我正在尝试从我的 Ubuntu 11.10 机器连接到 OpenVPN 服务器。我使用以下命令来执行此操作(在 root 用户下):
openvpn --config /home/vladimir/client.ovpn
一切似乎都正常,它可以正常连接,没有任何警告和错误,但是当我尝试浏览互联网时,我发现我仍然使用自己的 IP 地址,因此 VPN 连接不起作用。当我运行 openvpn 命令时,它会显示以下消息:
NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
我认为这是导致此问题的原因,但不幸的是我不知道如何解决它。
以下是 openvpn 命令的完整输出:
Sat Jun 9 23:51:36 2012 OpenVPN 2.2.0 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011
Sat Jun 9 23:51:36 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Jun 9 23:51:36 2012 Control Channel Authentication: tls-auth using INLINE static key file
Sat Jun 9 23:51:36 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 9 23:51:36 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 9 23:51:36 2012 LZO compression initialized
Sat Jun 9 23:51:36 2012 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Jun 9 23:51:36 2012 Socket Buffers: R=[126976->200000] S=[126976->200000]
Sat Jun 9 23:51:36 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jun 9 23:51:36 2012 Local Options hash (VER=V4): '504e774e'
Sat Jun 9 23:51:36 2012 Expected Remote Options hash (VER=V4): '14168603'
Sat Jun 9 23:51:36 2012 UDPv4 link local: [undef]
Sat Jun 9 23:51:36 2012 UDPv4 link remote: [AF_INET]94.229.78.130:1194
Sat Jun 9 23:51:37 2012 TLS: Initial packet from [AF_INET]94.229.78.130:1194, sid=13fd921b b42072ab
Sat Jun 9 23:51:37 2012 VERIFY OK: depth=1, /CN=OpenVPN_CA
Sat Jun 9 23:51:37 2012 VERIFY OK: nsCertType=SERVER
Sat Jun 9 23:51:37 2012 VERIFY OK: depth=0, /CN=OpenVPN_Server
Sat Jun 9 23:51:38 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jun 9 23:51:38 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 9 23:51:38 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jun 9 23:51:38 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 9 23:51:38 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jun 9 23:51:38 2012 [OpenVPN_Server] Peer Connection Initiated with [AF_INET]94.229.78.130:1194
Sat Jun 9 23:51:40 2012 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
Sat Jun 9 23:51:40 2012 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 5,ping-restart 40,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 5.5.0.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,register-dns,comp-lzo yes,ifconfig 5.5.117.43 255.255.0.0'
Sat Jun 9 23:51:40 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.2.0)
Sat Jun 9 23:51:40 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.2.0)
Sat Jun 9 23:51:40 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.2.0)
Sat Jun 9 23:51:40 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:16: register-dns (2.2.0)
Sat Jun 9 23:51:40 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jun 9 23:51:40 2012 OPTIONS IMPORT: explicit notify parm(s) modified
Sat Jun 9 23:51:40 2012 OPTIONS IMPORT: LZO parms modified
Sat Jun 9 23:51:40 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jun 9 23:51:40 2012 OPTIONS IMPORT: route options modified
Sat Jun 9 23:51:40 2012 OPTIONS IMPORT: route-related options modified
Sat Jun 9 23:51:40 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Jun 9 23:51:40 2012 ROUTE: default_gateway=UNDEF
Sat Jun 9 23:51:40 2012 TUN/TAP device tun0 opened
Sat Jun 9 23:51:40 2012 TUN/TAP TX queue length set to 100
Sat Jun 9 23:51:40 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jun 9 23:51:40 2012 /sbin/ifconfig tun0 5.5.117.43 netmask 255.255.0.0 mtu 1500 broadcast 5.5.255.255
Sat Jun 9 23:51:45 2012 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Sat Jun 9 23:51:45 2012 Initialization Sequence Completed
路线命令的输出:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 ppp0
5.5.0.0 * 255.255.0.0 U 0 0 0 tun0
link-local * 255.255.0.0 U 1000 0 0 wlan0
192.168.0.0 * 255.255.255.0 U 0 0 0 wlan0
stream-ts1.net. * 255.255.255.255 UH 0 0 0 ppp0
ifconfig 命令的输出:
eth0 Link encap:Ethernet HWaddr 6c:62:6d:44:0d:12
inet6 addr: fe80::6e62:6dff:fe44:d12/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54594 errors:0 dropped:0 overruns:0 frame:0
TX packets:59897 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:44922107 (44.9 MB) TX bytes:8839969 (8.8 MB)
Interrupt:41 Base address:0x8000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4561 errors:0 dropped:0 overruns:0 frame:0
TX packets:4561 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:685425 (685.4 KB) TX bytes:685425 (685.4 KB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:213.206.63.44 P-t-P:213.206.34.4 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:53577 errors:0 dropped:0 overruns:0 frame:0
TX packets:58892 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:43667387 (43.6 MB) TX bytes:7504776 (7.5 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:5.5.117.43 P-t-P:5.5.117.43 Mask:255.255.0.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 00:27:19:f6:b5:cf
inet addr:192.168.0.1 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::227:19ff:fef6:b5cf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12079 errors:0 dropped:0 overruns:0 frame:0
TX packets:11178 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1483691 (1.4 MB) TX bytes:4307899 (4.3 MB)
所以我的问题是——如何让 OpenVPN 重定向默认网关?
谢谢!
答案1
我找到了这个问题的原因。OpenVPN 无法检测到默认网关,因为它没有通过route
命令显示。解决方案是在建立 PPP 连接后设置默认网关:
ip route replace default via 213.206.63.44 dev ppp0
答案2
您应该首先在终端中像这样查看您的网关:
/sbin/ip addr show ppp0 | grep peer | awk ' { print $4 } ' | sed 's/\/32//'
然后在终端使用:
ip route replace default via xx:xx:xx:xx dev ppp0
将 xx:xx... 替换为在第一步中找到的网关。
从这里