Networking
Openvpn 已連接但無法訪問內網站點
我已經配置了 openvpn 伺服器並且也能夠登錄。但是,在連接建立後,我無法訪問 Intranet 網站。
伺服器 ifconfig 如下所示
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:03:90:0b brd ff:ff:ff:ff:ff:ff inet 192.168.0.253/24 brd 192.168.0.255 scope global noprefixroute enp1s0 valid_lft forever preferred_lft forever inet6 fd01::5054:ff:fe03:900b/64 scope global dynamic noprefixroute valid_lft 259sec preferred_lft 259sec inet6 fe80::5054:ff:fe03:900b/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 link/none inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::aa36:56c8:3a99:2a98/64 scope link stable-privacy valid_lft forever preferred_lft forever
和 iptables 輸出
Chain INPUT (policy ACCEPT 149 packets, 9788 bytes) pkts bytes target prot opt in out source destination 322 37460 ACCEPT udp -- enp1s0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 346 packets, 28928 bytes) pkts bytes target prot opt in out source destination
伺服器託管在安裝在 KVM 上的虛擬機上,並通過橋接連接到本地網路。我認為 iptables 轉發和接受從隧道到乙太網的流量存在一些問題。我真的對iptables一無所知。一點幫助將不勝感激。
內部辦公網路
traceroute officework.net traceroute to officework.net (192.168.0.2), 30 hops max, 60 byte packets 1 192.168.0.2 (192.168.0.2) 2.994 ms !X 2.885 ms !X 2.841 ms !X
外部辦公網路 外部辦公網路
traceroute officework.net officework.net: Name or service not known Cannot handle "host" cmdline arg `officework.net' on position 1 (argc 1)
帶 IP 的 Trceroute
traceroute 192.168.0.2 traceroute to 192.168.0.2 (192.168.0.2), 30 hops max, 60 byte packets 1 _gateway (192.168.43.1) 1.549 ms 1.416 ms 43.679 ms 2 * * * 3 10.71.135.19 (10.71.135.19) 31.621 ms 40.307 ms 31.470 ms 4 192.168.31.239 (192.168.31.239) 31.274 ms 192.168.31.243 (192.168.31.243) 36.119 ms 40.036 ms 5 192.168.37.9 (192.168.37.9) 39.465 ms 39.675 ms 39.683 ms 6 172.25.11.164 (172.25.11.164) 35.374 ms 24.760 ms 35.150 ms 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * *
辦公網路外的 ifconfig
ifconfig lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 96 bytes 7644 (7.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 96 bytes 7644 (7.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.0.6 netmask 255.255.255.255 destination 10.8.0.5 inet6 fe80::3374:cf7a:d81:cc05 prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 39 bytes 3394 (3.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:87:ae:c6 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.43.187 netmask 255.255.255.0 broadcast 192.168.43.255 inet6 2409:4060:9f:2013:387c:6e1c:5399:a2c7 prefixlen 64 scopeid 0x0<global> inet6 fe80::31a:f142:92dd:f67a prefixlen 64 scopeid 0x20<link> ether a8:a7:95:67:0f:23 txqueuelen 1000 (Ethernet) RX packets 6976 bytes 5783306 (5.5 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7029 bytes 1291358 (1.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
最後Google確實幫助解決了這個問題。正如我在https://openvpn.net/community-resources/how-to/#scope中解釋的那樣
push "route 192.168.0.0 255.255.255.0"
在伺服器配置文件中並添加了 iptables
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp1s0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 192.168.0.253
現在一切都像一個魅力。如果您希望 DNS 正常工作,只需在 Wifi 或 Lan 連接中添加 DNS 伺服器條目,您就在辦公室。
您需要使用託管 Intranet 站點記錄的 DNS 伺服器,而不是公共 DNS 伺服器。可能是您的內部伺服器。嘗試在瀏覽器中輸入 Intranet 站點的 IP 地址,看看是否可以連接。