伺服器不回應透過 VPN 路由的 ping

tag-icon tag-icon networking debian iptables openvpn proxmox
伺服器不回應透過 VPN 路由的 ping

我上面有伺服器和虛擬機器。我在此伺服器上託管 OpenVPN。虛擬機器有兩個介面:ens18 - 用於公用 IP,ens19 - 用於內部網路。我嘗試透過 VPN ping 10.2.0.3(ens19 上的虛擬機器 IP),但沒有回應。當我tcpdump -i ens19 icmp在虛擬機器上運行時,它會返回:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens19, link-type EN10MB (Ethernet), capture size 262144 bytes
16:50:25.931910 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 80, length 40
16:50:29.381784 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 81, length 40

平輸出:

Pinging 10.2.0.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

機器 tcpdump 輸出:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
15:58:15.007090 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 45, length 40

我的 iptables 規則:

Chain INPUT (policy ACCEPT 2806K packets, 1097M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  eth0   any     anywhere             anywhere             state RELATED,ESTABLISHED
 198K   27M ACCEPT     udp  --  vmbr0  any     anywhere             anywhere             udp dpt:[my openvn port]
   40  2429 ACCEPT     all  --  tun0   any     anywhere             anywhere            
    0     0 ACCEPT     all  --  tun+   any     anywhere             anywhere            
    0     0 ACCEPT     all  --  tun+   any     anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 197K   16M ACCEPT     all  --  tun0   vmbr0   anywhere             anywhere            
 177K  336M ACCEPT     all  --  vmbr0  tun0    anywhere             anywhere            
   45  2540 ACCEPT     all  --  tun0   any     10.8.0.0/24          10.2.0.3            
    2   104 ACCEPT     all  --  tun0   any     10.8.0.0/24          10.2.0.0/24         
    0     0 ACCEPT     all  --  tun+   any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 3102K packets, 1303M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    tun0    anywhere             anywhere

我的路線表:

default via [my public ip] dev vmbr0 proto kernel onlink 
10.2.0.0/24 dev vmbr1 proto kernel scope link src 10.2.0.1 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1 
[my public ip] dev vmbr0 proto kernel scope link src [my gateway]

IP規則清單:

0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

如果您需要一些額外信息,請添加評論。對不起,我的英文不好

答案1

透過@TomYan

在虛擬機器上透過 10.2.0.1 運行 ip r add 10.8.0.0/24。對於 VPN 部分,請將路由 10.2.0.0 255.255.255.0 新增至客戶端conf,或將推送「路由 10.2.0.0 255.255.255.0」新增至伺服器conf,假設您在客戶端conf 上使用 client/pull。請注意,如果虛擬機器和 VPN 用戶端都使用伺服器作為預設網關,則不需要這些路由

相關內容