我正在尝试设置我的 RP3,以便 WiFi 连接通过 L2TP VPN 进行路由。我已经让 VPN 正常运行,并且通过以下设置,所有流量都通过 VPN 连接进行路由(ppp0 是 VPN 隧道设备):
route add VPN_PUBLIC_IP gw 192.168.1.1
route add default dev ppp0
但是,正如我的标题所示,我只想通过 VPN 连接路由 WLAN 流量。我该如何实现这一点?下面您将找到一些可能有帮助的其他设置。
ifconfig:
root@raspberrypi:/home/pi# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.110 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::966b:f8b2:31f3:89c9 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:f0:e4:76 txqueuelen 1000 (Ethernet)
RX packets 151 bytes 13560 (13.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 132 bytes 20723 (20.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1280
inet 192.168.42.10 netmask 255.255.255.255 destination 192.168.42.1
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 4 bytes 70 (70.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 64 (64.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.220.1 netmask 255.255.255.0 broadcast 192.168.220.255
inet6 fe80::36c5:7f74:7936:c953 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:a5:b1:23 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 44 bytes 7290 (7.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
路线:
root@raspberrypi:/home/pi# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 202 0 0 eth0
link-local 0.0.0.0 255.255.0.0 U 303 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.42.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.220.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
IP路由:
default via 192.168.1.1 dev eth0 src 192.168.1.110 metric 202
169.254.0.0/16 dev wlan0 proto kernel scope link src 169.254.51.90 metric 303
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.110 metric 202
192.168.42.1 dev ppp0 proto kernel scope link src 192.168.42.10
192.168.220.0/24 dev wlan0 proto kernel scope link src 192.168.220.1
任何建议将不胜感激!
答案1
您可以设置单独的路由表并使用“规则”选择它:
不同的路线
一次性设置:为路由表选择一个名称并分配一个唯一的名称
echo "1 wlanvpn" > /etc/iproute2/rt_tables.d/wlanvpn.conf
(如果没有/etc/iproute2/rt_tables.d/需要附加的目录/etc/iproute2/rt_tables)
每次启动时(例如pre-upwlan0 接口)
ip rule add iif wlan0 table wlanvpn
# in case the vpn is not up the route might not exist,
# blackhole by default with high metric
ip route replace to blackhole default table wlanvpn metric 4095
ip route replace default dev ppp0 table wlanvpn
如果您想从 wlan0 访问其他网络,您必须将路由克隆到此表(例如eth0:)ip route add 192.168.1.0/24 dev eth0 table wlanvpn。
的输出ip rule show现在应为:
0: from all lookup local
32765: from all iif wlan0 lookup wlanvpn
32766: from all lookup main
32767: from all lookup default
对于 IPv6,所有ip rule和命令都需要用(默认情况下不存在)ip route复制。ip -6 ...32767: from all lookup defaultip -6 rule
不同的默认路由
另外,您可以仅指定不同的默认路由(因此手动路由的“内部”网络)仍然可以从 VPN 访问,而无需克隆路由:
一次性设置:为路由表选择一个名称并分配一个唯一的名称
echo "10 default-vpn" > /etc/iproute2/rt_tables.d/default-routes.conf
echo "11 default-normal" >> /etc/iproute2/rt_tables.d/default-routes.conf
每次启动时(例如pre-upwlan0 接口)
ip rule add pref 32768 iif wlan0 lookup default-vpn
ip rule add pref 32769 lookup default-normal
ip route replace to blackhole default table default-vpn metric 4095
ip route replace default dev ppp0 table default-vpn
# move your normal default route (from table main) to table default-normal, e.g:
ip route replace default via 192.168.0.1 table default-normal
ip route delete default table main
的输出ip rule show现在应为:
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
32768: from all iif wlan0 lookup default-vpn
32769: from all lookup default-normal