VPN 클라이언트를 사용할 수 없는 이유는 무엇입니까(데이터를 교환할 수 없음)?

tag-icon tag-icon openvpn vpn
VPN 클라이언트를 사용할 수 없는 이유는 무엇입니까(데이터를 교환할 수 없음)?

내 가상 머신과 Ubuntu 클라이언트 사이에 연결을 설정했습니다.

$ sudo openvpn --config config.ovpn
Sat Nov  4 14:38:29 2017 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017
Sat Nov  4 14:38:29 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Sat Nov  4 14:38:29 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Nov  4 14:38:29 2017 UDPv4 link local: [undef]
Sat Nov  4 14:38:29 2017 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Sat Nov  4 14:38:29 2017 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 0'
Sat Nov  4 14:38:29 2017 [canard.ch] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Sat Nov  4 14:38:31 2017 TUN/TAP device tun1 opened
Sat Nov  4 14:38:31 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov  4 14:38:31 2017 /sbin/ip link set dev tun1 up mtu 1500
Sat Nov  4 14:38:31 2017 /sbin/ip addr add dev tun1 local 10.8.0.6 peer 10.8.0.5
RTNETLINK answers: File exists
Sat Nov  4 14:38:31 2017 ERROR: Linux route add command failed: external program exited with error status: 2
Sat Nov  4 14:38:31 2017 Initialization Sequence Completed

tun그런 다음 서버 또는 클라이언트에서 인터페이스를 봅니다 .

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:168 (168.0 B)

하지만 이 경우에는 ping을 할 수 없습니다 10.8.0.5. 클라이언트와 서버 간에 데이터를 교환할 수 없습니다.

내 실수는 무엇입니까?

또한 다음 규칙을 추가해 보았습니다.iptables

iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT

클라이언트 측에서는 다음 구성을 얻습니다.

$ iptables -L OUTPUT -nv; ip route; ip route get 10.8.0.5
Chain OUTPUT (policy ACCEPT 7279 packets, 1483K bytes)
 pkts bytes target     prot opt in     out     source               destination
10.8.0.5 dev tun1  proto kernel  scope link  src 10.8.0.6
10.8.0.5 dev tun2  proto kernel  scope link  src 10.8.0.6
10.8.0.1 via 10.8.0.5 dev tun1
10.8.0.2 dev tun0  proto kernel  scope link  src 10.8.0.1
10.8.0.0/24 via 10.8.0.2 dev tun0
x.x.x.0/20 dev eth0  proto kernel  scope link  src x.x.x.x
default via x.x.x.x dev eth0
10.8.0.5 dev tun1  src 10.8.0.6
    cache  mtu 1500 advmss 1460 hoplimit 64

$ iptables -L OUTPUT -nv -t nat
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

$ ip rule list
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

관련 정보