我正在尝试遵循 TinC 的指南,了解如何通过 VPN 隧道将所有网络流量转发到安全的互联网连接。典型的不安全咖啡店连接类型问题。
无论如何,我正在使用 TinC,并且可以毫无问题地连接到服务器,但我没有通过此连接路由任何互联网流量。我确信这一点,因为我的公共 IP 仍然与我期望的 VPN 安全端的 IP 不同。
这是连接的设置,但没有用于 tinc-up 的互联网流量:
ip link set $INTERFACE up
ip addr add 10.0.0.3/32 dev $INTERFACE
ip route add 10.0.0.0/24 dev $INTERFACE
这是tinc-down:
ip route del 10.0.0.0/24 dev $INTERFACE
ip addr del 10.0.0.3/32 dev $INTERFACE
ip link set $INTERFACE down
这是客户端主机文件:
Subnet = 10.0.0.3/32
这是服务器主机文件:
Address = foo.bar.net
Port = 655
Subnet = 10.0.0.1/32
....所以,这一切都很好...这是一些示例输出:
foo@local:~ » route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.254 0.0.0.0 UG 202 0 0 enp0s3
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 alpha
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 enp0s3
但是,我尝试在这里遵循本指南: https://www.tinc-vpn.org/examples/redirect-gateway/
新的调整:
set -x
ip link set dev $INTERFACE up
#ip addr add 10.0.0.3/32 dev $INTERFACE
#ip route add 10.0.0.0/24 dev $INTERFACE
VPN_GATEWAY=10.0.0.0
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5`
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route add $VPN_GATEWAY dev $INTERFACE
ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE
ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE
新的锡克下来:
set -x
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5`
ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route del $VPN_GATEWAY dev $INTERFACE
ip route del 0.0.0.0/1 dev $INTERFACE
ip route del 128.0.0.0/1 dev $INTERFACE
ip link set dev $INTERFACE down
现在脚本会抛出 ip 路由的语法错误,当然,什么也没有发生。我尝试过使用一些路由,尝试显式定义一些变量,甚至尝试在 shell 中逐步运行这些变量,但似乎没有任何效果。主机始终无法访问。
我在这里做错了什么?
谢谢
编辑2: 这是正在运行的新 tinc-up/down 文件,其中包含来自评论的建议,包括 set-x 选项。首先运行tinc-up 脚本,然后终止进程,从而启动上面所示的tinc-down 脚本。
:~ » sudo tincd -n alpha -D -d3
tincd 1.0.31 starting, debug level 3
/dev/net/tun is a Linux tun/tap device (tun mode)
Executing script tinc-up
+ ip link set dev alpha up
+ VPN_GATEWAY=10.0.0.0
++ ip route show
++ cut -d ' ' -f 2-5
++ grep '^default'
+ ORIGINAL_GATEWAY='via 192.168.0.254 dev enp0s3'
+ ip route add via 192.168.0.254 dev enp0s3
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
+ ip route add 10.0.0.0 dev alpha
+ ip route add 0.0.0.0/1 via 10.0.0.0 dev alpha
+ ip route add 128.0.0.0/1 via 10.0.0.0 dev alpha
Listening on 0.0.0.0 port 655
Ready
Trying to connect to alpha (74.78.156.164 port 655)
Error while connecting to alpha (74.78.156.164 port 655): Network is unreachable
Could not set up a meta connection to alpha
Trying to re-establish outgoing connection in 5 seconds
Purging unreachable nodes
Trying to connect to alpha (74.78.156.164 port 655)
Error while connecting to alpha (74.78.156.164 port 655): Network is unreachable
Could not set up a meta connection to alpha
Trying to re-establish outgoing connection in 10 seconds
Purging unreachable nodes
Got TERM signal
Statistics for Linux tun/tap device (tun mode) /dev/net/tun:
total bytes in: 346
total bytes out: 306
Closing connection with charlie (MYSELF)
Executing script tinc-down
++ cut -d ' ' -f 2-5
++ grep '^default'
++ ip route show
+ ORIGINAL_GATEWAY='via 192.168.0.254 dev enp0s3'
+ ip route del via 192.168.0.254 dev enp0s3
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
+ ip route del dev alpha
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
+ ip route del 0.0.0.0/1 dev alpha
+ ip route del 128.0.0.0/1 dev alpha
+ ip link set dev alpha down
Terminating
编辑3:
我发现更改为:
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 3-5`
给出 192.168.0.254 dev enp0s3
现在我的脚本不会抛出 iproute 语法错误...但是,他们确实抱怨以下内容:
+ ip route add 192.168.0.254 dev enp0s3
RTNETLINK answers: File exists