我有兩個 VPN 伺服器(Wireguard 和 OpenVpn),我的目標是連接到這兩台伺服器的客戶端應該能夠在它們之間進行通訊。假設筆記型電腦A連接到wireguard VPN伺服器,筆記型電腦B連接到OpenVpn,我應該能夠從A到B進行遠端桌面/ping等。 /ping 等正確通信。
伺服器是 ubuntu 20 伺服器,我可以毫無問題地互相 ping 通。
設定如下所示:
線衛:
Public IP: 1.2.3.4
Native IP: 10.0.0.235
Wireguard Server IP: 10.36.135.1
Wireguard Client IP: 10.36.135.2 onwards.
打開VPN:
Public IP: 4.3.2.1
Native IP: 10.0.0.21
OpenVPN Server IP: 10.187.86.1
OpenVPN Client IP: 10.187.86.1 onwards.
每個用戶端使用伺服器的公用 IP 連接到 VPN 伺服器並取得 VPN 用戶端 IP 位址。例如,
筆記型電腦A:
Wireguard VPN IP:10.36.135.2
筆記型電腦B:
OpenVPN IP:10.187.86.2
我可以從每個客戶端 ping 兩台伺服器 10.0.0.XXX,沒有任何問題。但是,我無法從 10.187.86.2 ping 通 10.36.135.2。
我想我可能需要在每個伺服器上添加一條路由,以便它們可以相互通信,但不確定要添加什麼路由。
我已經捕獲了每個伺服器上的一些資訊。
鋼絲衛士
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:00:17:01:90:cd brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 10.0.0.235/24 brd 10.0.0.255 scope global ens3
valid_lft forever preferred_lft forever
inet6 fe80::17ff:fe01:90cd/64 scope link
valid_lft forever preferred_lft forever
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.36.135.1/24 scope global wg0
valid_lft forever preferred_lft forever
ubuntu@wireguard:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 ens3
default _gateway 0.0.0.0 UG 100 0 0 ens3
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3
10.36.135.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 ens3
link-local 0.0.0.0 255.255.0.0 U 100 0 0 ens3
ubuntu@wireguard:~$ sudo ip route show table all
default via 10.0.0.1 dev ens3
default via 10.0.0.1 dev ens3 proto dhcp src 10.0.0.235 metric 100
10.0.0.0/24 dev ens3 proto kernel scope link src 10.0.0.235
10.36.135.0/24 dev wg0 proto kernel scope link src 10.36.135.1
169.254.0.0/16 dev ens3 scope link
169.254.0.0/16 dev ens3 proto dhcp scope link src 10.0.0.235 metric 100
local 10.0.0.235 dev ens3 table local proto kernel scope host src 10.0.0.235
broadcast 10.0.0.255 dev ens3 table local proto kernel scope link src 10.0.0.235
local 10.36.135.1 dev wg0 table local proto kernel scope host src 10.36.135.1
broadcast 10.36.135.255 dev wg0 table local proto kernel scope link src 10.36.135.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev ens3 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::17ff:fe01:90cd dev ens3 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev ens3 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev wg0 table local proto kernel metric 256 pref medium
ubuntu@wireguard:~$
開放VPN
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:00:17:02:d0:1b brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 10.0.0.21/24 brd 10.0.0.255 scope global ens3
valid_lft forever preferred_lft forever
inet6 fe80::17ff:fe02:d01b/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.187.86.1/24 brd 10.187.86.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::5c26:311e:f863:db1e/64 scope link stable-privacy
valid_lft forever preferred_lft forever
ubuntu@openvpn:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 ens3
default _gateway 0.0.0.0 UG 100 0 0 ens3
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3
10.187.86.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 ens3
link-local 0.0.0.0 255.255.0.0 U 100 0 0 ens3
ubuntu@openvpn:~$ sudo ip route show table all
default via 10.0.0.1 dev ens3
default via 10.0.0.1 dev ens3 proto dhcp src 10.0.0.21 metric 100
10.0.0.0/24 dev ens3 proto kernel scope link src 10.0.0.21
10.187.86.0/24 dev tun0 proto kernel scope link src 10.187.86.1
169.254.0.0/16 dev ens3 scope link
169.254.0.0/16 dev ens3 proto dhcp scope link src 10.0.0.21 metric 100
local 10.0.0.21 dev ens3 table local proto kernel scope host src 10.0.0.21
broadcast 10.0.0.255 dev ens3 table local proto kernel scope link src 10.0.0.21
local 10.187.86.1 dev tun0 table local proto kernel scope host src 10.187.86.1
broadcast 10.187.86.255 dev tun0 table local proto kernel scope link src 10.187.86.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev ens3 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::17ff:fe02:d01b dev ens3 table local proto kernel metric 0 pref medium
local fe80::5c26:311e:f863:db1e dev tun0 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev ens3 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev tun0 table local proto kernel metric 256 pref medium
ubuntu@openvpn:~$