通过OpenVPN在Windows客户端后面访问网络

编程问答 2022-06-12

问题描述

我想通过VPN访问SPS。 SPS通过Windows 2016计算机上的LAN连接。

我已经在Ubuntu 18.04 LTSB AzureCloud计算机上设置了OpenVPN服务器。

以下是IP列表:

SPS
IP: 192.168.5.211/24

Windows Machine connected with SPS (ipc1)
IP: 192.168.5.116/24
IP2: 192.168.68.79/24 (Adapter for Internet connection)
VPN IP: 10.5.1.10/24

Windows machine to connect SPS through VPN (client1)
IP: 192.168.115.51/24
VPNIP: 10.5.1.100/24

OpenVPN Server
TUN0: 10.5.1.1/24

这是OpenVPN服务器的配置。

port 55001
proto udp
dev tun

ca /etc/openvpn/vpnserver/ca.crt
cert /etc/openvpn/vpnserver/vpnserver-oxeloesund.crt
key /etc/openvpn/vpnserver/vpnserver-oxeloesund.key  # This file should be kept secret

dh /etc/openvpn/vpnserver/dh2048.pem

server 10.5.1.0 255.255.255.0

ifconfig-pool-persist /etc/openvpn/vpnserver/ipp.txt

client-to-client

tls-auth /etc/openvpn/vpnserver/ta.key 0 # This file is secret

comp-lzo

user openvpn
group nogroup

persist-key
persist-tun

status openvpn-status.log

verb 3

key-direction 0
auth SHA512
topology "subnet"
push "topology subnet"
ifconfig 10.5.1.0 255.255.255.0
push "route-gateway 10.5.1.0 "
client-config-dir /etc/openvpn/vpnserver/ccd
push "route 192.168.5.0 255.255.255.0"
route 192.168.5.0 255.255.255.0

ipc1的CCD文件(Windows计算机2016与SPS连接)

ifconfig-push 10.5.1.10 255.255.255.0
iroute 192.168.5.0 255.255.255.0

client1的CCD文件(Windows计算机尝试通过OpenVPN连接到SPS)

ifconfig-push 10.5.1.100 255.255.255.0

ipp.txt为空

ipc1.ovpn conf(Windows计算机2016与SPS连接)

client

dev tun

proto udp

remote ip port

resolv-retry infinite

nobind

persist-key
persist-tun

remote-cert-tls server
tls-auth ta.key 1

cipher AES-256-CBC

comp-lzo

verb 3

cipher AES-256-CBC
auth SHA512
key-direction 1

auth-nocache
<ca>
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----
</ca>
<cert>
    *
</cert>
<key>
-----BEGIN PRIVATE KEY-----
*
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
*
-----END OpenVPN Static key V1-----
</tls-auth>

clien1.conf配置(Windows计算机尝试通过OpenVPN连接到SPS)

client
dev tun
proto udp
remote ip port
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
cipher AES-256-CBC
auth SHA512
key-direction 1
auth-nocache
<ca>
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----
</ca>
<cert>
*
</cert>
<key>
-----BEGIN PRIVATE KEY-----
*
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
*
-----END OpenVPN Static key V1-----
</tls-auth>

我在OpenVPN服务器上激活ip4转发并设置iptables

root @ VPN:/ usr / scripts#iptables -vL 

Chain INPUT (policy DROP 0 packets,0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 2433  410K ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    8  3037 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
   29  1700 ACCEPT     tcp  --  eth0   any     anywhere             anywhere             tcp dpt:ssh ctstate NEW
  139 16512 ACCEPT     all  --  lo     any     anywhere             anywhere
    2   228 ACCEPT     udp  --  eth0   any     anywhere             anywhere             udp dpt:55001 ctstate NEW
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             multiport dports http,https ctstate NEW

Chain FORWARD (policy DROP 0 packets,0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
    0     0 ACCEPT     all  --  lo     lo      anywhere             anywhere
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             multiport dports http,https,8443 ctstate NEW
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             ctstate NEW

Chain OUTPUT (policy DROP 3660 packets,415K bytes)
 pkts bytes target     prot opt in     out     source               destination
 1982  397K ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 DROP       all  --  any    any     anywhere             anywhere             ctstate INVALID
  139 16512 ACCEPT     all  --  any    lo      anywhere             anywhere
  144  8640 ACCEPT     tcp  --  any    any     anywhere             anywhere             multiport dports http,https ctstate NEW
   29  2436 ACCEPT     icmp --  any    any     anywhere             anywhere             ctstate NEW

root @ VPN:/ usr / scripts#iptables -t nat -vL 

Chain PREROUTING (policy ACCEPT 32 packets,1988 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 32 packets,1988 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 3894 packets,433K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 222 packets,17584 bytes)
 pkts bytes target     prot opt in     out     source               destination

我可以从OpenVPN服务器ping通

root @ VPN:/ usr / scripts#ping 10.5.1.10 

PING 10.5.1.10 (10.5.1.10) 56(84) bytes of data.
64 bytes from 10.5.1.10: icmp_seq=1 ttl=128 time=24.8 ms
64 bytes from 10.5.1.10: icmp_seq=2 ttl=128 time=24.7 ms
64 bytes from 10.5.1.10: icmp_seq=3 ttl=128 time=24.5 ms

root @ VPN:/ usr / scripts#ping 10.5.1.100 

PING 10.5.1.100 (10.5.1.100) 56(84) bytes of data.
64 bytes from 10.5.1.100: icmp_seq=1 ttl=128 time=29.8 ms
64 bytes from 10.5.1.100: icmp_seq=2 ttl=128 time=29.9 ms
64 bytes from 10.5.1.100: icmp_seq=3 ttl=128 time=30.1 ms

root @ VPN:/ usr / scripts#ping 192.168.5.211 

PING 192.168.5.211 (192.168.5.211) 56(84) bytes of data.

--- 192.168.5.211 ping statistics ---
6 packets transmitted,0 received,100% packet loss,time 5108ms

root @ VPN:/ usr / scripts#ping 192.168.5.216 

PING 192.168.5.216 (192.168.5.216) 56(84) bytes of data.

--- 192.168.5.216 ping statistics ---
64 bytes from 192.168.5.216: icmp_seq=1 ttl=127 time=25.0 ms
64 bytes from 192.168.5.216: icmp_seq=2 ttl=127 time=24.9 ms

从ipc1 ping

C:\ Users \ admin> ping 192.168.5.211 

Ping wird ausgeführt für 192.168.5.211 mit 32 Bytes Daten:
Antwort von 192.168.5.211: Bytes=32 Zeit<1ms TTL=255
Antwort von 192.168.5.211: Bytes=32 Zeit=1ms TTL=255
Antwort von 192.168.5.211: Bytes=32 Zeit=1ms TTL=255
Antwort von 192.168.5.211: Bytes=32 Zeit=1ms TTL=255

C:\ Users \ admin> ping 10.5.1.100 

Ping wird ausgeführt für 10.5.1.100 mit 32 Bytes Daten:
Antwort von 10.5.1.100: Bytes=32 Zeit=67ms TTL=128
Antwort von 10.5.1.100: Bytes=32 Zeit=55ms TTL=128
Antwort von 10.5.1.100: Bytes=32 Zeit=55ms TTL=128
Antwort von 10.5.1.100: Bytes=32 Zeit=54ms TTL=128

从Windows计算机client1

H:> ping 10.5.1.10 

Ping wird ausgeführt für 10.5.1.10 mit 32 Bytes Daten:
Antwort von 10.5.1.10: Bytes=32 Zeit=56ms TTL=128
Antwort von 10.5.1.10: Bytes=32 Zeit=54ms TTL=128
Antwort von 10.5.1.10: Bytes=32 Zeit=54ms TTL=128
Antwort von 10.5.1.10: Bytes=32 Zeit=55ms TTL=128

H:> ping 192.168.5.216 

Ping wird ausgeführt für 192.168.5.216 mit 32 Bytes Daten:
Antwort von 192.168.5.216: Bytes=32 Zeit=54ms TTL=127
Antwort von 192.168.5.216: Bytes=32 Zeit=65ms TTL=127
Antwort von 192.168.5.216: Bytes=32 Zeit=55ms TTL=127
Antwort von 192.168.5.216: Bytes=32 Zeit=55ms TTL=127

H:> ping 192.168.5.211 

Ping wird ausgeführt für 192.168.5.211 mit 32 Bytes Daten:
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.

您能帮我找到错误吗?请

我感谢每个回答

谢谢

西蒙

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

iptablesnatnetworkingopenvpn