我有一台 Ubuntu 機器在另一個城市作為 OpenVPN 伺服器運作。我可以透過 ssh 存取它。我正在嘗試使用 Tunnelblick 從 Mac 上使用 VPN。
伺服器的本地子網路是 192.168.80.x。客戶端的位址是 192.168.0.x。當客戶端連線時,其 IP 位址為 10.8.0.5。
Tunnelblick 已連接,但我無法ping 8.8.8.8載入網頁或存取任何遠端 LAN 設備(使用位址 10.8.0.1 的 VPN 伺服器除外)。
客戶端的設定檔:
client
dev tun
proto udp
remote [my server's external IP address] 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
redirect-gateway local def1
伺服器的:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.80.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
我需要改變什麼?
編輯:在伺服器上:
$ cat /proc/sys/net/ipv4/ip_forward
1
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
$ ip route
default via 192.168.80.1 dev enp2s0 proto static metric 100
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
169.254.0.0/16 dev tun0 scope link metric 1000
192.168.80.0/24 dev enp2s0 proto kernel scope link src 192.168.80.5 metric 100
編輯2:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.0.0/8 anywhere
/etc/default/ufw 包括DEFAULT_FORWARD_POLICY="ACCEPT".
/etc/ufw/before.rules 包括:
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
答案1
我的問題是我在/etc/ufw/before.rules.我應該有-A POSTROUTING -s 10.8.0.0/8 -o enp2s0 -j MASQUERADE而不是-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE。我從指南中複製貼上,沒有辨別。