![MULTI:来自客户端 [xxxx] 的错误源地址,数据包丢失](https://linux22.com/image/780682/MULTI%EF%BC%9A%E6%9D%A5%E8%87%AA%E5%AE%A2%E6%88%B7%E7%AB%AF%20%5Bxxxx%5D%20%E7%9A%84%E9%94%99%E8%AF%AF%E6%BA%90%E5%9C%B0%E5%9D%80%EF%BC%8C%E6%95%B0%E6%8D%AE%E5%8C%85%E4%B8%A2%E5%A4%B1.png)
我在 RPi(buster,Debian 10)上运行了一个 OpenVPN 服务器。升级后,它完全停止工作。在此之前,我遇到了一些公共网络问题,但我没有调查。当我连接我的 Ubuntu(18.04)时,指示器显示我已连接到 VPN,但我没有获得任何连接。ping没有返回任何数据包。服务器 openvpn 日志显示:
MULTI: bad source address from client [x.x.x.x], packet dropped
这里[xxxx]是客户端本地IP地址。
Ubuntu 客户端 [xxxx] --- 路由器 A --- 互联网 --- 路由器 B --- 服务器/RPi
这是我的 server.conf:
local 192.168.x.x # THIS IS MY RASPBERRY PI LOCAL IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/cert.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/cert.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh2048.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.x.x 255.255.255.0" # THIS IS MY RASPBERRY PI LOCAL IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 8.8.4.4" # This should already match your router address and not need to be changed.
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1 bypass-dhcp"
#push "redirect-gateway local"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 4
我还有一个防火墙规则脚本:
#!/bin/sh
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
我确实尝试去理解,但这毫无意义。一些资料提到我需要创建客户端特定的配置目录。但这以前是没有必要的。服务器如何收到客户端的本地 IP 地址?服务器只需要知道客户端/路由器 A 的公共 IP。
答案1
事实证明,我的以太网接口是以enx....格式命名的,而不是。所以我需要用而不是 来eth0更新规则脚本。现在它可以正常工作了。enx....eth0