linux – 从eth0到tun0(OpenVPN)的隧道流量Ububtu 12.04

前端之家收集整理的这篇文章主要介绍了linux – 从eth0到tun0(OpenVPN)的隧道流量Ububtu 12.04前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
按照 here描述的步骤,我设法配置VPN服务器和客户端(我可以双向ping).他们各自的配置文件是:

服务器:

;local a.b.c.d

port 1194

;proto tcp
proto udp

push "redirect-gateway def1"

;dev tap

dev tun

ca ca.crt

cert certificate_server.crt

key certificate_server.key  

dh dh1024.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

;push "route 192.168.10.0 255.255.255.0"

;push "route 192.168.20.0 255.255.255.0"

;client-config-dir ccd

;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 10.9.0.0 255.255.255.252

;learn-address ./script

;push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 208.67.222.222"

;push "dhcp-option DNS 208.67.220.220"


;client-to-client
;duplicate-cn

keepalive 10 120

comp-lzo

persist-key
persist-tun

status openvpn-status.log

;log         openvpn.log
;log-append  openvpn.log

客户:

client

;dev tap

dev tun

;dev-node MyTap

;proto tcp
proto udp

remote <external_server_ip> 1194

;remote my-server-2 1194

push "dhcp-option DNS 10.8.0.1"

;remote-random

resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt
cert certificate_client.crt
key certificate_client.key


ns-cert-type server

;tls-auth ta.key 1

comp-lzo

网络布局如下:我使用客户端连接到位于NAT后面的服务器.我已经在NAT设备上转发了端口1194,并成功地ping了服务器.现在我想将来自客户端eth0接口的所有流量路由到tun0接口.在客户端上运行ifconfig给出:

eth0      Link encap:Ethernet  HWaddr 01:02:03:04:05:06  
          inet addr:172.26.0.206  Bcast:172.26.255.255  Mask:255.255.0.0
          inet6 addr: fe80::3285:a9ff:fe0b:fee8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15579878 errors:0 dropped:2 overruns:0 frame:0
          TX packets:3774742 errors:0 dropped:0 overruns:0 carrier:4
          collisions:0 txqueuelen:1000 
          RX bytes:7365014496 (7.3 GB)  TX bytes:349016660 (349.0 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:132571 errors:0 dropped:0 overruns:0 frame:0
          TX packets:132571 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:6718530 (6.7 MB)  TX bytes:6718530 (6.7 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1296 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:102968 (102.9 KB)

wlan0     Link encap:Ethernet  HWaddr 01:01:01:01:01:01  
          inet addr:192.168.0.103  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::de85:deff:fe32:241f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:284664 errors:0 dropped:0 overruns:0 frame:0
          TX packets:99157 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:177617284 (177.6 MB)  TX bytes:32064393 (32.0 MB)

在服务器输出上运行命令时:

eth0      Link encap:Ethernet  HWaddr 06:05:04:03:02:01 
          inet addr:192.168.2.7  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::219:d1ff:fefe:de8a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:44596 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22418 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9082333 (9.0 MB)  TX bytes:5007949 (5.0 MB)
          Interrupt:20 Memory:e3200000-e3220000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:394157 errors:0 dropped:0 overruns:0 frame:0
          TX packets:394157 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:19763027 (19.7 MB)  TX bytes:19763027 (19.7 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:7615 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:463861 (463.8 KB)  TX bytes:588 (588.0 B)

在我的客户端上启用IPv4数据包转发;我在客户端计算机上的路由表是:
客户:

$netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.8.0.5        128.0.0.0       UG        0 0          0 tun0
0.0.0.0         172.26.0.1      0.0.0.0         UG        0 0          0 eth0
10.8.0.1        10.8.0.5        255.255.255.255 UGH       0 0          0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
<server_external_ip>  172.26.0.1      255.255.255.255 UGH       0 0          0 eth0
128.0.0.0       10.8.0.5        128.0.0.0       UG        0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
172.26.0.0      0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0

在服务器上:

服务器:

0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0

如何在客户端计算机上将所有流量从eth0路由到tun0?我尝试在路由表中添加一个条目:

sudo route add default gw 10.8.0.1

输出是:

SIOCADDRT: No such process

此外,在此步骤之后连接停止工作,我无法再从客户端ping服务器;无法再转发eth0上的流量.

解决方法

您的OpenVPN实例正在使用点对点模式,因此您的默认网关不是10.8.0.1.

查看您的客户端路由表,似乎OpenVPN客户端已正确设置路由,因此VPN服务器现在是您的默认网关(这由服务器配置中的redirect-gateway def1指示):

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.8.0.5        128.0.0.0       UG        0 0          0 tun0
128.0.0.0       10.8.0.5        128.0.0.0       UG        0 0          0 tun0

所以你基本上已经实现了你想要的东西 – 让最初通过eth0的所有流量现在都转到tun0.

如果您想知道为什么在拨打VPN后无法访问互联网(无法访问其他网站),您可以按照@Bill说的那样:在服务器上设置NAT和IP转发.

这也很简单:

# sysctl -w net.ipv4.ip_forwarding = 1
# iptables -t nat -A POSTROUTING ! -o lo -j MASQUERADE

如果你是偏执狂,请根据@ Bill的答案更改第二行.

原文链接:https://www.f2er.com/linux/395788.html

猜你在找的Linux相关文章