我设置了我的 rut950 4g 路由器以连接到商业 VPN 提供商,它一直运行良好,直到有一天它停止工作。更具体地说,互联网连接正常,VPN 连接连接,但连接后,互联网连接不再有效。当时我没有更改路由器上的任何设置。
即如果我从连接到路由器热点的计算机 ping 通,则无法访问互联网:
[user@client ~]$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Port Unreachable
我尝试将路由器恢复出厂设置,然后尝试了以下不同的方法:
A)将 VPN 提供商 ovpn 文件中的设置复制到路由器的 VPN 设置中 结果:openvpn 连接但无互联网
b)带有用户名和密码的默认 ovpn
结果:openvpn 连接但无互联网
C)默认 ovpn,但根据建议添加了以下两行Teltonika 维基: 结果:openvpn 连接但无互联网
redirect-gateway def1
dhcp-option DNS 192.168.1.1
SSH 进入路由器 但是路由器可以通过 VPN 隧道访问互联网,因为如果我通过 SSH 进入路由器并 ping 互联网,则对 1.1.1.1 和任何网站都可以 ping 成功。
我知道这些请求正在通过我的 VPN 隧道,因为curl ifconfig.me它返回了该国家/地区的 VPN 的 IP 地址。
但是上面的选项 (c) 似乎更可取,因为如果我curl ifconfig.me没有在 ovpn 配置文件中添加两个重定向网关行,curl 将无法成功返回 IP:
curl: (6) Couldn't resolve host 'ifconfig.me'
系统已启用 IP 转发:
cat /proc/sys/net/ipv4/ip_forward
1
和
"/etc/sysctl.d/10-default.conf"包含以下行:
net.ipv4.ip_forward=1
那么这是 NAT 问题吗?
因为毕竟路由器的 GUI 配置中此部分是空的:
网络 > 防火墙 > NAT 规则 > 源 NAT > “此部分尚不包含任何值”
我习惯于 iptables 中的 NAT 表具有类似以下规则:
iptables -t nat -A POSTROUTING -o [interface] -j MASQUERADE
但看看rutOS 防火墙的 NAT 表从 iptables 来看似乎并不简单!:
$ iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 98 packets, 5127 bytes)
pkts bytes target prot opt in out source destination
98 5127 prerouting_rule all -- any any anywhere anywhere /* !fw3: Custom prerouting rule chain */
98 5127 zone_lan_prerouting all -- br-lan any anywhere anywhere /* !fw3 */
0 0 zone_wan_prerouting all -- eth1 any anywhere anywhere /* !fw3 */
0 0 zone_wan_prerouting all -- wwan0 any anywhere anywhere /* !fw3 */
0 0 zone_wan_prerouting all -- qmimux0 any anywhere anywhere /* !fw3 */
0 0 zone_openvpn_prerouting all -- tun_+ any anywhere anywhere /* !fw3 */
Chain INPUT (policy ACCEPT 77 packets, 4035 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 14 packets, 909 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 28 packets, 1323 bytes)
pkts bytes target prot opt in out source destination
35 1749 postrouting_rule all -- any any anywhere anywhere /* !fw3: Custom postrouting rule chain */
21 840 zone_lan_postrouting all -- any br-lan anywhere anywhere /* !fw3 */
0 0 zone_wan_postrouting all -- any eth1 anywhere anywhere /* !fw3 */
0 0 zone_wan_postrouting all -- any wwan0 anywhere anywhere /* !fw3 */
7 426 zone_wan_postrouting all -- any qmimux0 anywhere anywhere /* !fw3 */
0 0 zone_openvpn_postrouting all -- any tun_+ anywhere anywhere /* !fw3 */
Chain postrouting_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain postrouting_openvpn_rule (1 references)
pkts bytes target prot opt in out source destination
Chain postrouting_rule (1 references)
pkts bytes target prot opt in out source destination
Chain postrouting_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_openvpn_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_rule (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain zone_lan_postrouting (1 references)
pkts bytes target prot opt in out source destination
21 840 postrouting_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan postrouting rule chain */
Chain zone_lan_prerouting (1 references)
pkts bytes target prot opt in out source destination
98 5127 prerouting_lan_rule all -- any any anywhere anywhere /* !fw3: Custom lan prerouting rule chain */
Chain zone_openvpn_postrouting (1 references)
pkts bytes target prot opt in out source destination
0 0 postrouting_openvpn_rule all -- any any anywhere anywhere /* !fw3: Custom openvpn postrouting rule chain */
0 0 MASQUERADE all -- any any anywhere anywhere /* !fw3 */
Chain zone_openvpn_prerouting (1 references)
pkts bytes target prot opt in out source destination
0 0 prerouting_openvpn_rule all -- any any anywhere anywhere /* !fw3: Custom openvpn prerouting rule chain */
Chain zone_wan_postrouting (3 references)
pkts bytes target prot opt in out source destination
7 426 postrouting_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan postrouting rule chain */
7 426 MASQUERADE all -- any any anywhere anywhere /* !fw3 */
Chain zone_wan_prerouting (3 references)
pkts bytes target prot opt in out source destination
0 0 prerouting_wan_rule all -- any any anywhere anywhere /* !fw3: Custom wan prerouting rule chain */
Openvpn .ovpn 配置文件:
client
dev tun
proto udp
remote [VPN server URL] 1197
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
auth sha256
tls-client
remote-cert-tls server
auth-user-pass
compress
verb 1
reneg-sec 0
disable-occ
redirect-gateway def1
dhcp-option DNS 192.168.1.1
<crl-verify>
-----BEGIN X509 CRL-----
[text omitted]
-----END X509 CRL-----
</crl-verify>
<ca>
-----BEGIN CERTIFICATE-----
[text omitted]
-----END CERTIFICATE-----
</ca>
如果有人能帮忙我将非常感激!
答案1
最后我设法通过以下方式解决了该问题:
从 Web 界面恢复出厂设置(按住重置按钮 5 秒钟是不够的),然后
将 ovpn(openvpn 配置)文件中的设置复制到 rutOS 的 Web 界面 VPN 设置中(上面的方法(a))