服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Openvpn – 启用redirect网关,但无法访问任何网站
Intereting Posts
将服务器密码放在环境variables中 什么是RAS中的“远程访问configuration文件”? 删除不能使用“*”的所有文件 PF防火墙规则帮助 – 阻止IP锤击 在httpd.conf中使用别名读取networking驱动器的Apache问题 Nagios检查Windows Server 2008+上的wuauserv 重新启动CentOS 5.5 EC2实例后,使用resolv.conf 在LVM卷上虚拟化ZFS 是否有可能从Linux更改BIOS设置? xenserver – 添加辅助硬盘 psexec启动程序不起作用 为什么我应该使用防火墙区域而不仅仅是地址对象? 批量修改/创builddate? 批量阅读文件夹时有奇怪的行为 不要显示错误mod_aspdotnet(Apache)

Openvpn – 启用redirect网关,但无法访问任何网站

首先,我是一个服务器的新手,但不是像编程这样的东西,所以不是完全陌生的命令行等。

其次,我想在我的远程服务器上运行openvpn,并从我的Ubuntu桌面连接,以绕过收音机和电视等地理限制。

到目前为止,我已经设法做一些简单的教程设置,我可以ping我的远程服务器,但现在我有问题使用vpn所有的互联网活动,而不是转发我的ip。 用我目前的设置,我可以ping通服务器,但是当我尝试使用firefox时,它反复试图抓取一个页面而不移动任何地方。

我认为可能的一件事是我的客户端日志中的这个错误 

Sat Sep 19 15:45:17 2009 us=102181 WARNING: potential route subnet conflict between local LAN [10.1.1.0/255.255.255.0] and remote VPN [10.1.1.1/255.255.255.25$

我做了客户端的ifconfig,但无法看到10.1.1.x任何地方,所以不知道为什么它抱怨。 (对不起日本)

客户ifconig 

 eth0 Link encap:イーサネット ハードウェアアドレス 00:23:54:0d:37:61 inetアドレス:192.168.11.2 ブロードキャスト:192.168.11.255 マスク:255.255.255.0 inet6アドレス: fe80::223:54ff:fe0d:3761/64 範囲:リンクUP BROADCAST RUNNING MULTICAST MTU:1500 メトリック:1 RXパケット:149701 エラー:0 損失:0 オーバラン:0 フレーム:0 TXパケット:132252 エラー:0 損失:0 オーバラン:0 キャリア:11衝突(Collisions):0 TXキュー長:1000 RXバイト:168148922 (168.1 MB) TXバイト:18294134 (18.2 MB)割り込み:251 lo Link encap:ローカルループバックinetアドレス:127.0.0.1 マスク:255.0.0.0 inet6アドレス: ::1/128 範囲:ホストUP LOOPBACK RUNNING MTU:16436 メトリック:1 RXパケット:68 エラー:0 損失:0 オーバラン:0 フレーム:0 TXパケット:68 エラー:0 損失:0 オーバラン:0 キャリア:0衝突(Collisions):0 TXキュー長:0 RXバイト:7608 (7.6 KB) TXバイト:7608 (7.6 KB) tun0 Link encap:不明なネット ハードウェアアドレス 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inetアドレス:10.1.1.6 PtP:10.1.1.5 マスク:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 メトリック:1 RXパケット:4 エラー:0 損失:0 オーバラン:0 フレーム:0 TXパケット:4 エラー:0 損失:0 オーバラン:0 キャリア:0衝突(Collisions):0 TXキュー長:100 RXバイト:336 (336.0 B) TXバイト:336 (336.0 B)

可能是那个错误? 如果是的话,我该如何解决这个问题。 如果没有,我不知道它是什么,所以这里是我的configuration文件

客户端configuration 

 client dev tun proto tcp remote ***.***.**.*** 1194 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun ca ca.crt cert client1.crt key client1.key ns-cert-type server cipher BF-CBC comp-lzo status /etc/openvpn/openvpn-status.log log /etc/openvpn/openvpn.log verb 5

服务器configuration 

 port 1194 proto tcp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.1.1.0 255.255.255.128 ifconfig-pool-persist ipp.txt push "redirect-gateway" keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append openvpn.log verb 3

iftables for serverChain INPUT(策略DROP 1个数据包,40个字节) 

  pkts bytes target prot opt in out source destination 199 14380 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 0 0 ACCEPT all -- lo any anywhere anywhere 333 64149 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 11 924 ACCEPT all -- tun+ any anywhere anywhere 0 0 ACCEPT udp -- venet0 any anywhere anywhere udp dpt:openvpn 6 360 ACCEPT tcp -- venet0 any anywhere anywhere tcp dpt:openvpn Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 27 1620 ACCEPT all -- tun0 venet0 anywhere anywhere 0 0 ACCEPT all -- venet0 tun0 anywhere anywhere Chain OUTPUT (policy ACCEPT 441 packets, 50749 bytes) pkts bytes target prot opt in out source destination 11 924 ACCEPT all -- any tun+ anywhere anywhere

最后客户端logging我的服务器IP注释掉 

  pkts bytes taSat Sep 19 16:12:03 2009 us=410978 Current Parameter Settings: Sat Sep 19 16:12:03 2009 us=411095 config = 'client.conf' Sat Sep 19 16:12:03 2009 us=411117 mode = 0 Sat Sep 19 16:12:03 2009 us=411134 persist_config = DISABLED Sat Sep 19 16:12:03 2009 us=411151 persist_mode = 1 Sat Sep 19 16:12:03 2009 us=411168 show_ciphers = DISABLED Sat Sep 19 16:12:03 2009 us=411185 show_digests = DISABLED Sat Sep 19 16:12:03 2009 us=411201 show_engines = DISABLED Sat Sep 19 16:12:03 2009 us=411217 genkey = DISABLED Sat Sep 19 16:12:03 2009 us=411233 key_pass_file = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=411249 show_tls_ciphers = DISABLED Sat Sep 19 16:12:03 2009 us=411268 Connection profiles [default]: Sat Sep 19 16:12:03 2009 us=411285 proto = tcp-client Sat Sep 19 16:12:03 2009 us=411301 local = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=411317 local_port = 0 Sat Sep 19 16:12:03 2009 us=411334 remote = '***.***.**.***' Sat Sep 19 16:12:03 2009 us=411350 remote_port = 1194 Sat Sep 19 16:12:03 2009 us=411366 remote_float = DISABLED Sat Sep 19 16:12:03 2009 us=411382 bind_defined = DISABLED Sat Sep 19 16:12:03 2009 us=411398 bind_local = DISABLED Sat Sep 19 16:12:03 2009 us=411415 connect_retry_seconds = 5 Sat Sep 19 16:12:03 2009 us=411431 connect_timeout = 10 Sat Sep 19 16:12:03 2009 us=411447 connect_retry_max = 0 Sat Sep 19 16:12:03 2009 us=411464 socks_proxy_server = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=411480 socks_proxy_port = 0 Sat Sep 19 16:12:03 2009 us=411496 socks_proxy_retry = DISABLED Sat Sep 19 16:12:03 2009 us=411515 Connection profiles END Sat Sep 19 16:12:03 2009 us=411531 remote_random = DISABLED Sat Sep 19 16:12:03 2009 us=411548 ipchange = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=411564 dev = 'tun' Sat Sep 19 16:12:03 2009 us=411580 dev_type = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=411596 dev_node = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=411612 lladdr = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=411628 topology = 1 Sat Sep 19 16:12:03 2009 us=411644 tun_ipv6 = DISABLED Sat Sep 19 16:12:03 2009 us=411661 ifconfig_local = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=411677 ifconfig_remote_netmask = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=411694 ifconfig_noexec = DISABLED Sat Sep 19 16:12:03 2009 us=411710 ifconfig_nowarn = DISABLED Sat Sep 19 16:12:03 2009 us=411726 shaper = 0 Sat Sep 19 16:12:03 2009 us=411742 tun_mtu = 1500 Sat Sep 19 16:12:03 2009 us=411758 tun_mtu_defined = ENABLED Sat Sep 19 16:12:03 2009 us=411774 link_mtu = 1500 Sat Sep 19 16:12:03 2009 us=411790 link_mtu_defined = DISABLED Sat Sep 19 16:12:03 2009 us=411807 tun_mtu_extra = 0 Sat Sep 19 16:12:03 2009 us=411823 tun_mtu_extra_defined = DISABLED Sat Sep 19 16:12:03 2009 us=411839 fragment = 0 Sat Sep 19 16:12:03 2009 us=411855 mtu_discover_type = -1 Sat Sep 19 16:12:03 2009 us=411876 mtu_test = 0 Sat Sep 19 16:12:03 2009 us=411894 mlock = DISABLED Sat Sep 19 16:12:03 2009 us=411910 keepalive_ping = 0 Sat Sep 19 16:12:03 2009 us=411927 keepalive_timeout = 0 Sat Sep 19 16:12:03 2009 us=411943 inactivity_timeout = 0 Sat Sep 19 16:12:03 2009 us=411959 ping_send_timeout = 0 Sat Sep 19 16:12:03 2009 us=411975 ping_rec_timeout = 0 Sat Sep 19 16:12:03 2009 us=411994 ping_rec_timeout_action = 0 Sat Sep 19 16:12:03 2009 us=412010 ping_timer_remote = DISABLED Sat Sep 19 16:12:03 2009 us=412026 remap_sigusr1 = 0 Sat Sep 19 16:12:03 2009 us=412042 explicit_exit_notification = 0 Sat Sep 19 16:12:03 2009 us=412058 persist_tun = ENABLED Sat Sep 19 16:12:03 2009 us=412074 persist_local_ip = DISABLED Sat Sep 19 16:12:03 2009 us=412090 persist_remote_ip = DISABLED Sat Sep 19 16:12:03 2009 us=412106 persist_key = ENABLED Sat Sep 19 16:12:03 2009 us=412123 mssfix = 1450 Sat Sep 19 16:12:03 2009 us=412138 passtos = DISABLED Sat Sep 19 16:12:03 2009 us=412155 resolve_retry_seconds = 1000000000 Sat Sep 19 16:12:03 2009 us=412171 username = 'nobody' Sat Sep 19 16:12:03 2009 us=412187 groupname = 'nogroup' Sat Sep 19 16:12:03 2009 us=412203 chroot_dir = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412219 cd_dir = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412248 writepid = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412265 up_script = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412282 down_script = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412298 down_pre = DISABLED Sat Sep 19 16:12:03 2009 us=412314 up_restart = DISABLED Sat Sep 19 16:12:03 2009 us=412330 up_delay = DISABLED Sat Sep 19 16:12:03 2009 us=412346 daemon = DISABLED Sat Sep 19 16:12:03 2009 us=412362 inetd = 0 Sat Sep 19 16:12:03 2009 us=412378 log = ENABLED Sat Sep 19 16:12:03 2009 us=412394 suppress_timestamps = DISABLED Sat Sep 19 16:12:03 2009 us=412411 nice = 0 Sat Sep 19 16:12:03 2009 us=412427 verbosity = 5 Sat Sep 19 16:12:03 2009 us=412443 mute = 0 Sat Sep 19 16:12:03 2009 us=412459 gremlin = 0 Sat Sep 19 16:12:03 2009 us=412475 status_file = '/etc/openvpn/openvpn-status.log' Sat Sep 19 16:12:03 2009 us=412491 status_file_version = 1 Sat Sep 19 16:12:03 2009 us=412507 status_file_update_freq = 60 Sat Sep 19 16:12:03 2009 us=412523 occ = ENABLED Sat Sep 19 16:12:03 2009 us=412540 rcvbuf = 65536 Sat Sep 19 16:12:03 2009 us=412556 sndbuf = 65536 Sat Sep 19 16:12:03 2009 us=412572 sockflags = 0 Sat Sep 19 16:12:03 2009 us=412588 fast_io = DISABLED Sat Sep 19 16:12:03 2009 us=412605 lzo = 7 Sat Sep 19 16:12:03 2009 us=412621 route_script = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412637 route_default_gateway = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412653 route_default_metric = 0 Sat Sep 19 16:12:03 2009 us=412669 route_noexec = DISABLED Sat Sep 19 16:12:03 2009 us=412685 route_delay = 0 Sat Sep 19 16:12:03 2009 us=412701 route_delay_window = 30 Sat Sep 19 16:12:03 2009 us=412717 route_delay_defined = DISABLED Sat Sep 19 16:12:03 2009 us=412733 route_nopull = DISABLED Sat Sep 19 16:12:03 2009 us=412750 route_gateway_via_dhcp = DISABLED Sat Sep 19 16:12:03 2009 us=412766 allow_pull_fqdn = DISABLED Sat Sep 19 16:12:03 2009 us=412782 management_addr = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412799 management_port = 0 Sat Sep 19 16:12:03 2009 us=412815 management_user_pass = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412832 management_log_history_cache = 250 Sat Sep 19 16:12:03 2009 us=412848 management_echo_buffer_size = 100 Sat Sep 19 16:12:03 2009 us=412864 management_write_peer_info_file = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412881 management_flags = 0 Sat Sep 19 16:12:03 2009 us=412897 shared_secret_file = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=412914 key_direction = 0 Sat Sep 19 16:12:03 2009 us=412931 ciphername_defined = ENABLED Sat Sep 19 16:12:03 2009 us=412947 ciphername = 'BF-CBC' Sat Sep 19 16:12:03 2009 us=412964 authname_defined = ENABLED Sat Sep 19 16:12:03 2009 us=412980 authname = 'SHA1' Sat Sep 19 16:12:03 2009 us=412996 keysize = 0 Sat Sep 19 16:12:03 2009 us=413012 engine = DISABLED Sat Sep 19 16:12:03 2009 us=413029 replay = ENABLED Sat Sep 19 16:12:03 2009 us=413045 mute_replay_warnings = DISABLED Sat Sep 19 16:12:03 2009 us=413068 replay_window = 64 Sat Sep 19 16:12:03 2009 us=413085 replay_time = 15 Sat Sep 19 16:12:03 2009 us=413102 packet_id_file = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=413118 use_iv = ENABLED Sat Sep 19 16:12:03 2009 us=413134 test_crypto = DISABLED Sat Sep 19 16:12:03 2009 us=413151 tls_server = DISABLED Sat Sep 19 16:12:03 2009 us=413167 tls_client = ENABLED Sat Sep 19 16:12:03 2009 us=413183 key_method = 2 Sat Sep 19 16:12:03 2009 us=413200 ca_file = 'ca.crt' Sat Sep 19 16:12:03 2009 us=413216 ca_path = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=413232 dh_file = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=413248 cert_file = 'client1.crt' Sat Sep 19 16:12:03 2009 us=413265 priv_key_file = 'client1.key' Sat Sep 19 16:12:03 2009 us=413281 pkcs12_file = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=413297 cipher_list = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=413313 tls_verify = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=413329 tls_remote = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=413346 crl_file = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=413375 ns_cert_type = 64 Sat Sep 19 16:12:03 2009 us=413392 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413409 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413425 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413441 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413457 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413473 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413489 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413504 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413520 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413536 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413552 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413568 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413584 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413599 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413615 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413631 remote_cert_ku[i] = 0 Sat Sep 19 16:12:03 2009 us=413647 remote_cert_eku = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=413664 tls_timeout = 2 Sat Sep 19 16:12:03 2009 us=413680 renegotiate_bytes = 0 Sat Sep 19 16:12:03 2009 us=413696 renegotiate_packets = 0 Sat Sep 19 16:12:03 2009 us=413713 renegotiate_seconds = 3600 Sat Sep 19 16:12:03 2009 us=413729 handshake_window = 60 Sat Sep 19 16:12:03 2009 us=413745 transition_window = 3600 Sat Sep 19 16:12:03 2009 us=413761 single_session = DISABLED Sat Sep 19 16:12:03 2009 us=413777 tls_exit = DISABLED Sat Sep 19 16:12:03 2009 us=413793 tls_auth_file = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=413810 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413826 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413843 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413859 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413875 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413891 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413907 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413923 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413939 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413955 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413971 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=413987 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=414002 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=414018 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=414034 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=414051 pkcs11_protected_authentication = DISABLED Sat Sep 19 16:12:03 2009 us=414067 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414084 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414100 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414116 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414132 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414149 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414165 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414181 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414197 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414213 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414229 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414245 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414261 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414277 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414294 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414309 pkcs11_private_mode = 00000000 Sat Sep 19 16:12:03 2009 us=414325 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414341 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414369 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414386 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414402 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414418 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414434 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414450 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414466 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414482 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414498 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414514 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414530 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414546 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414563 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414578 pkcs11_cert_private = DISABLED Sat Sep 19 16:12:03 2009 us=414595 pkcs11_pin_cache_period = -1 Sat Sep 19 16:12:03 2009 us=414611 pkcs11_id = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=414627 pkcs11_id_management = DISABLED Sat Sep 19 16:12:03 2009 us=414655 server_network = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=414674 server_netmask = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=414691 server_bridge_ip = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=414709 server_bridge_netmask = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=414726 server_bridge_pool_start = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=414743 server_bridge_pool_end = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=414760 ifconfig_pool_defined = DISABLED Sat Sep 19 16:12:03 2009 us=414777 ifconfig_pool_start = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=414795 ifconfig_pool_end = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=414812 ifconfig_pool_netmask = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=414828 ifconfig_pool_persist_filename = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=414849 ifconfig_pool_persist_refresh_freq = 600 Sat Sep 19 16:12:03 2009 us=414867 n_bcast_buf = 256 Sat Sep 19 16:12:03 2009 us=414883 tcp_queue_limit = 64 Sat Sep 19 16:12:03 2009 us=414899 real_hash_size = 256 Sat Sep 19 16:12:03 2009 us=414915 virtual_hash_size = 256 Sat Sep 19 16:12:03 2009 us=414932 client_connect_script = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=414948 learn_address_script = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=414965 client_disconnect_script = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=414981 client_config_dir = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=414997 ccd_exclusive = DISABLED Sat Sep 19 16:12:03 2009 us=415014 tmp_dir = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=415030 push_ifconfig_defined = DISABLED Sat Sep 19 16:12:03 2009 us=415047 push_ifconfig_local = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=415065 push_ifconfig_remote_netmask = 0.0.0.0 Sat Sep 19 16:12:03 2009 us=415081 enable_c2c = DISABLED Sat Sep 19 16:12:03 2009 us=415098 duplicate_cn = DISABLED Sat Sep 19 16:12:03 2009 us=415114 cf_max = 0 Sat Sep 19 16:12:03 2009 us=415131 cf_per = 0 Sat Sep 19 16:12:03 2009 us=415147 max_clients = 1024 Sat Sep 19 16:12:03 2009 us=415164 max_routes_per_client = 256 Sat Sep 19 16:12:03 2009 us=415180 client_cert_not_required = DISABLED Sat Sep 19 16:12:03 2009 us=415196 username_as_common_name = DISABLED Sat Sep 19 16:12:03 2009 us=415213 auth_user_pass_verify_script = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=415229 auth_user_pass_verify_script_via_file = DISABLED Sat Sep 19 16:12:03 2009 us=415245 port_share_host = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=415262 port_share_port = 0 Sat Sep 19 16:12:03 2009 us=415278 client = ENABLED Sat Sep 19 16:12:03 2009 us=415294 pull = ENABLED Sat Sep 19 16:12:03 2009 us=415311 auth_user_pass_file = '[UNDEF]' Sat Sep 19 16:12:03 2009 us=415328 OpenVPN 2.1_rc11 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 9 2009 Sat Sep 19 16:12:03 2009 us=416184 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted> Sat Sep 19 16:12:03 2009 us=542574 LZO compression initialized Sat Sep 19 16:12:03 2009 us=542740 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ] Sat Sep 19 16:12:03 2009 us=542839 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Sat Sep 19 16:12:03 2009 us=542877 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Sat Sep 19 16:12:03 2009 us=542895 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Sat Sep 19 16:12:03 2009 us=542929 Local Options hash (VER=V4): '69109d17' Sat Sep 19 16:12:03 2009 us=542954 Expected Remote Options hash (VER=V4): 'c0103fa8' Sat Sep 19 16:12:03 2009 us=543531 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Sat Sep 19 16:12:03 2009 us=543582 Attempting to establish TCP connection with ***.***.**.***:1194 [nonblock] Sat Sep 19 16:12:04 2009 us=543727 TCP connection established with ***.***.**.***:1194 Sat Sep 19 16:12:04 2009 us=543788 Socket Buffers: R=[87380->131072] S=[16384->131072] Sat Sep 19 16:12:04 2009 us=543812 TCPv4_CLIENT link local: [undef] Sat Sep 19 16:12:04 2009 us=543841 TCPv4_CLIENT link remote: ***.***.**.***:1194 WRSat Sep 19 16:12:04 2009 us=544185 TLS: Initial packet from ***.***.**.***:1194, sid=b7baae8e 3f7be9ea WRWWRRWRRRWWRWRWRRWWRWRWRRWWRWRWRRWWRWRWRSat Sep 19 16:12:08 2009 us=724208 VERIFY OK: depth=1, /C=UK/ST=GM/L=Manchester/O=YoFelix/CN=YoFelix_CA/[email protected] Sat Sep 19 16:12:08 2009 us=724381 VERIFY OK: nsCertType=SERVER Sat Sep 19 16:12:08 2009 us=724404 VERIFY OK: depth=0, /C=UK/ST=GM/L=Manchester/O=YoFelix/CN=server/[email protected] RWWRWRWRRWWWWWRWRRRWWWRWRWRRWWRWRWRRWWRWRWRRWWRWRRRRWWWWRRRRRRSat Sep 19 16:12:14 2009 us=580994 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Sep 19 16:12:14 2009 us=581035 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Sep 19 16:12:14 2009 us=581123 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Sep 19 16:12:14 2009 us=581143 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication WWSat Sep 19 16:12:14 2009 us=581210 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sat Sep 19 16:12:14 2009 us=581245 [server] Peer Connection Initiated with ***.***.**.***:1194 Sat Sep 19 16:12:15 2009 us=829569 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) WRRRSat Sep 19 16:12:16 2009 us=392662 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,route 10.1.1.1,ping 10,ping-restart 120,ifconfig 10.1.1.6 10.1.1.5' Sat Sep 19 16:12:16 2009 us=392720 OPTIONS IMPORT: timers and/or timeouts modified Sat Sep 19 16:12:16 2009 us=392738 OPTIONS IMPORT: --ifconfig/up options modified Sat Sep 19 16:12:16 2009 us=392755 OPTIONS IMPORT: route options modified Sat Sep 19 16:12:16 2009 us=392930 ROUTE default_gateway=192.168.11.1 Sat Sep 19 16:12:16 2009 us=393740 TUN/TAP device tun0 opened Sat Sep 19 16:12:16 2009 us=393779 TUN/TAP TX queue length set to 100 Sat Sep 19 16:12:16 2009 us=393818 /sbin/ifconfig tun0 10.1.1.6 pointopoint 10.1.1.5 mtu 1500 Sat Sep 19 16:12:16 2009 us=397075 /sbin/route add -net ***.***.**.*** netmask 255.255.255.255 gw 192.168.11.1 Sat Sep 19 16:12:16 2009 us=398944 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0 Sat Sep 19 16:12:16 2009 us=400546 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.1.1.5 Sat Sep 19 16:12:16 2009 us=402024 WARNING: potential route subnet conflict between local LAN [10.1.1.0/255.255.255.0] and remote VPN [10.1.1.1/255.255.255.255] Sat Sep 19 16:12:16 2009 us=402073 /sbin/route add -net 10.1.1.1 netmask 255.255.255.255 gw 10.1.1.5 Sat Sep 19 16:12:16 2009 us=403326 GID set to nogroup Sat Sep 19 16:12:16 2009 us=403367 UID set to nobody Sat Sep 19 16:12:16 2009 us=403388 Initialization Sequence Completed WWrWRwrWRwrWRwrWRwWRWRrWrWrWrWrWrWRrWRWrWRrWrWrWRrWRrWRWRWrWRWRrWRWRWrWrWrWrWrWrWRrWrWRWrWRWrWRrWrWRrWRrWrWRWRrWRWRWrWRrWrWRWrWRrWRWRWrWrWRrWrWRWRrWrWRWRrWrWRWRWrWRrWrget

我添加了nat规则到我的iptables像pqdbuild议,我可以访问网页,但非常缓慢。 我不知道如果这是规范,但我有一个偷偷摸摸的suspision这个子网冲突我上面提到的是造成一些问题。 我自从尝试改变我的VPNnetworking地址到10.2.2.0,看看它是否会改变,但消息是一样的。 它在说什么这个本地networking? 我的路由器和台式电脑之间的? 如果我在本地桌面上做ifconfig我没有看到任何10.2.2。

这里是路线-r 

 10.2.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.2.2.0 10.2.2.2 255.255.255.128 UG 0 0 0 tun0 192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0 0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0

******************** 好极了!!!!!!!!! *********************

是的,我得到了它的工作,速度有所提高。

做一些事情

1确保您在vpn服务器上启用了pkt转发: 

 cat /proc/sys/net/ipv4/ip_forward

它应该是1,如果没有运行: 

 echo 1 > /proc/sys/net/ipv4/ip_forward

2的一个很好的措施添加[不需要,因为你允许stream量从/到tun0 ..] 

 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

3,最后 – np来自vpn的stream量 – 即:用服务器的地址replace连接的源ip地址 

 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

我认为最后一点是缺less的一个…