简介:我想连接到我的VPN并可以访问某些服务器,但对于所有其他流量,我想使用我的常规网络.
@H_502_1@我在我的VPS上设置了OpenVPN服务器,我的server.conf文件如下所示:
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log verb 4 push "route 10.132.0.0 255.255.0.0"@H_502_1@我使用以下.ovpn文件来设置VPN连接:
client dev tun proto udp remote <my.vpn.server.com> 1194 nobind user nobody group nogroup persist-key persist-tun remote-cert-tls server comp-lzo verb 3 <ca>....</ca> <cert>...</cert> <key>...</key>@H_502_1@最后,在VPN连接的网络管理器中,在IPv4设置下,我确保将“方法”设置为“仅自动(VPN)地址”. @H_502_1@VPN连接正常,我可以访问我需要的所有内部服务器(10.132.x.x),但我无法访问任何其他内容(如google.com).我希望我的eth0设置可用于除了我希望通过VPN路由的10.132.x.x IP之外的所有内容. @H_502_1@附:基于其他文章,我尝试在.ovpn文件中使用no-pull并在那里添加我的路由设置但无济于事. @H_502_1@编辑1: @H_502_1@连接到VPN时运行ip a和traceroute的结果:
$ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:dc:a6:ef brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0 valid_lft 86320sec preferred_lft 86320sec inet6 fe80::f3d1:6eb3:e13e:d61b/64 scope link valid_lft forever preferred_lft forever 15: tun0: <POINTOPOINT,NOARP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.8.0.6 peer 10.8.0.5/32 brd 10.8.0.6 scope global tun0 valid_lft forever preferred_lft forever $traceroute google.com google.com: Temporary failure in name resolution Cannot handle "host" cmdline arg `google.com' on position 1 (argc 1)@H_502_1@编辑2:ip r的结果
$ip r default via 10.8.0.5 dev tun0 proto static metric 50 default via 10.0.2.2 dev eth0 proto static metric 100 10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 100 10.8.0.1 via 10.8.0.5 dev tun0 proto static metric 50 10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6 metric 50 10.132.0.0/16 via 10.8.0.5 dev tun0 proto static metric 50 104.236.239.153 via 10.0.2.2 dev eth0 proto static metric 100 169.254.0.0/16 dev eth0 scope link metric 1000
我设法通过使用客户端GUI(Ubuntu NetworkManager)来获得所需的效果.我必须确保IPv4设置下的复选框 – >检查了“仅对其网络上的资源使用此连接”的路由:
@H_502_1@
@H_502_1@我不完全确定在.ovpn文件中需要做什么才能复制它.
@H_502_1@我的路由表现在看起来像这样:
$sudo netstat -r -n Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.132.0.0 10.8.0.5 255.255.0.0 UG 0 0 0 tun0 104.236.239.153 10.0.2.2 255.255.255.255 UGH 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0@H_502_1@请记住,我在server.conf中有推送“route 10.132.0.0 255.255.0.0”,因此解释了10.132.0.0的条目,以及为什么我现在可以访问我的服务器,而其他所有内容都在VPN外部路由(即0.0 .0.0入门) @H_502_1@如果没有在GUI中检查此设置,我的路由表看起来像这样:
$sudo netstat -r -n Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.8.0.5 0.0.0.0 UG 0 0 0 tun0 0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.132.0.0 10.8.0.5 255.255.0.0 UG 0 0 0 tun0 104.236.239.153 10.0.2.2 255.255.255.255 UGH 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0@H_502_1@我的猜测是,第一个0.0.0.0条目(默认路线)搞砸了一切.