我确实在 Fedora 20 VPS 上设置了一个 OpenVPN 服务器,我可以通过 vnet 顺利连接到服务器本身及其服务。
# +<tun>+ VNET <tun>-<eth> +------------+
# | VPS |--[10.8.0.0/24]--|CLIENT|---| LAN |
# +-----+ +------+ +------------+
# 192.168.178.0/24
但是,一旦 OpenVPN 客户端启动,default
就会向客户端推送一条新路由。这反过来会造成一些混乱,因为我现在有一个错误的默认网关,它显然不起作用,因为所有不是发往 LAN 的请求现在都(试图路由)通过VNET
(通过其网关):
# ip route list
default via 10.8.0.1 dev tun0 proto static metric 1024
192.168.178.0/24 dev eth0 ....
....
然而,一组简单的路由删除和路由添加
ip route del default via 10.8.0.1
ip route add default via 192.168.178.1
ip route add 10.8.0.0/24 dev tun0
使一切再次正常工作,因为(我猜这是原因)只保留一条默认路由,并且10.8.0.0/24
子网通过接口进行路由tun0
。
我需要做哪些更改才能通过本地网关访问互联网,但仍然可以访问我的私有虚拟网络中的服务,而无需手动更改路由?
port 1194
dev tun
tls-server
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
mode server
# the addresses which represent the server
ifconfig 10.8.0.1 10.8.0.2
# pool of IPs to assign to clients
ifconfig-pool 10.8.0.66 10.8.0.99
#### routing info that gets pushed from server to client
#### so this represents the subnet that gets routed
#### through the tap0 interface
push "route 10.8.0.0 255.255.255.0"
#### do I need any of these? don't think so
####
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option WINS 8.8.8.8"
#push "dhcp-option DNS 192.168.0.1"
#push "dhcp-option WINS 192.168.0.1"
keepalive 10 60
inactive 600
#### what should I set this to?
#### the routing from server => client
#### so this should include all IPs we assign
#### to the clients
route 10.8.0.1 255.255.255.0
user openvpn
group openvpn
persist-tun
persist-key
client-to-client
verb 4
注意:我不想让流量通过服务器(从而通过 vnet),而是通过本地路由器进行解析。
答案1
NetworkManager
与其程序一起使用OpenVPN-client
会产生一个复选框,仅使用网络资源之内该网络(此处指网络10.8.0.0/24
)。这不是我期望的服务器端正确修复,但我想已经足够好了。
Networking > Editing foo-vpn
选择IPv4
或IPv6
标签,根据需要选择Routes...
并检查Use this connection only for resources on its network