8wDlpd.png
8wDFp9.png
8wDEOx.png
8wDMfH.png
8wDKte.png

设置完ocserv(openconnect server)后,无法访问外网,怎么办?

Sasha 2月前

15 0

设置完之后,anyconnect可以连接成功,但是无法访问google.com,请问该如何解决?或者说该如何排查?下面是服务器配置信息和服务...

设置完之后,anyconnect可以连接成功,但是无法访问google.com,请问该如何修复这个问题?或者说如何排查这个问题?下面是我部署的服务器配置信息和服务状态。

root@xxx:~# ufw status
Status: inactive

连接成功时的路由表

default via 181.214.136.1 dev eth0 proto static
10.12.0.86 dev vpns0 proto kernel scope link src 10.12.0.1
181.214.136.0/24 dev eth0 proto kernel scope link src 181.214.136.245

网卡信息

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
    link/ether bc:24:11:ba:a9:68 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    altname ens18
    inet 181.214.136.245/24 brd 181.214.136.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2a12:f8c1:50:8::1124/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::be24:11ff:feba:a968/64 scope link
       valid_lft forever preferred_lft forever
17: vpns0: <POINTOPOINT,UP,LOWER_UP> mtu 1392 qdisc fq state UNKNOWN group default qlen 500
    link/none
    inet 10.12.0.1 peer 10.12.0.86/32 scope global vpns0
       valid_lft forever preferred_lft forever
    inet6 fe80::ef03:f3a7:d7ab:dd7c/64 scope link stable-privacy
       valid_lft forever preferred_lft forever

ocserv 日志

Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* suggesting DPD of 300 secs
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* configured link MTU is 1420
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* peer's link MTU is 1500
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* sending IPv4 10.12.0.86
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* adding DNS 8.8.8.8
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* adding DNS 1.1.1.1
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* adding special split DNS for Apple
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* Link MTU is 1420 bytes
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* selected DTLS compression method lzs
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* selected CSTP compression method lzs

ocserv 配置

auth = "plain[passwd=/etc/ocserv/ocpasswd]"
enable-auth = "certificate"
tcp-port = 443
run-as-user = nobody
run-as-group = daemon
socket-file = /run/ocserv.socket
server-cert = /root/.acme.sh/passfirewall.xyz_ecc/passfirewall.xyz.cer
server-key = /root/.acme.sh/passfirewall.xyz_ecc/passfirewall.xyz.key
ca-cert = /etc/ocserv/cert/ca-cert.pem
isolate-workers = true
max-clients = 1024
max-same-clients = 0
server-stats-reset-time = 604800
keepalive = 300
dpd = 60
mobile-dpd = 300
switch-to-tcp-timeout = 25
try-mtu-discovery = true
cert-user-oid = 0.9.2342.19200300.100.1.1
crl = /etc/ocserv/cert/crl.pem
compression = true
no-compress-limit = 256
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"
auth-timeout = 240
idle-timeout = 1200
mobile-idle-timeout = 1800
min-reauth-time = 300
max-ban-score = 80
ban-reset-time = 300
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /run/ocserv.pid
device = vpns
predictable-ips = true
default-domain = example.com
ipv4-network = 10.12.0.0
ipv4-netmask = 255.255.255.0
dns = 8.8.8.8
dns = 1.1.1.1
ping-leases = false
mtu = 1420
cisco-client-compat = true
dtls-legacy = true
帖子版权声明 1、本帖标题:设置完ocserv(openconnect server)后,无法访问外网,怎么办?
    本站网址:http://xjnalaquan.com/
2、本网站的资源部分来源于网络,如有侵权,请联系站长进行删除处理。
3、会员发帖仅代表会员个人观点,并不代表本站赞同其观点和对其真实性负责。
4、本站一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
5、站长邮箱:yeweds@126.com 除非注明,本帖由Sasha在本站《ubuntu》版块原创发布, 转载请注明出处!
最新回复 (0)
返回
作者最近主题: