OpenVPN:可以看到设备,已连接到我的本地网络

tag-icon tag-icon vpn openvpn
OpenVPN:可以看到设备,已连接到我的本地网络

我在 Debian 上安装了 OpenVPN 服务器(公共 IP 90.191.183.193)。我在 Windows 10 上运行 OpenVPN 客户端,放入生成的 .ovpn 文件并连接。我可以看到连接到服务器正在运行的网络的设备,但是,我也可以看到连接到我的本地网络的设备,我不喜欢这样。以下是一些文件:

openvpn配置文件

server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/90.191.183.193.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/90.191.183.193.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto tcp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup
comp-lzo no

### Route Configurations Below
route 192.168.254.0 255.255.255.0

### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "comp-lzo no"
push "redirect-gateway def1"

ovpn_环境变量

declare -x OVPN_AUTH=
declare -x OVPN_CIPHER=
declare -x OVPN_CLIENT_TO_CLIENT=
declare -x OVPN_CN=90.191.183.193
declare -x OVPN_COMP_LZO=0
declare -x OVPN_DEFROUTE=1
declare -x OVPN_DEVICE=tun
declare -x OVPN_DEVICEN=0
declare -x OVPN_DISABLE_PUSH_BLOCK_DNS=0
declare -x OVPN_DNS=1
declare -x OVPN_DNS_SERVERS=([0]="8.8.8.8" [1]="8.8.4.4")
declare -x OVPN_ENV=/etc/openvpn/ovpn_env.sh
declare -x OVPN_EXTRA_CLIENT_CONFIG=()
declare -x OVPN_EXTRA_SERVER_CONFIG=()
declare -x OVPN_FRAGMENT=
declare -x OVPN_KEEPALIVE='10 60'
declare -x OVPN_MTU=
declare -x OVPN_NAT=0
declare -x OVPN_PORT=1194
declare -x OVPN_PROTO=tcp
declare -x OVPN_PUSH=()
declare -x OVPN_ROUTES=([0]="192.168.254.0/24")
declare -x OVPN_SERVER=192.168.255.0/24
declare -x OVPN_SERVER_URL=tcp://90.191.183.193
declare -x OVPN_TLS_CIPHER=

在......的最后用户.ovpn 文件是redirect-gateway def1

我用docker-compose.yml

version: "3"
services:
  ovpn:
    image: kylemanna/openvpn:latest
    restart: always
    volumes:
      - ./ovpn-data:/etc/openvpn:rw
    ports:
      - 1194:1194/tcp
    cap_add:
      - NET_ADMIN

还有两个用于初始化和创建客户端的 bash 脚本:

初始化脚本

#!/bin/bash -x
docker compose run --rm ovpn ovpn_genconfig -u tcp://90.191.183.193
docker compose run --rm ovpn ovpn_initpki

创建客户端

#!/bin/bash -ex
docker compose run --rm ovpn easyrsa build-client-full $1 nopass
docker compose run --rm ovpn ovpn_getclient $1 > $1.ovpn

提前致谢!

相关内容