Ubuntu 11.10 上的 OpenVPN - 无法重定向默认网关

Ubuntu 11.10 上的 OpenVPN - 无法重定向默认网关

我正在尝试从我的 Ubuntu 11.10 机器连接到 OpenVPN 服务器。我使用以下命令来执行此操作(在 root 用户下):

openvpn   --config /home/vladimir/client.ovpn

一切似乎都正常,它可以正常连接,没有任何警告和错误,但是当我尝试浏览互联网时,我发现我仍然使用自己的 IP 地址,因此 VPN 连接不起作用。当我运行 openvpn 命令时,它会显示以下消息:

NOTE: unable to redirect default gateway -- Cannot read current default gateway from system

我认为这是导致此问题的原因,但不幸的是我不知道如何解决它。

以下是 openvpn 命令的完整输出:

    Sat Jun  9 23:51:36 2012 OpenVPN 2.2.0 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jul  4 2011
    Sat Jun  9 23:51:36 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Sat Jun  9 23:51:36 2012 Control Channel Authentication: tls-auth using INLINE static key file
    Sat Jun  9 23:51:36 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jun  9 23:51:36 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jun  9 23:51:36 2012 LZO compression initialized
    Sat Jun  9 23:51:36 2012 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Sat Jun  9 23:51:36 2012 Socket Buffers: R=[126976->200000] S=[126976->200000] 
    Sat Jun  9 23:51:36 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sat Jun  9 23:51:36 2012 Local Options hash (VER=V4): '504e774e'
    Sat Jun  9 23:51:36 2012 Expected Remote Options hash (VER=V4): '14168603'
    Sat Jun  9 23:51:36 2012 UDPv4 link local: [undef]
    Sat Jun  9 23:51:36 2012 UDPv4 link remote: [AF_INET]94.229.78.130:1194
    Sat Jun  9 23:51:37 2012 TLS: Initial packet from [AF_INET]94.229.78.130:1194, sid=13fd921b b42072ab
    Sat Jun  9 23:51:37 2012 VERIFY OK: depth=1, /CN=OpenVPN_CA
    Sat Jun  9 23:51:37 2012 VERIFY OK: nsCertType=SERVER
    Sat Jun  9 23:51:37 2012 VERIFY OK: depth=0, /CN=OpenVPN_Server
    Sat Jun  9 23:51:38 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Sat Jun  9 23:51:38 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jun  9 23:51:38 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Sat Jun  9 23:51:38 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jun  9 23:51:38 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Sat Jun  9 23:51:38 2012 [OpenVPN_Server] Peer Connection Initiated with [AF_INET]94.229.78.130:1194
    Sat Jun  9 23:51:40 2012 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
    Sat Jun  9 23:51:40 2012 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 5,ping-restart 40,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 5.5.0.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,register-dns,comp-lzo yes,ifconfig 5.5.117.43 255.255.0.0'
    Sat Jun  9 23:51:40 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.2.0)
    Sat Jun  9 23:51:40 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.2.0)
    Sat Jun  9 23:51:40 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.2.0)
    Sat Jun  9 23:51:40 2012 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:16: register-dns (2.2.0)
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: timers and/or timeouts modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: explicit notify parm(s) modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: LZO parms modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: --ifconfig/up options modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: route options modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: route-related options modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Sat Jun  9 23:51:40 2012 ROUTE: default_gateway=UNDEF
    Sat Jun  9 23:51:40 2012 TUN/TAP device tun0 opened
    Sat Jun  9 23:51:40 2012 TUN/TAP TX queue length set to 100
    Sat Jun  9 23:51:40 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Sat Jun  9 23:51:40 2012 /sbin/ifconfig tun0 5.5.117.43 netmask 255.255.0.0 mtu 1500 broadcast 5.5.255.255
    Sat Jun  9 23:51:45 2012 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
    Sat Jun  9 23:51:45 2012 Initialization Sequence Completed

路线命令的输出:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 ppp0
5.5.0.0         *               255.255.0.0     U     0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 wlan0
192.168.0.0     *               255.255.255.0   U     0      0        0 wlan0
stream-ts1.net. *               255.255.255.255 UH    0      0        0 ppp0

ifconfig 命令的输出:

    eth0      Link encap:Ethernet  HWaddr 6c:62:6d:44:0d:12
              inet6 addr: fe80::6e62:6dff:fe44:d12/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:54594 errors:0 dropped:0 overruns:0 frame:0
              TX packets:59897 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:44922107 (44.9 MB)  TX bytes:8839969 (8.8 MB)
              Interrupt:41 Base address:0x8000

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:4561 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4561 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:685425 (685.4 KB)  TX bytes:685425 (685.4 KB)

    ppp0      Link encap:Point-to-Point Protocol
              inet addr:213.206.63.44  P-t-P:213.206.34.4  Mask:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
              RX packets:53577 errors:0 dropped:0 overruns:0 frame:0
              TX packets:58892 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:3
              RX bytes:43667387 (43.6 MB)  TX bytes:7504776 (7.5 MB)

    tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:5.5.117.43  P-t-P:5.5.117.43  Mask:255.255.0.0
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

    wlan0     Link encap:Ethernet  HWaddr 00:27:19:f6:b5:cf
              inet addr:192.168.0.1  Bcast:0.0.0.0  Mask:255.255.255.0
              inet6 addr: fe80::227:19ff:fef6:b5cf/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:12079 errors:0 dropped:0 overruns:0 frame:0
              TX packets:11178 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:1483691 (1.4 MB)  TX bytes:4307899 (4.3 MB)

所以我的问题是——如何让 OpenVPN 重定向默认网关?

谢谢!

答案1

我找到了这个问题的原因。OpenVPN 无法检测到默认网关,因为它没有通过route命令显示。解决方案是在建立 PPP 连接后设置默认网关:

ip route replace default via 213.206.63.44 dev ppp0

答案2

您应该首先在终端中像这样查看您的网关:

/sbin/ip addr show ppp0 | grep peer | awk ' { print $4 } ' | sed 's/\/32//'

然后在终端使用:

ip route replace default via xx:xx:xx:xx dev ppp0

将 xx:xx... 替换为在第一步中找到的网关。

这里

相关内容