服务器 Gind.cn
  1. 服务器 Gind.cn
  3. SOFTETHER。 客户端可以连接,但我无法访问服务器
Intereting Posts
断电后,Tomcat无法与MySql通信 到新的网站DMZ或不DMZ 使用locate只能find包含string“foo”的目录 RHEL / Apache – WCHAN =“semtim”的含义 rundeck无法对Active Directory进行身份validation 如何添加组的权限以匹配用户权限? WMS在SharePoint服务器上 木偶审计的文件资源不工作 慢的FTP会话 在Jira权限下破败 切换iSCSI的冗余 SAN:如何确定LUN和CSV的数量 如何在Oracle XE中创build单独的表空间? 阻止所有IP的入站TCPstream量w /例外使用netsh Nginx多网站多公网ip

SOFTETHER。 客户端可以连接,但我无法访问服务器

我遵循本指南在Digital Ocean Ubuntu 14.04实例上设置Softether VPN服务器。 我在我的笔记本电脑上安装了Softether vpn客户端和openvpn(ubuntu 14.10)。

服务器日志表明两个客户端都可以连接正常,但无法ping或telnet到服务器。 另外,当我连接openvpn,我失去了所有的互联网,除了Skype。

用openvpn客户端netstat -nr报告如下。 

Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.30.14 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 eth0 54.158.28.151 192.168.4.1 255.255.255.255 UGH 0 0 0 eth0 128.0.0.0 192.168.30.14 128.0.0.0 UG 0 0 0 tun0 192.168.4.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0 192.168.30.14 0.0.0.0 255.255.255.255 UH 0 0 0 tun0

用Softether客户端,netstat -nr报告如下: 

 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 eth0 192.168.4.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0

Ping telnet到192.168.30.14超时。

Softether vpn客户端ifconfig -a报告以下内容。 

 vpn_markadapter Link encap:Ethernet HWaddr 00:ac:c5:ff:ce:ec inet6 addr: fe80::2ac:c5ff:feff:ceec/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1620 errors:0 dropped:0 overruns:0 frame:0 TX packets:1234 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:118928 (118.9 KB) TX bytes:104989 (104.9 KB)

openvpn客户端,ifconfig -a: 

 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.30.13 PtP:192.168.30.14 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:280 errors:0 dropped:0 overruns:0 frame:0 TX packets:534 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:38199 (38.1 KB) TX bytes:60461 (60.4 KB)

Openvpn控制台: 

 Thu May 28 19:10:12 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu May 28 19:10:12 2015 Socket Buffers: R=[87380->131072] S=[16384->131072] Thu May 28 19:10:12 2015 Attempting to establish TCP connection with [AF_INET]128.199.126.151:5555 [nonblock] Thu May 28 19:10:13 2015 TCP connection established with [AF_INET]128.199.126.151:5555 Thu May 28 19:10:13 2015 TCPv4_CLIENT link local: [undef] Thu May 28 19:10:13 2015 TCPv4_CLIENT link remote: [AF_INET]128.199.126.151:5555 Thu May 28 19:10:13 2015 TLS: Initial packet from [AF_INET]128.199.126.151:5555, sid=16ccbc28 f3c5eca8 Thu May 28 19:10:13 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Thu May 28 19:10:14 2015 VERIFY OK: depth=0, CN=[128.199.126.151], O=[128.199.126.151], OU=[128.199.126.151], C=US Thu May 28 19:10:14 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Thu May 28 19:10:14 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu May 28 19:10:14 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Thu May 28 19:10:14 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu May 28 19:10:14 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Thu May 28 19:10:14 2015 [[128.199.126.151]] Peer Connection Initiated with [AF_INET]128.199.126.151:5555 Thu May 28 19:10:16 2015 SENT CONTROL [[128.199.126.151]]: 'PUSH_REQUEST' (status=1) Thu May 28 19:10:16 2015 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 192.168.30.1,route-gateway 192.168.30.14,redirect-gateway def1' Thu May 28 19:10:16 2015 OPTIONS IMPORT: timers and/or timeouts modified Thu May 28 19:10:16 2015 OPTIONS IMPORT: --ifconfig/up options modified Thu May 28 19:10:16 2015 OPTIONS IMPORT: route options modified Thu May 28 19:10:16 2015 OPTIONS IMPORT: route-related options modified Thu May 28 19:10:16 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu May 28 19:10:16 2015 ROUTE_GATEWAY 192.168.4.1/255.255.252.0 IFACE=eth0 HWADDR=b8:ac:6f:50:18:af Thu May 28 19:10:16 2015 TUN/TAP device tun0 opened Thu May 28 19:10:16 2015 TUN/TAP TX queue length set to 100 Thu May 28 19:10:16 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Thu May 28 19:10:16 2015 /sbin/ip link set dev tun0 up mtu 1500 Thu May 28 19:10:16 2015 /sbin/ip addr add dev tun0 local 192.168.30.13 peer 192.168.30.14 Thu May 28 19:10:16 2015 /sbin/ip route add 128.199.126.151/32 via 192.168.4.1 Thu May 28 19:10:16 2015 /sbin/ip route add 0.0.0.0/1 via 192.168.30.14 Thu May 28 19:10:16 2015 /sbin/ip route add 128.0.0.0/1 via 192.168.30.14 Thu May 28 19:10:16 2015 Initialization Sequence Completed

如果客户端是linux,则需要在softether启动脚本的末尾添加“dhclient tunx”命令。 添加睡眠延迟时间也很好,以确保在启动dhclient命令之前已经连接了vpn。

你的configuration没问题。 它看起来像阻止你的传出stream量。 我不确定它是什么,可能是防火墙。

我需要在服务器上安装Softether vpnclient,然后在vpnserver DhcpEnable中,最后重新启动SSH。 DhcpTable显示我连接的IP地址。

在我的笔记本电脑上,我需要在adpater上运行dhclient来获取IP地址。 然后我可以SSH入我的服务器。