从另一个 openvpn 客户端访问 openvpn 客户端的整个局域网

从另一个 openvpn 客户端访问 openvpn 客户端的整个局域网

我有以下设置:

设置

我需要做什么才能使192.168.0.3机器可以连接10.8.0.3?我试过了openvpn 指南但我想我遗漏了一些东西。

VPN 服务器配置/etc/openvpn/server.conf

dev tun
server 10.8.0.0 255.255.255.0

ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
crl-verify /etc/openvpn/crl.pem
dh /etc/openvpn/dh2048.pem

client-to-client
daemon

ifconfig-pool-persist ipp.txt
keepalive 10 120
client-config-dir /etc/openvpn/ccd
route 192.168.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
topology subnet
explicit-exit-notify 1

/etc/openvpn/ccd/client2

ifconfig-push 10.8.0.2 255.255.255.0
iroute 192.168.0.0 255.255.255.0

C:\Users\Станислав\openvpn\config\client.ovpn

client
dev tun
remote 80.79.254.239
ca ca.crt
cert client2.crt
key client2.key
redirect-gateway def1
topology subnet

Ip 和 tun 转发已开启。

由于我无法访问 LAN 路由器,这是否可行?

ip route

default via 80.79.254.1 dev eth0 proto static
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
80.79.254.0/24 dev eth0 proto kernel scope link src 80.79.254.239
192.168.0.0/24 via 10.8.0.2 dev tun0

ip address

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:6d:10:92 brd ff:ff:ff:ff:ff:ff
    inet 80.79.254.239/24 brd 80.79.254.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2a00:f940:2:4:2::2e16/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe6d:1092/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 52:54:00:54:6a:0d brd ff:ff:ff:ff:ff:ff
11834: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none
    inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::8c64:bf8:e518:2362/64 scope link stable-privacy
       valid_lft forever preferred_lft forever

service openvpn status

Sep 29 11:15:11 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 MULTI: Learn: 10.8.0.2 -> client2/38.139.85.41:1194
Sep 29 11:15:11 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 MULTI: primary virtual IP for client2/38.139.85.41:1194: 10.8.0.2
Sep 29 11:15:11 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 MULTI: internal route 192.168.0.0/24 -> client2/38.139.85.41:1194
Sep 29 11:15:11 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 MULTI: Learn: 192.168.0.0/24 -> client2/38.139.85.41:1194
Sep 29 11:15:11 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 REMOVE PUSH ROUTE: 'route 192.168.0.0 255.255.255.0'
Sep 29 11:15:12 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 PUSH: Received control message: 'PUSH_REQUEST'
Sep 29 11:15:12 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 SENT CONTROL [client2]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifcon>Sep 29 11:15:12 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 29 11:15:12 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 29 11:15:12 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

答案1

据我了解,您的流程是:

client 10.8.0.3-> server 10.8.0.1-> client 10.8.0.2->192.168.0.3

看起来至少客户端 2 (10.8.0.2) 是一台 Windows 机器。

至于路由

  • 10.8.0.3需要有/得到192.168.0.0/24 via 10.8.0.2
  • 192.168.0.3(或者该网络上的默认路由器,可能192.168.0.1需要10.8.0.0/24 via 192.168.0.2
  • 还需要防火墙/IP 转发,在 Windows 中启用路由可能或不可能,具体取决于版本。

如果您无法在任何192.168.0.1,3机器上更改或添加路由,那么可以求助于 NAT(在 上完成192.168.0.2),但在 Windows 上这可能会变得混乱。

另一种选择是使用桥接,这意味着所有机器都不192.168.0.0/24需要路由。

相关内容