我的 VPN 隧道是否已连接?我的流量是否通过 VPN 隧道传输?我该如何验证这一点?

tag-icon tag-icon networking vpn arch-linux tunnel ipsec
我的 VPN 隧道是否已连接?我的流量是否通过 VPN 隧道传输?我该如何验证这一点?

我必须从 RHEL 连接 VPN 服务器并到达目标 PC1。到目前为止,VPN 可以互连,但 10.0.0.108 无法 ping 10.109.0.200。

变量:

ME WAN IP: 8.8.8.8 (Amazon Elastic IP)
              ^\__ ME LAN IP: 10.0.0.108 (Amazon VPC)

VPN Server: 9.9.9.9 (Public Internet)
              ^\__ Behind VPN Target PC1: 10.109.0.200



$ service ipsec restart; ipsec auto --add test; ipsec auto --up test
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.32-358.el6.x86_64...
ipsec_setup: multiple ip addresses, using  10.0.0.108 on eth0
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
ipsec_setup: defaulting leftsubnet to 8.8.8.8
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
defaulting leftsubnet to 8.8.8.8
104 "test" #1: STATE_MAIN_I1: initiate
003 "test" #1: ignoring unknown Vendor ID payload [8f9cc94e01248ecdf147594c284b213b]
003 "test" #1: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-01]
003 "test" #1: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-02]
003 "test" #1: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
003 "test" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
003 "test" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
003 "test" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
003 "test" #1: received Vendor ID payload [RFC 3947] meth=109, but port floating is off
003 "test" #1: received Vendor ID payload [Dead Peer Detection]
106 "test" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "test" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "test" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_md5 group=modp1024}
117 "test" #2: STATE_QUICK_I1: initiate
004 "test" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0x071cca57 <0x88557c5e xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=none}

$ ping 10.109.0.200
PING 10.109.0.200 (10.109.0.200) 56(84) bytes of data.
^
|______________ no reply for about 20 minutes like this

答案1

简短的答案是查看您的路由表。任何基于隧道的 VPN 都会添加某种新的虚拟接口和路由。查看您的默认网关是否发生变化。查看是否为特定网络添加了任何静态路由。

运行您选择的跟踪路由工具(例如mtr hostname),它会向您显示一系列数据包到达特定目的地所遵循的路径。

相关内容