我已经build立了一个function正常的OpenVPNnetworking(路由)…一切正常,但IP保留。 我有一个“特殊的”客户证书与我的服务器上的IP预留相关联。 我做了所有的configuration:创build与其中的客户端文件CN的ccd文件夹并编辑ipp文件。 不过,当我尝试连接到我的VPN,我的服务器总是给我的客户端不同的IP。 这怎么可能? 非常感谢你!
服务器configuration:
# Which local IP address should OpenVPN # listen on? (optional) local 192.168.1.2 # Port listening on: port 1194 # TCP or UDP server? proto udp dev tun # Certs: ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key # Diffie hellman parameters. dh /etc/openvpn/dh2048.pem # VPN Subnet: server 10.2.1.0 255.255.255.0 # Static IPs: ifconfig-pool-persist ipp.txt # Client Custom Config Dir: client-config-dir /etc/openvpn/ccd # Tunneling traffic through VPN: push "redirect-gateway" # Push (Windows-Specific) DNS: push "dhcp-option DNS 8.8.8.8" # Clients will be able to contact each other: client-to-client # The Server will accept clients with the same certificate: duplicate-cn # Pings every 300 seconds and wait 900 seconds for a response (to keep alive the connection): keepalive 300 900 # Compression: comp-lzo # Privilege downgrade: (Linux Specific) user nobody group nobody persist-key persist-tun # Quick Log: status openvpn-status.log # Logs: log openvpn.log log-append openvpn.log # Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 3 # Pushing Routes: route 10.2.1.0 255.255.255.0 push "route 10.2.2.0 255.255.255.0" 客户端configuration:
# Configuration Type: client # Device Type: dev tun # Protocol: proto udp # VPN Server IP: remote X 1194 # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) user nobody group nobody # Try to preserve some state across restarts. persist-key persist-tun # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. mute-replay-warnings # Certs: ca ca.crt cert crt.crt key key.key # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". ns-cert-type server # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. comp-lzo # Set log file verbosity. verb 3
编辑由ifconfig-pool-persist指定的文件不是为主机设置永久静态地址的正确方法。
如果您想永久发布地址,更好的解决scheme是在该主机的客户端configuration文件中使用ifconfig-push local remote指令。