我安装了一个带有 2 个网络适配器的 Debian 11 虚拟机
目标是,虚拟机连接到 VPN,然后从主机路由所有流量。
adapters:
- enp0s8 作为桥接
- enp0s3 使用 vboxnet0 作为主机
root@vm-debian11:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto enp0s3
allow-hotplug enp0s3
iface enp0s3 inet dhcp
auto enp0s8
allow-hotplug enp0s8
iface enp0s8 inet dhcp
$ cat /etc/sysctl.conf | grep net.ipv4.ip_forward
net.ipv4.ip_forward=1
如果我对主机说网关是 192.168.0.17 或 192.168.56.102... 工作/路由。
我的问题是当我连接 vpn 时
root@vm-debian11:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:42:66:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.17/24 brd 192.168.0.255 scope global dynamic enp0s3
valid_lft 78300sec preferred_lft 78300sec
inet6 fdaa:bbcc:ddee:0:a00:27ff:fe42:6635/64 scope global dynamic mngtmpaddr
valid_lft 2006054619sec preferred_lft 2006054619sec
inet6 fe80::a00:27ff:fe42:6635/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:f2:39:30 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.102/24 brd 192.168.56.255 scope global dynamic enp0s8
valid_lft 464sec preferred_lft 464sec
inet6 fe80::a00:27ff:fef2:3930/64 scope link
valid_lft forever preferred_lft forever
global enp0s3
valid_lft forever preferred_lft forever
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 172.70.1.2/27 brd 172.70.1.31 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::88ad:cd64:8441:a6ff/64 scope link stable-privacy
valid_lft forever preferred_lft forever
连接到 vpn 后的 ip 路由
~# ip route
default via 192.168.0.1 dev enp0s3 onlink
10.0.0.0/14 via 172.70.0.129 dev tun0
10.8.0.0/16 via 172.70.0.129 dev tun0
10.9.0.0/16 via 172.70.0.129 dev tun0
10.10.0.0/16 via 172.70.0.129 dev tun0
10.11.0.0/16 via 172.70.0.129 dev tun0
10.164.0.0/16 via 172.70.0.129 dev tun0
100.64.0.0/16 via 172.70.0.129 dev tun0
172.20.0.0/15 via 172.70.0.129 dev tun0
172.31.0.0/16 via 172.70.0.129 dev tun0
172.40.0.0/15 via 172.70.0.129 dev tun0
172.70.0.128/27 dev tun0 proto kernel scope link src 172.70.0.130
192.168.0.0/24 dev enp0s8 proto kernel scope link src 192.168.0.15
192.168.0.0/24 dev enp0s3 proto kernel scope link src 192.168.0.16
听起来流量没有在 enp0s8 和 tun0 之间路由
我错过了什么?