dhclient tap0
我有一个以桥接模式 (tap) 运行的 OpenVPN 设置。连接到 vpn 后,我必须手动运行。
我想自动执行此操作,因此我在 ovpn conf 中添加了以下几行:
script-security 2
up /etc/openvpn/dhcp.sh
/etc/openvpn/dhcp.sh:
#!/bin/bash
/sbin/dhclient -v ${dev}
但是,当我用启动vpn时sudo openvpn server1.ovpn
,dhcp无法正常工作:
2022-04-19 10:57:25 OpenVPN 2.5.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 20 2022
2022-04-19 10:57:25 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
2022-04-19 10:57:25 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-04-19 10:57:25 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-04-19 10:57:25 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-04-19 10:57:25 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-04-19 10:57:25 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-04-19 10:57:25 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:1194
2022-04-19 10:57:25 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-04-19 10:57:25 UDP link local: (not bound)
2022-04-19 10:57:25 UDP link remote: [AF_INET]X.X.X.X:1194
2022-04-19 10:57:25 TLS: Initial packet from [AF_INET]X.X.X.X:1194, sid=e6ac9673 fc52f1bb
2022-04-19 10:57:25 VERIFY OK: depth=1, CN=my-local-CA
2022-04-19 10:57:25 VERIFY KU OK
2022-04-19 10:57:25 Validating certificate extended key usage
2022-04-19 10:57:25 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-04-19 10:57:25 VERIFY EKU OK
2022-04-19 10:57:25 VERIFY X509NAME OK: CN=server1
2022-04-19 10:57:25 VERIFY OK: depth=0, CN=server1
2022-04-19 10:57:25 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
2022-04-19 10:57:25 [Rasp001-server] Peer Connection Initiated with [AF_INET]X.X.X.X:1194
2022-04-19 10:57:25 PUSH: Received control message: 'PUSH_REPLY,route-gateway dhcp,ping 10,ping-restart 120,peer-id 1,cipher AES-128-GCM'
2022-04-19 10:57:25 OPTIONS IMPORT: timers and/or timeouts modified
2022-04-19 10:57:25 OPTIONS IMPORT: route-related options modified
2022-04-19 10:57:25 OPTIONS IMPORT: peer-id set
2022-04-19 10:57:25 OPTIONS IMPORT: adjusting link_mtu to 1656
2022-04-19 10:57:25 OPTIONS IMPORT: data channel crypto options modified
2022-04-19 10:57:25 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2022-04-19 10:57:25 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2022-04-19 10:57:25 TUN/TAP device tap0 opened
2022-04-19 10:57:25 /etc/openvpn/dhcp.sh tap0 1500 1656 init
Internet Systems Consortium DHCP Client 4.4.2-P1
Copyright 2004-2021 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/tap0/06:1a:81:1b:09:30
Sending on LPF/tap0/06:1a:81:1b:09:30
Sending on Socket/fallback
DHCPREQUEST for 192.168.40.42 on tap0 to 255.255.255.255 port 67
DHCPREQUEST for 192.168.40.42 on tap0 to 255.255.255.255 port 67
DHCPREQUEST for 192.168.40.42 on tap0 to 255.255.255.255 port 67
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 6
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 6
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 9
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 10
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 19
DHCPDISCOVER on tap0 to 255.255.255.255 port 67 interval 11
No DHCPOFFERS received.
Trying recorded lease 192.168.40.42
bound: renewal in 264230 seconds.
2022-04-19 10:58:37 Initialization Sequence Completed
当我手动运行 dhclient 时,一切都运行正常。
有什么线索吗?谢谢
答案1
对于遇到同样问题的人来说,up 脚本似乎在隧道完全建立之前就运行了。因此,服务器端 dhcp 无法访问。
下列的这个答案,我相应地修改了我的脚本:
#!/bin/bash
(sleep 10
/sbin/dhclient -v $1 ) &
disown $!