Openvpn 서버를 사용하여 Openstack VPS에 연결하면 네트워크 패킷이 로컬 호스트에 도달하지 않습니다.

tag-icon tag-icon iptables openvpn linux-networking nat tcpdump
Openvpn 서버를 사용하여 Openstack VPS에 연결하면 네트워크 패킷이 로컬 호스트에 도달하지 않습니다.

여기에 문제가 있습니다.

Openstack VPS(중요한 경우 Hostigger)에 OpenVPN 서버를 설치했습니다. 가이드를 이용했어요https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04

VPN 연결을 설정할 수 있는 시점까지는 모든 것이 좋았습니다. 하지만 거의 모든 사이트에 접속하려고 하면 연결 시간이 초과되었습니다.

디버깅을 위해 ufw를 비활성화했습니다.

IP테이블:

$ iptables -t nat -v -x -n -L

Chain PREROUTING (policy ACCEPT 43527 packets, 3644888 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 4095 packets, 441234 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 33 packets, 2279 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 33 packets, 2279 bytes)
    pkts      bytes target     prot opt in     out     source               destination
    1453   104793 MASQUERADE  all  --  *      ens3    10.0.0.0/8           0.0.0.0/0

ens3서버의 기본 인터페이스입니다.

tracert로컬 컴퓨터에서 시도할 때

$ tracert google.com

Tracing route to google.com [172.217.16.46]
over a maximum of 30 hops:

  1    73 ms    73 ms    72 ms  10.8.0.1
  2    76 ms    86 ms    75 ms  185.181.208.1
  3    74 ms    81 ms    73 ms  static-217-195-202-1.fibersunucu.com.tr [217.195.202.1]
  4    79 ms    75 ms    74 ms  static-177-159-92-77.sadecehosting.net [77.92.159.177]
  5    75 ms    75 ms    75 ms  212.156.128.169.static.turktelekom.com.tr [212.156.128.169]
  6    74 ms    75 ms    77 ms  00-atakoy-xrs-t2-1---00-atakoy-t3-7.statik.turktelekom.com.tr [212.156.120.130]
  7   106 ms    75 ms    74 ms  00-gayrettepe-xrs-t2-1---00-atakoy-xrs-t2-1.statik.turktelekom.com.tr [81.212.203.102]
  8     *        *       75 ms  00-ebgp-gayrettepe-k---00-gayrettepe-xrs-t2-1.statik.turktelekom.com.tr [81.212.201.195]
  9    81 ms    76 ms    75 ms  212.156.120.178.26-eskisehir-t3-1.06-ulus-t3-7.statik.turktelekom.com.tr [212.156.120.178]
 10    83 ms    86 ms    83 ms  307-sof-col-1---00-ebgp-gayrettepe-k.statik.turktelekom.com.tr [212.156.104.22]
 11   112 ms   103 ms   124 ms  74.125.51.94
 12   106 ms   106 ms   111 ms  108.170.250.168
 13   145 ms   147 ms   142 ms  108.170.226.42
 14   132 ms   132 ms   134 ms  72.14.239.245
 15   132 ms   132 ms   132 ms  216.239.58.5
 16   136 ms   132 ms   141 ms  108.170.250.193
 17   132 ms   132 ms   132 ms  74.125.251.103
 18   135 ms   131 ms   132 ms  waw02s14-in-f14.1e100.net [172.217.16.46]

Trace complete.

핑도 작동합니다.

나는 달렸다tcpdump

tcpdump -A -s 0 'src president.gov.by and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

이와 같은 로컬 컴퓨터의 요청에 대해서는 curl -sSL -D - http://president.gov.by/robots.txt작동합니다. robots.txt가 표시됩니다.

tcpdump 출력:

listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
23:30:02.115218 IP 178.124.139.203.http > 10.8.0.6.51344: Flags [P.], seq 272799366:272799764, ack 63565427, win 96, length 398: HTTP: HTTP/1.1 200 OK
E.....@./.(..|..
....P...B.....sP..`....HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Jul 2019 20:30:02 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 173
Connection: keep-alive
Last-Modified: Fri, 26 Jul 2019 04:28:06 GMT
Accept-Ranges: bytes

User-agent: *
Disallow: /ru/search_ru
Disallow: /en/search_en
Disallow: /by/search_by
Disallow: /*printv
Host: president.gov.by
Sitemap: http://president.gov.by/sitemap.xml

하지만 내가 시도할 때curl -sSL -D - http://president.gov.by/

서버의 tcpdump 출력에서는 이것을 볼 수 있지만 내 로컬 컴퓨터에서는 볼 수 없습니다.

23:30:39.493302 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [.], seq 2193652739:2193654079, ack 1503148830, win 96, length 1340: HTTP: HTTP/1.1 200 OK
E..d..@......|..
....P....|.Y.;.P..`)"..HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Jul 2019 20:30:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 112378
Connection: keep-alive
Last-Modified: Fri, 26 Jul 2019 16:38:45 GMT
Accept-Ranges: bytes

    <!DOCTYPE HTML>
<html lang="ru-RU">
<head>
blah-blah-blah some html here

23:30:39.493315 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [.], seq 1340:2680, ack 1, win 96, length 1340: HTTP
E..d..@......|..
....P.....?Y.;.P..`........................ .................... ................, .. .......... ...................... .................., .........., .............."/>
</head>
<body>
  blah-blah-blah some html here

23:30:39.493317 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [.], seq 2680:4020, ack 1, win 96, length 1340: HTTP
E..d..@......|..
....P.....{Y.;.P..`I".. class="search" id="search_form">
        <div class="search_left"></div>
        blah-blah-blah some html here

23:30:39.493320 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [.], seq 4020:5360, ack 1, win 96, length 1340: HTTP
E..d..@......|..
....P......Y.;.P..`...............">..............</a>blah-blah-blah some html here                                </div>
                <div class="top_m

23:30:39.493323 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [.], seq 5360:6700, ack 1, win 96, length 1340: HTTP
E..d..@......|..
....P......Y.;.P..`/...enu_right"></div>
                blah-blah-blah some html here

23:30:39.493325 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [.], seq 6700:8040, ack 1, win 96, length 1340: HTTP
E..d..@......|..
....P...../Y.;.P..`u>.blah-blah-blah some html here
                                                                                                <div class="bm_da
23:30:39.494547 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [P.], seq 8040:8173, ack 1, win 96, length 133: HTTP
[email protected].|..
....P.....kY.;.P..`....te">25 ........ 2019 ........</div>
                                                <a href="http://president.gov.by/ru/news_ru/view/rabochaja-poezdka-v-vetkovskij-rajon-gomel
23:30:39.633147 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [.], seq 12193:13533, ack 1, win 96, length 1340: HTTP
[email protected]..|..
....P......Y.;.P..`blah-blah-blah some html here

23:30:40.186755 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [.], seq 0:1340, ack 1, win 96, length 1340: HTTP: HTTP/1.1 200 OK
[email protected]..|..
....P....|.Y.;.P..`)"..HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Jul 2019 20:30:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 112378
Connection: keep-alive
Last-Modified: Fri, 26 Jul 2019 16:38:45 GMT
Accept-Ranges: bytes

    <!DOCTYPE HTML>
<html lang="ru-RU">
<head>
       blah-blah-blah some html here

23:30:41.575025 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [.], seq 0:1340, ack 1, win 96, length 1340: HTTP: HTTP/1.1 200 OK
[email protected]..|..
....P....|.Y.;.P..`)"..HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Jul 2019 20:30:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 112378
Connection: keep-alive
Last-Modified: Fri, 26 Jul 2019 16:38:45 GMT
Accept-Ranges: bytes

    <!DOCTYPE HTML>
<html lang="ru-RU">
<head>
       blah-blah-blah some html here

23:30:44.350585 IP 178.124.139.203.http > 10.8.0.6.51366: Flags [.], seq 0:1340, ack 1, win 96, length 1340: HTTP: HTTP/1.1 200 OK
[email protected]..|..
....P....|.Y.;.P..`)"..HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Jul 2019 20:30:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 112378
Connection: keep-alive
Last-Modified: Fri, 26 Jul 2019 16:38:45 GMT
Accept-Ranges: bytes

    <!DOCTYPE HTML>
<html lang="ru-RU">
<head>
       blah-blah-blah some html here
^C
11 packets captured
15 packets received by filter
3 packets dropped by kernel

나는 여기에 갇혀있다. robots.txt에는 연결할 수 있지만 더 큰 파일(index.html 등)에는 연결할 수 없는 이유는 무엇입니까?

관련 정보