VPN(OpenVPN)에 연결한 후 VPS에 액세스할 수 없습니다.

tag-icon tag-icon openvpn vpn
VPN(OpenVPN)에 연결한 후 VPS에 액세스할 수 없습니다.

두 개의 가상 개인 서버가 있고 OpenVPN을 사용하여 하나의 네트워크에서 작동하도록 만들고 싶습니다. 그것들은 모두 데비안 머신입니다.

서버 설정:

port 11194
proto udp6 # I know using udp6 instead of udp here is unnecessary
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 3

클라이언트 설정:

client
port 11194
remote 86.xx.xx.190
cipher AES-128-CBC
dev tap
proto udp
nobind
auth-nocache
persist-key
persist-tun
verb 2
comp-lzo
keysize 128
key-direction 1
log-append openvpn.log
<ca>
[ca here]
</ca>
<cert>
[cert here]
</cert>
<key>
[key here]
</key>

Windows 클라이언트에서 아무 문제 없이 서버에 연결할 수 있으며 연결이 잘 작동합니다. 그러나 보조 VPS를 통해 연결하려고 하면 다음과 같습니다.

openvpn --config /path/to/cfg.ovpn

SSH 세션이 종료되고 전체 서버에 액세스할 수 없으며 해당 공용 IP 주소를 더 이상 사용할 수 없습니다. 그런 다음 잘못된 연결을 중지하려면 클라우드 관리 패널을 통해 강제로 재부팅해야 했습니다. 내가 여기서 뭘 잘못하고 있는 걸까?

클라이언트의 로그 파일은 다음과 같습니다.

Fri May  5 09:48:52 2017 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Fri May  5 09:48:52 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Fri May  5 09:48:52 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May  5 09:48:52 2017 UDPv4 link local: [undef]
Fri May  5 09:48:52 2017 UDPv4 link remote: [AF_INET]86.xx.xx.190:11194
Fri May  5 09:48:53 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, [email protected]
Fri May  5 09:48:53 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, [email protected]
Fri May  5 09:48:53 2017 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 0'
Fri May  5 09:48:53 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:48:53 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:48:53 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:48:53 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:48:53 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri May  5 09:48:53 2017 [server] Peer Connection Initiated with [AF_INET]86.xx.xx.190:11194
Fri May  5 09:48:55 2017 TUN/TAP device tap0 opened
Fri May  5 09:48:55 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May  5 09:48:55 2017 /sbin/ip link set dev tap0 up mtu 1500
Fri May  5 09:48:55 2017 /sbin/ip addr add dev tap0 10.8.0.4/24 broadcast 10.8.0.255
Fri May  5 09:48:55 2017 Initialization Sequence Completed
Fri May  5 09:49:17 2017 event_wait : Interrupted system call (code=4)
Fri May  5 09:49:17 2017 Closing TUN/TAP interface
Fri May  5 09:49:17 2017 /sbin/ip addr del dev tap0 10.8.0.4/24
Fri May  5 09:49:17 2017 SIGHUP[hard,] received, process restarting
Fri May  5 09:49:17 2017 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Fri May  5 09:49:17 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Fri May  5 09:49:19 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May  5 09:49:19 2017 UDPv4 link local: [undef]
Fri May  5 09:49:19 2017 UDPv4 link remote: [AF_INET]86.xx.xx.190:11194
Fri May  5 09:49:19 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, [email protected]
Fri May  5 09:49:19 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, [email protected]
Fri May  5 09:49:20 2017 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 0'
Fri May  5 09:49:20 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:49:20 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:49:20 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:49:20 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:49:20 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri May  5 09:49:20 2017 [server] Peer Connection Initiated with [AF_INET]86.xx.xx.190:11194
Fri May  5 09:49:22 2017 TUN/TAP device tap0 opened
Fri May  5 09:49:22 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May  5 09:49:22 2017 /sbin/ip link set dev tap0 up mtu 1500
Fri May  5 09:49:22 2017 /sbin/ip addr add dev tap0 10.8.0.4/24 broadcast 10.8.0.255
Fri May  5 09:49:22 2017 Initialization Sequence Completed

답변1

구성에서 매개변수 제거

push "redirect-gateway def1"

이 매개변수는 VPN 터널을 통해 모든 트래픽을 리디렉션합니다.

관련 정보