我使用 Shrewsoft VPN 客户端 (IPSec、IKEv1) 连接到我的工作 VPN。它已连接,我可以看到 NATT 保持连接和 DPD 保持连接流量,但我根本没有网络连接。
以下是我的 wifi 适配器的输出示例tcpdump(“网关”是 VPN 网关):
22:15:52.830866 IP MyComputer.lan.ipsec-nat-t > gateway.aaaa.bbbb.cccc.uk.ipsec-nat-t: UDP-encap: ESP(spi=0x9e3cb62c,seq=0xfb), length 116
22:15:53.514843 IP MyComputer.lan.ipsec-nat-t > gateway.aaaa.bbbb.cccc.uk.ipsec-nat-t: UDP-encap: ESP(spi=0x9e3cb62c,seq=0xfc), length 132
22:15:53.514892 IP MyComputer.lan.ipsec-nat-t > gateway.aaaa.bbbb.cccc.uk.ipsec-nat-t: UDP-encap: ESP(spi=0x9e3cb62c,seq=0xfd), length 132
22:15:53.629797 IP MyComputer.lan.ipsec-nat-t > gateway.aaaa.bbbb.cccc.uk.ipsec-nat-t: isakmp-nat-keep-alive
22:15:53.703485 IP MyComputer.lan.ipsec-nat-t > gateway.aaaa.bbbb.cccc.uk.ipsec-nat-t: NONESP-encap: isakmp: phase 2/others I inf[E]
22:15:53.727050 IP gateway.aaaa.bbbb.cccc.uk.ipsec-nat-t > MyComputer.lan.ipsec-nat-t: NONESP-encap: isakmp: phase 2/others R inf[E]
22:15:54.282825 IP MyComputer.lan.ipsec-nat-t > gateway.aaaa.bbbb.cccc.uk.ipsec-nat-t: UDP-encap: ESP(spi=0x9e3cb62c,seq=0xfe), length 116
22:15:54.282873 IP MyComputer.lan.ipsec-nat-t > gateway.aaaa.bbbb.cccc.uk.ipsec-nat-t: UDP-encap: ESP(spi=0x9e3cb62c,seq=0xff), length 116
22:15:54.603844 IP MyComputer.lan.ipsec-nat-t > gateway.aaaa.bbbb.cccc.uk.ipsec-nat-t: UDP-encap: ESP(spi=0x9e3cb62c,seq=0x100), length 132
22:15:54.603893 IP MyComputer.lan.ipsec-nat-t > gateway.aaaa.bbbb.cccc.uk.ipsec-nat-t: UDP-encap: ESP(spi=0x9e3cb62c,seq=0x101), length 132
以下是 VPN 启动后的网络接口:
me@MyComputer:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
4: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
inet 192.168.1.214/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp3s0
valid_lft 34858sec preferred_lft 34858sec
inet6 fe80::7c69:b283:3786:556/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: wwp0s20u4: <BROADCAST,MULTICAST,NOARP> mtu 1428 qdisc noop state DOWN group default qlen 1000
link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
9: tap0: <BROADCAST,UP,LOWER_UP> mtu 1380 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
inet 192.168.246.46/32 brd 192.168.246.46 scope global tap0
valid_lft forever preferred_lft forever
inet6 fe80::4caa:aaff:fe4a:d9b0/64 scope link
valid_lft forever preferred_lft forever
我思考路由表看起来没问题,但我对此非常模糊(**.**.**.**是VPN网关的IP):
me@MyComputer:~$ ip route
default via 192.168.246.66 dev tap0 proto static
default via 192.168.1.1 dev wlp3s0 proto dhcp metric 600
**.**.**.** via 192.168.1.1 dev wlp3s0 proto static
169.254.0.0/16 dev wlp3s0 scope link metric 1000
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.214 metric 600
tcpdumpontap0仅显示 ARP 请求。
我已将rp-filter所有网络适配器设置为 0,以防源验证是原因,但这没有帮助:
me@MyComputer:~$ sysctl -a | grep rp_filter
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.enp0s25.arp_filter = 0
net.ipv4.conf.enp0s25.rp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.tap0.arp_filter = 0
net.ipv4.conf.tap0.rp_filter = 0
net.ipv4.conf.wlp3s0.arp_filter = 0
net.ipv4.conf.wlp3s0.rp_filter = 0
net.ipv4.conf.wwp0s20u4.arp_filter = 0
net.ipv4.conf.wwp0s20u4.rp_filter = 0
VPN 启动后,我未收到任何 ping 响应,DNS 查询超时。通过同一路由器和同一互联网连接,在 Windows 10 计算机(不同客户端)上使用同一 VPN 运行正常。
有人能帮助我解决下一步这个问题吗?