服务器 Gind.cn
  1. 服务器 Gind.cn
  3. openvpn发送互联网stream量到单独的服务器
Intereting Posts
网站加载完全从本地主机,但3或4小时后,不从远程计算机加载,直到重新启动iis 寻找工具来创build服务器configuration 添加第二个站点到nginx pidpet – groupid(gid)for mysql group在prod和dev之间有所不同 擦除NVRAM后,DL380 G4死机 通过SSHclosures机器不会返回退出值 是否有可能查看谷歌应用程序smtp日志? 阿帕奇 – 幻影长请求返回408? 独angular兽:分网站生成的链接断开 IBM WebSphere Application Server修订包安装 从Juniper Netscreen轻松获取会话列表 为什么ssh-host-config在Windows 8.1上的Cygwin中创build两个用户? puppetca永远不会返回任何东西 AWS route53 www。 前缀不解决权利 MegaCLI导致驱动器“其他错误”

openvpn发送互联网stream量到单独的服务器

简洁版本:

我希望我的aws ubuntu openvpn服务器将所有的客户端互联网stream量转发到另一台服务器,而不是直接发送出去。

长版本:

我正在build立一个环境,出于审计的原因,所有的互联网stream量必须通过一个特定的网关路由。 一些用户将通过openvpn连接到networking。 我有openvpn服务器设置,用户可以连接,但他们的所有stream量都是outvpn的网关/ IP。

IE浏览器当我的客户去ipcow.com他们看到AAAA,我希望他们看到BBBB

子网configuration 

-------------------------------------------------- | AAAA - VPN - 10.0.200.10 | | -------------------------------------| Private | | BBBB - Gateway/NAT - 10.0.0.200 | | --------------------------------------------------

为server.conf 

 port 1194 proto udp dev tun sndbuf 0 rcvbuf 0 ca ca.crt cert server.crt key server.key dh dh.pem tls-auth ta.key 0 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push route "0.0.0.0 0.0.0.0 10.0.0.200" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 cipher AES-128-CBC comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 crl-verify crl.pem

client.ovpn 

 client dev tun proto udp sndbuf 0 rcvbuf 0 remote PPPP 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-128-CBC comp-lzo setenv opt block-outside-dns key-direction 1 verb 3

连接日志 

 Unrecognized option or missing parameter(s) in vpn.ovpn:14: block-outside-dns (2.3.10) OpenVPN 2.3.10 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 14 2016 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09 Control Channel Authentication: tls-auth using INLINE static key file Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Socket Buffers: R=[212992->212992] S=[212992->212992] UDPv4 link local: [undef] UDPv4 link remote: [AF_INET]PPPP:1194 TLS: Initial packet from [AF_INET]PPPP:1194, sid=5678375f 5c54cccd VERIFY OK: depth=1, CN=ChangeMe Validating certificate key usage ++ Certificate has key usage 00a0, expects 00a0 VERIFY KU OK Validating certificate extended key usage ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication VERIFY EKU OK VERIFY OK: depth=0, CN=server Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA [server] Peer Connection Initiated with [AF_INET]PPPP:1194 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.0.0.0 255.255.0.0,route 0.0.0.0 0.0.0.0 10.0.0.200 0,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' OPTIONS IMPORT: timers and/or timeouts modified OPTIONS IMPORT: --ifconfig/up options modified OPTIONS IMPORT: route options modified OPTIONS IMPORT: route-related options modified OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified ROUTE_GATEWAY 192.168.42.129/255.255.255.0 IFACE=enp0s20f0u1 HWADDR= TUN/TAP device tun0 opened TUN/TAP TX queue length set to 100 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 /usr/bin/ip link set dev tun0 up mtu 1500 /usr/bin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255 /usr/bin/ip route add PPPP/32 via 192.168.42.129 /usr/bin/ip route add 0.0.0.0/1 via 10.8.0.1 /usr/bin/ip route add 128.0.0.0/1 via 10.8.0.1 /usr/bin/ip route add 10.0.0.0/16 via 10.8.0.1 /usr/bin/ip route add 0.0.0.0/0 metric 0 via 10.0.0.200 RTNETLINK answers: Network is unreachable ERROR: Linux route add command failed: external program exited with error status: 2 Initialization Sequence Completed

我尝试添加0.0.0.0/0路由显然不起作用。

需要采取以下步骤来实现我的目标。

  1. echo“200 VPN”> / etc / iproute2 / iproute

  2. ip route添加默认通过10.0.0.200表vpn

  3. ip规则添加从10.8.0.0/24查找VPN

这给了我以下。

在这里输入图像说明