我有以下设置:
我需要做什么才能使192.168.0.3机器可以连接10.8.0.3?我试过了openvpn 指南但我想我遗漏了一些东西。
VPN 服务器配置/etc/openvpn/server.conf
dev tun
server 10.8.0.0 255.255.255.0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
crl-verify /etc/openvpn/crl.pem
dh /etc/openvpn/dh2048.pem
client-to-client
daemon
ifconfig-pool-persist ipp.txt
keepalive 10 120
client-config-dir /etc/openvpn/ccd
route 192.168.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
topology subnet
explicit-exit-notify 1
/etc/openvpn/ccd/client2
ifconfig-push 10.8.0.2 255.255.255.0
iroute 192.168.0.0 255.255.255.0
C:\Users\Станислав\openvpn\config\client.ovpn
client
dev tun
remote 80.79.254.239
ca ca.crt
cert client2.crt
key client2.key
redirect-gateway def1
topology subnet
Ip 和 tun 转发已开启。
由于我无法访问 LAN 路由器,这是否可行?
ip route
default via 80.79.254.1 dev eth0 proto static
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
80.79.254.0/24 dev eth0 proto kernel scope link src 80.79.254.239
192.168.0.0/24 via 10.8.0.2 dev tun0
ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:6d:10:92 brd ff:ff:ff:ff:ff:ff
inet 80.79.254.239/24 brd 80.79.254.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a00:f940:2:4:2::2e16/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe6d:1092/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 52:54:00:54:6a:0d brd ff:ff:ff:ff:ff:ff
11834: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::8c64:bf8:e518:2362/64 scope link stable-privacy
valid_lft forever preferred_lft forever
service openvpn status
Sep 29 11:15:11 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 MULTI: Learn: 10.8.0.2 -> client2/38.139.85.41:1194
Sep 29 11:15:11 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 MULTI: primary virtual IP for client2/38.139.85.41:1194: 10.8.0.2
Sep 29 11:15:11 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 MULTI: internal route 192.168.0.0/24 -> client2/38.139.85.41:1194
Sep 29 11:15:11 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 MULTI: Learn: 192.168.0.0/24 -> client2/38.139.85.41:1194
Sep 29 11:15:11 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 REMOVE PUSH ROUTE: 'route 192.168.0.0 255.255.255.0'
Sep 29 11:15:12 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 PUSH: Received control message: 'PUSH_REQUEST'
Sep 29 11:15:12 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 SENT CONTROL [client2]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifcon>Sep 29 11:15:12 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 29 11:15:12 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 29 11:15:12 xx-xx-xx-xx.xx.xx openvpn[329382]: client2/38.139.85.41:1194 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
答案1
据我了解,您的流程是:
client 10.8.0.3-> server 10.8.0.1-> client 10.8.0.2->192.168.0.3
看起来至少客户端 2 (10.8.0.2) 是一台 Windows 机器。
至于路由
10.8.0.3需要有/得到192.168.0.0/24 via 10.8.0.2192.168.0.3(或者该网络上的默认路由器,可能192.168.0.1需要10.8.0.0/24 via 192.168.0.2- 还需要防火墙/IP 转发,在 Windows 中启用路由可能或不可能,具体取决于版本。
如果您无法在任何192.168.0.1,3机器上更改或添加路由,那么可以求助于 NAT(在 上完成192.168.0.2),但在 Windows 上这可能会变得混乱。
另一种选择是使用桥接,这意味着所有机器都不192.168.0.0/24需要路由。