連接到 VPN (OpenVPN) 後，VPS 無法訪問

我有兩台虛擬專用伺服器，我想讓它們使用 OpenVPN 在一個網路中工作。它們都是 Debian 機器。

伺服器設置：

port 11194
proto udp6 # I know using udp6 instead of udp here is unnecessary
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 3

客戶端設置：

client
port 11194
remote 86.xx.xx.190
cipher AES-128-CBC
dev tap
proto udp
nobind
auth-nocache
persist-key
persist-tun
verb 2
comp-lzo
keysize 128
key-direction 1
log-append openvpn.log
<ca>
[ca here]
</ca>
<cert>
[cert here]
</cert>
<key>
[key here]
</key>

我可以毫無問題地連接到 Windows 客戶端上的伺服器，連接工作得很好。但是，當我嘗試通過輔助 VPS 連接時：

openvpn --config /path/to/cfg.ovpn

ssh 會話結束，整個伺服器無法訪問，並且在其公共 IP 地址上不再可用。然後我必須通過我的雲管理面板進行強制重啟以停止不良連接。我在這裡做錯了什麼？

這是來自客戶端的日誌文件：

Fri May  5 09:48:52 2017 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Fri May  5 09:48:52 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Fri May  5 09:48:52 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May  5 09:48:52 2017 UDPv4 link local: [undef]
Fri May  5 09:48:52 2017 UDPv4 link remote: [AF_INET]86.xx.xx.190:11194
Fri May  5 09:48:53 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Fri May  5 09:48:53 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Fri May  5 09:48:53 2017 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 0'
Fri May  5 09:48:53 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:48:53 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:48:53 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:48:53 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:48:53 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri May  5 09:48:53 2017 [server] Peer Connection Initiated with [AF_INET]86.xx.xx.190:11194
Fri May  5 09:48:55 2017 TUN/TAP device tap0 opened
Fri May  5 09:48:55 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May  5 09:48:55 2017 /sbin/ip link set dev tap0 up mtu 1500
Fri May  5 09:48:55 2017 /sbin/ip addr add dev tap0 10.8.0.4/24 broadcast 10.8.0.255
Fri May  5 09:48:55 2017 Initialization Sequence Completed
Fri May  5 09:49:17 2017 event_wait : Interrupted system call (code=4)
Fri May  5 09:49:17 2017 Closing TUN/TAP interface
Fri May  5 09:49:17 2017 /sbin/ip addr del dev tap0 10.8.0.4/24
Fri May  5 09:49:17 2017 SIGHUP[hard,] received, process restarting
Fri May  5 09:49:17 2017 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Fri May  5 09:49:17 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Fri May  5 09:49:19 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May  5 09:49:19 2017 UDPv4 link local: [undef]
Fri May  5 09:49:19 2017 UDPv4 link remote: [AF_INET]86.xx.xx.190:11194
Fri May  5 09:49:19 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Fri May  5 09:49:19 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Fri May  5 09:49:20 2017 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 0'
Fri May  5 09:49:20 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:49:20 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:49:20 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri May  5 09:49:20 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May  5 09:49:20 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri May  5 09:49:20 2017 [server] Peer Connection Initiated with [AF_INET]86.xx.xx.190:11194
Fri May  5 09:49:22 2017 TUN/TAP device tap0 opened
Fri May  5 09:49:22 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May  5 09:49:22 2017 /sbin/ip link set dev tap0 up mtu 1500
Fri May  5 09:49:22 2017 /sbin/ip addr add dev tap0 10.8.0.4/24 broadcast 10.8.0.255
Fri May  5 09:49:22 2017 Initialization Sequence Completed

從配置中刪除參數

push "redirect-gateway def1"

此參數通過 VPN 隧道重定向所有流量

引用自：https://unix.stackexchange.com/questions/363188