PING LAN이 불가능하거나 OpenVPN에 연결할 수 없는 경우

tag-icon tag-icon networking raspberry-pi vpn openvpn
PING LAN이 불가능하거나 OpenVPN에 연결할 수 없는 경우

내 raspberry-pi(가장 작은 raspbian-wheezy 배포판)에서 OpenVPN을 구성하려고 합니다.
라우터 뒤에서 OpenVPN을 실행하고 있으며 Windows 클라이언트에서 연결하고 싶습니다.
서버에는 접속이 가능하지만, 라즈베리(서버)와 동일한 네트워크에 연결된 다른 클라이언트를 관리하고 싶습니다.
서버에 연결하면 서버나 라우터에 ping을 보낼 수 없습니다.

서버.conf:

port 1194  
proto udp  
dev tapo  
ca /etc/openvpn/easy-rsa/keys/ca.crt  
cert /etc/openvpn/easy-rsa/keys/VPNServer.crt  
key /etc/openvpn/easy-rsa/keys/VPNServer.key  
dh /etc/openvpn/easy-rsa/keys/dh1024.pem  
server-bridge 192.168.178.1 255.255.255.0 192.168.178.111 192.168.178.120
push "route-gateway 192.168.178.0 255.255.255.0" 
push "redirect-gateway def1 bypass-dhcp" 
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 192.168.178.1"
client-to-client  
duplicate-cn  
keepalive 10 120  
comp-lzo  
persist-key  
persist-tun  
status openvpn-status.log  
log         openvpn.log  
log-append  openvpn.log  
verb 3

클라이언트 구성:

port 1194
client  
dev tap  
proto udp  
remote mydyndns
resolv-retry infinite  
nobind  
persist-key  
persist-tun  
ca ca.crt  
cert client.crt    
key client.key
ns-cert-type server  
comp-lzo  
verb 3

인터페이스 구성:

auto lo
iface lo inet loopback

allow-hotplug eth0

auto br0
iface br0 inet static
address 192.168.178.123
netmask 255.255.255.0
gateway 192.168.178.1
bridge_ports eth0
dns-nameservers 192.168.178.1

iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down

RC.로컬:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE

내 sysctl net.ipv4.ip_forward 출력은 net.ipv4.ip_forward = 1입니다.

클라이언트 로그:

Sun Sep 14 09:26:36 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  7 2014
Sun Sep 14 09:26:36 2014 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
Enter Management Password:
Sun Sep 14 09:26:36 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Sep 14 09:26:36 2014 Need hold release from management interface, waiting...
Sun Sep 14 09:26:36 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'state on'
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'log all on'
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'hold off'
Sun Sep 14 09:26:37 2014 MANAGEMENT: CMD 'hold release'
Sun Sep 14 09:26:37 2014 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Sep 14 09:26:37 2014 MANAGEMENT: >STATE:1410679597,RESOLVE,,,
Sun Sep 14 09:26:49 2014 UDPv4 link local: [undef]
Sun Sep 14 09:26:49 2014 UDPv4 link remote: [AF_INET]86.103.187.46:1194
Sun Sep 14 09:26:49 2014 MANAGEMENT: >STATE:1410679609,WAIT,,,
Sun Sep 14 09:26:51 2014 MANAGEMENT: >STATE:1410679611,AUTH,,,
Sun Sep 14 09:26:51 2014 TLS: Initial packet from [AF_INET]86.103.187.46:1194, sid=9f41fab9 08d0d2e0
Sun Sep 14 09:26:53 2014 VERIFY OK: depth=1, C=DE, ST=SH, L=Kiel, OU=changeme, CN=j0chn.spdns.de, name=changeme, [email protected]
Sun Sep 14 09:26:53 2014 VERIFY OK: nsCertType=SERVER
Sun Sep 14 09:26:53 2014 VERIFY OK: depth=0, C=DE, ST=SH, L=Kiel, OU=changeme, CN=j0chn.spdns.de, name=changeme, [email protected]
Sun Sep 14 09:26:54 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 14 09:26:54 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 14 09:26:54 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 14 09:26:54 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 14 09:26:54 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Sep 14 09:26:54 2014 [j0chn.spdns.de] Peer Connection Initiated with [AF_INET]86.103.187.46:1194
Sun Sep 14 09:26:55 2014 MANAGEMENT: >STATE:1410679615,GET_CONFIG,,,
Sun Sep 14 09:26:56 2014 SENT CONTROL [j0chn.spdns.de]: 'PUSH_REQUEST' (status=1)
Sun Sep 14 09:26:56 2014 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.178.1,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 192.168.178.1,route-gateway 192.168.178.1,ping 10,ping-restart 120,ifconfig 192.168.178.111 255.255.255.0'
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: route options modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: route-related options modified
Sun Sep 14 09:26:56 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Sep 14 09:26:56 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Sep 14 09:26:56 2014 MANAGEMENT: >STATE:1410679616,ASSIGN_IP,,192.168.178.111,
Sun Sep 14 09:26:56 2014 open_tun, tt->ipv6=0
Sun Sep 14 09:26:56 2014 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{4DD19686-B673-493E-99DB-23F3D1AF7239}.tap
Sun Sep 14 09:26:56 2014 TAP-Windows Driver Version 9.21 
Sun Sep 14 09:26:56 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.178.111/255.255.255.0 on interface {4DD19686-B673-493E-99DB-23F3D1AF7239} [DHCP-serv: 192.168.178.0, lease-time: 31536000]
Sun Sep 14 09:26:56 2014 Successful ARP Flush on interface [25] {4DD19686-B673-493E-99DB-23F3D1AF7239}
Sun Sep 14 09:27:01 2014 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=1 u/d=up
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 86.103.187.46 MASK 255.255.255.255 192.168.42.129
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 192.168.42.129 MASK 255.255.255.255 192.168.42.129 IF 24
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.178.1
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.178.1
Sun Sep 14 09:27:01 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Sep 14 09:27:01 2014 Route addition via IPAPI succeeded [adaptive]
Sun Sep 14 09:27:01 2014 Initialization Sequence Completed
Sun Sep 14 09:27:01 2014 MANAGEMENT: >STATE:1410679621,CONNECTED,SUCCESS,192.168.178.111,86.103.187.46

내 서버 로그는 동사 9 수준이므로 전체 로그가 너무 깁니다.
다음은 짧은 형식이며 관련성이 있다고 생각되는 부분입니다.

Sun Sep 14 09:32:11 2014 us=597464 j0chns/86.103.187.46:62416 UDPv4 WRITE [114] to [AF_INET]86.103.187.46:62416: P_CONTROL_V1 kid=0 sid=d208a276 08284fa3 [ ] pid=33 DATA 2abf4ce5 423061a0 6684f614 0e4e44cc 2396d879 291ae535 2614f98f a728f4b[more...]
Sun Sep 14 09:32:11 2014 us=597920 j0chns/86.103.187.46:62416 UDPv4 write returned 114
Sun Sep 14 09:32:11 2014 us=598287 j0chns/86.103.187.46:62416 TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=d208a276 08284fa3, stored-sid=808ba04b a86602bb, stored-ip=[AF_INET]86.103.187.46:62416
Sun Sep 14 09:32:11 2014 us=598470 j0chns/86.103.187.46:62416 TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
Sun Sep 14 09:32:11 2014 us=598646 j0chns/86.103.187.46:62416 ACK reliable_can_send active=2 current=0 : [34] 32 33
Sun Sep 14 09:32:11 2014 us=598858 j0chns/86.103.187.46:62416 BIO read tls_read_ciphertext 98 bytes
Sun Sep 14 09:32:11 2014 us=599026 j0chns/86.103.187.46:62416 ACK mark active outgoing ID 34
Sun Sep 14 09:32:11 2014 us=599174 j0chns/86.103.187.46:62416 Outgoing Ciphertext -> Reliable
Sun Sep 14 09:32:11 2014 us=599333 j0chns/86.103.187.46:62416 TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
Sun Sep 14 09:32:11 2014 us=599816 j0chns/86.103.187.46:62416 ACK reliable_can_send active=3 current=1 : [35] 32 33 34
Sun Sep 14 09:32:11 2014 us=599999 j0chns/86.103.187.46:62416 ACK reliable_send ID 34 (size=102 to=4)
Sun Sep 14 09:32:11 2014 us=600201 j0chns/86.103.187.46:62416 Reliable -> TCP/UDP
Sun Sep 14 09:32:11 2014 us=600435 j0chns/86.103.187.46:62416 ACK reliable_send_timeout 2 [35] 32 33 34
Sun Sep 14 09:32:11 2014 us=600595 j0chns/86.103.187.46:62416 TLS: tls_process: timeout set to 2
Sun Sep 14 09:32:11 2014 us=600841 j0chns/86.103.187.46:62416 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=51294eab a8e9490a, stored-sid=00000000 00000000, stored-ip=[undef]
Sun Sep 14 09:32:11 2014 us=601082 j0chns/86.103.187.46:62416 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Sun Sep 14 09:32:11 2014 us=601277 PO_CTL rwflags=0x0002 ev=4 arg=0x00086d38
Sun Sep 14 09:32:11 2014 us=601441 PO_CTL rwflags=0x0000 ev=5 arg=0x00086ca4
Sun Sep 14 09:32:11 2014 us=601632 I/O WAIT Tr|Tw|Sr|SW [2/97493]
Sun Sep 14 09:32:11 2014 us=601955 PO_WAIT[0,0] fd=4 rev=0x00000004 rwflags=0x0002 arg=0x00086d38
Sun Sep 14 09:32:11 2014 us=602120  event_wait returned 1
Sun Sep 14 09:32:11 2014 us=602280 I/O WAIT status=0x0002
Sun Sep 14 09:32:13 2014 us=696485 j0chns/86.103.187.46:62416 TUN WRITE [175]
Sun Sep 14 09:32:13 2014 us=696842 j0chns/86.103.187.46:62416  write to TUN/TAP returned 175
Sun Sep 14 09:32:13 2014 us=697058 PO_CTL rwflags=0x0001 ev=4 arg=0x00086d38
Sun Sep 14 09:32:13 2014 us=697224 PO_CTL rwflags=0x0001 ev=5 arg=0x00086ca4
Sun Sep 14 09:32:13 2014 us=697418 I/O WAIT TR|Tw|SR|Sw [6/97493]
Sun Sep 14 09:32:17 2014 us=367901 PO_WAIT[0,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x00086d38
Sun Sep 14 09:32:17 2014 us=368196  event_wait returned 1
Sun Sep 14 09:32:17 2014 us=368364 I/O WAIT status=0x0001
Sun Sep 14 09:32:17 2014 us=368525 MULTI: REAP range 224 -> 240
Sun Sep 14 09:32:17 2014 us=368737 UDPv4 read returned 133
Sun Sep 14 09:32:17 2014 us=369044 TLS State Error: No TLS state for client [AF_INET]109.47.195.40:46476, opcode=6
Sun Sep 14 09:32:17 2014 us=369276 GET INST BY REAL: 109.47.195.40:46476 [failed]
Sun Sep 14 09:32:17 2014 us=369460 PO_CTL rwflags=0x0001 ev=4 arg=0x00086d38
Sun Sep 14 09:32:17 2014 us=369623 PO_CTL rwflags=0x0001 ev=5 arg=0x00086ca4
Sun Sep 14 09:32:17 2014 us=369815 I/O WAIT TR|Tw|SR|Sw [2/97493]
Sun Sep 14 09:32:17 2014 us=387726 PO_WAIT[0,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x00086d38
Sun Sep 14 09:32:17 2014 us=387988  event_wait returned 1
Sun Sep 14 09:32:17 2014 us=388160 I/O WAIT status=0x0001

답변1

해결책은 간단합니다. tap0openvpn 인터페이스를 브리지의 일부로 만드는 데 주의를 기울이지 않았습니다 br0. 찾을 수 있는 자세한 지침여기.

HTH, 건배

답변2

ping특별한 인터페이스가 있습니다:

ping -I em1 8.8.8.8
OR 
ping -I br0 8.8.8.8

관련 정보