之后sudo ipsec up vpn
,我不能ping 192.168.1.1
。它还会添加10.0.0.226
到ip addr
。 traceroute 192.168.1.1
产生 3 跳:
1. 23.81.21.124
2. 23.81.21.121.rdns.pingpipe.com
3. 23.108.56.0
sudo ip route add -net 192.168.1.1 netmask 255.255.255 gw 23.81.21.124 dev enp0s3
产量SIOCADDRT: Network is unreachable
。
cat /etc/ipsec.conf
:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
conn DATVPNTHO
keyexchange=ikev2
dpdaction=clear
dpddelay=300s
eap_identity="THIS_ID_THO"
leftauth=eap-mschapv2
left=%defaultroute
leftsourceip=%config
right=whutaboutdatservertho
rightauth=pubkey
rightsubnet=0.0.0.0/0
rightid=%any
type=tunnel
auto=add
# Sample VPN connections
#conn sample-self-signed
# leftsubnet=10.1.0.0/16
# leftcert=selfCert.der
# leftsendcert=never
# right=192.168.0.2
# rightsubnet=10.2.0.0/16
# rightcert=peerCert.der
# auto=start
#conn sample-with-ca-cert
# leftsubnet=10.1.0.0/16
# leftcert=myCert.pem
# right=192.168.0.2
# rightsubnet=10.2.0.0/16
# rightid="C=CH, O=Linux strongSwan CN=peer name"
# auto=start
我该怎么ping 192.168.1.1
办sudo ipsec up vpn
?
答案1
您需要重新配置 VPN 以进行拆分隧道。VPN 会将您的默认路由移至加密隧道的远端,从而使您的本地网络的其余部分无法访问。拆分隧道为您提供了一条额外的本地路由,该路由不会经过 VPN,因此您仍然可以访问其他本地主机。为什么您需要 ping 192.168.1.1?