如何配置 openVPN 服务器和客户端同一主机(Ubuntu 19.04)?

tag-icon tag-icon networking ubuntu routing openvpn linux-server
如何配置 openVPN 服务器和客户端同一主机(Ubuntu 19.04)?

我正在尝试配置 openvpn 客户端和服务器以在同一主机上同时运行。

我的问题是,一旦主机连接到付费 VPN 服务,主机的外部 IP 就会发生变化,我无法再连接任何客户端,因为外部 IP 会发生变化。我确信可以iptables设置一些规则来实现这一点,但我无论如何也想不通,谷歌似乎在这个问题上让我失望了。

正如您在下面看到的,我设置了 2 个 openvpn 服务器。tun0是一个仅传输 dns 流量的分割隧道。tun1是一个传输所有流量的完整隧道。

我想要实现的是继续使用 2 台服务器供客户端连接,然后通过付费 VPN 服务路由所有流量,以及通过付费 VPN 路由所有来自主机的流量。此外,还继续通过 ISP 提供的外部 IP 地址连接客户端,因为我无法通过 VPN 提供商颁发的外部 IP 进行连接。

下面的输出ifconfig

ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1460
        inet 10.128.0.3  netmask 255.255.255.255  broadcast 0.0.0.0
        inet6 fe80::4001:aff:fe80:3  prefixlen 64  scopeid 0x20<link>
        ether 42:01:0a:80:00:03  txqueuelen 1000  (Ethernet)
        RX packets 19880379  bytes 11032685187 (11.0 GB)
        RX errors 0  dropped 0  overruns 0  frame 1
        TX packets 19858911  bytes 10608492536 (10.6 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 316267  bytes 30791023 (30.7 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 316267  bytes 30791023 (30.7 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.80.0.1  netmask 255.255.255.0  destination 10.80.0.1
        inet6 fe80::da15:78ed:962e:9661  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 221242  bytes 15813039 (15.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 201308  bytes 21841590 (21.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.4.43.1  netmask 255.255.255.0  destination 10.4.43.1
        inet6 fe80::ee9:1cb5:736c:bd5e  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 4424650  bytes 496438487 (496.4 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6987658  bytes 8778868723 (8.7 GB)
        TX errors 0  dropped 27868 overruns 0  carrier 0  collisions 0

输出openvpn --version

OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan  9 2019
library versions: OpenSSL 1.1.1b  26 Feb 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

编辑:

ip addr根据ip route@grawity 的要求添加

ip addr输出:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000
    link/ether 42:01:0a:80:00:03 brd ff:ff:ff:ff:ff:ff
    inet 10.128.0.3/32 scope global dynamic ens4
       valid_lft 2073sec preferred_lft 2073sec
    inet6 fe80::4001:aff:fe80:3/64 scope link 
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.80.0.1/24 brd 10.80.0.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::c1f5:bd41:aff5:6d36/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
4: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.4.43.1/24 brd 10.4.43.255 scope global tun1
       valid_lft forever preferred_lft forever
    inet6 fe80::5e7e:a8f:95e:c510/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

ip route输出


default via 10.128.0.1 dev ens4 proto dhcp metric 100 
default via 10.128.0.1 dev ens4 src 10.128.0.3 metric 202 
10.4.43.0/24 dev tun1 proto kernel scope link src 10.4.43.1 
10.80.0.0/24 dev tun0 proto kernel scope link src 10.80.0.1 
10.128.0.1 dev ens4 proto dhcp scope link metric 100 
10.128.0.1 dev ens4 scope link src 10.128.0.3 metric 202

边注:

我们可以拿到ubuntu-19.04标签吗?

相关内容