南京鼓楼区有什么街道:【已解决】桥接方式的openvpn无法访问与openvpn服务器在同一内网的其他机器
来源:百度文库 编辑:偶看新闻 时间:2024/09/24 09:35:16
此文重点即原帖解决办法:测试时用真机,而不要用虚拟机........用真机试试去了....
配置环境:
[root@as4u3 ~]# uname -a
Linux as4u3 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 i686 i386 GNU/Linux
=================================================================================================
[root@as4u3 ~]# more /usr/local/openvpn/etc/server.conf
port 1194
proto tcp
dev tap0
ca /usr/local/openvpn/etc/keys/ca.crt
cert /usr/local/openvpn/etc/keys/server.crt
key /usr/local/openvpn/etc/keys/server.key # This file should be kept secret
dh /usr/local/openvpn/etc/keys/dh1024.pem
server-bridge 10.168.10.4 255.255.255.0 10.168.10.128 10.168.10.254
ifconfig-pool-persist ipp.txt
push "route 10.168.10.0 255.255.255.0 10.168.10.4"
client-to-client
duplicate-cn
keepalive 10 120
persist-key
persist-tun
status /usr/local/openvpn/etc/keys/openvpn-status.log
verb 4
=================================================================================================
[root@as4u3 ~]# more /usr/local/openvpn/sbin/bridge-start
#!/bin/bash
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"
eth_ip="10.168.10.4"
eth_netmask="255.255.255.0"
eth_broadcast="10.168.10.255"
for t in $tap; do
/usr/local/openvpn/sbin/openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
=================================================================================================
/usr/local/openvpn/sbin/bridge-start;
/usr/local/openvpn/sbin/openvpn --config /usr/local/openvpn/etc/server.conf;
执行上面的命令后,网络配置如下:
[root@as4u3 ~]# ifconfig
br0 Link encap:Ethernet HWaddr 00:0C:29:90:5C:E7
inet addr:10.168.10.4 Bcast:10.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe90:5ce7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:137 errors:0 dropped:0 overruns:0 frame:0
TX packets:85 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10614 (10.3 KiB) TX bytes:8078 (7.8 KiB)
eth0 Link encap:Ethernet HWaddr 00:0C:29:90:5CD
inet addr:192.168.8.109 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe90:5cdd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10962 errors:0 dropped:0 overruns:0 frame:0
TX packets:7711 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1015294 (991.4 KiB) TX bytes:741948 (724.5 KiB)
Interrupt:177 Base address:0x1400
eth1 Link encap:Ethernet HWaddr 00:0C:29:90:5C:E7
inet6 addr: fe80::20c:29ff:fe90:5ce7/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1280 errors:0 dropped:0 overruns:0 frame:0
TX packets:1426 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:134275 (131.1 KiB) TX bytes:113981 (111.3 KiB)
Interrupt:185 Base address:0x1480
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tap0 Link encap:Ethernet HWaddr 00:FF:49:67:EB:44
inet6 addr: fe80::2ff:49ff:fe67:eb44/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:169 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:14797 (14.4 KiB) TX bytes:1752 (1.7 KiB)
=================================================================================================
ip addr add 10.168.10.4/24 dev tap0
ip link set tap0 up
执行上面命令后,网络配置如下:
[root@as4u3 ~]# ifconfig
br0 Link encap:Ethernet HWaddr 00:0C:29:90:5C:E7
inet addr:10.168.10.4 Bcast:10.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe90:5ce7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:215 errors:0 dropped:0 overruns:0 frame:0
TX packets:161 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17062 (16.6 KiB) TX bytes:15330 (14.9 KiB)
eth0 Link encap:Ethernet HWaddr 00:0C:29:90:5CD
inet addr:192.168.8.109 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe90:5cdd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11138 errors:0 dropped:0 overruns:0 frame:0
TX packets:7881 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1038222 (1013.8 KiB) TX bytes:756869 (739.1 KiB)
Interrupt:177 Base address:0x1400
eth1 Link encap:Ethernet HWaddr 00:0C:29:90:5C:E7
inet6 addr: fe80::20c:29ff:fe90:5ce7/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1284 errors:0 dropped:0 overruns:0 frame:0
TX packets:1501 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:134515 (131.3 KiB) TX bytes:121107 (118.2 KiB)
Interrupt:185 Base address:0x1480
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tap0 Link encap:Ethernet HWaddr 00:FF:49:67:EB:44
inet addr:10.168.10.4 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::2ff:49ff:fe67:eb44/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:245 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:22181 (21.6 KiB) TX bytes:2082 (2.0 KiB)
=================================================================================================
在另外一台机器配置openvpn客户端,client.conf配置文件如下:
[root@as4u3 ~]# more /usr/local/openvpn/etc/client.conf
client
dev tap
proto tcp
remote 192.168.8.109 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /usr/local/openvpn/etc/keys/ca.crt
cert /usr/local/openvpn/etc/keys/109.crt
key /usr/local/openvpn/etc/keys/109.key
comp-lzo
verb 4
=================================================================================================
/usr/local/openvpn/sbin/openvpn --config /usr/local/openvpn/etc/client.conf;
执行上面命令,启动客户端vpn后,客户端网络配置如下:
[root@as4u3 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:60:A0:A4
inet addr:192.168.8.149 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe60:a0a4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5531 errors:0 dropped:0 overruns:0 frame:0
TX packets:3329 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:502382 (490.6 KiB) TX bytes:396476 (387.1 KiB)
Interrupt:177 Base address:0x1400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:650 errors:0 dropped:0 overruns:0 frame:0
TX packets:650 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:72880 (71.1 KiB) TX bytes:72880 (71.1 KiB)
tap0 Link encap:Ethernet HWaddr 00:FF:E7:B1:B7:2D
inet addr:10.168.10.129 Bcast:10.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::2ff:e7ff:feb1:b72d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:238 (238.0 b)
已解决的问题
WIN2000无法关机(已知道可能的原因,望解决)
WINDOWS下的文件感染病毒已无法修复请问怎样解决?
为什么看不到已解决问题的方式
谁能给出支持cmwap代理的openvpn服务端和客户端OVPN文件
已阻止此软件因为无法验证发行者 怎样解决
pprotect.sys已损坏且无法读取,怎样解决? ?
无法解决的木马
无法解决的问题
flash player 8 安装后说无法写入注册表,所有的swf文件打开方式还是老版本,怎么解决
在用VB对ACCESS进行调用的时出现“无法启动应用程序。工作组信息文件丢失,或是已被其它用户以独占方式打
怎么把已关闭的状态改成已解决?
为什么优化大师(已注册)无法采用windows XP快速启动方式
在XP系统中,能ping通对方微机,但无法从网上邻居找到对方,也无法用\\ip地址的方式访问,请问如何解决?
无法播放已下载的电影
短信无法显示已储存的姓名
如何删去已解决的问题
已解决的问题如何删除
已解决的问题怎么删除
怎样删除已解决的问题啊???
怎么撤消已解决的问题?
怎样删除已解决的问题?
如何否定“已解决的百度问题”
谁知道已解决的问题在哪找啊?