私オープンVPNサーバーが稼働しており、クライアントがサーバーに接続してインターネットにアクセスできますが、すべてのクライアントにアクセスすることはできません。10.8.0.6IPアドレスがあるので、お互いにpingできません。
よくわかりませんが、サーバーのルーティングに問題があるようです。私のデフォルト設定は次のとおりです
路線
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 138.68.64.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.19.0.0 * 255.255.0.0 U 0 0 0 eth0
138.68.64.0 * 255.255.240.0 U 0 0 0 eth0
iptables-vL
Chain INPUT (policy DROP 14729 packets, 733K bytes)
pkts bytes target prot opt in out source destination
3927K 786M ufw-before-logging-input all -- any any anywhere anywhere
3927K 786M ufw-before-input all -- any any anywhere anywhere
155K 7897K ufw-after-input all -- any any anywhere anywhere
155K 7876K ufw-after-logging-input all -- any any anywhere anywhere
155K 7876K ufw-reject-input all -- any any anywhere anywhere
155K 7876K ufw-track-input all -- any any anywhere anywhere
1 40 ACCEPT tcp -- eth0 any anywhere anywhere tcp dpt:ircd
Chain FORWARD (policy ACCEPT 33404 packets, 14M bytes)
pkts bytes target prot opt in out source destination
6389K 4665M ufw-before-logging-forward all -- any any anywhere anywhere
6389K 4665M ufw-before-forward all -- any any anywhere anywhere
6389K 4665M ufw-after-forward all -- any any anywhere anywhere
6389K 4665M ufw-after-logging-forward all -- any any anywhere anywhere
6389K 4665M ufw-reject-forward all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 123 packets, 7504 bytes)
pkts bytes target prot opt in out source destination
5027K 4648M ufw-before-logging-output all -- any any anywhere anywhere
5027K 4648M ufw-before-output all -- any any anywhere anywhere
61051 4324K ufw-after-output all -- any any anywhere anywhere
61051 4324K ufw-after-logging-output all -- any any anywhere anywhere
61051 4324K ufw-reject-output all -- any any anywhere anywhere
61051 4324K ufw-track-output all -- any any anywhere anywhere
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
175 13652 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:netbios-ns
0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:netbios-dgm
30 1388 ufw-skip-to-policy-input tcp -- any any anywhere anywhere tcp dpt:netbios-ssn
143 6380 ufw-skip-to-policy-input tcp -- any any anywhere anywhere tcp dpt:microsoft-ds
0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:bootps
0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:bootpc
0 0 ufw-skip-to-policy-input all -- any any anywhere anywhere ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
85877 4224K LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
6389K 4665M ufw-user-forward all -- any any anywhere anywhere
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
308K 32M ACCEPT all -- lo any anywhere anywhere
3405K 742M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
5247 288K ufw-logging-deny all -- any any anywhere anywhere state INVALID
5247 288K DROP all -- any any anywhere anywhere state INVALID
0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
436 17126 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT udp -- any any anywhere anywhere udp spt:bootps dpt:bootpc
206K 11M ufw-not-local all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:mdns
0 0 ACCEPT udp -- any any anywhere 239.255.255.250 udp dpt:1900
206K 11M ufw-user-input all -- any any anywhere anywhere
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
308K 32M ACCEPT all -- any lo anywhere anywhere
4656K 4611M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
61003 4321K ufw-user-output all -- any any anywhere anywhere
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
2476 148K RETURN all -- any any anywhere anywhere state INVALID limit: avg 3/min burst 10
128 12121 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
206K 11M RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type LOCAL
0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type MULTICAST
4 312 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all -- any any anywhere anywhere limit: avg 3/min burst 10
0 0 DROP all -- any any anywhere anywhere
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere
Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
348 21420 DROP all -- any any anywhere anywhere
Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
16 1904 ACCEPT tcp -- any any anywhere anywhere state NEW
60802 4295K ACCEPT udp -- any any anywhere anywhere state NEW
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
46826 2776K ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
1 57 ACCEPT udp -- any any anywhere anywhere udp dpt:ssh
715 74931 ACCEPT udp -- any any anywhere anywhere udp dpt:openvpn
2193 114K ACCEPT tcp -- any any anywhere anywhere tcp dpt:http-alt
1264 65840 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
153 8788 ACCEPT tcp -- any any anywhere anywhere tcp dpt:4848
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
Windowsクライアントのipconfig:
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::9ec:a83c:51ba:8661%5
IPv4 Address. . . . . . . . . . . : 10.8.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :
私のLinuxクライアントのifconfig:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:209 errors:0 dropped:0 overruns:0 frame:0
TX packets:620 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:52695 (51.4 Kb) TX bytes:71108 (69.4 Kb)
私のサーバーのifconfig:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2559262 errors:0 dropped:0 overruns:0 frame:0
TX packets:3865745 errors:0 dropped:989 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:445611223 (424.9 MiB) TX bytes:4221065665 (3.9 GiB)
私の目標は顧客とコミュニケーションすることです。これを達成するための可能な方法は何ですか?
ベストアンサー1
これを引き起こす可能性があるのは、複数のクライアントが同じ証明書で接続されているためです。 OpenVPNサーバーはそれを同じクライアントと見なし、同じIPアドレスを割り当てます。
この場合、各クライアントに固有の証明書を生成したり、duplicate-cnサーバーのオプションにこのオプションを追加したり、OpenVPN GUIオプションで「冗長接続」を確認したりできます。