標題: routeros openvpn 問題 [打印本頁]

---

作者: vpnuser    時間: 2018-6-23 01:48     標題: routeros openvpn 問題

我setup 了openvpn
手機可以正常成功連接

用電腦可以連接到
但traffic 都不會經VPN gateway出去...手機就沒有這個問題

route print [attach]4128[/attach]

client config

1. client
   
2. # this is a layer 3 (IP) VPN
   
3. dev tun
   
4. #dev tap
   
5. 
   
6. # Mikrotik only supports TCP at the moment
   
7. proto tcp
   
8. 
   
9. # put your VPN Server's routable (WAN or Internet-accessible) IP address here
   
10. remote XXXXXX.XXX.net 443
    
11. 
    
12. resolv-retry infinite
    
13. nobind
    
14. 
    
15. # Mikrotik does not support link compression at the moment
    
16. #comp-lzo
    
17. 
    
18. persist-key
    
19. persist-tun
    
20. #mute-replay-warnings
    
21. 
    
22. 
    
23. remote-cert-tls server
    
24. 
    
25. 
    
26. #cipher BF-CBC
    
27. #cipher AES-128-CBC
    
28. #cipher AES-192-CBC
    
29. cipher AES-256-CBC
    
30. 
    
31. #auth MD5
    
32. auth SHA1
    
33. 
    
34. # Mikrotik's PPP server requires username/password authentication
    
35. # at the moment and it uses this in conjunction with both client and
    
36. # server-side x.509v3 certificate authentication
    
37. auth-user-pass
    
38. 
    
39. # domain name for home LAN
    
40. #dhcp-option DOMAIN mydomain.tld
    
41. 
    
42. # DNS server (replace with your own)
    
43. #dhcp-option DNS 192.168.2.1
    
44. 
    
45. 
    
46. # SMB WINS name server if you have one
    
47. #dhcp-option WINS 10.0.0.1
    
48. 
    
49. # route to multiple networks
    
50. #push "route 10.0.0.0 255.0.0.0"
    
51. #push "route 192.168.0.0 255.255.0.0"
    
52. redirect-gateway def1
    
53. 
    
54. 
    
55. #redirect-gateway def1
    
56. #redirect-gateway def1
    
57. #route 0.0.0.0 0.0.0.0 192.168.2.1
    
58. #route 10.0.0.0 255.255.255.0
    
59. 
    
60. 
    
61. # Mikrotik accepts a CA cert
    
62. <ca>
    
63. -----BEGIN CERTIFICATE-----
    
64. XXXXXXXXXXXXXXXX
    
65. -----END CERTIFICATE-----
    
66. </ca>
    
67. 
    
68. # Mikrotik expects a VPN Client Certificate
    
69. <cert>
    
70. -----BEGIN CERTIFICATE-----
    
71. XXXXXXXXXXXXXXX
    
72. -----END CERTIFICATE-----
    
73. </cert>
    
74. 
    
75. # OpenVPN Client needs the VPN Client Private Key to decrypt
    
76. # info sent by the server during the SSL/TLS handshake
    
77. <key>
    
78. -----BEGIN RSA PRIVATE KEY-----
    
79. XXXXXXXXXXXXXXXX
    
80. -----END RSA PRIVATE KEY-----
    
81. </key>
    
82. 
    
83. # OpenVPN client debug log verbosity
    
84. verb 6

複製代碼

---

作者: vpnuser    時間: 2018-6-24 14:03

有沒有高手有相同情況

---

作者: tomleehk    時間: 2018-6-24 16:08

本帖最後由 tomleehk 於 2018-6-24 16:46 編輯

我唔識RouterOS, 亦無玩OpenVPN多年
睇吓以下有無用

https://www1.thesolarsystems.net/?p=456
一般採用push redirect-gateway或push redirect-gateway local def1就可以指定把所有流量導入vpn接口，但有時候採用無線網路或其他網路會更改WAN時無效，所以可以加入route指令強迫將default gateway轉入。

文中192.168.89.1要根據你OpenVPN virtual LAN segment 修收

---

歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/)

Powered by Discuz! 7.2