openvpn建立链接后，客户端可以ping通服务器的IP却ping不通外网IP的原因和解决办法。

因为服务器没有做转发的设置。需要在服务器中的/etc/sysctl.conf文件中加入下面语句：

net.ipv4.ip_forward = 1

net.ipv6.conf.all.forwarding = 1

net.ipv6.conf.default.forwarding = 1

net.ipv4.tcp_fastopen = 3

net.ipv4.conf.all.proxy_arp = 1

net.ipv6.conf.all.proxy_ndp = 1

net.ipv6.conf.default.proxy_ndp = 1

net.ipv6.conf.eth0.proxy_ndp = 1

net.ipv6.conf.tun0.proxy_ndp = 1

net.core.rmem_max = 2500000 

然输入命令 sysctl -p 实现配置生效。

接着需要输入下面这条防火墙的配置

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

ip6tables -t nat -A POSTROUTING -s fd00:0:0:1::/64 -o eth0 -j MASQUERADE

需要在openvpn服务器的配置文件中加入：

push "redirect-gateway def1 bypass-dhcp"

push "redirect-gateway-ipv6 def1 bypass-dhcp"

server-ipv6 fd00:0:0:1::/64

server 10.8.0.0 255.255.255.0

push "dhcp-option DNS 2606:4700::1111"

push "dhcp-option DNS 2001:4860:4860::8888"