我正在尝试通过vp上的openvpn转发流量。我以前在OpenVZ虚拟化服务器上已成功完成此操作,但我无法在不同vps上的新安装上复制工作行为。我改变了提供者,因为这个问题的范围并不重要。
我可以使用我的Windows客户端正确连接到vpn,但是我通过机器的公共IP而不是vps公共IP来访问页面。
vps运行debian 7,32bit。服务器openvpn config:
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt # generated keys
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # keep secret
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.9.8.0 255.255.255.0 # internal tun0 connection IP
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo # Compression - must be turned on at both end
persist-key
persist-tun
push "redirect-gateway"
status log/openvpn-status.log
verb 3 # verbose mode
client-to-client
客户端(Windows 7)openvpn config:
client
dev tun
proto udp
remote my-server-ip 1194
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca "C:\\Program Files (x86)\\OpenVPN\\config\\frankfurt\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\frankfurt\\nick.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\frankfurt\\nick.key"
comp-lzo
verb 3
keepalive 10 120
route-method exe
route-delay 2
的ifconfig:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.9.8.1 P-t-P:10.9.8.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: .../128 Scope:Global
inet6 addr: .../128 Scope:Global
inet6 addr: .../128 Scope:Global
inet6 addr: .../128 Scope:Global
inet6 addr: .../128 Scope:Global
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:15332 errors:0 dropped:0 overruns:0 frame:0
TX packets:7317 errors:0 dropped:56 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13666157 (13.0 MiB) TX bytes:762502 (744.6 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:my-server-ip P-t-P:my-server-ip Bcast:my-server-ip Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
iptables -L :(端口20100的规则来自之前与此无关的实验)
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:20100
ACCEPT tcp -- anywhere anywhere tcp dpt:20100
ACCEPT tcp -- anywhere anywhere tcp dpt:20100
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.9.8.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables -L -t nat:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- anywhere anywhere to:my-server-ip
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
我已经检查过大多数有关此错误的讨论,论坛和博客文章,但无法理解我的配置有什么问题。
顺便说一句,ip_forward是1,也在sysctl.conf中。
答案 0 :(得分:0)
使用OpenVZ平台,您的iptables应该与此类似:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A INPUT -i tun1 -j ACCEPT
iptables -A FORWARD -i tun1 -j ACCEPT
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source XXX.XXX.XXX.XXX
其中XXX.XXX.XXX.XXX是您的vps的外部IP地址。
有关OpenVPN安装的详细指南,请访问https://limitlessblog.co.za/2017/05/16/openvpn-server-installation-debian/
答案 1 :(得分:-2)
我通过重新启动vps并重新输入所有iptables规则解决了这个问题。