伺服器沒有響應通過 vpn 路由的 ping

我有伺服器和虛擬機。我在這台伺服器上託管 OpenVPN。虛擬機有兩個介面：ens18 - 用於公共 IP， ens19 - 用於內部網路。我正在嘗試通過 VPN ping 10.2.0.3（ens19 上的虛擬機 ip），但沒有響應。當我tcpdump -i ens19 icmp在虛擬機上執行時，它返回：

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens19, link-type EN10MB (Ethernet), capture size 262144 bytes
16:50:25.931910 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 80, length 40
16:50:29.381784 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 81, length 40

平輸出：

Pinging 10.2.0.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

機器 tcpdump 輸出：

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
15:58:15.007090 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 45, length 40

我的 iptables 規則：

Chain INPUT (policy ACCEPT 2806K packets, 1097M bytes)
pkts bytes target     prot opt in     out     source               destination         
   0     0 ACCEPT     all  --  eth0   any     anywhere             anywhere             state RELATED,ESTABLISHED
198K   27M ACCEPT     udp  --  vmbr0  any     anywhere             anywhere             udp dpt:[my openvn port]
  40  2429 ACCEPT     all  --  tun0   any     anywhere             anywhere            
   0     0 ACCEPT     all  --  tun+   any     anywhere             anywhere            
   0     0 ACCEPT     all  --  tun+   any     anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
197K   16M ACCEPT     all  --  tun0   vmbr0   anywhere             anywhere            
177K  336M ACCEPT     all  --  vmbr0  tun0    anywhere             anywhere            
  45  2540 ACCEPT     all  --  tun0   any     10.8.0.0/24          10.2.0.3            
   2   104 ACCEPT     all  --  tun0   any     10.8.0.0/24          10.2.0.0/24         
   0     0 ACCEPT     all  --  tun+   any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 3102K packets, 1303M bytes)
pkts bytes target     prot opt in     out     source               destination         
   0     0 ACCEPT     all  --  any    tun0    anywhere             anywhere       

我的路由表：

default via [my public ip] dev vmbr0 proto kernel onlink 
10.2.0.0/24 dev vmbr1 proto kernel scope link src 10.2.0.1 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1 
[my public ip] dev vmbr0 proto kernel scope link src [my gateway] 

ip規則列表：

0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default 

如果您需要一些額外的資訊，請添加評論。對不起，我的英語不好

通過@TomYan

在虛擬機上通過 10.2.0.1 執行 ip r add 10.8.0.0/24。對於 VPN 部分，將路由 10.2.0.0 255.255.255.0 添加到客戶端 conf，或者，將 push “route 10.2.0.0 255.255.255.0” 添加到伺服器 conf，假設您在客戶端 conf 上使用客戶端/拉取。請注意，如果 VM 和 VPN 客戶端都將伺服器用作其預設網關，則不需要這些路由

引用自：https://serverfault.com/questions/1070515