routeros openvpn 問題
我setup 了openvpn手機可以正常成功連接
用電腦可以連接到
但traffic 都不會經VPN gateway出去...手機就沒有這個問題
route print [attach]4128[/attach]
client config[code]client
# this is a layer 3 (IP) VPN
dev tun
#dev tap
# Mikrotik only supports TCP at the moment
proto tcp
# put your VPN Server's routable (WAN or Internet-accessible) IP address here
remote XXXXXX.XXX.net 443
resolv-retry infinite
nobind
# Mikrotik does not support link compression at the moment
#comp-lzo
persist-key
persist-tun
#mute-replay-warnings
remote-cert-tls server
#cipher BF-CBC
#cipher AES-128-CBC
#cipher AES-192-CBC
cipher AES-256-CBC
#auth MD5
auth SHA1
# Mikrotik's PPP server requires username/password authentication
# at the moment and it uses this in conjunction with both client and
# server-side x.509v3 certificate authentication
auth-user-pass
# domain name for home LAN
#dhcp-option DOMAIN mydomain.tld
# DNS server (replace with your own)
#dhcp-option DNS 192.168.2.1
# SMB WINS name server if you have one
#dhcp-option WINS 10.0.0.1
# route to multiple networks
#push "route 10.0.0.0 255.0.0.0"
#push "route 192.168.0.0 255.255.0.0"
redirect-gateway def1
#redirect-gateway def1
#redirect-gateway def1
#route 0.0.0.0 0.0.0.0 192.168.2.1
#route 10.0.0.0 255.255.255.0
# Mikrotik accepts a CA cert
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
# Mikrotik expects a VPN Client Certificate
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
# OpenVPN Client needs the VPN Client Private Key to decrypt
# info sent by the server during the SSL/TLS handshake
<key>
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
</key>
# OpenVPN client debug log verbosity
verb 6[/code] 有沒有高手有相同情況 [i=s] 本帖最後由 tomleehk 於 2018-6-24 16:46 編輯 [/i]
我唔識RouterOS, 亦無玩OpenVPN多年
睇吓以下有無用
[i][color=RoyalBlue]
[url]https://www1.thesolarsystems.net/?p=456[/url]
一般採用push redirect-gateway或push redirect-gateway local def1就可以指定把所有流量導入vpn接口,但有時候採用無線網路或其他網路會更改WAN時無效,所以可以加入route指令強迫將default gateway轉入。[/color][/i]
文中192.168.89.1要根據你OpenVPN virtual LAN segment 修收
頁:
[1]