Openvpn路由到LAN通过tun
我正在尝试安装OpenVPN tun来连接两个局域网
我需要的是一个在服务器和客户端应该看起来像什么样的路由openvpn设置的例子。 主要路由表,Nat翻译,防火墙等
这是我的工作:
- 当使用FileZilla连接到FTP站点时,服务器发送带有不可路由地址的被动回复
- OpenVPN客户端超时
- 如果我将路由器的子网掩码更改为包含旧的子网掩码,旧configuration的主机是否仍能正常工作?
- 停止本地电子邮件发送到中继主机与后缀
- 在一个接口上禁用rp_filter
我的OpenVPN客户端可以访问服务器端的networking,但是我的服务器甚至无法ping通我的OpenVpn客户端的eth0
我的服务器路由:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.3.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 192.168.4.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
我的客户路由:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.64.64.64 0.0.0.0 UG 0 0 0 3g-wan 10.8.0.0 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0 10.8.0.9 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 3g-wan 192.168.1.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
这是由openvpn自动设置使用:
push "route 192.168.1.0 255.255.255.0"
路由192.168.3.0 255.255.255.0
路由192.168.4.0 255.255.255.0
并在客户端configuration目录iroute命令
如果有人能提出一些我需要检查的东西,我会非常感谢Alex
编辑1#
OpenVPN服务器configuration:
port 1194 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/mom_server.crt key /etc/openvpn/keys/mom_server.key dh /etc/openvpn/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.1.0 255.255.255.0" client-config-dir /etc/openvpn/ccd client-to-client route 192.168.3.0 255.255.255.0 push "route 192.168.3.0 255.255.255.0" route 192.168.4.0 255.255.255.0 push "route 192.168.4.0 255.255.255.0" keepalive 10 120 comp-lzo user nobody chroot /etc/openvpn group nogroup daemon persist-key persist-tun status openvpn-status.log verb 3
在/ etc / openvpn / ccd / flexo_client中
iroute 192.168.3.0 255.255.255.0 iroute 192.168.4.0 255.255.255.0
编辑2#
我有这个工作,看到这里的解决scheme:
https://forums.openvpn.net/topic15768.html
OP在forums.openvpn.net上发布了答案
使用这个服务器configuration:
port 1194 proto udp dev tun topology subnet mode server tls-server server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt # flexo_client,10.8.0.4 client-config-dir ccd client-to-client #ifconfig 10.8.0.1 255.255.255.0 route 192.168.3.0 255.255.255.0 10.8.0.4 route 192.168.4.0 255.255.255.0 10.8.0.4 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/mom_server.crt key /etc/openvpn/keys/mom_server.key # This file should be kept secret dh /etc/openvpn/keys/dh1024.pem keepalive 10 120i comp-lzo user nobody chroot /etc/openvpn group nogroup daemon persist-key persist-tun status openvpn-status.log verb 3
用这个/ etc / openvpn / ccd / flexo_client
push "route 192.168.1.0 255.255.255.0 10.8.0.1" iroute 192.168.3.0 255.255.255.0 iroute 192.168.4.0 255.255.255.0
和这个客户端configuration:
config openvpn 'flexo_client' option nobind '1' option float '1' option client '1' option comp_lzo '1' option dev 'tun0' option verb '3' option persist_tun '1' option persist_key '1' option remote_cert_tls 'server' option remote 'xxxx' option proto 'udp' option resolv_retry 'infinite' option ca '/etc/openvpn/ca.crt' option cert '/etc/openvpn/flexo_client.crt' option key '/etc/openvpn/flexo_client.key' option ns_cert_type 'server' option topology 'subnet' option enable '1'
有关使用OpenVPN和iroute的更多信息可以在backreference.org上find