服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 无法在OpenVPN站点到站点VPN中ping主机
Intereting Posts
如何获取mysql.sock文件,从“/ mysql / tmp /”错误地删除 批准待处理请求独立CA后导出证书 如何在不运行preinst脚本的情况下安装.deb软件包? 连接由对等重置 Linux:杀死我所有的进程,但不是这个terminal 有没有免费的远程嗅探器(即免费的远程服务器上的嗅探器)? 域中的两个域控制器 IMAP服务器,节省相同的附件空间 监视打开的文件限制等 OpenVPN与letsencrypt服务器证书 何时/不要你在mssql服务器中索引和表压缩 terminal服务器2008 – 共享/默认用户configuration文件? 第二个端口上的SVN出现问题 防止在桥接networking中劫持IP(KVM / libvirt) 下载到PSTbutton在eDiscovery屏幕上不可用

无法在OpenVPN站点到站点VPN中ping主机

我的日志说,一个连接已经build立,但我不能ping主机。

这是我的日志。

防火墙1日志: 

May 24 10:42:57 openvpn[9163]: /etc/rc.filter_configure tun0 1500 1544 10.0.8.1 10.0.8.2 init May 24 10:42:57 openvpn[9163]: SIGTERM[hard,] received, process exiting May 24 10:42:59 openvpn[9742]: OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO] built on Dec 4 2009 May 24 10:42:59 openvpn[9742]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible May 24 10:42:59 openvpn[9742]: gw 112.202.0.1 May 24 10:42:59 openvpn[9742]: TUN/TAP device /dev/tun0 opened May 24 10:42:59 openvpn[9742]: /sbin/ifconfig tun0 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up May 24 10:42:59 openvpn[9742]: /etc/rc.filter_configure tun0 1500 1544 10.0.8.1 10.0.8.2 init May 24 10:43:00 openvpn[9757]: Listening for incoming TCP connection on [undef]:1194 May 24 10:43:00 openvpn[9757]: TCPv4_SERVER link local (bound): [undef]:1194 May 24 10:43:00 openvpn[9757]: TCPv4_SERVER link remote: [undef] May 24 10:43:00 openvpn[9757]: Initialization Sequence Completed May 24 10:43:02 openvpn[9757]: Re-using SSL/TLS context May 24 10:43:02 openvpn[9757]: LZO compression initialized May 24 10:43:02 openvpn[9757]: TCP connection established with 119.93.150.4:47750 May 24 10:43:02 openvpn[9757]: TCPv4_SERVER link local: [undef] May 24 10:43:02 openvpn[9757]: TCPv4_SERVER link remote: 119.93.150.4:47750 May 24 10:43:06 openvpn[9757]: 119.93.150.4:47750 [client] Peer Connection Initiated with 119.93.150.4:47750

防火墙2日志: 

 May 24 10:42:57 openvpn[7489]: Connection reset, restarting [0] May 24 10:42:57 openvpn[7489]: SIGUSR1[soft,connection-reset] received, process restarting May 24 10:43:02 openvpn[7489]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. May 24 10:43:02 openvpn[7489]: Re-using SSL/TLS context May 24 10:43:02 openvpn[7489]: LZO compression initialized May 24 10:43:02 openvpn[7489]: Attempting to establish TCP connection with 112.202.103.45:1194 May 24 10:43:02 openvpn[7489]: TCP connection established with 112.202.103.45:1194 May 24 10:43:02 openvpn[7489]: TCPv4_CLIENT link local: [undef] May 24 10:43:02 openvpn[7489]: TCPv4_CLIENT link remote: 112.202.103.45:1194 May 24 10:43:06 openvpn[7489]: [server] Peer Connection Initiated with 112.202.103.45:1194 May 24 10:43:08 openvpn[7489]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: 112.202.103.45 (2.0.6) May 24 10:43:08 openvpn[7489]: Preserving previous TUN/TAP instance: tun0 May 24 10:43:08 openvpn[7489]: Initialization Sequence Completed

问题是什么?

看起来,即使您在防火墙2的configuration文件中似乎有一个“推送”选项,但它有一个语法问题: 

 May 24 10:43:08 openvpn[7489]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: 112.202.103.45 (2.0.6)

一旦这个问题得到解决,你应该通过隧道进行路由,这将使防火墙2可以访问隧道另一端的机器。

我们使用OpenVPN也遇到了同样的问题。 我们发现的修补程序是OpenVPN必须以pipe理员身份运行。 我知道这听起来很可笑,但它的作品。

除了推,这可能是不足以打破连接,日志看起来很正常。 你可能错过了一条路线,或者在一端或两端都有错误的路线。