OpenWRT - 隔离 SSID 上的 Openconnect VPN

tag-icon tag-icon networking wifi vpn openwrt openconnect
OpenWRT - 隔离 SSID 上的 Openconnect VPN

我正在尝试将第三个 SSID 添加到我的 OpenWRT 路由器,该路由器仅将用户连接到 Openconnect VPN 网络。

该路由器有两个现有 SSID,通过 2.4 和 5.0 GHz 天线阵列连接到 LAN+互联网。我可以通过 Linux PC 上的 NetworkManager 直接连接到 VPN 网络。

连接到新的 SSID 时,我获得了 IP,但没有互联网连接。我也不确定VPN连接是否成功。

我按照以下说明进行操作https://github.com/openwrt/packages/tree/master/net/openconnect以及试图了解正在发生的事情这个问题但没有成功。

以下是我对配置文件所做的添加:

/etc/config/网络

# VPN SSID Interface
config interface 'vpn'
    option proto 'static'
    option ipaddr '192.168.34.1'
    option netmask '255.255.255.0'
    option ipv6 '0'

# Openconnect
config interface 'myvpn'
    option proto 'openconnect'
    option interface 'wan' # Is this right? Was on github's openconnect example
    option server 'myvpn.com'
    option port '4443'
    option username 'user'
    option password 'password'
    #option serverhash '' # Don't need this?
    option defaultroute '0'
    option authgroup 'DEFAULT'
    option token_mode 'rsa'
    option token_secret 'http://127.0.0.1/securid/ctf?ctfData=...'
    option ipv6 '0'

/etc/config/无线

config wifi-iface
    option device 'radio1' # My 5.0 GHz antenna
    option network 'vpn'
    option mode 'ap'
    option ssid 'myVPN'
    option hidden '1'
    option encryption 'psk2'
    option key 'some super secret key'

/etc/config/dhcp

config dhcp 'vpn'
    option interface 'vpn'
    option start '100'
    option limit '150'
    option leasetime '12h'

/etc/config/防火墙

config zone
    option name     vpn
    list   network      'vpn'
    option input        ACCEPT
    option output       ACCEPT
    option forward      ACCEPT

config zone
    option name     myvpn
    list   network      'myvpn'
    option input        ACCEPT
    option output       ACCEPT
    option forward      ACCEPT

config forwarding
    option src      vpn
    option dest     myvpn

我还重新启动了所有组件:

# /etc/init.d/network restart
# /etc/init.d/dnsmasq restart
# /etc/init.d/firewall restart
# wifi
# ifup myvpn

运行时我确实收到以下消息# /etc/init.d/firewall restart

Warning: Section @zone[2] (myvpn) cannot resolve device of network 'myvpn'
Warning: Section @zone[2] (myvpn) has no device, network, subnet or extra options

相关内容