南京鼓楼区有什么街道:【已解决】桥接方式的openvpn无法访问与openvpn服务器在同一内网的其他机器

此文重点即原帖解决办法：测试时用真机，而不要用虚拟机........用真机试试去了....

配置环境：
[root@as4u3 ~]# uname -a
Linux as4u3 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 i686 i386 GNU/Linux

=================================================================================================
[root@as4u3 ~]# more /usr/local/openvpn/etc/server.conf
port 1194
proto tcp

dev tap0

ca /usr/local/openvpn/etc/keys/ca.crt
cert /usr/local/openvpn/etc/keys/server.crt
key /usr/local/openvpn/etc/keys/server.key # This file should be kept secret

dh /usr/local/openvpn/etc/keys/dh1024.pem

server-bridge 10.168.10.4 255.255.255.0 10.168.10.128 10.168.10.254

ifconfig-pool-persist ipp.txt

push "route 10.168.10.0 255.255.255.0 10.168.10.4"

client-to-client

duplicate-cn

keepalive 10 120

persist-key
persist-tun

status /usr/local/openvpn/etc/keys/openvpn-status.log

verb 4
=================================================================================================
[root@as4u3 ~]# more /usr/local/openvpn/sbin/bridge-start
#!/bin/bash

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"
eth_ip="10.168.10.4"
eth_netmask="255.255.255.0"
eth_broadcast="10.168.10.255"

for t in $tap; do
/usr/local/openvpn/sbin/openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
brctl addif $br $t
done

for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

=================================================================================================
/usr/local/openvpn/sbin/bridge-start;
/usr/local/openvpn/sbin/openvpn --config /usr/local/openvpn/etc/server.conf;
执行上面的命令后，网络配置如下：
[root@as4u3 ~]# ifconfig
br0 Link encap:Ethernet HWaddr 00:0C:29:90:5C:E7
inet addr:10.168.10.4 Bcast:10.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe90:5ce7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:137 errors:0 dropped:0 overruns:0 frame:0
TX packets:85 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10614 (10.3 KiB) TX bytes:8078 (7.8 KiB)

eth0 Link encap:Ethernet HWaddr 00:0C:29:90:5CD
inet addr:192.168.8.109 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe90:5cdd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10962 errors:0 dropped:0 overruns:0 frame:0
TX packets:7711 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1015294 (991.4 KiB) TX bytes:741948 (724.5 KiB)
Interrupt:177 Base address:0x1400

eth1 Link encap:Ethernet HWaddr 00:0C:29:90:5C:E7
inet6 addr: fe80::20c:29ff:fe90:5ce7/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1280 errors:0 dropped:0 overruns:0 frame:0
TX packets:1426 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:134275 (131.1 KiB) TX bytes:113981 (111.3 KiB)
Interrupt:185 Base address:0x1480

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

tap0 Link encap:Ethernet HWaddr 00:FF:49:67:EB:44
inet6 addr: fe80::2ff:49ff:fe67:eb44/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:169 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:14797 (14.4 KiB) TX bytes:1752 (1.7 KiB)
=================================================================================================
ip addr add 10.168.10.4/24 dev tap0
ip link set tap0 up
执行上面命令后，网络配置如下：
[root@as4u3 ~]# ifconfig
br0 Link encap:Ethernet HWaddr 00:0C:29:90:5C:E7
inet addr:10.168.10.4 Bcast:10.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe90:5ce7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:215 errors:0 dropped:0 overruns:0 frame:0
TX packets:161 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17062 (16.6 KiB) TX bytes:15330 (14.9 KiB)

eth0 Link encap:Ethernet HWaddr 00:0C:29:90:5CD
inet addr:192.168.8.109 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe90:5cdd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11138 errors:0 dropped:0 overruns:0 frame:0
TX packets:7881 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1038222 (1013.8 KiB) TX bytes:756869 (739.1 KiB)
Interrupt:177 Base address:0x1400

eth1 Link encap:Ethernet HWaddr 00:0C:29:90:5C:E7
inet6 addr: fe80::20c:29ff:fe90:5ce7/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1284 errors:0 dropped:0 overruns:0 frame:0
TX packets:1501 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:134515 (131.3 KiB) TX bytes:121107 (118.2 KiB)
Interrupt:185 Base address:0x1480

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

tap0 Link encap:Ethernet HWaddr 00:FF:49:67:EB:44
inet addr:10.168.10.4 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::2ff:49ff:fe67:eb44/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:245 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:22181 (21.6 KiB) TX bytes:2082 (2.0 KiB)

=================================================================================================
在另外一台机器配置openvpn客户端，client.conf配置文件如下：
[root@as4u3 ~]# more /usr/local/openvpn/etc/client.conf
client

dev tap

proto tcp

remote 192.168.8.109 1194
resolv-retry infinite

nobind

persist-key
persist-tun

ca /usr/local/openvpn/etc/keys/ca.crt
cert /usr/local/openvpn/etc/keys/109.crt
key /usr/local/openvpn/etc/keys/109.key

comp-lzo

verb 4

=================================================================================================
/usr/local/openvpn/sbin/openvpn --config /usr/local/openvpn/etc/client.conf;

执行上面命令，启动客户端vpn后，客户端网络配置如下：
[root@as4u3 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:60:A0:A4
inet addr:192.168.8.149 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe60:a0a4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5531 errors:0 dropped:0 overruns:0 frame:0
TX packets:3329 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:502382 (490.6 KiB) TX bytes:396476 (387.1 KiB)
Interrupt:177 Base address:0x1400

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:650 errors:0 dropped:0 overruns:0 frame:0
TX packets:650 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:72880 (71.1 KiB) TX bytes:72880 (71.1 KiB)

tap0 Link encap:Ethernet HWaddr 00:FF:E7:B1:B7:2D
inet addr:10.168.10.129 Bcast:10.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::2ff:e7ff:feb1:b72d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:238 (238.0 b)