Linux vpnc - 如何在 vpnc 中定义特定的 tunX 号码

tag-icon tag-icon linux vpn centos7 tunnel
Linux vpnc - 如何在 vpnc 中定义特定的 tunX 号码

我需要启动多个 vpnc 隧道并在设置后为每个隧道单独定义不同的静态路由。

为此,我创建了一个脚本,它将在每次连接(tunX)建立后运行。

但是,如果一个或多个隧道发生故障,并且我需要重新启动这些特定的连接,我将丢失每个客户端的正确归因顺序,并且我的脚本将无法按预期工作,从而实际上将我锁定在盒子之外。

示例:我需要删除并添加 tun1 中 client_b 的以下路由,因为注入的路由会覆盖我的内部网络。

ip route del 0.0.0.0/0 dev tun1 # this route must be deleted because it overrides my GW.
ip route del 192.168.0.0/16 dev tun1 # this route must be deleted because it overrides internal net.
ip route add 192.168.88.0/24 via 123.123.123.123 dev tun1 # Manually added subnet that I need to have access to
ip route add 0.0.0.0/0 via 192.168.40.1 dev eth0 # My internal network is 192.168.40.0/24

因此,每当我启动新的 vpnc 连接时,我都会得到一个以 tun0 开头的隧道号,然后是 tun1、tun2 等等。

然而,如果一个隧道出现故障并且我需要重新启动它,我会得到一个 tunX,其中 X 不再有序。

示例:最初,当我按顺序连接这些客户端时,我将为每个客户端获得一个连续的 tunX 编号。

sudo vpnc client_a --local-port 0 # It will be available on tun0
sudo vpnc client_b --local-port 0 # It will be available on tun1
sudo vpnc client_c --local-port 0 # It will be available on tun2
sudo vpnc client_d --local-port 0 # It will be available on tun3

请注意:我需要删除每个隧道中不需要的路线,并为每个隧道单独定义个性化路线,因为每个隧道都有自己的路线和相应的端点。

一次性终止所有连接并按顺序启动所有连接不是一个选择。

所以我的问题是:如何静态定义 client_a 始终使用 tun0,client_b 始终使用 tun1等等?

答案1

为了防止有人遇到同样的问题,以下是我提出的解决方案。

#!/bin/bash
# Run script as # nohup ./vpn-monitor.sh /dev/null 2>&1 &
# mjoao

################### Start functions ###################

vpn_clientA(){

vpnName="clientA"
endpoint="10.23.23.51"
endpoint2="10.23.25.55"

count=$( ping -c 3 $endpoint | grep icmp* | wc -l )
count2=$( ping -c 3 $endpoint2 | grep icmp* | wc -l )

if [ $count -eq 0 -a $count2 -eq 0 ]
    then
    # All pings have failed!!!
    echo "Ping FAILED $(date)" >> /var/log/vpnc/$vpnName.log

    # Sending Email...
    echo "Ping for $endpoint FAILED! More info /var/log/vpnc/$vpnName.log " | mail -s "VPN $vpnName failed " [email protected]

    # Restart connection
    /root/vpn_clientA.sh >> /var/log/vpnc/$vpnName.log &

else
    echo "Ping replied $(date)" >> /var/log/vpnc/$vpnName.log
fi
}


vpn_clientB(){

vpnName="clientB"
endpoint="192.168.10.11"
endpoint2="192.168.10.13"

count=$( ping -c 3 $endpoint | grep icmp* | wc -l )
count2=$( ping -c 3 $endpoint2 | grep icmp* | wc -l )

if [ $count -eq 0 -a $count2 -eq 0 ]
    then
    # All pings have failed!!!
    echo "Ping FAILED $(date)" >> /var/log/vpnc/$vpnName.log

    # Sending Email
    echo "Ping for $endpoint FAILED! More info /var/log/vpnc/$vpnName.log " | mail -s "VPN $vpnName failed " [email protected]

    # Restart connection
    /root/vpn_clientB.sh >> /var/log/vpnc/$vpnName.log &

else
    echo "Ping replied $(date)" >> /var/log/vpnc/$vpnName.log
fi
}


vpn_clientC(){

vpnName="clientC"
endpoint="10.10.10.78"
endpoint2="10.10.10.198"

count=$( ping -c 3 $endpoint | grep icmp* | wc -l )
count2=$( ping -c 3 $endpoint2 | grep icmp* | wc -l )

if [ $count -eq 0 -a $count2 -eq 0 ]
    then
    # All pings have failed!!!
    echo "Ping FAILED $(date)" >> /var/log/vpnc/$vpnName.log

    # Sending Email
    echo "Ping for $endpoint FAILED! More info /var/log/vpnc/$vpnName.log " | mail -s "VPN $vpnName failed " [email protected]

    # Restart Connection
    /root/vpn_clientC.sh >> /var/log/vpnc/$vpnName.log &

else
    echo "Ping replied $(date)" >> /var/log/vpnc/$vpnName.log
fi
}
################### Functions End ###################



while : # Infinite cycle 

do
# Call functions every 30 seconds
vpn_clientA
vpn_clientB
vpn_clientC
sleep 30

done

针对拼写和清晰度进行了编辑。

相关内容