我目前正在使用以下命令强制流量从 192.168.2.10 通过 tun0 上的 10.8.0.1:
ip rule add from 192.168.2.10/32 table 100
ip route add default via 10.8.0.1 table 100
tun0 是 OpenVPN。它运行良好,但如果 VPN 连接断开(即 tun0 消失),则路由将从表 100 中删除。我怎样才能让这条路由“保留”,即即使接口消失也能保留?或者,当接口重新出现时,我怎样才能让路由再次出现?此外,如果我无法让路由“保留”,那么我可以使用以下命令来确保在 tun0 不可用时阻止来自 192.168.2.10 的流量:
iptables -A FORWARD -i eth0 -s 192.168.2.10/32 -o eth0 -j DROP
(注意:来自 192.168.2.10 的流量通过 eth0 进入)
答案1
翻譯
--up cmd
Run command cmd after successful TUN/TAP device open (pre --user
UID change).
cmd consists of a path to script (or executable program),
optionally followed by arguments. The path and arguments may be
single- or double-quoted and/or escaped using a backslash, and
should be separated by one or more spaces.
The up command is useful for specifying route commands which
route IP traffic destined for private subnets which exist at the
other end of the VPN connection into the tunnel.
创建一个包含这两行内容的脚本,并将这两行内容添加到 openvpn 配置中:
up /my/script.sh
script-security 2