OpenVPN客户端连接,但无法访问互联网

我在一个centos盒子上安装了一个Openvpn服务器,我可以让客户端连接(osx),但无法访问互联网甚至本地networking。 我想也许DNS,但无法通过IP访问任何网站。 任何帮助,将不胜感激。 我将在下面列出我的configuration文件。

server.conf::: port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 reneg-sec 0 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS #plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS client-cert-not-required username-as-common-name server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3 client.conf::: client dev tun proto udp remote My server IP 1194 # - Your server IP and OpenVPN Port resolv-retry infinite nobind tun-mtu 1500 persist-key persist-tun ca ca.crt cert client1.crt key client1.key auth-user-pass comp-lzo verb 3 ifconfig (client):: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=3<RXCSUM,TXCSUM> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 10:40:f3:88:27:6c inet6 fe80::1240:f3ff:fe88:276c%en0 prefixlen 64 scopeid 0x4 inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255 media: autoselect status: active p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304 ether 02:40:f3:88:27:6c media: autoselect status: inactive tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff open (pid 7494) ifconfig (server):: eth0 Link encap:Ethernet HWaddr 00:23:54:03:F2:BB inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::223:54ff:fe03:f2bb/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:113530 errors:0 dropped:0 overruns:0 frame:0 TX packets:13376 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:25518343 (24.3 MiB) TX bytes:1310138 (1.2 MiB) Interrupt:26 Base address:0xe000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:828 (828.0 b) TX bytes:828 (828.0 b) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 PtP:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:397 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 

首先检查你可以ping的OpenVPN服务器VPN范围IP,10.8.0.1,假设成功:

https://community.openvpn.net/openvpn/wiki/BridgingAndRouting

按照使用路由下的说明,假设你的互联网连接是eth0,如果它没有改变你的互联网连接适配器标识符(ppp0,atm0)的值等。它还假定你的OpenVPN服务器是你的互联网主路由器连接。

在客户端框中,做这些testing:

 1. Ping 10.8.0.1, if not ok check client/server firewall let ICMP can pass through, then we can debug deeply. 2. Ping 192.168.0.10, if not ok check: A. Client routing table, where the traffic goes while destination network is 192.168.0.0/24, it should go to 10.8.0.5/tun0 B. Server sysctl net.ipv4.ip_forward, it should be 1. C. Server NAT/MASQUERADE with iptables. 3. Traceroute 8.8.8.8, if not ok check which hop stopped the traffic. 

你的IPTable可能是错的。 当我可以连接到一个OpenVPN节点,但不能访问互联网,并可以本地ping,这是NAT问题。

看到这个帮助: http : //blog.solidshellsecurity.com/2013/01/15/openvpn-installation-configuration-setup-centos-5-6-32-64bit-openvz-xen-kvm/

configuration完OpenVPN服务器和客户端之后,还有一件事需要做:在本地networking的每台计算机(或networking路由器)上添加一个路由,该路由应该与vpnnetworking中的​​计算机进行通信。

例:

 My home network is: 10.13.0.0/24 OpenVPN network is: 10.14.0.0/24 

OpenVPN服务器物理网卡configuration为: 10.13.0.1/24

OpenVPN服务器的VPN网卡configuration为: 10.14.0.1/24

当我的客户端连接到VPN时,获得IP: 10.14.0.6/24为了使10.13.0.0/24networking上的其他计算机(家用电脑)能够与通过vpn连接的计算机进行通信,我必须添加具体路线:

 route add -net 10.14.0.0/24 gw 10.13.0.1 metric 1 

这使家庭networking上的计算机能够与OpenVPNnetworking上的计算机通信,反之亦然。

在你的情况下,它将使您的networking计算机与vpn计算机进行通信。

我写了一篇关于如何安装和configurationOpenVPN服务器的非常详细的文章,并且在那里描述了上述步骤,请随时查阅…它可以帮助您: 如何在CentOS上打开VPN

在Windows上,客户端必须以“pipe理员”身份运行,否则路由将无法工作。 我不知道在Mac上是否有类似的东西? 什么openvpn客户端(如果有的话),你在Mac上使用? 您是否尝试使用提升的权限运行?