나는 Google에서 할 수 있는 모든 것을 검색했지만 성공하지 못했습니다.
질문을 최대한 단순화하겠습니다.
openvpn 연결 전 경로:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 178.xxx.xxx.xxx 0.0.0.0 UG 0 0 0 enp5s0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
VPN 연결 후 경로:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 178.xxx.xxx.xxx 0.0.0.0 UG 0 0 0 enp5s0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
문제:
VPN에 연결한 후 -> 네트워크가 완전히 "깨졌습니다".
ping이나 openvpn 서버(10.8.0.1), google dns(8.8.8.8), 인터넷 게이트웨이(178.xxx.xxx.xxx)를 사용할 수 없습니다.
VPN 클라이언트를 중지하면 -> 모든 것이 다시 작동합니다.
그 문제를 해결하는 방법을 알고 있나요?
감사해요.
IP 경로 표시(VPN 연결 전 = 네트워크 작동):
ip route show
default via 178.xxx.xxx.xxx dev enp5s0 proto static onlink
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
IP 경로 표시(VPN 연결 후 = 네트워크가 전혀 작동하지 않음):
0.0.0.0/1 via 10.8.0.1 dev tun0
default via 178.xxx.xxx.xxx dev enp5s0 proto static onlink
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2
128.0.0.0/1 via 10.8.0.1 dev tun0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
ifconfig enp5s0(인터넷 접속이 가능한 인터페이스)
enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 178.xxx.xxx.xxx netmask 255.255.255.255 broadcast 0.0.0.0
inet6 2a01:xxx:xxx:xxx::2 prefixlen 64 scopeid 0x0<global>
inet6 fe80::xxx:xxx:xxx:c860 prefixlen 64 scopeid 0x20<link>
ether a0:36:bc:ca:c8:60 txqueuelen 1000 (Ethernet)
RX packets 110506 bytes 18354128 (18.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 117994 bytes 17466604 (17.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0x81c00000-81cfffff
VPN 클라이언트 로그(연결이 설정되었지만 나중에 네트워킹이 없어 중단됨):
May 30 16:54:35 client openvpn3-service-logger[20691]: {tag:5238658794065795403} Adding IP Adress 10.8.0.2/24 gw 10.8.0.1 ipv6: no
May 30 16:54:35 client openvpn3-service-logger[20691]: {tag:5238658794065795403} Setting remote IP address to 195.xxx.xxx.xxx ipv6: no
May 30 16:54:35 client openvpn3-service-logger[20691]: {tag:17752863769272376516} Connected: 195.xxx.xxx.xxx:1194 (195.xxx.xxx.xxx) via /TCPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]
VPN 서버 로그(동일한 상황):
May 30 16:54:34 server ovpn-server[62795]: 178.xxx.xxx.xxx:41434 [client] Peer Connection Initiated with [AF_INET]178.xxx.xxx.xxx:41434
May 30 16:54:34 server ovpn-server[62795]: client/178.xxx.xxx.xxx:41434 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
May 30 16:54:34 server ovpn-server[62795]: client/178.xxx.xxx.xxx:41434 MULTI: Learn: 10.8.0.2 -> client/178.xxx.xxx.xxx:41434
May 30 16:54:34 server ovpn-server[62795]: client/178.xxx.xxx.xxx:41434 MULTI: primary virtual IP for client/178.xxx.xxx.xxx:41434: 10.8.0.2
...
May 30 16:54:48 server ovpn-server[62795]: client/178.xxx.xxx.xxx:41434 SIGUSR1[soft,connection-reset] received, client-instance restarting
/etc/openvpn/server.conf:
port 1194
proto tcp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_au1Yf0HuxvBTSYQS.crt
key server_au1Yf0HuxvBTSYQS.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
.ovpn:
client
proto tcp-client
remote 195.xxx.xxx.xxx
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_au1Yf0HuxvBTSYQS name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3