Networking
伺服器沒有響應通過 vpn 路由的 ping
我有伺服器和虛擬機。我在這台伺服器上託管 OpenVPN。虛擬機有兩個介面:ens18 - 用於公共 IP, ens19 - 用於內部網路。我正在嘗試通過 VPN ping 10.2.0.3(ens19 上的虛擬機 ip),但沒有響應。當我
tcpdump -i ens19 icmp
在虛擬機上執行時,它返回:tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens19, link-type EN10MB (Ethernet), capture size 262144 bytes 16:50:25.931910 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 80, length 40 16:50:29.381784 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 81, length 40
平輸出:
Pinging 10.2.0.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out.
機器 tcpdump 輸出:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes 15:58:15.007090 IP 10.8.0.2 > 10.2.0.3: ICMP echo request, id 1, seq 45, length 40
我的 iptables 規則:
Chain INPUT (policy ACCEPT 2806K packets, 1097M bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- eth0 any anywhere anywhere state RELATED,ESTABLISHED 198K 27M ACCEPT udp -- vmbr0 any anywhere anywhere udp dpt:[my openvn port] 40 2429 ACCEPT all -- tun0 any anywhere anywhere 0 0 ACCEPT all -- tun+ any anywhere anywhere 0 0 ACCEPT all -- tun+ any anywhere anywhere Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 197K 16M ACCEPT all -- tun0 vmbr0 anywhere anywhere 177K 336M ACCEPT all -- vmbr0 tun0 anywhere anywhere 45 2540 ACCEPT all -- tun0 any 10.8.0.0/24 10.2.0.3 2 104 ACCEPT all -- tun0 any 10.8.0.0/24 10.2.0.0/24 0 0 ACCEPT all -- tun+ any anywhere anywhere Chain OUTPUT (policy ACCEPT 3102K packets, 1303M bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- any tun0 anywhere anywhere
我的路由表:
default via [my public ip] dev vmbr0 proto kernel onlink 10.2.0.0/24 dev vmbr1 proto kernel scope link src 10.2.0.1 10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1 [my public ip] dev vmbr0 proto kernel scope link src [my gateway]
ip規則列表:
0: from all lookup local 32766: from all lookup main 32767: from all lookup default
如果您需要一些額外的資訊,請添加評論。對不起,我的英語不好
通過@TomYan
在虛擬機上通過 10.2.0.1 執行 ip r add 10.8.0.0/24。對於 VPN 部分,將路由 10.2.0.0 255.255.255.0 添加到客戶端 conf,或者,將 push “route 10.2.0.0 255.255.255.0” 添加到伺服器 conf,假設您在客戶端 conf 上使用客戶端/拉取。請注意,如果 VM 和 VPN 客戶端都將伺服器用作其預設網關,則不需要這些路由