我不知道该如何提出我的问题,但事情是这样的。
我在 Ubuntu 22.04.3 LTS 上。我有一个 GlobalProtect VPN 配置。我按照这篇文章操作,以便能够从 Ubuntu 的网络管理器进行连接:https://system-administrator.pages.cs.sun.ac.za/globalprotect-openconnect/我安装了该network-manager-openconnect-gnome软件包并在 Ubuntu 的网络管理器中配置了 VPN。
完成后,我能够连接到 VPN 并通过 SSH 连接到私有网络内的某些服务器。
然后,几天后它突然停止工作了。我仍然可以连接到 VPN,但我无法通过 ssh 连接到我以前使用的服务器,错误信息如下:
ssh: connect to host 172.19.27.13 port 22: No route to host
我以为是 VPN 或服务器本身的问题,但当我尝试从我的 Mac 连接(使用同一个 WiFi)时,却没有任何问题。
我开始认为也许我的 Docker 网络与 VPN 的 IP 范围重叠,因此我停止了服务docker甚至重新启动了我的 PC,但这没有帮助。
到目前为止我唯一测试过的东西列在下面,但它没有给我任何线索:
$ traceroute 172.19.27.13
traceroute to 172.19.27.13 (172.19.27.13), 64 hops max
1 * 172.19.16.1 65,092ms !H 0,001ms !H
$ ping 172.19.27.13
PING 172.19.27.13 (172.19.27.13) 56(84) bytes of data.
From 172.19.16.1 icmp_seq=1 Destination Host Unreachable
$ nmcli con show --active | grep -i vpn
MyVPN de48b3b6-3caf-422a-a75b-465985493b1f vpn wlo1
vpn0 b3ba4a7b-5104-4809-86a2-ea308b56c36d tun vpn0
$ ip route get 172.19.27.13
172.19.27.13 dev br-633a51729988 src 172.19.16.1 uid 1000
cache
的结果ip route 前连接到VPN:
$ ip route
default via 192.168.50.1 dev wlo1 proto dhcp metric 600
169.254.0.0/16 dev wlo1 scope link metric 1000
172.16.16.0/20 dev br-1995468707f3 proto kernel scope link src 172.16.16.1 linkdown
172.16.32.0/20 dev br-0778c863d099 proto kernel scope link src 172.16.32.1 linkdown
172.16.48.0/20 dev br-df4298cf3f34 proto kernel scope link src 172.16.48.1 linkdown
172.16.64.0/20 dev br-b21e9bd4408a proto kernel scope link src 172.16.64.1 linkdown
172.16.80.0/20 dev br-ab26a099e4af proto kernel scope link src 172.16.80.1 linkdown
172.16.160.0/20 dev br-0809242b5614 proto kernel scope link src 172.16.160.1 linkdown
172.16.176.0/20 dev br-7745b1996e38 proto kernel scope link src 172.16.176.1 linkdown
172.16.224.0/20 dev br-e824a824630d proto kernel scope link src 172.16.224.1 linkdown
172.17.32.0/20 dev br-390ac1b17b4a proto kernel scope link src 172.17.32.1 linkdown
172.17.48.0/20 dev br-aba3c6c7ea81 proto kernel scope link src 172.17.48.1 linkdown
172.17.64.0/20 dev br-fc9f97b6c962 proto kernel scope link src 172.17.64.1 linkdown
172.18.80.0/20 dev br-c7b1780d377a proto kernel scope link src 172.18.80.1 linkdown
172.18.112.0/20 dev br-bad9690b4488 proto kernel scope link src 172.18.112.1 linkdown
172.18.224.0/20 dev br-4739b8f6c565 proto kernel scope link src 172.18.224.1 linkdown
172.18.240.0/20 dev br-57b8ed7e5f78 proto kernel scope link src 172.18.240.1 linkdown
172.19.0.0/20 dev br-345e49d0a9de proto kernel scope link src 172.19.0.1 linkdown
172.19.16.0/20 dev br-633a51729988 proto kernel scope link src 172.19.16.1 linkdown
172.19.32.0/20 dev br-9402f4890bea proto kernel scope link src 172.19.32.1 linkdown
172.19.48.0/20 dev br-f973a49c39f8 proto kernel scope link src 172.19.48.1 linkdown
172.19.64.0/20 dev br-337fb81fa103 proto kernel scope link src 172.19.64.1 linkdown
172.19.80.0/20 dev br-32304ed3e93e proto kernel scope link src 172.19.80.1 linkdown
172.19.96.0/20 dev br-25a1c30e2370 proto kernel scope link src 172.19.96.1 linkdown
172.19.112.0/20 dev br-d41e5b9aaa3f proto kernel scope link src 172.19.112.1 linkdown
172.19.128.0/20 dev br-1591a2081e6c proto kernel scope link src 172.19.128.1 linkdown
172.19.160.0/20 dev br-9224acb921b3 proto kernel scope link src 172.19.160.1 linkdown
172.19.176.0/20 dev br-cde9717fb323 proto kernel scope link src 172.19.176.1 linkdown
172.19.192.0/20 dev br-dfd218450cc9 proto kernel scope link src 172.19.192.1 linkdown
172.19.224.0/20 dev br-1119ec704f95 proto kernel scope link src 172.19.224.1 linkdown
172.19.240.0/20 dev br-3b1afe5dcd39 proto kernel scope link src 172.19.240.1 linkdown
172.20.0.0/20 dev br-3ef61fec14e6 proto kernel scope link src 172.20.0.1 linkdown
172.20.16.0/20 dev br-1ad840df8f05 proto kernel scope link src 172.20.16.1 linkdown
172.20.32.0/20 dev br-ac262d677384 proto kernel scope link src 172.20.32.1 linkdown
172.20.48.0/20 dev docker0 proto kernel scope link src 172.20.48.1 linkdown
172.20.64.0/20 dev br-32b0736cab0b proto kernel scope link src 172.20.64.1 linkdown
172.20.80.0/20 dev br-bdd46d8dd94d proto kernel scope link src 172.20.80.1 linkdown
172.20.96.0/20 dev br-de771380d5d0 proto kernel scope link src 172.20.96.1 linkdown
172.20.128.0/20 dev br-c89e819f4c75 proto kernel scope link src 172.20.128.1 linkdown
172.20.144.0/20 dev br-a41b7066e799 proto kernel scope link src 172.20.144.1 linkdown
172.20.160.0/20 dev br-2df191fb5c5c proto kernel scope link src 172.20.160.1 linkdown
172.22.0.0/16 dev br-650e4ea3a3bf proto kernel scope link src 172.22.0.1 linkdown
172.23.0.0/16 dev br-082e3b5a62c0 proto kernel scope link src 172.23.0.1 linkdown
172.25.0.0/16 dev br-5c28ca91c585 proto kernel scope link src 172.25.0.1 linkdown
172.26.0.0/16 dev br-4f2c13db6831 proto kernel scope link src 172.26.0.1 linkdown
172.27.0.0/16 dev br-82b4239e4105 proto kernel scope link src 172.27.0.1 linkdown
172.28.0.0/16 dev br-7cc44739f78c proto kernel scope link src 172.28.0.1 linkdown
172.29.0.0/16 dev br-7e70216d3f8f proto kernel scope link src 172.29.0.1 linkdown
172.31.0.0/16 dev br-e687be49ba8e proto kernel scope link src 172.31.0.1 linkdown
192.168.0.0/20 dev br-a66dd5b6bf3b proto kernel scope link src 192.168.0.1 linkdown
192.168.16.0/20 dev br-58856c396a34 proto kernel scope link src 192.168.16.1 linkdown
192.168.50.0/24 dev wlo1 proto kernel scope link src 192.168.50.91 metric 600
192.168.64.0/20 dev br-b71cb646f966 proto kernel scope link src 192.168.64.1 linkdown
192.168.80.0/20 dev br-84c7113cab9d proto kernel scope link src 192.168.80.1 linkdown
192.168.96.0/20 dev br-8b729ef36abf proto kernel scope link src 192.168.96.1 linkdown
的结果ip route 后连接到VPN:
$ ip route
default via 192.168.50.1 dev wlo1 proto dhcp metric 600
10.0.0.0/16 dev vpn0 proto static scope link metric 50
10.1.0.0/16 dev vpn0 proto static scope link metric 50
10.2.0.0/16 dev vpn0 proto static scope link metric 50
10.3.0.0/16 dev vpn0 proto static scope link metric 50
10.4.0.0/16 dev vpn0 proto static scope link metric 50
10.5.0.0/16 dev vpn0 proto static scope link metric 50
10.6.0.0/16 dev vpn0 proto static scope link metric 50
10.50.0.32/28 dev vpn0 proto static scope link metric 50
10.50.0.48/28 dev vpn0 proto static scope link metric 50
10.50.0.64/28 dev vpn0 proto static scope link metric 50
10.50.0.104/29 dev vpn0 proto static scope link metric 50
10.50.1.0/24 dev vpn0 proto static scope link metric 50
10.50.3.0/29 dev vpn0 proto static scope link metric 50
10.50.3.56/29 dev vpn0 proto static scope link metric 50
10.50.3.80/29 dev vpn0 proto static scope link metric 50
10.50.3.88/29 dev vpn0 proto static scope link metric 50
10.50.3.112/29 dev vpn0 proto static scope link metric 50
10.50.6.0/28 dev vpn0 proto static scope link metric 50
10.50.6.64/26 dev vpn0 proto static scope link metric 50
10.50.12.0/24 dev vpn0 proto static scope link metric 50
10.50.13.0/24 dev vpn0 proto static scope link metric 50
10.79.1.0/24 dev vpn0 proto static scope link metric 50
10.122.0.0/16 dev vpn0 proto static scope link metric 50
10.125.0.0/16 dev vpn0 proto static scope link metric 50
10.126.0.0/16 dev vpn0 proto static scope link metric 50
10.255.0.0/16 dev vpn0 proto static scope link metric 50
169.254.0.0/16 dev wlo1 scope link metric 1000
172.16.0.0/16 dev vpn0 proto static scope link metric 50
172.16.10.12 dev vpn0 proto static scope link metric 50
172.16.10.13 dev vpn0 proto static scope link metric 50
172.16.16.0/20 dev br-1995468707f3 proto kernel scope link src 172.16.16.1 linkdown
172.16.32.0/20 dev br-0778c863d099 proto kernel scope link src 172.16.32.1 linkdown
172.16.48.0/20 dev br-df4298cf3f34 proto kernel scope link src 172.16.48.1 linkdown
172.16.64.0/20 dev br-b21e9bd4408a proto kernel scope link src 172.16.64.1 linkdown
172.16.80.0/20 dev br-ab26a099e4af proto kernel scope link src 172.16.80.1 linkdown
172.16.160.0/20 dev br-0809242b5614 proto kernel scope link src 172.16.160.1 linkdown
172.16.176.0/20 dev br-7745b1996e38 proto kernel scope link src 172.16.176.1 linkdown
172.16.224.0/20 dev br-e824a824630d proto kernel scope link src 172.16.224.1 linkdown
172.17.32.0/20 dev br-390ac1b17b4a proto kernel scope link src 172.17.32.1 linkdown
172.17.48.0/20 dev br-aba3c6c7ea81 proto kernel scope link src 172.17.48.1 linkdown
172.17.64.0/20 dev br-fc9f97b6c962 proto kernel scope link src 172.17.64.1 linkdown
172.18.0.0/16 dev vpn0 proto static scope link metric 50
172.18.80.0/20 dev br-c7b1780d377a proto kernel scope link src 172.18.80.1 linkdown
172.18.112.0/20 dev br-bad9690b4488 proto kernel scope link src 172.18.112.1 linkdown
172.18.224.0/20 dev br-4739b8f6c565 proto kernel scope link src 172.18.224.1 linkdown
172.18.240.0/20 dev br-57b8ed7e5f78 proto kernel scope link src 172.18.240.1 linkdown
172.19.0.0/20 dev br-345e49d0a9de proto kernel scope link src 172.19.0.1 linkdown
172.19.0.0/16 dev vpn0 proto static scope link metric 50
172.19.16.0/20 dev br-633a51729988 proto kernel scope link src 172.19.16.1 linkdown
172.19.32.0/20 dev br-9402f4890bea proto kernel scope link src 172.19.32.1 linkdown
172.19.48.0/20 dev br-f973a49c39f8 proto kernel scope link src 172.19.48.1 linkdown
172.19.64.0/20 dev br-337fb81fa103 proto kernel scope link src 172.19.64.1 linkdown
172.19.80.0/20 dev br-32304ed3e93e proto kernel scope link src 172.19.80.1 linkdown
172.19.96.0/20 dev br-25a1c30e2370 proto kernel scope link src 172.19.96.1 linkdown
172.19.112.0/20 dev br-d41e5b9aaa3f proto kernel scope link src 172.19.112.1 linkdown
172.19.128.0/20 dev br-1591a2081e6c proto kernel scope link src 172.19.128.1 linkdown
172.19.160.0/20 dev br-9224acb921b3 proto kernel scope link src 172.19.160.1 linkdown
172.19.176.0/20 dev br-cde9717fb323 proto kernel scope link src 172.19.176.1 linkdown
172.19.192.0/20 dev br-dfd218450cc9 proto kernel scope link src 172.19.192.1 linkdown
172.19.224.0/20 dev br-1119ec704f95 proto kernel scope link src 172.19.224.1 linkdown
172.19.240.0/20 dev br-3b1afe5dcd39 proto kernel scope link src 172.19.240.1 linkdown
172.20.0.0/20 dev br-3ef61fec14e6 proto kernel scope link src 172.20.0.1 linkdown
172.20.16.0/20 dev br-1ad840df8f05 proto kernel scope link src 172.20.16.1 linkdown
172.20.32.0/20 dev br-ac262d677384 proto kernel scope link src 172.20.32.1 linkdown
172.20.48.0/20 dev docker0 proto kernel scope link src 172.20.48.1 linkdown
172.20.64.0/20 dev br-32b0736cab0b proto kernel scope link src 172.20.64.1 linkdown
172.20.80.0/20 dev br-bdd46d8dd94d proto kernel scope link src 172.20.80.1 linkdown
172.20.96.0/20 dev br-de771380d5d0 proto kernel scope link src 172.20.96.1 linkdown
172.20.128.0/20 dev br-c89e819f4c75 proto kernel scope link src 172.20.128.1 linkdown
172.20.144.0/20 dev br-a41b7066e799 proto kernel scope link src 172.20.144.1 linkdown
172.20.160.0/20 dev br-2df191fb5c5c proto kernel scope link src 172.20.160.1 linkdown
172.22.0.0/16 dev br-650e4ea3a3bf proto kernel scope link src 172.22.0.1 linkdown
172.22.0.0/16 dev vpn0 proto static scope link metric 50
172.23.0.0/16 dev br-082e3b5a62c0 proto kernel scope link src 172.23.0.1 linkdown
172.25.0.0/16 dev br-5c28ca91c585 proto kernel scope link src 172.25.0.1 linkdown
172.25.3.0/24 dev vpn0 proto static scope link metric 50
172.26.0.0/16 dev br-4f2c13db6831 proto kernel scope link src 172.26.0.1 linkdown
172.27.0.0/16 dev br-82b4239e4105 proto kernel scope link src 172.27.0.1 linkdown
172.28.0.0/16 dev br-7cc44739f78c proto kernel scope link src 172.28.0.1 linkdown
172.29.0.0/16 dev br-7e70216d3f8f proto kernel scope link src 172.29.0.1 linkdown
172.31.0.0/16 dev br-e687be49ba8e proto kernel scope link src 172.31.0.1 linkdown
192.168.0.0/20 dev br-a66dd5b6bf3b proto kernel scope link src 192.168.0.1 linkdown
192.168.6.0/24 dev vpn0 proto static scope link metric 50
192.168.13.0/24 dev vpn0 proto static scope link metric 50
192.168.15.0/24 dev vpn0 proto static scope link metric 50
192.168.16.0/24 dev vpn0 proto static scope link metric 50
192.168.16.0/20 dev br-58856c396a34 proto kernel scope link src 192.168.16.1 linkdown
192.168.17.0/24 dev vpn0 proto static scope link metric 50
192.168.27.0/24 dev vpn0 proto static scope link metric 50
192.168.31.0/24 dev vpn0 proto static scope link metric 50
192.168.32.0/24 dev vpn0 proto static scope link metric 50
192.168.50.0/24 dev wlo1 proto kernel scope link src 192.168.50.91 metric 600
192.168.50.1 dev wlo1 proto static scope link metric 50
192.168.64.0/24 dev vpn0 proto static scope link metric 50
192.168.64.0/20 dev br-b71cb646f966 proto kernel scope link src 192.168.64.1 linkdown
192.168.65.0/24 dev vpn0 proto static scope link metric 50
192.168.71.0/24 dev vpn0 proto static scope link metric 50
192.168.80.0/20 dev br-84c7113cab9d proto kernel scope link src 192.168.80.1 linkdown
192.168.96.0/20 dev br-8b729ef36abf proto kernel scope link src 192.168.96.1 linkdown
193.104.155.113 via 192.168.50.1 dev wlo1 proto static metric 50
我尝试过的:
- 停止
docker服务 - 重启电脑
- 删除并重新创建 VPN 配置
- 使用不同的 WiFi(本例中为移动连接)
这些都无济于事。
所以我认为问题是 - 它是否真的尝试连接到专用网络,或者它是否尝试在本地某处找到 IP?我该如何调试它?
答案1
我不确定我是否完全理解了你的问题,但是如果你想知道系统“如何”连接到给定的 IP,你可以使用命令
ip route get x.x.x.x
它将显示数据包通过哪个接口(以及哪个网关,如果有的话)路由到 IP 地址x.x.x.x。以下是我目前正在使用的计算机上的两个示例:
raj@ubu64:~$ ip route get 172.28.200.1
172.28.200.1 dev eth1 src 172.28.200.55
cache mtu 1500 advmss 1460 hoplimit 64
raj@ubu64:~$ ip route get 10.0.0.1
10.0.0.1 via 192.168.137.1 dev eth0 src 192.168.137.44
cache mtu 1500 advmss 1460 hoplimit 64
您可以看到,与 IP 地址的连接通过我的计算机上的接口(具有 IP 地址)172.28.200.1进行,并且与的连接通过接口(具有 IP 地址)并通过网关进行。eth1172.28.200.5510.0.0.1eth0192.168.137.44192.168.137.1
因此,如果您知道 VPN 接口的名称(从ip route您发布的输出来看vpn0)或 VPN 隧道本地端的 IP 地址,您就可以识别通过 VPN 的连接。
在您的特定情况下,您想要连接到172.19.27.13。您的ip route输出都是前和后连接到 VPN 时,显示 IP 范围172.19.16.0/20(172.19.27.13属于该范围)通过接口路由br-633a51729988(您必须确定此特定接口实际上是什么)。请注意,连接到 VPN 后,这不会改变 - 相同的范围仍通过相同的接口路由。
dev vpn0通过 VPN 路由的网络是输出中包含的网络ip route。这些范围不包括地址172.19.27.13。
我猜想所有这些通过各种br-*接口路由的 IP 范围都是分配给您的 Docker 容器的范围(抱歉,我没有使用过 Docker,所以我不确定这一点)。这也适用于172.19.27.13- 它是您的 Docker 子网中的某个地址。
如果您想要172.19.27.13一些位于 Docker 虚拟网络外部的地址,那么您必须更改 Docker 子网的寻址,以便该地址不落入该范围(这是最佳解决方案),或者 - 作为一种解决方法 - 您需要通过 VPN 接口手动添加到该特定地址的路由。
答案2
就我的情况而言,由于使用的是不同的 VPN,我不再使用 Ubuntu GUI 进行 VPN 设置,现在我只使用命令行操作。不再有问题。