根据情况,我需要通过另一个 VPN 连接到 VPN。它们都在我的 Ubuntu 机器上运行。我连接到第一个 VPN。tun0创建的接口和我的路由表如下ip r:
0.0.0.0/1 via 100.64.100.5 dev tun0
default via 192.168.1.1 dev wlp2s0 proto dhcp metric 600
10.0.0.0/8 via 192.168.1.1 dev wlp2s0
100.64.100.1 via 100.64.100.5 dev tun0
100.64.100.5 dev tun0 proto kernel scope link src 100.64.100.6
128.0.0.0/1 via 100.64.100.5 dev tun0
169.254.0.0/16 dev wlp2s0 scope link metric 1000
172.16.0.0/12 via 192.168.1.1 dev wlp2s0
185.208.9.98 via 192.168.1.1 dev wlp2s0
192.168.0.0/16 via 192.168.1.1 dev wlp2s0
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.68 metric 600
我删除了第一条和第六条规则,以tun0默认阻止传输流量到:
default via 192.168.1.1 dev wlp2s0 proto dhcp metric 600
10.0.0.0/8 via 192.168.1.1 dev wlp2s0
100.64.100.1 via 100.64.100.5 dev tun0
100.64.100.5 dev tun0 proto kernel scope link src 100.64.100.6
169.254.0.0/16 dev wlp2s0 scope link metric 1000
172.16.0.0/12 via 192.168.1.1 dev wlp2s0
185.208.9.98 via 192.168.1.1 dev wlp2s0
192.168.0.0/16 via 192.168.1.1 dev wlp2s0
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.68 metric 600
然后我添加了第二个 VPN 服务器的 IP,以便通过第一个 VPN。假设第二个 VPN 服务器的 IP 是200.200.200.200
ip r add 200.200.200.200 via 100.64.100.5 dev tun0
然后我尝试连接第二个 VPN - 它是 L2TP 类型,但没有成功。我尝试使用以下命令调试 L2TP 连接:
/usr/lib/NetworkManager/nm-l2tp-service --debug
我在日志中发现了以下几行:
** Message: 17:29:56.476: Check port 1701
** Message: 17:29:56.476: Can't bind to port 1701
nm-l2tp[81418] <warn> L2TP port 1701 is busy, using ephemeral.
nm-l2tp[81418] <info> starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.9.5 IPsec [starter]...
Loading config setup
Loading conn '3cf99dbd-577c-4c5b-85f7-b081483bd849'
nm-l2tp[81418] <info> Spawned ipsec up script with PID 81797.
initiating IKE_SA 3cf99dbd-577c-4c5b-85f7-b081483bd849[1] to 200.200.200.200
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 100.64.100.6[500] to 200.200.200.200[500] (904 bytes)
retransmit 1 of request with message ID 0
sending packet: from 100.64.100.6[500] to 200.200.200.200[500] (904 bytes)
nm-l2tp[81418] <warn> Timeout trying to establish IPsec connection
nm-l2tp[81418] <info> Terminating ipsec script with PID 81797.
Stopping strongSwan IPsec...
destroying IKE_SA in state CONNECTING without notification
establishing connection '3cf99dbd-577c-4c5b-85f7-b081483bd849' failed
** Message: 17:30:09.608: Could not establish IPsec connection.