OpenVPN 连接服务器成功,但无法访问互联网

tag-icon tag-icon centos openvpn internet
OpenVPN 连接服务器成功,但无法访问互联网

我想设置一个 OpenVPN 服务器,经过一周日夜尝试(没有 Linux 知识),我能够使用 OpenVPN GUI 成功连接到服务器,但现在我可以连接,但没有 ping 8.8.8.8 并且网页获胜打不开。

服务器正在运行:CentOS 7 X64

客户端正在运行:Windows 10 Pro Build 10586.17 X64 带卡巴斯基安全软件

这是我的服务器配置

#change with your port
port 1337
#You can use udp or tcp
proto udp
# "dev tun" will create a routed IP tunnel.
dev tun
#Certificate Configuration
#ca certificate
ca ca.crt
#Server Certificate
cert server.crt
#Server Key and keep this is secret
key server.key
#See the size a dh key in /etc/openvpn/keys/
dh dh2048.pem
#Internal IP will get when already connect
server 192.168.200.0 255.255.255.0
#this line will redirect all traffic through our OpenVPN
push "redirect-gateway def1"
#Provide DNS servers to the client, you can use goolge DNS
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
#Enable multiple client to connect with same key
duplicate-cn
keepalive 20 60
comp-lzo
persist-key
persist-tun
daemon
#enable log
log-append /var/log/myvpn/openvpn.log
#Log Level
verb 3

这是我的客户端配置

client
dev tun
proto udp
remote MY_SERVER_IP_ADDRESS 1337

resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
comp-lzo
verb 3

<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>


<cert>

-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXX
-----END PRIVATE KEY-----
</key>

编辑:所以我也添加了以下命令。

yum install iptables-services -y
systemctl mask firewalld
systemctl enable iptables
systemctl stop firewalld
systemctl start iptables
iptables --flush
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
nano /etc/sysctl.conf
ADDEDD THIS TO sysctl.conf -> net.ipv4.ip_forward = 1
systemctl restart network.service
systemctl -f enable [email protected]
systemctl start [email protected]

但我仍然可以连接,但无法 ping 通并且无法打开任何网站。

以下是route print与我的服务器建立连接后的情况。

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.11     10
          0.0.0.0        128.0.0.0    192.168.200.5    192.168.200.6     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0    192.168.200.5    192.168.200.6     20
     MY_SERVER_IP  255.255.255.255      192.168.1.1     192.168.1.11     10
      169.254.0.0      255.255.0.0         On-link     169.254.61.91    276
    169.254.61.91  255.255.255.255         On-link     169.254.61.91    276
  169.254.255.255  255.255.255.255         On-link     169.254.61.91    276
      192.168.1.0    255.255.255.0         On-link      192.168.1.11    266
     192.168.1.11  255.255.255.255         On-link      192.168.1.11    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.11    266
    192.168.183.0    255.255.255.0         On-link     192.168.183.1    276
    192.168.183.1  255.255.255.255         On-link     192.168.183.1    276
  192.168.183.255  255.255.255.255         On-link     192.168.183.1    276
    192.168.200.1  255.255.255.255    192.168.200.5    192.168.200.6     20
    192.168.200.4  255.255.255.252         On-link     192.168.200.6    276
    192.168.200.6  255.255.255.255         On-link     192.168.200.6    276
    192.168.200.7  255.255.255.255         On-link     192.168.200.6    276
    192.168.230.0    255.255.255.0         On-link     192.168.230.1    276
    192.168.230.1  255.255.255.255         On-link     192.168.230.1    276
  192.168.230.255  255.255.255.255         On-link     192.168.230.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.11    266
        224.0.0.0        240.0.0.0         On-link     169.254.61.91    276
        224.0.0.0        240.0.0.0         On-link     192.168.200.6    276
        224.0.0.0        240.0.0.0         On-link     192.168.230.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.183.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.11    266
  255.255.255.255  255.255.255.255         On-link     169.254.61.91    276
  255.255.255.255  255.255.255.255         On-link     192.168.200.6    276
  255.255.255.255  255.255.255.255         On-link     192.168.230.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.183.1    276

答案1

您没有提到客户端计算机正在使用什么操作系统。这可能是防火墙问题或正确的 nat 或 ip 转发问题。

首先,连接后检查客户端计算机的 IP 配置和路由。确保路由表正确并且默认路由设置为 VPN 服务器。您还应该能够 ping 通它。如果这些都可以,那么你必须检查你的 VPN 服务器的 nat 和防火墙规则。

对于Windows 7或更高版本的Windows操作系统,您还需要以管理员身份运行openvpn客户端,否则客户端无法设置正确的路由。

答案2

我的客户端配置 openvpn.ovpn 包括

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

update-resolv-conf 基本上是

#!/bin/sh
IFACE=`route -n show | grep -m 1 default | awk '{ print $NF }'`
dhclient -r $IFACE

case "$script_type" in
  up)
        echo "prepend domain-name-servers $route_vpn_gateway;" > /etc/dhclient.conf
  ;;
  down)
        echo " " > /etc/dhclient.conf
  ;;
esac

dhclient $IFACE

从 openvpn 解析环境变量,从 VPN 服务器设置 dhcp,使用 dhclient 重新配置设备配置。这适用于 openbsd 或各种 linux。 Debian 的 resolvconf 也可以类似地使用以获得相同的效果。

相关内容