正确设置tincVPN 节点(VPN 连接正常):我设置了以下选项
net.ipv4.ip_forward = 1
iptables -t nat -A POSTROUTING -o ens2 -j MASQUERADE
如果我随后在客户端上设置路由
# need this rule to connect vpn after changing default GW
ip route add $VPN_PUBLIC_ADDR via $NETWORK_GATEWAY
ip route del default
# route traffic through vpn
ip route add default via $VPN_PRIVATE_IP
我只能访问 vpn 中的主机->流量未被转发,只是 vpn 连接正常工作。
我遗漏了什么?如何分析问题的原因?
编辑:vpn服务器端没有设置防火墙(据我所知)
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
答案1
问题显然出在我的 tinc 网络上:
Address = Not connectable
Subnet = 172.16.0.10/32 # Here is supposed to be the subnets tinc can route to
-----BEGIN RSA PUBLIC KEY-----
pubkey
-----END RSA PUBLIC KEY-----
更改子网(参见代码)有帮助