 ACCEPT     all  --  tun+   any     anywhere             anywhere            
    0     0 ACCEPT     all  --  tun+   any     anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 197K   16M ACCEPT     all  --  tun0   vmbr0   anywhere             anywhere            
 177K  336M ACCEPT     all  --  vmbr0  tun0    anywhere             anywhere            
   45  2540 ACCEPT     all  --  tun0   any     10.8.0.0/24          10.2.0.3            
    2   104 ACCEPT     all  --  tun0   any     10.8.0.0/24          10.2.0.0/24         
    0     0 ACCEPT     all  --  tun+   any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 3102K packets, 1303M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    tun0    anywhere             anywhere

我的路线表：

default via [my public ip] dev vmbr0 proto kernel onlink 
10.2.0.0/24 dev vmbr1 proto kernel scope link src 10.2.0.1 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1 
[my public ip] dev vmbr0 proto kernel scope link src [my gateway]

IP 规则列表：

0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

如果您需要更多信息，请添加评论。抱歉我的英语不好

答案1

作者：@TomYan

在虚拟机上通过 10.2.0.1 运行 ip r add 10.8.0.0/24。对于 VPN 部分，要么将路由 10.2.0.0 255.255.255.0 添加到客户端配置，要么将推送“路由 10.2.0.0 255.255.255.0”添加到服务器配置（假设您在客户端配置中使用客户端/拉取）。请注意，如果虚拟机和 VPN 客户端都使用服务器作为其默认网关，则这些路由不是必需的

答案1

相关内容