OpenVPN 클라이언트가 Linux에 연결되지 않는 이유는 무엇입니까?

tag-icon tag-icon linux openvpn vpn connectivity
OpenVPN 클라이언트가 Linux에 연결되지 않는 이유는 무엇입니까?

이 VPN은 Windows에서는 잘 작동하지만 CentOS에서 시작하려고 하면 몇 초 동안 지속되다가 결국 오류 로그에 메시지 없이 중지됩니다. 또한 Windows 시스템이 계속 실행되는 동안 서버는 연결하는 동안 핑에 대한 응답을 즉시 중지합니다.

client
dev tun
proto udp
remote 151.80.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3

VPN을 활성화하지 않은 IP r

default via 51.195.234.254 dev eth0 
51.195.234.254 dev eth0 scope link

그 활동으로

0.0.0.0/1 via 10.8.0.1 dev tun0 
default via 51.195.234.254 dev eth0 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2 
51.195.234.254 dev eth0 scope link 
128.0.0.0/1 via 10.8.0.1 dev tun0 
151.80.xxx.xx via 51.195.234.254 dev eth0

통나무

Fri May 21 19:42:19 2021 OpenVPN 2.4.11 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
Fri May 21 19:42:19 2021 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Fri May 21 19:42:19 2021 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri May 21 19:42:19 2021 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri May 21 19:42:19 2021 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri May 21 19:42:19 2021 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri May 21 19:42:19 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]151.80.xxx.xxx:1194
Fri May 21 19:42:19 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri May 21 19:42:19 2021 UDP link local: (not bound)
Fri May 21 19:42:19 2021 UDP link remote: [AF_INET]151.80.xxx.xxx:1194
Fri May 21 19:42:19 2021 TLS: Initial packet from [AF_INET]151.80.xxx.xxx:1194, sid=3b917597 2f279e15
Fri May 21 19:42:19 2021 VERIFY OK: depth=1, CN=ChangeMe
Fri May 21 19:42:19 2021 VERIFY KU OK
Fri May 21 19:42:19 2021 Validating certificate extended key usage
Fri May 21 19:42:19 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri May 21 19:42:19 2021 VERIFY EKU OK
Fri May 21 19:42:19 2021 VERIFY OK: depth=0, CN=server
Fri May 21 19:42:19 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri May 21 19:42:19 2021 [server] Peer Connection Initiated with [AF_INET]151.80.xxx.xxx:1194
Fri May 21 19:42:20 2021 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri May 21 19:42:20 2021 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 213.186.33.99,dhcp-option DNS 213.186.33.199,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Fri May 21 19:42:20 2021 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 21 19:42:20 2021 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 21 19:42:20 2021 OPTIONS IMPORT: route options modified
Fri May 21 19:42:20 2021 OPTIONS IMPORT: route-related options modified
Fri May 21 19:42:20 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri May 21 19:42:20 2021 OPTIONS IMPORT: peer-id set
Fri May 21 19:42:20 2021 OPTIONS IMPORT: adjusting link_mtu to 1624
Fri May 21 19:42:20 2021 OPTIONS IMPORT: data channel crypto options modified
Fri May 21 19:42:20 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri May 21 19:42:20 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri May 21 19:42:20 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri May 21 19:42:20 2021 ROUTE_GATEWAY 51.195.234.254
Fri May 21 19:42:20 2021 TUN/TAP device tun0 opened
Fri May 21 19:42:20 2021 TUN/TAP TX queue length set to 100
Fri May 21 19:42:20 2021 /sbin/ip link set dev tun0 up mtu 1500
Fri May 21 19:42:20 2021 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Fri May 21 19:42:20 2021 /sbin/ip route add 151.80.xxx.xxx/32 via 51.195.234.254
Fri May 21 19:42:20 2021 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Fri May 21 19:42:20 2021 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Fri May 21 19:42:20 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri May 21 19:42:20 2021 Initialization Sequence Completed

윈도우 ipconfig/모두

Unknown adapter OpenVPN TAP-Windows6:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-18-08-1B-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5185:de54:7498:6c08%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, May 21, 2021 8:55:25 PM
   Lease Expires . . . . . . . . . . : Saturday, May 21, 2022 8:55:25 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.8.0.254
   DHCPv6 IAID . . . . . . . . . . . : 184614680
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-38-63-9A-02-00-00-F8-D9-D4
   DNS Servers . . . . . . . . . . . : 213.186.33.99
                                       213.186.33.199
   NetBIOS over Tcpip. . . . . . . . : Enabled

데비안 10:

0.0.0.0/1 via 10.8.0.1 dev tun0 
default via 51.195.234.254 dev eth0 onlink 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2 
128.0.0.0/1 via 10.8.0.1 dev tun0

연결된 동안 Windows 핑:

C:\Users\관리자>ping 10.8.0.1

Pinging 10.8.0.1 with 32 bytes of data:
Reply from 10.8.0.1: bytes=32 time=4ms TTL=64
Reply from 10.8.0.1: bytes=32 time=4ms TTL=64
Reply from 10.8.0.1: bytes=32 time=4ms TTL=64
Reply from 10.8.0.1: bytes=32 time=4ms TTL=64

Ping statistics for 10.8.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 4ms, Average = 4ms

리눅스 핑:

ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.

--- 10.8.0.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms

답변1

을(를) 지정하셨습니다 . client이는 을(를) 의미합니다 pull. 이 pull동사는 서버에서 경로를 추출하고, 서버는 VPN을 통해 모든 클라이언트 트래픽을 보내는 오버레이 경로를 제공합니다. ( man openvpn다양한 구성 옵션에 대한 자세한 내용은 참고자료를 참조하세요.)

모든 트래픽이 VPN을 통과하도록 구성되면 모든 응답 ping도 VPN을 통과하여 손실됩니다. 이것이 바로 구성 상태이므로 로그에 오류가 없습니다.

Windows 구성이 약간 다르고 모든 트래픽이 VPN을 통해 라우팅되는 것을 방지하는 옵션이 있거나 LAN에 로컬 트래픽이 계속 제공될 수 있는 메트릭이 있다고 생각합니다.

답변2

복사-붙여넣기 오류가 있는지 라우팅 테이블을 확인하세요.

0.0.0.0/1 via 10.8.0.1 dev tun0 
default via 51.195.234.254 dev eth0 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2 
51.195.234.254 dev eth0 scope link
128.0.0.0/1 via 10.8.0.1 dev tun0

dev는 eth"eth0"이 아니라 입니다. 그렇죠?

151.80.xxx.xx via 51.195.234.254 dev eth

복사-붙여넣기 오류가 발생하지 않으면 분할 터널링을 수행하지 않는 VPN의 경우 VPN 게이트웨이에 대한 연결이 끊어진다는 의미입니다.

관련 정보