我正在学习使用OpenVPN,我用OpenVPN (主机提供商提供的默认安装)购买了一个VPS。
当我配置我的客户端连接到服务器时,我注意到连接已经建立,但我无法浏览。
它假定安装已经准备就绪。也许某些网络配置是错误的,但我找不到错误。
1.服务器设置1.1基本配置1.2VPN设置1.3网络代码语言:javascript运行复制as0t0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.0.1 P-t-P:10.0.0.1 Mask:255.255.255.128
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:200
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
as0t1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.0.129 P-t-P:10.0.0.129 Mask:255.255.255.128
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:200
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:51.xx.xx.xxx Bcast:51.xx.xx.xxx Mask:255.255.255.255
inet6 addr: xxxx::xxxx:xxxx:xxxx:xxx/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:83862 errors:0 dropped:0 overruns:0 frame:0
TX packets:84251 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8108403 (7.7 MiB) TX bytes:11762035 (11.2 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:276 errors:0 dropped:0 overruns:0 frame:0
TX packets:276 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:61294 (59.8 KiB) TX bytes:61294 (59.8 KiB)1.4 iptables增加了以下规则:
代码语言:javascript运行复制iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE返回iptables -L:
代码语言:javascript运行复制Chain INPUT (policy ACCEPT)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_ACCEPT all -- anywhere anywhere
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_ACCEPT udp -- anywhere xxx.ip-xx-xx-xx.eu state NEW udp dpt:openvpn
AS0_ACCEPT tcp -- anywhere xxx.ip-xx-xx-xx.eu state NEW tcp dpt:https
AS0_WEBACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_WEBACCEPT tcp -- anywhere xxx.ip-xx-xx-xx.eu state NEW tcp dpt:943
Chain FORWARD (policy ACCEPT)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_OUT_S2C all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
AS0_OUT_LOCAL all -- anywhere anywhere
Chain AS0_ACCEPT (5 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain AS0_IN (4 references)
target prot opt source destination
ACCEPT all -- anywhere 10.0.0.1
all -- default anywhere
AS0_IN_POST all -- anywhere anywhere
Chain AS0_IN_NAT (1 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK or 0x8000000
ACCEPT all -- anywhere anywhere
Chain AS0_IN_POST (2 references)
target prot opt source destination
ACCEPT all -- anywhere 10.0.0.0/24
AS0_OUT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain AS0_IN_PRE (2 references)
target prot opt source destination
AS0_IN all -- anywhere link-local/16
AS0_IN all -- anywhere 192.168.0.0/16
AS0_IN all -- anywhere 172.16.0.0/12
AS0_IN all -- anywhere 10.0.0.0/8
ACCEPT all -- anywhere anywhere
Chain AS0_IN_ROUTE (0 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK or 0x4000000
ACCEPT all -- anywhere anywhere
Chain AS0_OUT (2 references)
target prot opt source destination
AS0_OUT_POST all -- anywhere anywhere
Chain AS0_OUT_LOCAL (1 references)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp redirect
ACCEPT all -- anywhere anywhere
Chain AS0_OUT_POST (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain AS0_OUT_S2C (1 references)
target prot opt source destination
AS0_OUT all -- anywhere anywhere
Chain AS0_U_OPENVPN_IN (0 references)
target prot opt source destination
AS0_IN_NAT all -- anywhere 172.27.224.0/20
AS0_IN_POST all -- anywhere anywhere
Chain AS0_WEBACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere返回iptables -t nat -nL:
代码语言:javascript运行复制Chain PREROUTING (policy ACCEPT)
target prot opt source destination
AS0_NAT_PRE_REL_EST all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
AS0_NAT_POST_REL_EST all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
AS0_NAT_PRE all -- 0.0.0.0/0 0.0.0.0/0 mark match 0x2000000/0x2000000
MASQUERADE all -- 10.0.0.0/24 0.0.0.0/0
Chain AS0_NAT (3 references)
target prot opt source destination
SNAT all -- 0.0.0.0/0 0.0.0.0/0 to:51.xx.xx.xxx
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain AS0_NAT_POST_REL_EST (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain AS0_NAT_PRE (1 references)
target prot opt source destination
AS0_NAT all -- 0.0.0.0/0 0.0.0.0/0 mark match 0x8000000/0x8000000
AS0_NAT_TEST all -- 0.0.0.0/0 169.254.0.0/16
AS0_NAT_TEST all -- 0.0.0.0/0 192.168.0.0/16
AS0_NAT_TEST all -- 0.0.0.0/0 172.16.0.0/12
AS0_NAT_TEST all -- 0.0.0.0/0 10.0.0.0/8
AS0_NAT all -- 0.0.0.0/0 0.0.0.0/0
Chain AS0_NAT_PRE_REL_EST (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain AS0_NAT_TEST (4 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match 0x4000000/0x4000000
ACCEPT all -- 0.0.0.0/0 10.0.0.0/24
AS0_NAT all -- 0.0.0.0/0 0.0.0.0/01.5附加配置对/etc/sysctl.conf进行了编辑,删除了以下行的注释:
代码语言:javascript运行复制net.ipv4.ip_forward=1返回sysctl net.ipv4.ip_forward:
代码语言:javascript运行复制net.ipv4.ip_forward = 12.客户端设置当我连接到VPN时,客户端具有以下配置:
代码语言:javascript运行复制IPv6: fe80::159:2b87:b731:8337%6
IPv4: 10.0.0.130
Mask: 255.255.255.128
Gateway: 10.0.0.129