최신 OpenVpn 패키지로 Ubuntu 20.04를 실행하고 있습니다. 처음으로 VPN을 직접 사용해 보았습니다.
내 Windows 컴퓨터 클라이언트를 통해 현재 10.10.0.0에 있는 호스트를 ping할 수 없습니다.
해당 서브넷의 시스템에 SSH로 연결할 때 어느 방향으로든 ping할 수 있습니다.
UFW는 현재 비활성화되어 있습니다.
OpenVPN은 잘 연결되지만 openvpn 호스트 주소 10.10.3.98로 ping을 보낼 수 있습니다.
/proc/sys/net/ipv4/ip_forward는 모든 시스템에서 1로 설정됩니다.
어떤 종류의 경로 문제가 있다고 생각하지만 몇 가지를 시도했지만 운이 없었습니다. 집단이 필요해요.
감사합니다!
호스트1:/etc/openvpn$ IP 주소
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:2a:f5:f1 brd ff:ff:ff:ff:ff:ff
inet PUBLICIP/32 scope global dynamic ens3
valid_lft 70352sec preferred_lft 70352sec
inet6 2607:5300:201:2100::fdf/56 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe2a:f5f1/64 scope link
valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:cc:88:e1 brd ff:ff:ff:ff:ff:ff
inet 10.10.3.98/16 brd 10.10.255.255 scope global dynamic ens4
valid_lft 70352sec preferred_lft 70352sec
inet6 fe80::f816:3eff:fecc:88e1/64 scope link
valid_lft forever preferred_lft forever
8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.0.0.1/24 brd 10.0.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::22db:5c7d:76e4:21c2/64 scope link stable-privacy
valid_lft forever preferred_lft forever
server.conf
port 1194
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.0.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.10.0.0 255.255.0.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_hCBOMjVqB0C2SZat.crt
key server_hCBOMjVqB0C2SZat.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
IP 경로
ip route
default via PUBLICGWIP dev ens3 proto dhcp src PUBLICIP metric 100
10.0.0.0/24 dev tun0 proto kernel scope link src 10.0.0.1
10.10.0.0/16 dev ens4 proto kernel scope link src 10.10.3.98
PUBLICGWIP dev ens3 proto dhcp scope link src PUBLICIP metric 100
169.254.169.254 via 10.10.0.1 dev ens4 proto dhcp src 10.10.3.98 metric 100
클라이언트 구성(마이너스 키)
client
proto udp
explicit-exit-notify
remote PUBLICIP 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_hCBOMjVqB0C2SZat name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
host2(호스트는 핑을 할 수 없습니다)
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:02:6e:b7 brd ff:ff:ff:ff:ff:ff
inet PUBLICIP/32 scope global dynamic ens3
valid_lft 69012sec preferred_lft 69012sec
inet6 2607:5300:201:2100::862/56 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe02:6eb7/64 scope link
valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:57:46:57 brd ff:ff:ff:ff:ff:ff
inet 10.10.3.222/16 brd 10.10.255.255 scope global dynamic ens4
valid_lft 69012sec preferred_lft 69012sec
inet6 fe80::f816:3eff:fe57:4657/64 scope link
valid_lft forever preferred_lft forever
ip route
default PUBLICGWIP dev ens3 proto dhcp src PUBLICIP metric 100
10.10.0.0/16 dev ens4 proto kernel scope link src 10.10.3.222
PUBLICGWIP dev ens3 proto dhcp scope link src PUBLICIP metric 100
169.254.169.254 via 10.10.0.2 dev ens4 proto dhcp src 10.10.3.222 metric 100
VPN에 연결된 경우 Windows 클라이언트 ipconfig
Unknown adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
Physical Address. . . . . . . . . : 00-FF-0B-15-88-B7
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4719:c54f:b42e:fe72%50(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 838926091
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-0C-DC-F8-3C-7C-3F-F3-68-C1
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
답변1
Host2에는 에 도달할 경로가 없습니다 10.0.0.0/24.
10.0.0.0/24 via 10.10.3.98에 도달하기 위한 10.10.3.98게이트웨이 역할을 하는 경로가 필요합니다 10.0.0.0/24.
양방향을 가리키는 경로가 필요하다는 점을 기억하세요.