OpenVPN 连接时无法访问本地网络
2021-01-23
5166
我目前无法在连接到 OpenVPN 服务器时访问我的本地网络。出现此问题的原因是我更改了连接到 openvpn 服务器的客户端的底层网络
实际上,在客户端配置中,以下选项对我来说始终有效:
route 10.42.0.0 255.255.0.0 net_gateway
route 10.43.0.0 255.255.0.0 net_gateway
现在似乎不再有效了。我已经研究了几个小时,但仍然无法找到解决方案,请查看我的完整配置选项:
auth-user-pass
client
dev tun
hand-window 120
inactive 604800
mute-replay-warnings
nobind
persist-key
persist-remote-ip
persist-tun
ping 5
ping-restart 120
redirect-gateway def1
remote-random
reneg-sec 3600
resolv-retry 60
route-delay 2
route-method exe
script-security 2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
tls-timeout 5
verb 4
tun-mtu 1500
proto udp
fragment 1300
mssfix
comp-lzo
key-direction 1
cipher AES-256-GCM
auth SHA512
ignore-unknown-option ncp-disable
ncp-disable
remote-cert-tls server
pull-filter ignore ifconfig-ipv6
pull-filter ignore route-ipv6
pull-filter ignore comp-lzo
pull-filter ignore "redirect-gateway def1 ipv6"
pull-filter ignore "dhcp-option DNS"
route 10.42.0.0 255.255.0.0 net_gateway
route 10.43.0.0 255.255.0.0 net_gateway
...
客户端不支持 Ipv6,因此我不久前删除了该选项。 在我的 oprnvpn 日志中,我看到以下问题:
2021-01-23 04:33:02 us=409604 do_ifconfig, ipv4=1, ipv6=0
2021-01-23 04:33:02 us=409631 net_iface_mtu_set: mtu 1500 for tun0
2021-01-23 04:33:02 us=409674 net_iface_up: set tun0 up
2021-01-23 04:33:02 us=409751 net_addr_v4_add: 10.0.194.60/24 dev tun0
2021-01-23 04:33:04 us=483688 net_route_v4_add: 178.162.194.30/32 via 10.42.240.0 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483917 net_route_v4_add: 0.0.0.0/1 via 10.0.194.2 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483958 net_route_v4_add: 128.0.0.0/1 via 10.0.194.2 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483991 net_route_v4_add: 10.42.0.0/16 via 10.42.240.0 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=484023 net_route_v4_add: 10.43.0.0/16 via 10.42.240.0 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=484062 sitnl_send: rtnl: generic error (-101): Network is unreachable
2021-01-23 04:33:04 us=484078 ERROR: Linux route add command failed
2021-01-23 04:33:04 us=484109 Initialization Sequence Completed
2个回答
我也是 OpenVPN 的新手....
我遇到了和你描述的同样的问题:OpenVPN 在客户端机器中覆盖路由....
2021-01-23 04:33:04 us=483688 net_route_v4_add: 178.162.194.30/32 via 10.42.240.0 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483917 net_route_v4_add: 0.0.0.0/1 via 10.0.194.2 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483958 net_route_v4_add: 128.0.0.0/1 via 10.0.194.2 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483991 net_route_v4_add: 10.42.0.0/16 via 10.42.240.0 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=484023 net_route_v4_add: 10.43.0.0/16 via 10.42.240.0 dev [NULL] table 0 metric -1
花了几个小时后,我只是在运行客户端的选项中寻找路由参数 ==> https://openvpn.net/community-resources/reference-manual-for-openvpn-2-0/ .
我发现客户端配置文件中的参数
route-noexec
可以解决问题(至少对我来说)。
关于规格:
客户端机器
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
$ apt-cache policy openvpn
openvpn:
Installed: 2.5.5-1ubuntu3
Candidate: 2.5.5-1ubuntu3
Version table:
*** 2.5.5-1ubuntu3 500
500 http://nl.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status
客户端文件上的相关配置文件部分:
client
proto udp4
explicit-exit-notify
remote <some_IP> 1194
dev tun0
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_<some_chars> name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 5
compress lz4-v2
route-noexec ###added code
服务器规格:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
$ apt-cache policy openvpn
openvpn:
Installed: 2.5.7-stretch0
Candidate: 2.5.7-stretch0
希望有帮助 ;-)
X00D45
2022-08-08
经过一番挖掘,我找到了一个解决方案。我运行的是最新版本的 OpenVPN(目前为 2.5.0),似乎正好存在这个问题。只需使用 OpenVPN 2.4.10(2020 年 12 月发布)就可以了。
2021-01-23