局域网内的服务器通过另一台vpn客户端连接vpn

因为只有一个openvpn client证书，但是局域网有两台都要访问vpn server的一台服务器，怎么办才好呢，想到了通过增加静态路由来实现。

环境：vpn server端提供的外网ip和端口：101.11.1.2  1234

局域网: 192.168.0.1(vpn client证书放在这台服务器上)

               192.168.0.2

       gw:   192.168.0.3

192.168.0.1的网卡

eth0      Link encap:Ethernet  HWaddr 94:DE:80:84:5B:B5  
          inet addr:192.168.0.1  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::96de:80ff:fe84:5bb5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1107185 errors:0 dropped:0 overruns:0 frame:0
          TX packets:168532 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:109457526 (104.3 MiB)  TX bytes:71446453 (68.1 MiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:12.16.13.101  P-t-P:12.16.13.102  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP 0ULTICAST  MTU:1500  Metric:1
          RX packets:33 errors:0 dropped:0 overruns:0 frame:0
          TX packets:142 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:2072 (2.0 KiB)  TX bytes:8296 (8.1 KiB)

192.168.0.1的路由表

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
101.11.1.0    0.0.0.0         255.255.255.255 UH    0      0        0 tun0
101.11.1.0    12.16.13.101  255.255.255.255 UGH   0      0        0 tun0
12.16.13.12  0.0.0.0         255.255.255.255 UH    0      0        0 tun0
12.16.14.1    12.16.13.102  255.255.255.255 UGH   0      0        0 tun0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
101.11.0.0     12.16.13.102  255.255.0.0     UG    0      0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
0.0.0.0         192.168.0.3  0.0.0.0         UG    0      0        0 eth0

vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

sysctl -p

192.168.0.2的网卡

eth0      Link encap:Ethernet  HWaddr 94:DE:80:E8:76:61  
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::96de:80ff:fee8:7661/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:207826530 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34449534802 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:16607632731 (15.4 GiB)  TX bytes:34263871184786 (31.1 TiB)
          Interrupt:30 Base address:0xa000

192.168.0.2的路由表

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
101.11.1.0    192.168.0.1   255.255.255.0   UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
0.0.0.0         192.168.0.3   0.0.0.0         UG    0      0        0 eth0