阿霍伊,任何建议都将不胜感激,这是我所拥有的,也是我需要完成的:
接下来是我的问题,如何设置virtualbox和openvpn,这样我就可以访问机器。
( a)我应该使用哪种网络选择?只承载NAT网络还是桥接?( b)如何通过openvpn从我的pc上“路由/访问”虚拟机?
到目前为止,我能够从mypc连接到强服务器,在iface tun0上我的IP是192.168.56.2,但我不能使用ping/扫描机192.168.56.10、192.168.56.11、192.168.56.12、192.168.56.13、192.168.56.14。
在openvpn服务器配置中,我遗漏了一些行,或者应该在"virtualbox和openvpn“之间添加一些路由,或者两者都添加。
谢谢你的建议。
OpenVPN server.conf
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 192.168.56.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_4ND1IGilsOsqFOrd.crt
key server_4ND1IGilsOsqFOrd.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
从openvpn测试客户端登录
openvpn test1.ovpn
2023-03-27 09:37:07 Unrecognized option or missing or extra parameter(s) in test1.ovpn:19: block-outside-dns (2.5.7)
2023-03-27 09:37:07 OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022
2023-03-27 09:37:07 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-03-27 09:37:07 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-03-27 09:37:07 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-03-27 09:37:07 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-03-27 09:37:07 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-03-27 09:37:07 TCP/UDP: Preserving recently used remote address: [AF_INET]10.5.234.23:1194
2023-03-27 09:37:07 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-03-27 09:37:07 UDP link local: (not bound)
2023-03-27 09:37:07 UDP link remote: [AF_INET]10.5.234.23:1194
2023-03-27 09:37:07 TLS: Initial packet from [AF_INET]10.5.234.23:1194, sid=15fae1aa 4e9d9f26
2023-03-27 09:37:07 VERIFY OK: depth=1, CN=cn_WHLqtsupL3nvjt9t
2023-03-27 09:37:07 VERIFY KU OK
2023-03-27 09:37:07 Validating certificate extended key usage
2023-03-27 09:37:07 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-03-27 09:37:07 VERIFY EKU OK
2023-03-27 09:37:07 VERIFY X509NAME OK: CN=server_4ND1IGilsOsqFOrd
2023-03-27 09:37:07 VERIFY OK: depth=0, CN=server_4ND1IGilsOsqFOrd
2023-03-27 09:37:07 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
2023-03-27 09:37:07 [server_4ND1IGilsOsqFOrd] Peer Connection Initiated with [AF_INET]10.5.234.23:1194
2023-03-27 09:37:09 SENT CONTROL [server_4ND1IGilsOsqFOrd]: 'PUSH_REQUEST' (status=1)
2023-03-27 09:37:09 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway def1 bypass-dhcp,route-gateway 192.168.56.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.56.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
2023-03-27 09:37:09 OPTIONS IMPORT: timers and/or timeouts modified
2023-03-27 09:37:09 OPTIONS IMPORT: --ifconfig/up options modified
2023-03-27 09:37:09 OPTIONS IMPORT: route options modified
2023-03-27 09:37:09 OPTIONS IMPORT: route-related options modified
2023-03-27 09:37:09 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-03-27 09:37:09 OPTIONS IMPORT: peer-id set
2023-03-27 09:37:09 OPTIONS IMPORT: adjusting link_mtu to 1624
2023-03-27 09:37:09 OPTIONS IMPORT: data channel crypto options modified
2023-03-27 09:37:09 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2023-03-27 09:37:09 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2023-03-27 09:37:09 net_route_v4_best_gw query: dst 0.0.0.0
2023-03-27 09:37:09 net_route_v4_best_gw result: via 192.168.216.2 dev eth0
2023-03-27 09:37:09 ROUTE_GATEWAY 192.168.216.2/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:8e:38:4d
2023-03-27 09:37:09 TUN/TAP device tun0 opened
2023-03-27 09:37:09 net_iface_mtu_set: mtu 1500 for tun0
2023-03-27 09:37:09 net_iface_up: set tun0 up
2023-03-27 09:37:09 net_addr_v4_add: 192.168.56.2/24 dev tun0
2023-03-27 09:37:09 net_route_v4_add: 10.5.234.23/32 via 192.168.216.2 dev [NULL] table 0 metric -1
2023-03-27 09:37:09 net_route_v4_add: 0.0.0.0/1 via 192.168.56.1 dev [NULL] table 0 metric -1
2023-03-27 09:37:09 net_route_v4_add: 128.0.0.0/1 via 192.168.56.1 dev [NULL] table 0 metric -1
2023-03-27 09:37:09 Initialization Sequence Completed
^C2023-03-27 09:40:06 event_wait : Interrupted system call (code=4)
2023-03-27 09:40:06 SIGTERM received, sending exit notification to peer
2023-03-27 09:40:07 net_route_v4_del: 10.5.234.23/32 via 192.168.216.2 dev [NULL] table 0 metric -1
2023-03-27 09:40:07 net_route_v4_del: 0.0.0.0/1 via 192.168.56.1 dev [NULL] table 0 metric -1
2023-03-27 09:40:07 net_route_v4_del: 128.0.0.0/1 via 192.168.56.1 dev [NULL] table 0 metric -1
2023-03-27 09:40:07 Closing TUN/TAP interface
2023-03-27 09:40:07 net_addr_v4_del: 192.168.56.2 dev tun0
#推送路由后编辑并调整openvpn设置:
发布于 2023-03-27 14:59:08
让我们逐一看看你的选择。
( a)您的VM的网络适配器类型:
这取决于您的需求/您必须完成什么与您的VM。
b)如何路由/访问您的越南船民:
再说一遍,这里有多个选项。我将“画出”网络的大纲和完成这一任务所需的步骤。
push "route 192.168.56.0 255.255.255.0"
(您可能应该撤消VPN配置中的重定向网关指令):echo 1 > /proc/sys/net/ipv4/ip_forward
发布于 2023-04-05 13:18:43
好的,谢谢你,我终于解决了这个难题。问题是,对于openvpn接口和vboxnet0接口,我有相同的IP设置。是我的错。仅主机配置工作,但不要忘记添加默认gw,以便您可以桥接tun0和vboxnet0。
https://serverfault.com/questions/1127240
复制相似问题