VPN 桥接重复路由

2024-5-30 • tag-icon

我正在尝试在两台嵌入式计算机之间建立 VPN 桥接。VPN 已正确建立，但是一旦在客户端创建 tap0 接口，它就会创建重复路由：

192.168.127.0   *               255.255.255.0   U     0      0        0 tap0
192.168.127.0   *               255.255.255.0   U     0      0        0 eth0

以下是两个接口的配置：

eth0      Link encap:Ethernet  HWaddr 00:90:e8:44:76:1c
          inet addr:192.168.127.20  Bcast:192.168.127.255  Mask:255.255.255.0
          inet6 addr: fe80::290:e8ff:fe44:761c/64 Scope:Link
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:1578 errors:0 dropped:0 overruns:0 frame:0
          TX packets:107 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:141027 (137.7 KiB)  TX bytes:8351 (8.1 KiB)

tap0      Link encap:Ethernet  HWaddr a6:ed:36:87:50:12
          inet addr:192.168.127.50  Bcast:192.168.127.255  Mask:255.255.255.0
          inet6 addr: fe80::a4ed:36ff:fe87:5012/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1380 (1.3 KiB)  TX bytes:468 (468.0 B)

我试图将连接到客户端（与客户端位于同一子网中）的设备流量路由到服务器，并最终路由到连接到服务器的 PC。服务器有 IP 地址192.168.127.10，PC 连接到它192.168.127.200

使用当前路由表，服务器无法 ping 通客户端，反之亦然。

尝试解决问题

如果我删除 eth0 路由：

192.168.127.0 0.0.0.0 255.255.255.0 U 5 0 0 tap0

Ping Client's tap0 --> Server's tap0 : OK
Ping Server's tap0 --> Client's tap0 : OK
Ping Client's tap0 --> PC connected to server : OK
Ping PC connected to server --> PC connected to client : FAIL
Ping PC connected to server --> Client's tap0 : OK
Ping PC connected to client --> Client's tap0 : FAIL
Ping PC connected to client --> Server's tap0 : FAIL
Ping PC connected to client --> PC connected to Server : FAIL

由于客户端只能访问服务器端的 2 个 IP 地址，因此让我们为这些 IP 添加静态路由并让 eth0 处理正常流量：

192.168.127.0 * 255.255.255.0 U 5 0 0 eth0 192.168.127.10 * 255.255.255.255 UH 0 0 0 tap0 192.168.127.200 * 255.255.255.255 UH 0 0 0 tap0

注意路线优先级！

Ping Client's tap0 --> Server's tap0 : FAIL
Ping Server's tap0 --> Client's tap0 : FAIL
Ping Client's tap0 --> PC connected to server : FAIL
Ping PC connected to server --> PC connected to client : FAIL
Ping PC connected to server --> Client's tap0 : FAIL
Ping PC connected to client --> Client's tap0 : OK
Ping PC connected to client --> Server's tap0 : FAIL
Ping PC connected to client --> PC connected to Server : FAIL

你知道在我的情况下如何设置路由表吗？

答案1

解决了。

我最终只是在客户端上将 eth0 与 tap0 桥接起来。这将两个初始路由合并为指向 br0 的单个路由。与服务器不同，客户端的接口桥接必须在建立 openvpn 连接后进行！

答案1

相关内容