我正在尝试配置 openvpn 客户端和服务器以在同一主机上同时运行。
我的问题是,一旦主机连接到付费 VPN 服务,主机的外部 IP 就会发生变化,我无法再连接任何客户端,因为外部 IP 会发生变化。我确信可以iptables
设置一些规则来实现这一点,但我无论如何也想不通,谷歌似乎在这个问题上让我失望了。
正如您在下面看到的,我设置了 2 个 openvpn 服务器。tun0
是一个仅传输 dns 流量的分割隧道。tun1
是一个传输所有流量的完整隧道。
我想要实现的是继续使用 2 台服务器供客户端连接,然后通过付费 VPN 服务路由所有流量,以及通过付费 VPN 路由所有来自主机的流量。此外,还继续通过 ISP 提供的外部 IP 地址连接客户端,因为我无法通过 VPN 提供商颁发的外部 IP 进行连接。
下面的输出ifconfig
:
ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1460
inet 10.128.0.3 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::4001:aff:fe80:3 prefixlen 64 scopeid 0x20<link>
ether 42:01:0a:80:00:03 txqueuelen 1000 (Ethernet)
RX packets 19880379 bytes 11032685187 (11.0 GB)
RX errors 0 dropped 0 overruns 0 frame 1
TX packets 19858911 bytes 10608492536 (10.6 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 316267 bytes 30791023 (30.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 316267 bytes 30791023 (30.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.80.0.1 netmask 255.255.255.0 destination 10.80.0.1
inet6 fe80::da15:78ed:962e:9661 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 221242 bytes 15813039 (15.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 201308 bytes 21841590 (21.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.4.43.1 netmask 255.255.255.0 destination 10.4.43.1
inet6 fe80::ee9:1cb5:736c:bd5e prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 4424650 bytes 496438487 (496.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6987658 bytes 8778868723 (8.7 GB)
TX errors 0 dropped 27868 overruns 0 carrier 0 collisions 0
输出openvpn --version
OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 9 2019
library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
编辑:
ip addr
根据ip route
@grawity 的要求添加
ip addr
输出:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000
link/ether 42:01:0a:80:00:03 brd ff:ff:ff:ff:ff:ff
inet 10.128.0.3/32 scope global dynamic ens4
valid_lft 2073sec preferred_lft 2073sec
inet6 fe80::4001:aff:fe80:3/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.80.0.1/24 brd 10.80.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::c1f5:bd41:aff5:6d36/64 scope link stable-privacy
valid_lft forever preferred_lft forever
4: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.4.43.1/24 brd 10.4.43.255 scope global tun1
valid_lft forever preferred_lft forever
inet6 fe80::5e7e:a8f:95e:c510/64 scope link stable-privacy
valid_lft forever preferred_lft forever
ip route
输出
default via 10.128.0.1 dev ens4 proto dhcp metric 100
default via 10.128.0.1 dev ens4 src 10.128.0.3 metric 202
10.4.43.0/24 dev tun1 proto kernel scope link src 10.4.43.1
10.80.0.0/24 dev tun0 proto kernel scope link src 10.80.0.1
10.128.0.1 dev ens4 proto dhcp scope link metric 100
10.128.0.1 dev ens4 scope link src 10.128.0.3 metric 202
边注:
我们可以拿到ubuntu-19.04
标签吗?