我一直在 Raspberry Pi 3(最新 Noobs)上设置 VPN 服务器,效果非常好。VPN 创建了一个名为 vpn_vpn 的额外接口,我的正常互联网是在 wlan0 或有时是 eth0 上。我的问题在于,为了让 Pi 能够访问互联网,我最终不得不删除在 vpn_vpn 启动或关闭(ifup/ifdown)时自动添加的网关。 我可以删除这个网关,因为我不想通过没有互联网访问的 vpn 来访问互联网。 我用来删除此网关的命令是:sudo ip route del default via 192.168.30.1。我知道我尝试删除的网关始终是 192.168.30.1,因为这是我为 VPN 所做的设置。注意:VPN 还包括一个 dhcp 服务器。
当接口启动时,如何防止添加此网关?
最好的情况是,我想避免在添加网关时ifup vpn_vpn自动添加其他所有接口。我需要这样做是因为我想保持让 pi 在不同网络上工作的能力,而无需对 eth0 或 wlan0 进行硬编码。
我很确定它与 dhclient 有某种关系我不太了解 dhclient。
我没有修改 resolv.conf 或 dhclient.conf,但我将它们放在下面,因为我觉得它们可能需要编辑或提供线索。
/etc/resolv.conf
# Generated by resolvconf
nameserver 192.168.30.1
nameserver 10.0.11.66
/etc/dhcp/dhclient.conf
# Configuration file for /sbin/dhclient, which is included in Debian's
# dhcp3-client package.
#
# This is a sample configuration file for dhclient. See dhclient.conf's
# man page for more information about the syntax of this file
# and a more comprehensive list of the parameters understood by
# dhclient.
#
# Normally, if the DHCP server provides reasonable information and does
# not leave anything out (like the domain name, for example), then
# few changes must be made to this file, if any.
#
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
#send host-name "andare.fugue.com";
send host-name = gethostname();
#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
#send dhcp-lease-time 3600;
#supersede domain-name "fugue.com home.vix.com";
#prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
#require subnet-mask, domain-name-servers;
#timeout 60;
#retry 60;
#reboot 10;
#select-timeout 5;
#initial-interval 2;
#script "/etc/dhcp3/dhclient-script";
#media "-link0 -link1 -link2", "link0 link1";
#reject 192.33.137.209;
#alias {
# interface "eth0";
# fixed-address 192.5.5.213;
# option subnet-mask 255.255.255.255;
#}
#lease {
# interface "eth0";
# fixed-address 192.33.137.200;
# medium "link0 link1";
# option host-name "andare.swiftmedia.com";
# option subnet-mask 255.255.255.0;
# option broadcast-address 192.33.137.255;
# option routers 192.33.137.250;
# option domain-name-servers 127.0.0.1;
# renew 2 2000/1/12 00:00:01;
# rebind 2 2000/1/12 00:00:01;
# expire 2 2000/1/12 00:00:01;
#}
答案1
另外一个解决方案可能取决于您的设置。
如果您知道ifup正在使用启动 VPN 接口,vpn_vpn请添加以下行来/etc/network/interfaces更改默认路由(或任何其他路由):
iface vpn_vpn inet dhcp
post-up sleep 6; ip route del default; ip route add default via <gateway_ip>
根据你的 DHCP 协商和/或 VPN 路由设置所需的时间,你可能必须在第一个启动命令中增加超时时间post-up sleep 6。
答案2
我想我可能终于找到了答案。如果有人能提出其他可行的解决方案,我仍然会很高兴听到。
我现在正在测试这个解决方案:
bash 脚本
echo "script \"/etc/dhcp/dhclient-script\";" | sudo tee -a /etc/dhcp/dhclient.conf
echo "#!/bin/sh
case \$interface in
vpn_vpn)
unset \$new_routers
;;
*)
;;
esac" | sudo tee /etc/dhcp/dhclient-script
sudo chmod +x /etc/dhcp/dhclient-script