Pivpn no internet

这个问题可能看起来很重复，但我已经尝试了所有其他的解决方案，这些解决方案都是多年前的，所以请帮助。

我在树莓派上安装了Pivpn，但是无法通过VPN访问互联网。

运行ping 1.1.1.1 -I tun0，丢包100%，无响应。从eth0来看，它是有效的。连ping 127.0.0.1 -I tun0都不起作用

下面是我的pivpn -d日志，没有显示任何错误。

::: Generating Debug Output
::::        [4mPiVPN debug[0m      ::::
=============================================
::::        [4mLatest commit[0m        ::::
Branch: master
Commit: 027f257931d1f169e254def5d1552d55810fefda
Author: 4s3ti
Date: Thu Aug 5 15:12:33 2021 +0200
Summary: Latest Changes update.
=============================================
::::        [4mInstallation settings[0m        ::::
PLAT=Raspbian
OSCN=stretch
USING_UFW=0
IPv4dev=eth0
dhcpReserv=1
IPv4addr=10.10.70.10/24
IPv4gw=10.10.70.254
install_user=pi
install_home=/home/pi
VPN=openvpn
pivpnPROTO=udp
pivpnPORT=50552
pivpnDNS1=8.8.8.8
pivpnDNS2=8.8.4.4
pivpnSEARCHDOMAIN=
pivpnHOST=REDACTED
TWO_POINT_FOUR=1
pivpnENCRYPT=256
USE_PREDEFINED_DH_PARAM=0
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
pivpnDEV=tun0
pivpnNET=10.8.0.0
subnetClass=24
ALLOWED_IPS=""
UNATTUPG=0
INSTALLED_PACKAGES=(grepcidr expect)
=============================================
::::  [4mServer configuration shown below[0m   ::::
dev tun
proto udp
port 50552
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/ANY_1c949ee6-91f4-4cca-b472-e7d82dae1b44.crt
key /etc/openvpn/easy-rsa/pki/private/ANY_1c949ee6-91f4-4cca-b472-e7d82dae1b44.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.3.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 8.8.8.8"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
push "route 192.168.15.1 255.255.255.0"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device. 
#duplicate-cn
# Generated for use by PiVPN.io
tun-mtu 1400
mssfix 1360
=============================================
::::  [4mClient template file shown below[0m   ::::
client
dev tun
proto udp
remote REDACTED 50552
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name ANY_1c949ee6-91f4-4cca-b472-e7d82dae1b44 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
=============================================
::::    [4mRecursive list of files in[0m   ::::
::: [4m/etc/openvpn/easy-rsa/pki shows below[0m :::
/etc/openvpn/easy-rsa/pki/:
Default.txt
ca.crt
crl.pem
ecparams
index.txt
index.txt.attr
index.txt.attr.old
index.txt.old
issued
openssl-easyrsa.cnf
private
renewed
revoked
safessl-easyrsa.cnf
serial
serial.old
ta.key
/etc/openvpn/easy-rsa/pki/ecparams:
prime256v1.pem
/etc/openvpn/easy-rsa/pki/issued:
ANY_1c949ee6-91f4-4cca-b472-e7d82dae1b44.crt
/etc/openvpn/easy-rsa/pki/private:
ANY_1c949ee6-91f4-4cca-b472-e7d82dae1b44.key
ca.key
/etc/openvpn/easy-rsa/pki/renewed:
private_by_serial
reqs_by_serial
/etc/openvpn/easy-rsa/pki/renewed/private_by_serial:
/etc/openvpn/easy-rsa/pki/renewed/reqs_by_serial:
/etc/openvpn/easy-rsa/pki/revoked:
private_by_serial
reqs_by_serial
/etc/openvpn/easy-rsa/pki/revoked/private_by_serial:
/etc/openvpn/easy-rsa/pki/revoked/reqs_by_serial:
=============================================
::::        [4mSelf check[0m       ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] OpenVPN is running
:: [OK] OpenVPN is enabled (it will automatically start on reboot)
:: [OK] OpenVPN is listening on port 50552/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: [1mhttps://docs.pivpn.io/faq[0m
=============================================
::::      [4mSnippet of the server log[0m      ::::
Aug 21 11:16:40 ANY ovpn-server[488]: ECDH curve prime256v1 added
Aug 21 11:16:40 ANY ovpn-server[488]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Aug 21 11:16:40 ANY ovpn-server[488]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Aug 21 11:16:40 ANY ovpn-server[488]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Aug 21 11:16:40 ANY ovpn-server[488]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Aug 21 11:16:40 ANY ovpn-server[488]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Aug 21 11:16:40 ANY ovpn-server[488]: TUN/TAP device tun0 opened
Aug 21 11:16:40 ANY ovpn-server[488]: TUN/TAP TX queue length set to 100
Aug 21 11:16:40 ANY ovpn-server[488]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Aug 21 11:16:40 ANY ovpn-server[488]: /sbin/ip link set dev tun0 up mtu 1400
Aug 21 11:16:40 ANY ovpn-server[488]: /sbin/ip addr add dev tun0 10.3.0.1/24 broadcast 10.3.0.255
Aug 21 11:16:40 ANY ovpn-server[488]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Aug 21 11:16:40 ANY ovpn-server[488]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Aug 21 11:16:40 ANY ovpn-server[488]: UDPv4 link local (bound): [AF_INET][undef]:50552
Aug 21 11:16:40 ANY ovpn-server[488]: UDPv4 link remote: [AF_UNSPEC]
Aug 21 11:16:40 ANY ovpn-server[488]: GID set to openvpn
Aug 21 11:16:40 ANY ovpn-server[488]: UID set to openvpn
Aug 21 11:16:40 ANY ovpn-server[488]: MULTI: multi_init called, r=256 v=256
Aug 21 11:16:40 ANY ovpn-server[488]: IFCONFIG POOL: base=10.3.0.2 size=252, ipv6=0
Aug 21 11:16:40 ANY ovpn-server[488]: Initialization Sequence Completed
=============================================
::::        [4mDebug complete[0m       ::::
::: 
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
:::

运行cat /proc/sys/net/ipv4/ip_forward使1使能转发。

我已经运行命令sudo iptables -t nat -A POSTROUTING -s 10.3.0.0/24 -o eth0 -j MASQUERADE仍然不工作。

请注意，我已经将ip从10.8.0.0更改为10.3.0.0，仍然不能同时工作。

我的openvpn版本是openvpn 2.4.0

一切看起来都很好。我建议你在官方网站重新安装pivpn

另外，在安装时选择公共dns并输入任何公共dns，您似乎正在使用您的ip。

重新安装和重启后，运行命令sudo iptables -t nat -A POSTROUTING -s 10.3.0.0/24 -o eth0 -j MASQUERADE

另外，最重要的是，即使VPN工作，使用ping 1.1.1.1 -I tun0也不会工作，所以停止使用它并使用实际连接。

您可能需要创建一个运行sudo iptables -t nat -A POSTROUTING -s 10.3.0.0/24 -o eth0 -j MASQUERADE

命令的启动脚本

相关内容

最新更新

热门标签：