MULTI:来自客户端 [xxxx] 的错误源地址,数据包丢失

MULTI:来自客户端 [xxxx] 的错误源地址,数据包丢失

我在 RPi(buster,Debian 10)上运行了一个 OpenVPN 服务器。升级后,它完全停止工作。在此之前,我遇到了一些公共网络问题,但我没有调查。当我连接我的 Ubuntu(18.04)时,指示器显示我已连接到 VPN,但我没有获得任何连接。ping没有返回任何数据包。服务器 openvpn 日志显示:

MULTI: bad source address from client [x.x.x.x], packet dropped

这里[xxxx]是客户端本地IP地址。

Ubuntu 客户端 [xxxx] --- 路由器 A --- 互联网 --- 路由器 B --- 服务器/RPi

这是我的 server.conf:

local 192.168.x.x # THIS IS MY RASPBERRY PI LOCAL IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/cert.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/cert.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh2048.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
# server and remote endpoints 
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server 
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet 
push "route 10.8.0.0 255.255.255.0"
# your local subnet 
push "route 192.168.x.x 255.255.255.0" # THIS IS MY RASPBERRY PI LOCAL IP ADDRESS
# Set primary domain name server address to the SOHO Router 
# If your router does not do DNS, you can use Google DNS 8.8.8.8 
push "dhcp-option DNS 8.8.4.4" # This should already match your router address and not need to be changed.
# Override the Client default gateway by using 0.0.0.0/1 and 
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of 
# overriding but not wiping out the original default gateway. 
push "redirect-gateway def1 bypass-dhcp"
#push "redirect-gateway local" 

client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 4

我还有一个防火墙规则脚本:

#!/bin/sh 
iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE

我确实尝试去理解,但这毫无意义。一些资料提到我需要创建客户端特定的配置目录。但这以前是没有必要的。服务器如何收到客户端的本地 IP 地址?服务器只需要知道客户端/路由器 A 的公共 IP。

答案1

事实证明,我的以太网接口是以enx....格式命名的,而不是。所以我需要用而不是 来eth0更新规则脚本。现在它可以正常工作了。enx....eth0

相关内容