ipsec up vpn 后无法 ping 网关

tag-icon tag-icon networking vpn routing ping traceroute
ipsec up vpn 后无法 ping 网关

之后sudo ipsec up vpn,我不能ping 192.168.1.1。它还会添加10.0.0.226ip addrtraceroute 192.168.1.1产生 3 跳:

1. 23.81.21.124
2. 23.81.21.121.rdns.pingpipe.com
3. 23.108.56.0

sudo ip route add -net 192.168.1.1 netmask 255.255.255 gw 23.81.21.124 dev enp0s3产量SIOCADDRT: Network is unreachable

cat /etc/ipsec.conf

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
    # strictcrlpolicy=yes
    # uniqueids = no

# Add connections here.
conn DATVPNTHO
  keyexchange=ikev2
  dpdaction=clear
  dpddelay=300s
  eap_identity="THIS_ID_THO"
  leftauth=eap-mschapv2
  left=%defaultroute
  leftsourceip=%config
  right=whutaboutdatservertho
  rightauth=pubkey
  rightsubnet=0.0.0.0/0
  rightid=%any
  type=tunnel
  auto=add

# Sample VPN connections

#conn sample-self-signed
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start

#conn sample-with-ca-cert
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=CH, O=Linux strongSwan CN=peer name"
#      auto=start

我该怎么ping 192.168.1.1sudo ipsec up vpn

答案1

您需要重新配置 VPN 以进行拆分隧道。VPN 会将您的默认路由移至加密隧道的远端,从而使您的本地网络的其余部分无法访问。拆分隧道为您提供了一条额外的本地路由,该路由不会经过 VPN,因此您仍然可以访问其他本地主机。为什么您需要 ping 192.168.1.1?

相关内容