我正在尝试启用与我的VPNnetworking分离隧道。 我正在使用OpenVPN来托pipe我的VPNnetworking,并且已经按照步骤进行分离隧道工作,但是我的客户仍然得到:0.0.0.0 {VPN本地地址}推送
这是我在OpenVPN服务器上的server.conf文件,它有一个真正的公共接口与真正的IP。
port 1194 proto udp dev tun #ssl stuff ca /etc/openvpn/certs/ca.crt cert /etc/openvpn/certs/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/dh2048.pem #server statement and subnet for VPN IPs /24 for simplicity server 10.0.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt # for persistant IPing of VPN clients push "route-nopull" push "route 172.16.0.11 255.255.255.255 vpn_gateway" #internal node i want VPN clients to have access to push "route 172.16.0.3 255.255.255.255 vpn_gateway" #internal node I want VPN clients to have access to push "dhcp-option DNS 172.16.0.3" # so VPN clients use internal dns for resolution client-to-client [rest of config omitted] 客户端路由表其中:172.16.250.10是客户端的VPN地址{publicIP} =客户端networking的公共IP地址{localIP} =是本地IP地址,例如本地networking的192.168.xx,而不是VPN。
Destination Gateway Genmask Flags 0.0.0.0 10.0.0.10 0.0.0.0 UG {publicIP} {localIP} 255.255.255.255 UGH 10.0.0.0 10.0.0.10 255.255.255.0 Ug 10.0.0.10 0.0.0.0 255.255.255.255 UH # don't really understand this statement 172.16.0.3 10.0.0.10 255.255.255.255 UGH #from push command in server.conf 172.16.0.11 10.0.0.10 255.255.255.255 UGH #from push command in server.conf {client's localSubnet} 0.0.0.0 255.255.255.0 U
OpenVPN框上的IPTables,这个盒子有公共接口用于接受传入的OpenVPN请求。
Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 10.0.0.0/24 172.16.0.3 /* Allow VPN IPs to connect to the internal DNS for resolution */ ACCEPT all -- 10.0.0.0/24 172.16.0.11 /* Allows VPN IPs to connect to homeserver */
我相信这是在我的设置中涉及VPN连接的唯一configuration。 所以我有点困惑,因为我的VPN客户端接收到明确的推送语句到他们的路由表,然而客户端仍然不能使用他们的本地网关的IP请求不是目的地为10.0.0.0/24或172.16.0.0/24networking..
感谢您的帮助和时间先进。
-Jim