我想安装我的openvpn服务器,但它不工作!
客户端configuration:
client dev tap ;dev-node MyTap ;proto tcp proto udp remote 5.1.85.206 1194 ;remote-random resolv-retry infinite nobind ;user nobody ;group nobody persist-key persist-tun ;http-proxy-retry ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ca ca.crt cert client1.crt key client1.key remote-cert-tls server tls-auth ta.key 1 ;cipher x comp-lzo verb 3 ;mute 20 redirect-gateway dhcp-option DNS 8.8.8.8 服务器configuration:
;local abcd port 1194 ;proto tcp proto udp dev tap ;dev tun ;dev-node MyTap ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 ;server-bridge ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" push "dhcp-option DNS 8.8.8.8" ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 ;learn-address ./script ;push "redirect-gateway def1 bypass-dhcp" ;push "dhcp-option DNS 208.67.222.222" ;push "dhcp-option DNS 208.67.220.220" ;client-to-client ;duplicate-cn keepalive 10 120 tls-auth ta.key 0 # This file is secret ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES6 comp-lzo max-clients 2 user nobody group nogroup persist-key #persist-tun status openvpn-status.log ;log openvpn.log ;log-append openvpn.log verb 3 ;mute 20
日志:没有错误:/
我希望你可以帮助我 :)
PS:我在Windows 10上使用最新版本的openvpn我以太网直接连接到我的路由器
它可能你没有为您的服务器使用的VPNnetworking设置出站NAT。 因此,您的服务器networking上的路由器不知道将stream量从您的VPNnetworking转换为WAN端IP。
固定
我忘了将网卡从eth0更改为venet0(它是一个openvz虚拟服务器)。
我的IPTABLES规则:
sysctl -w net.ipv4.ip_forward=1 iptables -A FORWARD -o eth0 -i tun0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -$ iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE