我想用 VPN 制作便携式 Raspberry PI 4 WiFi AP,因此一旦我连接到 AP,我的所有流量都应该通过 VPN。
官方 Raspberry Pi文档帮助我设置有效的 WiFi 接入点wlan0。
然后我安装了 openconnect 并成功连接到 VPN 服务器,它创建了tun0接口(设备)
sudo apt-get install openconnect
echo "pwd" | sudo openconnect server --user=username --passwd-on-stdin --no-cert-check
我不想在我的笔记本电脑上安装任何 vpn 应用程序,所以我决定将 VPN 逻辑委托给 Raspberry PI。
问题
如何配置我的树莓派网络接口,以便当我连接到它的 WiFi AP 时 - 我应该能够拥有常规流量(互联网)而且我还应该能够在该 VPN 后面打开企业资源?
这是我当前的网络图:
以及如何通过 VPN 传输所有流量(如果我没错的话):
satellite@rpi:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.159 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::a099:323a:23e:9571 prefixlen 64 scopeid 0x20<link>
ether e4:5f:01:46:cd:70 txqueuelen 1000 (Ethernet)
RX packets 1274 bytes 303233 (296.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1154 bytes 176368 (172.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 22 bytes 2979 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22 bytes 2979 (2.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1390
inet 172.22.210.7 netmask 255.255.255.255 destination 172.22.210.7
inet6 fe80::f321:cf7e:946:1201 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 4 bytes 1091 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1127 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::8c52:f42c:da7b:3416 prefixlen 64 scopeid 0x20<link>
ether e4:5f:01:46:cd:71 txqueuelen 1000 (Ethernet)
RX packets 530 bytes 94983 (92.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 543 bytes 196814 (192.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
satellite@rpi:~ $ sudo iptables --table nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
satellite@rpi:~ $ sudo iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE
satellite@rpi:~ $ ip route
default via 192.168.0.1 dev eth0 proto dhcp src 192.168.0.159 metric 202
10.0.0.0/8 dev tun0 scope link
82.151.106.133 via 192.168.0.1 dev eth0 src 192.168.0.159
172.12.244.0/24 dev tun0 scope link
172.16.0.0/12 dev tun0 scope link
172.22.210.0/24 dev tun0 scope link
172.30.11.2 dev tun0 scope link
192.168.0.0/24 dev eth0 proto dhcp scope link src 192.168.0.159 metric 202
192.168.0.0/16 dev tun0 scope link
192.168.10.0/24 dev wlan0 proto dhcp scope link src 192.168.10.1 metric 303
以下是我在 Windows 上使用 VPN 时在 CiscoAnyConnect 中看到的一些路由:
Cisco AnyConnect Secure Mobility Client 4.10.03104
(Sat Jul 2 22:31:32 2022)
Secured Routes (IPv4)
172.16.0.0/12
192.168.0.0/16
10.0.0.0/8
172.12.244.0/24
172.30.11.2/32
答案1
VPN 连接按照所述步骤运行正常。问题出在 DNS 上。
我必须手动将 DNS 服务器设置为 DHCP 配置, 其中/etc/dhcpcd.confVPN的公司 DNS。static domain_name_servers=8.8.8.8 x.x.x.xx.x.x.x