测试 Ubiquiti 边缘路由器和 Linux 服务器之间的 tun 隧道

2024-6-1 • tag-icon

我正在遵循 OpenVPN 的第一个示例设置，其中涉及建立 TUN 隧道。

在服务器上我运行：

 openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun

ubiquiti Edge Router 通过 LAN 连接互联网。在路由器中我运行：

 /usr/sbin/openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --remote 203.0.113.15

其中 203.0.113.15 是服务器的公共 IP。

显然隧道已经建立。

在服务器中：

# ifconfig
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 203.0.113.15 netmask 255.255.255.255  broadcast 203.0.113.15
        inet6 fe80::250:56ff:fe12:68c3  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:12:68:c3  txqueuelen 1000  (Ethernet)
        RX packets 23098  bytes 6362816 (6.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 31722  bytes 3698922 (3.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 42  bytes 3448 (3.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 42  bytes 3448 (3.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.200.0.1  netmask 255.255.255.255  destination 10.200.0.2
        inet6 fe80::1e73:c3f6:d459:d2fd  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 396 (396.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

在 Ubiquiti 路由器上：

# show interfaces                                                                                                                                               
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down                                                                                                                       
Interface    IP Address                        S/L  Description                                                                                                                    
---------    ----------                        ---  -----------                                                                                                                    
eth0         192.168.1.1/24                    u/u                                                                                                                                 
eth1         -                                 u/D                                                                                                                                 
eth2         -                                 u/D                                                                                                                                 
eth3         -                                 u/D                                                                                                                                 
eth4         192.168.0.23/16                   u/u                                                                                                                                 
eth5         -                                 u/D                                                                                                                                 
lo           127.0.0.1/8                       u/u                                                                                                                                 
             ::1/128                                                                                                                                                               
switch0      -                                 u/u                                                                                                                                 
tun0         10.200.0.2                        u/u

10.200.0.1但是当我尝试从 Ubiquiti 路由器或10.200.0.2服务器ping 时，没有得到任何响应。

这是为什么？缺少了什么？

编辑：添加了openvpn两端命令的输出。

openvpn服务器的输出：

# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun
Sat Mar 19 01:14:54 2022 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Sat Mar 19 01:14:54 2022 OpenVPN 2.4.11 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
Sat Mar 19 01:14:54 2022 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Sat Mar 19 01:14:54 2022 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION!
Sat Mar 19 01:14:54 2022 TUN/TAP device tun0 opened
Sat Mar 19 01:14:54 2022 /sbin/ip link set dev tun0 up mtu 1500
Sat Mar 19 01:14:54 2022 /sbin/ip addr add dev tun0 local 10.200.0.1 peer 10.200.0.2
Sat Mar 19 01:14:54 2022 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat Mar 19 01:14:54 2022 UDPv4 link local (bound): [AF_INET][undef]:1194
Sat Mar 19 01:14:54 2022 UDPv4 link remote: [AF_UNSPEC]

openvpnUbiquiti EdgeRouter的输出：

# openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --remote 203.0.113.15
Sat Mar 19 01:15:20 2022 OpenVPN 2.3.2 mipsel-unkown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] eurephia] [MH] [IPv6] built on Oct 1 2018
Sat Mar 19 01:15:20 2022 ******* WARNING *******: all encruption and authentication features disabled -- all data will be tunnelled as cleartext
Sat Mar 19 01:15:20 2022 TUN/TAP device tun0 opened
Sat Mar 19 01:15:20 2022 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Mar 19 01:15:20 2022 /sbin/ip link set dev tun0 up mtu 1500
Sat Mar 19 01:15:20 2022 /sbin/ip addr add dev tun0 local 10.200.0.2 peer 10.200.0.1
Sat Mar 19 01:15:20 2022 UDPv4 link local (bound): [undef]
Sat Mar 19 01:15:20 2022 UDPv4 link remote: [AF_INET]203.0.113.15:1194

相关内容