OpenVPN 서버 구성

OpenVPN 서버 구성

나는오픈VPN서버가 실행 중이고 클라이언트가 서버에 연결하여 인터넷에 액세스할 수 있지만 모든 클라이언트에 액세스할 수 없습니다.10.8.0.6IP 주소가 있으므로 서로 ping을 할 수 없습니다.

잘 모르겠지만 서버 라우팅에 문제가 있는 것 같습니다. 내 기본 설정은 다음과 같습니다

노선

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         138.68.64.1     0.0.0.0         UG    0      0        0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
10.19.0.0       *               255.255.0.0     U     0      0        0 eth0
138.68.64.0     *               255.255.240.0   U     0      0        0 eth0

iptables-vL

Chain INPUT (policy DROP 14729 packets, 733K bytes)
 pkts bytes target     prot opt in     out     source               destination         
3927K  786M ufw-before-logging-input  all  --  any    any     anywhere             anywhere            
3927K  786M ufw-before-input  all  --  any    any     anywhere             anywhere            
 155K 7897K ufw-after-input  all  --  any    any     anywhere             anywhere            
 155K 7876K ufw-after-logging-input  all  --  any    any     anywhere             anywhere            
 155K 7876K ufw-reject-input  all  --  any    any     anywhere             anywhere            
 155K 7876K ufw-track-input  all  --  any    any     anywhere             anywhere            
    1    40 ACCEPT     tcp  --  eth0   any     anywhere             anywhere             tcp dpt:ircd

Chain FORWARD (policy ACCEPT 33404 packets, 14M bytes)
 pkts bytes target     prot opt in     out     source               destination         
6389K 4665M ufw-before-logging-forward  all  --  any    any     anywhere             anywhere            
6389K 4665M ufw-before-forward  all  --  any    any     anywhere             anywhere            
6389K 4665M ufw-after-forward  all  --  any    any     anywhere             anywhere            
6389K 4665M ufw-after-logging-forward  all  --  any    any     anywhere             anywhere            
6389K 4665M ufw-reject-forward  all  --  any    any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 123 packets, 7504 bytes)
 pkts bytes target     prot opt in     out     source               destination         
5027K 4648M ufw-before-logging-output  all  --  any    any     anywhere             anywhere            
5027K 4648M ufw-before-output  all  --  any    any     anywhere             anywhere            
61051 4324K ufw-after-output  all  --  any    any     anywhere             anywhere            
61051 4324K ufw-after-logging-output  all  --  any    any     anywhere             anywhere            
61051 4324K ufw-reject-output  all  --  any    any     anywhere             anywhere            
61051 4324K ufw-track-output  all  --  any    any     anywhere             anywhere            

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  175 13652 ufw-skip-to-policy-input  udp  --  any    any     anywhere             anywhere             udp dpt:netbios-ns
    0     0 ufw-skip-to-policy-input  udp  --  any    any     anywhere             anywhere             udp dpt:netbios-dgm
   30  1388 ufw-skip-to-policy-input  tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-ssn
  143  6380 ufw-skip-to-policy-input  tcp  --  any    any     anywhere             anywhere             tcp dpt:microsoft-ds
    0     0 ufw-skip-to-policy-input  udp  --  any    any     anywhere             anywhere             udp dpt:bootps
    0     0 ufw-skip-to-policy-input  udp  --  any    any     anywhere             anywhere             udp dpt:bootpc
    0     0 ufw-skip-to-policy-input  all  --  any    any     anywhere             anywhere             ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
85877 4224K LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
6389K 4665M ufw-user-forward  all  --  any    any     anywhere             anywhere            

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 308K   32M ACCEPT     all  --  lo     any     anywhere             anywhere            
3405K  742M ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
 5247  288K ufw-logging-deny  all  --  any    any     anywhere             anywhere             state INVALID
 5247  288K DROP       all  --  any    any     anywhere             anywhere             state INVALID
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp destination-unreachable
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp source-quench
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp time-exceeded
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp parameter-problem
  436 17126 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-request
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp spt:bootps dpt:bootpc
 206K   11M ufw-not-local  all  --  any    any     anywhere             anywhere            
    0     0 ACCEPT     udp  --  any    any     anywhere             224.0.0.251          udp dpt:mdns
    0     0 ACCEPT     udp  --  any    any     anywhere             239.255.255.250      udp dpt:1900
 206K   11M ufw-user-input  all  --  any    any     anywhere             anywhere            

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 308K   32M ACCEPT     all  --  any    lo      anywhere             anywhere            
4656K 4611M ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
61003 4321K ufw-user-output  all  --  any    any     anywhere             anywhere            

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 2476  148K RETURN     all  --  any    any     anywhere             anywhere             state INVALID limit: avg 3/min burst 10
  128 12121 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 206K   11M RETURN     all  --  any    any     anywhere             anywhere             ADDRTYPE match dst-type LOCAL
    0     0 RETURN     all  --  any    any     anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
    4   312 RETURN     all  --  any    any     anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
    0     0 ufw-logging-deny  all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 10
    0     0 DROP       all  --  any    any     anywhere             anywhere            

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination         
  348 21420 DROP       all  --  any    any     anywhere             anywhere            

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   16  1904 ACCEPT     tcp  --  any    any     anywhere             anywhere             state NEW
60802 4295K ACCEPT     udp  --  any    any     anywhere             anywhere             state NEW

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
46826 2776K ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
    1    57 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:ssh
  715 74931 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:openvpn
 2193  114K ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http-alt
 1264 65840 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http
  153  8788 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:4848

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Windows 클라이언트의 ipconfig:

Ethernet adapter Ethernet 3:    

  Connection-specific DNS Suffix . :
  Link-local IPv6 Address . . . . . : fe80::9ec:a83c:51ba:8661%5
  IPv4 Address. . . . . . . . . . . : 10.8.0.6
  Subnet Mask . . . . . . . . . . . : 255.255.255.252
  Default Gateway . . . . . . . . . :  

내 Linux 클라이언트의 ifconfig:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:209 errors:0 dropped:0 overruns:0 frame:0
      TX packets:620 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:52695 (51.4 Kb)  TX bytes:71108 (69.4 Kb)

내 서버의 ifconfig:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:2559262 errors:0 dropped:0 overruns:0 frame:0
      TX packets:3865745 errors:0 dropped:989 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:445611223 (424.9 MiB)  TX bytes:4221065665 (3.9 GiB)

내 목표는 고객과 소통하는 것입니다. 이를 달성할 수 있는 가능한 방법은 무엇입니까?

답변1

이를 유발할 수 있는 한 가지는 여러 클라이언트가 동일한 인증서로 연결되어 있기 때문입니다. OpenVPN 서버는 이를 동일한 클라이언트로 간주하여 동일한 IP 주소를 할당합니다.

이 경우 각 클라이언트에 대해 고유한 인증서를 생성하거나, duplicate-cn서버의 옵션에 이 옵션을 추가하거나, OpenVPN GUI 옵션에서 "중복 연결"을 확인할 수 있습니다.

관련 정보