Two days ago, hivefans built an openvpn server on a server in the cluster because of the inconvenience caused by the cluster's network segment. If you have encountered some problems, record them.
He only built an openvpn and did not install ovpn on other servers in the cluster. He wanted to route the Intranet network segment of the cluster through ovpn, the company can access the Intranet address of the cluster in the external data center. The cluster's intranet address is 192.168.1.0 mask 255.255.0.0, The ovpn server address is 10.8.8.0 mask 255.255.255 .. 0, and the company's intranet address is 192.168.205.0 mask 255.255.255.0. The problem is as follows.
Data Center
Intranet: 192.168.1.73 ovpn: 10.8.8.1 host
Intranet: 192.168.1.74 no ovpn host B
Your computer
Intranet: 192.168.205.8 ovpn: 10.8.8.6 host C
1. Host C can be pinged to 10.8.8.1, but cannot be pinged to host A's intranet IP address, although they are A machine.
The analysis is as follows: host A is the ovpn server, and access to the same network segment is normal, but access to 192.168 is definitely not accessible because there is no push route.
Solution: Add "route 192.168.1.0 255.255.0.0" in the ovpn configuration file of host A, restart OpenVPN Server, and solve the problem.
2. Host C can ping the Intranet address of host A, but cannot ping the Intranet address of host B.
The analysis is as follows: the Intranet address of host A has been actually routed, but host B cannot receive A response because there is no packet-back route. Log on to host B and try to ping the Intranet address of host. Note: Host B does not have openvpn installed. Then, I asked him, but he did it through online tutorials, add a linux route ip route add 192.168.1.0 255.255.255.0 on host B ....
Solution: The subnet mask of the network adapter is 255.0.0. After a route is added separately, the subnet mask is placed at 255.255.255.0. In this way, the route address does not match the network adapter address, A Class B and a class C. The result is naturally no response packet routing. Delete the problematic route from the linux route table and solve the problem.
Then he can use only one OpenVPN server for routing and log on to the Intranet address of the entire cluster.
I got it in 10 minutes. I remember someone on Weibo said that I am engaged in open source and Hadoop, But I can write in my blog that there are exchanges and routes, and there is no fan of Open Source engineers. I don't care about this. In that case, If you want something done, do it yourself. Although the work in the Internet Age is modular, it is no harm to know more about some things, at least not subject to human beings. Removing the dependency on IOE is very important for the company. It is equally important for the individual.
This article was posted on the "practice test truth" blog and declined to be reproduced!