返回列表 發帖
vpnuser

Rank: 1
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2018-6-23 01:48 | 只看該作者

routeros openvpn 問題

我setup 了openvpn
手機可以正常成功連接

用電腦可以連接到
但traffic 都不會經VPN gateway出去...手機就沒有這個問題

route print

client config
  1. client
  2. # this is a layer 3 (IP) VPN
  3. dev tun
  4. #dev tap

  6. # Mikrotik only supports TCP at the moment
  7. proto tcp

  9. # put your VPN Server's routable (WAN or Internet-accessible) IP address here
  10. remote XXXXXX.XXX.net 443

  12. resolv-retry infinite
  13. nobind

  15. # Mikrotik does not support link compression at the moment
  16. #comp-lzo

  18. persist-key
  19. persist-tun
  20. #mute-replay-warnings


  23. remote-cert-tls server


  26. #cipher BF-CBC
  27. #cipher AES-128-CBC
  28. #cipher AES-192-CBC
  29. cipher AES-256-CBC

  31. #auth MD5
  32. auth SHA1

  34. # Mikrotik's PPP server requires username/password authentication
  35. # at the moment and it uses this in conjunction with both client and
  36. # server-side x.509v3 certificate authentication
  37. auth-user-pass

  39. # domain name for home LAN
  40. #dhcp-option DOMAIN mydomain.tld

  42. # DNS server (replace with your own)
  43. #dhcp-option DNS 192.168.2.1


  46. # SMB WINS name server if you have one
  47. #dhcp-option WINS 10.0.0.1

  49. # route to multiple networks
  50. #push "route 10.0.0.0 255.0.0.0"
  51. #push "route 192.168.0.0 255.255.0.0"
  52. redirect-gateway def1


  55. #redirect-gateway def1
  56. #redirect-gateway def1
  57. #route 0.0.0.0 0.0.0.0 192.168.2.1
  58. #route 10.0.0.0 255.255.255.0


  61. # Mikrotik accepts a CA cert
  62. <ca>
  63. -----BEGIN CERTIFICATE-----
  64. XXXXXXXXXXXXXXXX
  65. -----END CERTIFICATE-----
  66. </ca>

  68. # Mikrotik expects a VPN Client Certificate
  69. <cert>
  70. -----BEGIN CERTIFICATE-----
  71. XXXXXXXXXXXXXXX
  72. -----END CERTIFICATE-----
  73. </cert>

  75. # OpenVPN Client needs the VPN Client Private Key to decrypt
  76. # info sent by the server during the SSL/TLS handshake
  77. <key>
  78. -----BEGIN RSA PRIVATE KEY-----
  79. XXXXXXXXXXXXXXXX
  80. -----END RSA PRIVATE KEY-----
  81. </key>

  83. # OpenVPN client debug log verbosity
  84. verb 6
複製代碼
附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊
收藏 分享

vpnuser

Rank: 1
2#
發表於 2018-6-24 14:03 | 只看該作者
有沒有高手有相同情況

TOP

tomleehk

Rank: 1
3#
發表於 2018-6-24 16:08 | 只看該作者
本帖最後由 tomleehk 於 2018-6-24 16:46 編輯

我唔識RouterOS, 亦無玩OpenVPN多年
睇吓以下有無用

https://www1.thesolarsystems.net/?p=456
一般採用push redirect-gateway或push redirect-gateway local def1就可以指定把所有流量導入vpn接口,但有時候採用無線網路或其他網路會更改WAN時無效,所以可以加入route指令強迫將default gateway轉入。

文中192.168.89.1要根據你OpenVPN virtual LAN segment 修收

TOP

返回列表