我正在遵循 OpenVPN 的第一个示例设置,其中涉及建立 TUN 隧道。
在服务器上我运行:
openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun
ubiquiti Edge Router 通过 LAN 连接互联网。在路由器中我运行:
/usr/sbin/openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --remote 203.0.113.15
其中 203.0.113.15 是服务器的公共 IP。
显然隧道已经建立。
在服务器中:
# ifconfig
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 203.0.113.15 netmask 255.255.255.255 broadcast 203.0.113.15
inet6 fe80::250:56ff:fe12:68c3 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:12:68:c3 txqueuelen 1000 (Ethernet)
RX packets 23098 bytes 6362816 (6.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31722 bytes 3698922 (3.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 42 bytes 3448 (3.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 3448 (3.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.200.0.1 netmask 255.255.255.255 destination 10.200.0.2
inet6 fe80::1e73:c3f6:d459:d2fd prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 396 (396.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
在 Ubiquiti 路由器上:
# show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.1.1/24 u/u
eth1 - u/D
eth2 - u/D
eth3 - u/D
eth4 192.168.0.23/16 u/u
eth5 - u/D
lo 127.0.0.1/8 u/u
::1/128
switch0 - u/u
tun0 10.200.0.2 u/u
10.200.0.1
但是当我尝试从 Ubiquiti 路由器或10.200.0.2
服务器ping 时,没有得到任何响应。
这是为什么?缺少了什么?
编辑:添加了openvpn
两端命令的输出。
openvpn
服务器的输出:
# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun
Sat Mar 19 01:14:54 2022 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Sat Mar 19 01:14:54 2022 OpenVPN 2.4.11 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
Sat Mar 19 01:14:54 2022 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Sat Mar 19 01:14:54 2022 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION!
Sat Mar 19 01:14:54 2022 TUN/TAP device tun0 opened
Sat Mar 19 01:14:54 2022 /sbin/ip link set dev tun0 up mtu 1500
Sat Mar 19 01:14:54 2022 /sbin/ip addr add dev tun0 local 10.200.0.1 peer 10.200.0.2
Sat Mar 19 01:14:54 2022 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat Mar 19 01:14:54 2022 UDPv4 link local (bound): [AF_INET][undef]:1194
Sat Mar 19 01:14:54 2022 UDPv4 link remote: [AF_UNSPEC]
openvpn
Ubiquiti EdgeRouter的输出:
# openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --remote 203.0.113.15
Sat Mar 19 01:15:20 2022 OpenVPN 2.3.2 mipsel-unkown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] eurephia] [MH] [IPv6] built on Oct 1 2018
Sat Mar 19 01:15:20 2022 ******* WARNING *******: all encruption and authentication features disabled -- all data will be tunnelled as cleartext
Sat Mar 19 01:15:20 2022 TUN/TAP device tun0 opened
Sat Mar 19 01:15:20 2022 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Mar 19 01:15:20 2022 /sbin/ip link set dev tun0 up mtu 1500
Sat Mar 19 01:15:20 2022 /sbin/ip addr add dev tun0 local 10.200.0.2 peer 10.200.0.1
Sat Mar 19 01:15:20 2022 UDPv4 link local (bound): [undef]
Sat Mar 19 01:15:20 2022 UDPv4 link remote: [AF_INET]203.0.113.15:1194