我想知道我将如何继续为正在创建的每个 vm 分配一个公共 ipv4。
设置:使用 libvirt 和 kvm 在 CentOS8 上具有 3 个 IP 的主机服务器使用 eth0 作为接口虚拟化 Bridge br0。
经过大量的试验和错误后,我设法通过使用网桥并将 IP 地址分配给来宾操作系统网络文件的接口来手动完成。
虽然我希望这将是自动的,考虑到如果我现在重新安装操作系统,它将回到没有 IP 地址和 id 必须连接到访客并每次手动编辑网络文件中的 ipv4 地址。我怎样才能避免这种情况?
目标:每个 IPv4 都被硬锁定到虚拟机,并且无论操作系统是否重新安装都将保留。
可选目标:如果主机操作系统中的任何 IPv4 未被使用,则应将其分配给下一个创建的 VM。
我每次都必须编写自己的软件来执行此操作还是有更简单的方法?
(对不起我的基本问题,但我没有人问)
在同一网络内转发/传递 VLAN 数据包的路由器/智能交换机是否需要从该给定 VLAN 分配 IP 来转发数据包(通过 TRUNK 端口),或者它们只需要来自管理 VLAN 的一个 IP,以便管理员可以从该单个 VLAN 访问它们?
在“ wireshark ”网络时,您可能会遇到看起来像
THIS
eth.src的数据包eth.dst(主要是白色)。有时Wireshark识别协议LLC、NDP等。但有时它只是0x000或0x0de。所以你知道发件人的MAC地址,但不知道IP地址。
我的问题是 1:如何将它的 MAC 地址链接到某个 IP?在我的脑海中只是nmap -sn所有子网然后文本搜索MAC......但也许有更聪明的方法或工具。我尝试使用arping,但似乎不是为了这个目的。问题 2:让我们假设一个帧来自另一个子网或 VLAN(有可能吗?可能在一个配置错误的网络中?如果不是为什么?) - 我们还有机会与设备协商并以某种方式发现它的 IP 吗?
谢谢你。
我们有一个带有以下 server.conf 的 OpenVPN 服务器:
local x.x.x.x
port 1194
proto tcp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
client-config-dir /etc/openvpn/ccd
client-to-client
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
我们还在 AWS 中有一个运行 OpenVPN 客户端的 Linux 实例,我们通过将具有客户端通用名称的文件添加到/etc/openvpn/ccd具有以下内容的 OpenVPN 服务器目录中,成功为其分配了静态 IP 地址 10.8.0.2:
ifconfig-push 10.8.0.2 255.255.0.0
现在我们想用 Windows Server 2019 实例替换该 Linux 实例,并为其提供相同的 10.8.0.2 静态 IP 地址。所以我们做了以下事情:
/etc/openvpn/server/easy-rsa/pki/index.txt从 OpenVPN 服务器的文件中删除了 Linux 客户端/etc/openvpn/server/easy-rsa/pki/revoked/certs_by_serial从 OpenVPN 服务器的目录中删除了 Linux 客户端的证书/etc/openvpn/ccd目录中的 Linux 客户端文件/etc/openvpn/server/ipp.txt文件(因为它与 Linux 客户端关联了 10.8.0.2)/etc/openvpn/ccd目录中为 Windows Server 2019 实例添加了一个新文件ifconfig-push 10.8.0.2 255.255.0.0Windows Server 2019 实例具有以下 OpenVPN 客户端配置文件:
client
dev tap
proto tcp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
当我们在 Windows Server 2019 实例上启动 OpenVPN 客户端时,OpenVPN 客户端日志文件中会显示以下内容:
Wed Jul 14 01:15:02 2021 [server] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Wed Jul 14 01:15:03 2021 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Jul 14 01:15:03 2021 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.0.0,peer-id 0,cipher AES-256-GCM'
Wed Jul 14 01:15:03 2021 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul 14 01:15:03 2021 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jul 14 01:15:03 2021 OPTIONS IMPORT: route-related options modified
Wed Jul 14 01:15:03 2021 OPTIONS IMPORT: peer-id set
Wed Jul 14 01:15:03 2021 OPTIONS IMPORT: adjusting link_mtu to 1658
Wed Jul 14 01:15:03 2021 OPTIONS IMPORT: data channel crypto options modified
Wed Jul 14 01:15:03 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Jul 14 01:15:03 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jul 14 01:15:03 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jul 14 01:15:03 2021 interactive service msg_channel=0
Wed Jul 14 01:15:03 2021 open_tun
Wed Jul 14 01:15:03 2021 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{526EF9D3-DC84-41B0-B139-F1D4BAEFBF4F}.tap
Wed Jul 14 01:15:03 2021 TAP-Windows Driver Version 9.24
Wed Jul 14 01:15:03 2021 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.0.0 on interface {526EF9D3-DC84-41B0-B139-F1D4BAEFBF4F} [DHCP-serv: 10.8.0.0, lease-time: 31536000]
Wed Jul 14 01:15:03 2021 Successful ARP Flush on interface [11] {526EF9D3-DC84-41B0-B139-F1D4BAEFBF4F}
Wed Jul 14 01:15:03 2021 Block_DNS: WFP engine opened
Wed Jul 14 01:15:03 2021 Block_DNS: Using existing sublayer
Wed Jul 14 01:15:03 2021 Block_DNS: Added permit filters for exe_path
Wed Jul 14 01:15:03 2021 Block_DNS: Added block filters for all interfaces
Wed Jul 14 01:15:03 2021 Block_DNS: Added permit filters for TAP interface
Wed Jul 14 01:15:08 2021 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Wed Jul 14 01:15:08 2021 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 14 01:15:13 2021 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Wed Jul 14 01:15:13 2021 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 14 01:15:14 2021 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Wed Jul 14 01:15:14 2021 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 14 01:15:15 2021 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Wed Jul 14 01:15:15 2021 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 14 01:15:16 2021 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Wed Jul 14 01:15:16 2021 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 14 01:15:17 2021 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Wed Jul 14 01:15:17 2021 Route: Waiting for TUN/TAP interface to come up...
Wed Jul 14 01:15:18 2021 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Wed Jul 14 01:15:18 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jul 14 01:15:18 2021 Initialization Sequence Completed
如您所见,Windows Server 2019 实例上的 OpenVPN 客户端正在从 OpenVPN 服务器接收 10.8.0.2 IP 地址。但是,我ipconfig在命令行窗口中反复运行,并且每隔 15 秒就会看到以下情况:
然后我决定看看如果我尝试为 Windows Server 2019 提供一个以前从未使用过的不同静态 IP 地址会发生什么。我修改了 OpenVPN 服务器/etc/openvpn/ccd目录中的 Windows Server 2019 文件,为其提供了一个静态 IP 地址 10.8.0.11:
ifconfig-push 10.8.0.11 255.255.0.0
然后我在 Windows Server 2019 实例上重新启动了 OpenVPN 客户端,它可以工作了!客户端成功使用了 10.8.0.11 IP 地址,并且完全没有丢失它。
那么,为什么 Windows Server 2019 实例一直丢失 10.8.0.2 的地址,这个地址之前被 Linux 客户端使用过呢?从我上面列出的步骤中可以看出,我从 OpenVPN 服务器上撤销了 Linux 客户端,并删除了我在 OpenVPN 服务器上可以找到的 Linux 客户端通用名称的所有痕迹。
我们希望 Windows Server 2019 实例使用 10.8.0.2 地址,因为我们已经编写了脚本,假设 10.8.0.2 将是静态 IP,并将这些脚本发送给第三方。如果可能的话,坚持使用 10.8.0.2 会更容易。
更新:
几天没看Windows Server 2019实例,现在又看了一遍。令人惊讶的是,它的 IP 地址为 10.8.0.2,而且从未消失。一切都按预期工作。我不知道为什么,因为我没有改变任何东西。
所以我在 Windows Server 2019 实例上重新启动了 OpenVPN 客户端,看看会发生什么,现在又回到了获取 169.254.xx 地址然后每 15 秒获取和丢失 10.8.0.2 地址的行为。
假设,我想允许访问我的项目的 IP 位于 192.168.1.1 和 192.168.1.40 之间。
Nginx 示例:
stream {
#...
server {
listen 12345;
deny 192.168.1.2;
allow 192.168.1.1/24;
allow 2001:0db8::/32;
deny all;
}
}
我必须分别允许每个 IP,或者是否有任何技术可以访问给定范围内的 IP?
在 Azure 中,如果我要部署一个虚拟机,它将“开箱即用”具有出站 Internet 连接。对于此虚拟机的出站连接,假设公共 IP 将是Azure IP 范围和服务标签 - 公共云之一是否正确?
如果我查看公共 IP 地址文档,它会说明以下内容(加强了上述声明):
没有分配公共 IP 的资源可以进行出站通信。Azure 动态分配一个不专用于资源的可用 IP 地址。
所以理论上,如果我创建 100 个虚拟机,这些虚拟机中的一些(或全部?)可能会获得相同的出站 IP 地址?有什么方法可以确保为所有这 100 台虚拟机分配一个唯一的出站 IP 地址?这样,当他们访问 Web 服务时,就可以通过其唯一的 IP 地址来识别他们。
感谢您的意见。
我已经为上述问题苦苦挣扎了无数小时,并且无法在此站点或任何其他站点上找到有关该行为的解释。可能是我使用了错误的查询。这是我关于堆栈溢出的第一个问题,所以请温柔;)
我正在使用的设置:
我的路由器后面有一个服务器(具有内部 IP 192.168.2.254),并使用端口转发将公共端口 80 和 443 转发到我的(ubuntu)服务器。我可以通过输入其公共 IP(例如 80.81.82.83)或转到 A 记录包含相同公共 IP 的域(例如 example.org)或输入其内部 IP(例如 192.168.2.1)来访问该服务器) 在同一网络上时。我在该服务器上使用 NGINX 作为反向代理,将请求委托给同一服务器上的相应(Web)应用程序。路由器是我从互联网提供商处获得的标准路由器。
我有两个客户端连接到该服务器,客户端 A与服务器位于同一网络(例如 192.168.2.2),而客户端 B不在同一网络上,而是在世界其他任何地方(例如 90.91.92.93)。
当我与客户端 B(即不在同一网络上)连接到我的服务器(使用公共 IP 或域名)并检查客户端 IP(即 $remote_addr)的 NGINX 访问日志时,正确/预期的 IP 地址显示:90.91.92.93。
现在我不明白的部分:
当我使用服务器的内部 IP(192.168.2.1)将客户端 A(与服务器相同的网络)连接到服务器时,访问日志显示来自客户端的正确/预期 IP 地址:192.168.2.2。但是当我使用公共 IP 地址或域名从同一个客户端连接到服务器时,NGINX 访问日志显示来自路由器的 IP 地址:192.168.2.254。
为什么会这样?这样我就无法记录(并采取行动)哪些内部客户端连接到服务器。
为什么不能从 IIS 10 IP 地址和域限制授予我的内部 IP 地址访问权限?
背景故事:
我已经实现了 IIS 10 的 IP 地址和域限制,以阻止对一个特定网站的访问,除了一组授权的 IP 地址。几个星期以来,我已经在该集中包含了几个内部 IP 地址和子网。昨天我对我的设置/列表进行了更改,以添加更多客户 IP 地址。我还将我的 10.10.1.x IP 地址更改为单个 10.10.1.0 子网地址。今天早上,我收到老板发来的一条短信,询问为什么一位同事在尝试访问相关网站时会收到 403 禁止响应。他在本地网络上,我有一个 192.168.1.0 的子网地址,应该授予他访问权限。我尝试删除并重新添加子网地址。我尝试使用 IP 地址范围(192.168.1.1 - 192.168.1.254)。我什至尝试了我们的外部公共 IP 地址。还没有任何效果。奇怪的是,所有其他 IP 地址似乎都在工作。我在家工作,所以我使用我的公共 IP 地址进行测试。
所以,说了这么多,你对可能发生的事情有任何想法吗?似乎这只会影响内部网络地址。
我按照如何在 Ubuntu 20.04 上设置和配置 OpenVPN 服务器来设置 OpenVPN 服务器。我注意到,当任何客户端连接到 OpenVPN 服务器时,它们每个都获得相同的 IP 地址:10.8.0.6.
在/etc/openvpn/server/server.conf中,我有这些设置,以便它可以在中分配 IP 地址10.8.0.X。
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0
在 ubuntu 客户端中:
askar@ubuntu:~$ ifconfig
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.11.23 netmask 255.255.255.0 broadcast 192.168.11.255
inet6 240b:11:8a62:bc10:f64d:30ff:fe6c:7f6c prefixlen 64 scopeid 0x0<global>
inet6 fe80::f64d:30ff:fe6c:7f6c prefixlen 64 scopeid 0x20<link>
ether f4:4d:30:6c:7f:6c txqueuelen 1000 (Ethernet)
RX packets 8323 bytes 1066513 (1.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6078 bytes 957451 (957.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xdf100000-df120000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 92 bytes 6838 (6.8 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 92 bytes 6838 (6.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.6 netmask 255.255.255.255 destination 10.8.0.5
inet6 fe80::2fa0:961f:7ba8:c04c prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 144 (144.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
在我的 Mac PC 上:
~ ifconfig ok 00:08:23
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
ether ac:87:a3:3b:d2:32
inet6 fe80::1043:7119:8f77:8977%en0 prefixlen 64 secured scopeid 0x4
inet 192.168.11.2 netmask 0xffffff00 broadcast 192.168.11.255
inet6 240b:11:8a62:bc10:1421:50dd:7a2:7e21 prefixlen 64 autoconf secured
inet6 240b:11:8a62:bc10:31ac:632d:c084:ae98 prefixlen 64 autoconf temporary
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether ac:29:3a:96:06:8d
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (<unknown type>)
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 82:11:02:40:01:80
media: autoselect <full-duplex>
status: inactive
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 82:11:02:40:01:81
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 82:11:02:40:01:80
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
member: en3 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 7 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304
options=400<CHANNEL_IO>
ether 0e:29:3a:96:06:8d
media: autoselect
status: inactive
awdl0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1484
options=400<CHANNEL_IO>
ether 26:a4:4e:7d:9d:c5
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: inactive
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 26:a4:4e:7d:9d:c5
nd6 options=201<PERFORMNUD,DAD>
ham0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1404
ether 7a:79:00:00:00:00
open (pid 93)
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::1c90:674b:fb2:43af%utun0 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::40a2:3ba4:1052:11a7%utun1 prefixlen 64 scopeid 0xe
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::b950:55ea:84f4:8c39%utun2 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::c30a:1bc7:4681:81ee%utun3 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff
106.73.138.98是我用https://whatismyipaddress.com/检查的 IP 地址
Ubuntu、Mac OS 和 iPhone 落后106.73.138.98,由本地 ISP 分配。
/var/log/syslog当 3 个客户端同时连接时:
Feb 24 15:27:47 openvpn openvpn[590]: 106.73.138.98:35783 TLS: Initial packet from [AF_INET]106.73.138.98:35783, sid=0822333e 11f09c9c
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 VERIFY OK: depth=1, CN=Easy-RSA CA
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 VERIFY OK: depth=0, CN=client1
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_VER=2.4.9
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_PLAT=mac
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_PROTO=2
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_NCP=2
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_LZ4=1
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_LZ4v2=1
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_LZO=1
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_COMP_STUB=1
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_COMP_STUBv2=1
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_TCPNL=1
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5601_3.8.4a__build_5601)"
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 384 bit EC, curve: secp384r1
Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 [client1] Peer Connection Initiated with [AF_INET]106.73.138.98:35783
Feb 24 15:27:48 openvpn openvpn[590]: MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Feb 24 15:27:48 openvpn openvpn[590]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Feb 24 15:27:48 openvpn openvpn[590]: MULTI: Learn: 10.8.0.6 -> client1/106.73.138.98:35783
Feb 24 15:27:48 openvpn openvpn[590]: MULTI: primary virtual IP for client1/106.73.138.98:35783: 10.8.0.6
Feb 24 15:27:49 openvpn openvpn[590]: client1/106.73.138.98:35783 PUSH: Received control message: 'PUSH_REQUEST'
Feb 24 15:27:49 openvpn openvpn[590]: client1/106.73.138.98:35783 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 1,cipher AES-256-GCM' (status=1)
Feb 24 15:27:49 openvpn openvpn[590]: client1/106.73.138.98:35783 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Feb 24 15:27:49 openvpn openvpn[590]: client1/106.73.138.98:35783 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 TLS: Initial packet from [AF_INET]106.73.138.98:39883, sid=b85cdfeb 0c4565bb
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 VERIFY OK: depth=1, CN=Easy-RSA CA
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 VERIFY OK: depth=0, CN=client1
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_VER=2.4.7
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_PLAT=linux
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_PROTO=2
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_NCP=2
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_LZ4=1
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_LZ4v2=1
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_LZO=1
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_COMP_STUB=1
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_COMP_STUBv2=1
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_TCPNL=1
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 384 bit EC, curve: secp384r1
Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 [client1] Peer Connection Initiated with [AF_INET]106.73.138.98:39883
Feb 24 15:27:55 openvpn openvpn[590]: MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Feb 24 15:27:55 openvpn openvpn[590]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Feb 24 15:27:55 openvpn openvpn[590]: MULTI: Learn: 10.8.0.6 -> client1/106.73.138.98:39883
Feb 24 15:27:55 openvpn openvpn[590]: MULTI: primary virtual IP for client1/106.73.138.98:39883: 10.8.0.6
Feb 24 15:27:56 openvpn openvpn[590]: client1/106.73.138.98:39883 PUSH: Received control message: 'PUSH_REQUEST'
Feb 24 15:27:56 openvpn openvpn[590]: client1/106.73.138.98:39883 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Feb 24 15:27:56 openvpn openvpn[590]: client1/106.73.138.98:39883 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Feb 24 15:27:56 openvpn openvpn[590]: client1/106.73.138.98:39883 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 TLS: Initial packet from [AF_INET]106.73.138.98:43971, sid=41f8d815 33e079cb
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 VERIFY OK: depth=1, CN=Easy-RSA CA
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 VERIFY OK: depth=0, CN=client1
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_VER=3.git::58b92569
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_PLAT=ios
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_NCP=2
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_TCPNL=1
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_PROTO=2
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_AUTO_SESS=1
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_SSO=openurl
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1521'
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 384 bit EC, curve: secp384r1
Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 [client1] Peer Connection Initiated with [AF_INET]106.73.138.98:43971
Feb 24 15:28:06 openvpn openvpn[590]: MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Feb 24 15:28:06 openvpn openvpn[590]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Feb 24 15:28:06 openvpn openvpn[590]: MULTI: Learn: 10.8.0.6 -> client1/106.73.138.98:43971
Feb 24 15:28:06 openvpn openvpn[590]: MULTI: primary virtual IP for client1/106.73.138.98:43971: 10.8.0.6
Feb 24 15:28:06 openvpn openvpn[590]: client1/106.73.138.98:43971 PUSH: Received control message: 'PUSH_REQUEST'
Feb 24 15:28:06 openvpn openvpn[590]: client1/106.73.138.98:43971 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 1,cipher AES-256-GCM' (status=1)
Feb 24 15:28:06 openvpn openvpn[590]: client1/106.73.138.98:43971 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Feb 24 15:28:06 openvpn openvpn[590]: client1/106.73.138.98:43971 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Feb 24 15:28:12 openvpn openvpn[590]: AEAD Decrypt error: cipher final failed
Feb 24 15:28:22 openvpn openvpn[590]: AEAD Decrypt error: cipher final failed
当我的网站被特定 IP 地址访问时,如何取消设置单个/多个 HTTP 标头?因为我的 CSP 配置阻止了一些本地页面正确加载。例如,如果我有 phpMyAdmin,但由于设置了 CSP,我无法在本地使用它。