通常对于OpenVPN,人们在访问LAN接口时遇到问题,但访问TUN接口没有问题。 我有相反的问题。
Ping从客户端(10.9.0.1)到服务器eth0(10.0.0.97) 工作
$ sudo tcpdump -i tun0 -n 04:06:13.702540 IP 10.9.0.1 > 10.0.0.97: ICMP echo request, id 1, seq 10, length 40 04:06:13.702591 IP 10.0.0.97 > 10.9.0.1: ICMP echo reply, id 1, seq 10, length 40 从客户端(10.9.0.1)到服务器tun0(10.8.0.1) 超时
OpenVPN日志文件在动词5处没有产生任何错误
$ sudo tcpdump -i tun0 -n 04:08:23.989997 IP 10.9.0.1 > 10.8.0.1: ICMP echo request, id 1, seq 12, length 40 (no reply from server) $ sudo service iptables status iptables: Firewall is not running.
从服务器(10.8.0.1)到客户端(10.9.0.1) 无法访问
OpenVPN日志文件在动词5处没有产生任何错误
$ ping 10.9.0.1 connect: Network is unreachable $ip route get 10.9.0.1 10.9.0.1 via 10.8.0.2 dev tun0 src 10.8.0.1 $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.0.0.0 10.8.0.2 255.255.0.0 UG 0 0 0 tun0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.9.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 $ grep -vE '^#|^;|^$|^\s' server.conf port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 10.0.0.0 255.255.0.0" route 10.0.0.0 255.255.0.0 client-config-dir ccd route 192.168.40.128 255.255.255.248 client-config-dir ccd route 10.9.0.0 255.255.255.0 keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 5 $ cat ccd/client1 ifconfig-push 10.9.0.1 10.9.0.2 iroute 10.9.0.1 255.255.255.255