Apache2 http 服务器和 Openvpn 服务器在同一台机器上

tag-icon tag-icon linux firewall openvpn apache2
Apache2 http 服务器和 Openvpn 服务器在同一台机器上

在我的 Linux Mint 20.3 Cinnamon 上安装了 Apache2 服务器,我可以轻松地从 Web 访问我的 http 页面,该页面指向我路由器的静态 ip 地址,我已经在路由器上配置了正确的 http 端口。

我决定在同一台机器上安装一个 openvpn 服务器,以便通过 vpn 访问我的 http 服务器。安装顺利,现在我可以使用 openvpn 客户端从 Web 访问 openvpn 服务器。我可以从客户端 ping 服务器或 ping 另一个 ip 地址(即 8.8.8.8),但我无法再访问我的 http 服务器。

这是我的服务器和客户端 openvpn 配置

# OpenVPN Port, Protocol, and the Tun
port 1194
proto udp
dev tun

# OpenVPN Server Certificate - CA, server key and certificate
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/home-server.crt
key /etc/openvpn/server/home-server.key

#DH and CRL key
dh /etc/openvpn/server/dh.pem
crl-verify /etc/openvpn/server/crl.pem

# Network Configuration - Internal network
# Redirect all Connection through OpenVPN Server
server 10.5.0.0 255.255.255.0
push "redirect-gateway local def1"

# Using the DNS from https://dns.watch
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

#Enable multiple clients to connect with the same certificate key
duplicate-cn

# TLS Security
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache

# Other Configuration
keepalive 20 60
persist-key
persist-tun
compress lz4
daemon
user nobody
group nogroup

# OpenVPN Log
log-append /var/log/openvpn.log
verb 3

客户:

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3

从评论中编辑的进一步信息:

root@ettore-home:/etc/openvpn/server# ip route
default via 10.69.178.1 dev wlp3s0 proto dhcp metric 600
10.5.0.0/24 via 10.5.0.2 dev tun0
10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1
10.69.178.0/24 dev wlp3s0 proto kernel scope link src 10.69.178.79 metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000

root@ettore-home:/etc/openvpn/server# ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

ss -latpn | grep 80 的结果

root@ettore-home:/etc/openvpn/server# ss -latpn | grep 80
LISTEN      0        128            127.0.0.1:5939               0.0.0.0:*       users:(("teamviewerd",pid=1680,fd=12))                                         
ESTAB       0        0           10.69.178.79:60060      142.250.180.133:443     users:(("firefox-bin",pid=2899,fd=114))                                        
TIME-WAIT   0        0           10.69.178.79:43834        34.107.221.82:80                                                                                     
ESTAB       0        0           10.69.178.79:37346       37.252.253.103:443     users:(("teamviewerd",pid=1680,fd=14))                                         
TIME-WAIT   0        0           10.69.178.79:43848        34.107.221.82:80                                                                                     
LISTEN      0        511                    *:80                       *:*       users:(("apache2",pid=1729,fd=4),("apache2",pid=1728,fd=4),("apache2",pid=1727,fd=4),("apache2",pid=1726,fd=4),("apache2",pid=1725,fd=4),("apache2",pid=1708,fd=4))

root@ettore-home:/etc/openvpn/server# ip route
default via 10.69.178.1 dev wlp3s0 proto dhcp metric 600 
10.5.0.0/24 via 10.5.0.2 dev tun0 
10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1 
10.69.178.0/24 dev wlp3s0 proto kernel scope link src 10.69.178.79 metric 600 
169.254.0.0/16 dev wlp3s0 scope link metric 1000 

root@ettore-home:/etc/openvpn/server# ip rule
0:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default

相关内容