[問答] 請問一個 OpenVPN 設定問題

看板Network作者fcouple (盲人騎瞎馬，夜半臨深池)時間10年前 (2015/09/26 19:26)推噓1(1推 0噓 2→)

留言3則, 1人參與討論串1/1

最近在用 Tomato 架 VPN，也成功的在網外以手機使用 OpenVPN 連線。所以我確定 AP 的設定是正確的。但使用筆電在 xp 底下，卻不怎麼順利。下面是 client.ovpn 的設定： ==================================================================== dev tun proto udp remote 211.76.36.69 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key dh dh1024.pem comp-lzo ifconfig 10.8.0.2 10.8.0.1 route 192.168.1.0 255.255.255.0 tls-client redirect-gateway verb 3 ==================================================================== 註：內部網段是設定成 192.168.1.0 我遇到的狀況是 VPN 驗證通過，也配到 10.8.0.2 這個 IP 了。但是想要直接連網內的 192.168.1.xx 任何一個 IP 就是連不上底下是 vpn 的 log ==================================================================== Sat Sep 26 13:06:53 2015 OpenVPN 2.1_rc19 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Jul 16 2009 Sat Sep 26 13:06:53 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sat Sep 26 13:06:53 2015 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Sat Sep 26 13:06:53 2015 LZO compression initialized Sat Sep 26 13:06:53 2015 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Sep 26 13:06:54 2015 ROUTE default_gateway=192.168.43.1 Sat Sep 26 13:06:54 2015 TAP-WIN32 device [區域連線 2] opened: \\.\Global\{AA515690-B049-492A-9BFD-B267AE4BB473}.tap Sat Sep 26 13:06:54 2015 TAP-Win32 Driver Version 9.6 Sat Sep 26 13:06:54 2015 TAP-Win32 MTU=1500 Sat Sep 26 13:06:54 2015 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.252 on interface {AA515690-B049-492A-9BFD-B267AE4BB473} [DHCP-serv: 10.8.0.1, lease-time: 31536000] Sat Sep 26 13:06:54 2015 Successful ARP Flush on interface [12] {AA515690-B049-492A-9BFD-B267AE4BB473} Sat Sep 26 13:06:54 2015 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sat Sep 26 13:06:54 2015 Local Options hash (VER=V4): 'bda0d126' Sat Sep 26 13:06:54 2015 Expected Remote Options hash (VER=V4): '862c715c' Sat Sep 26 13:06:54 2015 Socket Buffers: R=[8192->8192] S=[8192->8192] Sat Sep 26 13:06:54 2015 UDPv4 link local: [undef] Sat Sep 26 13:06:54 2015 UDPv4 link remote: 211.76.36.69:1194 Sat Sep 26 13:06:54 2015 TLS: Initial packet from 211.76.36.69:1194, sid=5a8178b4 ada3816e Sat Sep 26 13:06:58 2015 VERIFY OK: depth=1, /C=TW/ST=CA/L=I-Lan/O=OpenVPN/emailAddress=mail@host.domain Sat Sep 26 13:06:58 2015 VERIFY OK: depth=0, /C=TW/ST=CA/O=OpenVPN/CN=rt-n16/emailAddress=mail@host.domain Sat Sep 26 13:07:04 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Sep 26 13:07:04 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Sep 26 13:07:04 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Sep 26 13:07:04 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Sep 26 13:07:04 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sat Sep 26 13:07:04 2015 [rt-n16] Peer Connection Initiated with 211.76.36.69:1194 Sat Sep 26 13:07:11 2015 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up Sat Sep 26 13:07:11 2015 C:\WINDOWS\system32\route.exe ADD 211.76.36.69 MASK 255.255.255.255 192.168.43.1 Sat Sep 26 13:07:11 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4 Sat Sep 26 13:07:11 2015 Route addition via IPAPI succeeded [adaptive] Sat Sep 26 13:07:11 2015 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.1 Sat Sep 26 13:07:11 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4 Sat Sep 26 13:07:11 2015 Route addition via IPAPI succeeded [adaptive] Sat Sep 26 13:07:11 2015 Initialization Sequence Completed ==================================================================== 我在想，是不是 routing 有問題，導致封包沒轉過去，底下是執行 route print 指令的結果 =========================================================================== 介面清單 21...00 22 b0 59 46 c5 ......D-Link Wireless G DWA-110 USB Adapter 12...00 ff aa 51 56 90 ......TAP-Win32 Adapter V9 1...........................Software Loopback Interface 1 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7 =========================================================================== IPv4 路由表 =========================================================================== 使用中的路由: 網路目的地網路遮罩閘道介面計量 0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.23 25 10.8.0.0 255.255.255.252 在連結上 10.8.0.2 286 10.8.0.2 255.255.255.255 在連結上 10.8.0.2 286 10.8.0.3 255.255.255.255 在連結上 10.8.0.2 286 127.0.0.0 255.0.0.0 在連結上 127.0.0.1 306 127.0.0.1 255.255.255.255 在連結上 127.0.0.1 306 127.255.255.255 255.255.255.255 在連結上 127.0.0.1 306 169.254.0.0 255.255.0.0 在連結上 169.254.86.47 276 169.254.0.0 255.255.0.0 在連結上 169.254.4.239 276 169.254.4.239 255.255.255.255 在連結上 169.254.4.239 276 169.254.86.47 255.255.255.255 在連結上 169.254.86.47 276 169.254.255.255 255.255.255.255 在連結上 169.254.86.47 276 169.254.255.255 255.255.255.255 在連結上 169.254.4.239 276 192.168.1.0 255.255.255.0 10.8.0.1 10.8.0.2 30 192.168.43.0 255.255.255.0 在連結上 192.168.43.23 281 192.168.43.23 255.255.255.255 在連結上 192.168.43.23 281 192.168.43.255 255.255.255.255 在連結上 192.168.43.23 281 211.76.36.69 255.255.255.255 192.168.43.1 192.168.43.23 25 224.0.0.0 240.0.0.0 在連結上 127.0.0.1 306 224.0.0.0 240.0.0.0 在連結上 10.8.0.2 286 224.0.0.0 240.0.0.0 在連結上 169.254.4.239 276 224.0.0.0 240.0.0.0 在連結上 169.254.86.47 276 224.0.0.0 240.0.0.0 在連結上 192.168.43.23 281 255.255.255.255 255.255.255.255 在連結上 127.0.0.1 306 255.255.255.255 255.255.255.255 在連結上 10.8.0.2 286 255.255.255.255 255.255.255.255 在連結上 169.254.4.239 276 255.255.255.255 255.255.255.255 在連結上 169.254.86.47 276 255.255.255.255 255.255.255.255 在連結上 192.168.43.23 281 =========================================================================== 持續路由: 無 IPv6 路由表 =========================================================================== 使用中的路由: 介面計量網路目的地閘道 1 306 ::1/128 在連結上 12 286 fe80::/64 在連結上 13 276 fe80::/64 在連結上 14 276 fe80::/64 在連結上 21 281 fe80::/64 在連結上 12 286 fe80::1004:bc79:4102:3566/128 在連結上 21 281 fe80::343f:df97:af60:b5d0/128 在連結上 14 276 fe80::5955:a163:d87e:562f/128 在連結上 13 276 fe80::5db8:b81:5324:4ef/128 在連結上 1 306 ff00::/8 在連結上 12 286 ff00::/8 在連結上 13 276 ff00::/8 在連結上 14 276 ff00::/8 在連結上 21 281 ff00::/8 在連結上 =========================================================================== 持續路由: 無已經爬文好幾天，失敗無數次，希望有經驗前輩能指點迷津。謝謝。 -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 211.76.36.69 ※ 文章網址: https://www.ptt.cc/bbs/Network/M.1443266791.A.F24.html