OpenVPN:服务器无法ping忽略重定向门的客户端
我从VPN服务器到客户端时遇到了问题(而不是另一种方式)。
我有一个 OpenVPN服务器: 10.8.0.1/16 。
我有一个客户端1 ,其中所有流量都通过VPN路由:10.8.1.9/16。该客户端1:一切都没有问题。
我有一个客户端2 ( 10.8.1.3/16 ),我希望不通过VPN路由流量,而是可以访问的机器。 该客户端2,10.8.1.3,可以ping服务器 - > 10.8.0.1 ping OK。 但是,服务器无法ping客户端2 ... :(
我找不到。
天,尽管阅读了文档和其他帖子,但
我一直在寻找2 配置。 服务器:
server 10.8.0.0 255.255.0.0
dev tun
topology subnet
cipher AES-256-GCM
auth SHA256
verb 3
# keys here
# ...
###
key-direction 0
keepalive 10 60
persist-key
persist-tun
proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /etc/openvpn/openvpn-status.log
user nobody
group nogroup
#comp-lzo no
### Route Configurations Below
### Push Configurations Below
push "block-outside-dns"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 172.8.0.1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
# Pour indiquer le chemin des fichiers config des clients
client-config-dir /etc/openvpn/ccd
# Pour interdire la connexion de client sans fichier config
ccd-exclusive
# Pour autoriser openvpn-monitor
management 0.0.0.0 5555
ifconfig-pool-persist ipp.txt
explicit-exit-notify 1
路由表:
default via 10.255.255.1 dev ens192
10.8.0.0/16 via 172.8.0.2 dev br-2222222222
10.255.255.1 dev ens192 scope link
172.8.0.0/24 dev br-2222222222 proto kernel scope link src 172.8.0.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
如您在此路由表中所看到的,VPN流量(10.8.0.0/16)是通过172.8.0.2路由的。实际上,我的OpenVPN在Docker上运行。
我的客户端2(10.8.1.3)VPN配置:
client
nobind
dev tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
remote my-server-vpn.com 1194 udp
key-direction 1
# To not consider the server redirect-gateway in order to avoid all traffic through VPN Gateway
pull-filter ignore "redirect-gateway"
路由表客户端2(10.8.1.3)(client vpn正在运行时):
default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.3 metric 100
10.8.0.0/16 dev tun0 proto kernel scope link src 10.8.1.3
<my-server-vpn-ip> via 192.168.1.1 dev eth0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev br-1111111111 proto kernel scope link src 172.18.0.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.3 metric 100
192.168.1.1 dev eth0 proto dhcp scope link src 192.168.1.3 metric 100
ping从10.8.1.3到10.8.0.1确定 ping从10.8.0.1到10.8.1.3 KO,
我希望有人可以帮助我,
非常感谢!
I'm having a problem pinging from my vpn server to a client (and not the other way).
I have an openvpn server: 10.8.0.1/16.
I have a client 1 where all traffic is routed through the VPN: 10.8.1.9/16. No problem with this client 1: everything works.
I have a client 2 (10.8.1.3/16)where I would like traffic not to be routed through the VPN but the machines to be accessible.
This client 2, 10.8.1.3, can ping the server -> 10.8.0.1 ping ok.
But, the server cannot ping client 2... :(
I've been looking for 2 days and despite reading documentation and other posts, I can't find it.
Anyone have an idea?
Here my configuration.
Server:
server 10.8.0.0 255.255.0.0
dev tun
topology subnet
cipher AES-256-GCM
auth SHA256
verb 3
# keys here
# ...
###
key-direction 0
keepalive 10 60
persist-key
persist-tun
proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /etc/openvpn/openvpn-status.log
user nobody
group nogroup
#comp-lzo no
### Route Configurations Below
### Push Configurations Below
push "block-outside-dns"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 172.8.0.1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
# Pour indiquer le chemin des fichiers config des clients
client-config-dir /etc/openvpn/ccd
# Pour interdire la connexion de client sans fichier config
ccd-exclusive
# Pour autoriser openvpn-monitor
management 0.0.0.0 5555
ifconfig-pool-persist ipp.txt
explicit-exit-notify 1
Route table:
default via 10.255.255.1 dev ens192
10.8.0.0/16 via 172.8.0.2 dev br-2222222222
10.255.255.1 dev ens192 scope link
172.8.0.0/24 dev br-2222222222 proto kernel scope link src 172.8.0.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
As you can see in this route table, the VPN traffic (10.8.0.0/16) is routed via 172.8.0.2. In fact, my openvpn run on docker.
My client 2 (10.8.1.3) VPN config:
client
nobind
dev tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
remote my-server-vpn.com 1194 udp
key-direction 1
# To not consider the server redirect-gateway in order to avoid all traffic through VPN Gateway
pull-filter ignore "redirect-gateway"
Route table client 2 (10.8.1.3) (when client vpn is running) :
default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.3 metric 100
10.8.0.0/16 dev tun0 proto kernel scope link src 10.8.1.3
<my-server-vpn-ip> via 192.168.1.1 dev eth0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev br-1111111111 proto kernel scope link src 172.18.0.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.3 metric 100
192.168.1.1 dev eth0 proto dhcp scope link src 192.168.1.3 metric 100
Ping from 10.8.1.3 to 10.8.0.1 OK
Ping from 10.8.0.1 to 10.8.1.3 KO
I hope someone could help me
Thank you very much !
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我找到了解决方案:
在我的客户端2上,此命令告诉我,ping带有地址172.8.0.1。因此,我已经在客户端2配置文件中添加了以下行:
这解决了我的问题,现在我可以从服务器中ping client2。
I have found the solution:
On my client2, this command tells me that the ping arrives with the address 172.8.0.1. So, I have added the following line in the client2 config file:
This solve my problem and now I can ping the client2 from the server.