討論群組
小惡魔市集 悅遊日本 活動報導
我要回覆

OpenVPN Server 在 NAT 內怎麼架設?

  • 2016-01-03 10:09
  • 6897
alex0705
alex0705
36分
11樓
alex0705
alex0705
個人積分:36分
文章編號:58775687
客戶端的DNS暫時設成8.8.8.8試試
可能是server端沒給所以client繼續連舊的,但是舊的是在原來的subnet
沒辦法從VPN subnet routing過去,所以沒辦法聯外網
如果不是DNS的問題就是Server端的iptables規則不對了
2016-01-03 14:59 #11
ANDYLIU66Y
ANDYLIU66Y
583分
12樓
ANDYLIU66Y
ANDYLIU66Y
個人積分:583分
文章編號:58776578
Trevor0 wrote:
各位版大小弟欲架設一...(恕刪)
關掉防火牆軟體在試試看呢? 可以連上server但是連不出去對吧.
2016-01-03 16:54 #12
天龍國子民
天龍國子民
5996分
13樓
天龍國子民
天龍國子民
個人積分:5996分
文章編號:58776881

Trevor0 wrote:
各位版大小弟欲架設...(恕刪)


可以改用SSH tunnel 把Port22對應到你的Tomato AP就可以.

2016-01-03 17:27 #13
Trevor0
Trevor0
0分
樓主
Trevor0
Trevor0
個人積分:0分
文章編號:58777588
感謝各位版大
Firewall 沒法關,但是我將 tomato 放在 DMZ 也是一樣的結果.
ssh tunnel 部份,我在 D Link Dir 615 裡,找不到這個選項耶.

我貼上連線成功的 Routing table 看看能不能看出問題
===========================================================================
Interface List
16...00 ff 3a d3 4b e4 ......TAP-Windows Adapter V9
14...00 21 86 f4 c4 9d ......Intel(R) 82567LM-3 Gigabit Network Connection
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 ***.**.***.254 ***.**.***.64 10
0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 30
10.8.0.4 255.255.255.252 On-link 10.8.0.6 286
10.8.0.6 255.255.255.255 On-link 10.8.0.6 286
10.8.0.7 255.255.255.255 On-link 10.8.0.6 286
61.57.143.61 255.255.255.255 ***.**.***.254 ***.**.***.64 5
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30
***.**.***.0 255.255.255.0 On-link ***.**.***.64 261
***.**.***.64 255.255.255.255 On-link ***.**.***.64 261
***.**.***.255 255.255.255.255 On-link ***.**.***.64 261
192.168.0.0 255.255.255.0 10.8.0.5 10.8.0.6 30
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link ***.**.***.64 261
224.0.0.0 240.0.0.0 On-link 10.8.0.6 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link ***.**.***.64 261
255.255.255.255 255.255.255.255 On-link 10.8.0.6 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 276 fe80::/64 On-link
16 286 fe80::/64 On-link
16 286 fe80::b815:38dc:2b19:cb3a/128
On-link
14 276 fe80::f83a:fd3:ed08:1a2d/128
On-link
1 306 ff00::/8 On-link
14 276 ff00::/8 On-link
16 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Pinging 10.8.0.6 with 32 bytes of data:
Reply from 10.8.0.6: bytes=32 time<1ms TTL=128
Reply from 10.8.0.6: bytes=32 time<1ms TTL=128
Reply from 10.8.0.6: bytes=32 time<1ms TTL=128
Reply from 10.8.0.6: bytes=32 time<1ms TTL=128

Ping statistics for 10.8.0.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 10.8.0.1 with 32 bytes of data:
Reply from 10.8.0.1: bytes=32 time=21ms TTL=64
Reply from 10.8.0.1: bytes=32 time=25ms TTL=64
Reply from 10.8.0.1: bytes=32 time=25ms TTL=64
Reply from 10.8.0.1: bytes=32 time=21ms TTL=64

Ping statistics for 10.8.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 25ms, Average = 23ms

Tracing route to fd-fp3.wg1.b.yahoo.com [116.214.12.74]
over a maximum of 30 hops:

1 20 ms 21 ms 21 ms 10.8.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.
2016-01-03 18:46 #14
scottlai
scottlai
1分
15樓
scottlai
scottlai
個人積分:1分
文章編號:58778708
openvpn 2013年就開始被gw了啦,你要再用stunnel包一層,不然你台灣的ip被偵測到給對岸的人用openvpn,你那個ip就不用想連去大陸了

stunnel要用optware的方式裝到usb上去跑

http://uk.nyclee.net/2012/04/28/installing-optware-in-tomato-usb-shibby/

http://tomatousb.org/tut:optware-installation
2016-01-03 20:58 #15
好喘好累
好喘好累
1236分
16樓
好喘好累
好喘好累
個人積分:1236分
文章編號:58783825
不必浪費時間了啦, 除非你是在企業內部, 有VPN連到台灣企業總部,
自己私設的VPN效能奇差無比.

我也算熟悉網路架構,也都弄了幾個月才把 OpenVPN架起來.
一開始想用router 裝 DDWRT, 把 VPN放在 router 內, 一直搞不定,
後來只好把 VPN Server 放在 NAS機內, 這才弄定.

可是,速度效能很差,看個網頁都要LO半天, 常轉半天到斷線, 算了吧,
鬥不過人家專業統治者的.
做順民,遵從法律,不要一面想來賺錢又想違背國法了.

如果你堅持要做,有二點小建議:
1.為防止你的IP被封鎖,最好用動態IP,然後用DDNS之類的服務.
2.VPN的 port最好改成 443, 這個port不太可能被鎖, 但是你就不能用其他 SSL 服務了.
2016-01-04 11:15 #16
sharkman2004
sharkman2004
0分
17樓
sharkman2004
sharkman2004
個人積分:0分
文章編號:68206509
openvpn servers 需要有公网IP,你的server在内网,我不知道你的客户端如何透穿到你的VPN server,?一级路由做端口映射?
2018-04-19 14:22 #17
我要回覆
文章分享
加入好友名單
取消 確定
評分
取消 確定
評分
取消 確定
複製連結
複製
留言回報
取消 確定

今日熱門文章 網友點擊推薦!