如何使路由更改永久生效

tag-icon tag-icon routing openvpn isc-dhcpd
如何使路由更改永久生效

一旦 tun0 出现(这是一个 openvpn 隧道),我将应用以下路由规则。这些规则有助于将我的网络上的某些客户端推送到 VPN 之外并直接连接到互联网。应用这些的最佳方法是什么?

更新:运行 Ubuntu 18.04。

ip route add default via 192.168.8.1 table novpn
ip route add 192.168.1.0/24 dev enp4s0 table novpn
ip rule add from 192.168.1.220 table novpn
iptables -t nat -A POSTROUTING -m iprange --src-range 192.168.1.210-192.168.1.220 -o enp5s0 -j MASQUERADE

答案1

您可以从 openvpn 配置运行命令,例如:

script-security 2
up /path/to/routing/script
down /path/to/routing/downscript

来自 man openvpn:

   --up cmd
          Run command cmd after successful TUN/TAP device open (pre --user
          UID change).

          cmd  consists  of  a path to script (or executable program), op‐
          tionally followed by arguments. The path and  arguments  may  be
          single-  or  double-quoted and/or escaped using a backslash, and
          should be separated by one or more spaces.

          The up command is useful for  specifying  route  commands  which
          route IP traffic destined for private subnets which exist at the
          other end of the VPN connection into the tunnel.

          For --dev tun execute as:

          cmd  tun_dev  tun_mtu  link_mtu  ifconfig_local_ip  ifconfig_re‐
          mote_ip [ init | restart ]

答案2

你可以试试这个(将其添加到/etc/rc.local

ip route add default via 192.168.8.1 table novpn
ip route add 192.168.1.0/24 dev enp4s0 table novpn
ip rule add from 192.168.1.220 table novpn
iptables -t nat -A POSTROUTING -m iprange --src-range 192.168.1.210-192.168.1.220 -o enp5s0 -j MASQUERADE

相关内容