나는오픈VPN서버가 실행 중이고 클라이언트가 서버에 연결하여 인터넷에 액세스할 수 있지만 모든 클라이언트에 액세스할 수 없습니다.10.8.0.6IP 주소가 있으므로 서로 ping을 할 수 없습니다.
잘 모르겠지만 서버 라우팅에 문제가 있는 것 같습니다. 내 기본 설정은 다음과 같습니다
노선
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 138.68.64.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.19.0.0 * 255.255.0.0 U 0 0 0 eth0
138.68.64.0 * 255.255.240.0 U 0 0 0 eth0
iptables-vL
Chain INPUT (policy DROP 14729 packets, 733K bytes)
pkts bytes target prot opt in out source destination
3927K 786M ufw-before-logging-input all -- any any anywhere anywhere
3927K 786M ufw-before-input all -- any any anywhere anywhere
155K 7897K ufw-after-input all -- any any anywhere anywhere
155K 7876K ufw-after-logging-input all -- any any anywhere anywhere
155K 7876K ufw-reject-input all -- any any anywhere anywhere
155K 7876K ufw-track-input all -- any any anywhere anywhere
1 40 ACCEPT tcp -- eth0 any anywhere anywhere tcp dpt:ircd
Chain FORWARD (policy ACCEPT 33404 packets, 14M bytes)
pkts bytes target prot opt in out source destination
6389K 4665M ufw-before-logging-forward all -- any any anywhere anywhere
6389K 4665M ufw-before-forward all -- any any anywhere anywhere
6389K 4665M ufw-after-forward all -- any any anywhere anywhere
6389K 4665M ufw-after-logging-forward all -- any any anywhere anywhere
6389K 4665M ufw-reject-forward all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 123 packets, 7504 bytes)
pkts bytes target prot opt in out source destination
5027K 4648M ufw-before-logging-output all -- any any anywhere anywhere
5027K 4648M ufw-before-output all -- any any anywhere anywhere
61051 4324K ufw-after-output all -- any any anywhere anywhere
61051 4324K ufw-after-logging-output all -- any any anywhere anywhere
61051 4324K ufw-reject-output all -- any any anywhere anywhere
61051 4324K ufw-track-output all -- any any anywhere anywhere
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
175 13652 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:netbios-ns
0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:netbios-dgm
30 1388 ufw-skip-to-policy-input tcp -- any any anywhere anywhere tcp dpt:netbios-ssn
143 6380 ufw-skip-to-policy-input tcp -- any any anywhere anywhere tcp dpt:microsoft-ds
0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:bootps
0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:bootpc
0 0 ufw-skip-to-policy-input all -- any any anywhere anywhere ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
85877 4224K LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
6389K 4665M ufw-user-forward all -- any any anywhere anywhere
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
308K 32M ACCEPT all -- lo any anywhere anywhere
3405K 742M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
5247 288K ufw-logging-deny all -- any any anywhere anywhere state INVALID
5247 288K DROP all -- any any anywhere anywhere state INVALID
0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
436 17126 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT udp -- any any anywhere anywhere udp spt:bootps dpt:bootpc
206K 11M ufw-not-local all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:mdns
0 0 ACCEPT udp -- any any anywhere 239.255.255.250 udp dpt:1900
206K 11M ufw-user-input all -- any any anywhere anywhere
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
308K 32M ACCEPT all -- any lo anywhere anywhere
4656K 4611M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
61003 4321K ufw-user-output all -- any any anywhere anywhere
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
2476 148K RETURN all -- any any anywhere anywhere state INVALID limit: avg 3/min burst 10
128 12121 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
206K 11M RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type LOCAL
0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type MULTICAST
4 312 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all -- any any anywhere anywhere limit: avg 3/min burst 10
0 0 DROP all -- any any anywhere anywhere
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere
Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
348 21420 DROP all -- any any anywhere anywhere
Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
16 1904 ACCEPT tcp -- any any anywhere anywhere state NEW
60802 4295K ACCEPT udp -- any any anywhere anywhere state NEW
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
46826 2776K ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
1 57 ACCEPT udp -- any any anywhere anywhere udp dpt:ssh
715 74931 ACCEPT udp -- any any anywhere anywhere udp dpt:openvpn
2193 114K ACCEPT tcp -- any any anywhere anywhere tcp dpt:http-alt
1264 65840 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
153 8788 ACCEPT tcp -- any any anywhere anywhere tcp dpt:4848
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
Windows 클라이언트의 ipconfig:
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::9ec:a83c:51ba:8661%5
IPv4 Address. . . . . . . . . . . : 10.8.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :
내 Linux 클라이언트의 ifconfig:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:209 errors:0 dropped:0 overruns:0 frame:0
TX packets:620 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:52695 (51.4 Kb) TX bytes:71108 (69.4 Kb)
내 서버의 ifconfig:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2559262 errors:0 dropped:0 overruns:0 frame:0
TX packets:3865745 errors:0 dropped:989 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:445611223 (424.9 MiB) TX bytes:4221065665 (3.9 GiB)
내 목표는 고객과 소통하는 것입니다. 이를 달성할 수 있는 가능한 방법은 무엇입니까?
답변1
이를 유발할 수 있는 한 가지는 여러 클라이언트가 동일한 인증서로 연결되어 있기 때문입니다. OpenVPN 서버는 이를 동일한 클라이언트로 간주하여 동일한 IP 주소를 할당합니다.
이 경우 각 클라이언트에 대해 고유한 인증서를 생성하거나, duplicate-cn
서버의 옵션에 이 옵션을 추가하거나, OpenVPN GUI 옵션에서 "중복 연결"을 확인할 수 있습니다.