我有一个 openvpn 服务器。网关重定向的配置在我的手机上有效,但在 Linux 电脑上无效。这意味着我的手机上的 ip 会改变,但电脑上不会。这是我的 .ovpn 文件(手机和电脑上都一样):
client
dev tun
proto udp4
sndbuf 0
rcvbuf 0
mssfix 1200
tun-mtu 1200
remote ip_server port
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
....
在服务器端,配置的重要部分如下:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
我还在服务器上的 IP 表中设置了后路由的配置:
sudo /sbin/iptables -P FORWARD ACCEPT
sudo /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
最后连接vpn之后的结果ip route show table all如下:
0.0.0.0/1 via 10.8.0.1 dev tun0
default via 192.168.43.1 dev wlp2s0 proto dhcp metric 600
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2
ip_server via 192.168.43.1 dev wlp2s0
128.0.0.0/1 via 10.8.0.1 dev tun0
169.254.0.0/16 dev wlp2s0 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-5a527ab22980 proto kernel scope link src 172.18.0.1 linkdown
172.29.0.0/16 dev docker_gwbridge proto kernel scope link src 172.29.0.1 linkdown
192.168.43.0/24 dev wlp2s0 proto kernel scope link src 192.168.43.178 metric 600
broadcast 10.8.0.0 dev tun0 table local proto kernel scope link src 10.8.0.2
local 10.8.0.2 dev tun0 table local proto kernel scope host src 10.8.0.2
broadcast 10.8.0.255 dev tun0 table local proto kernel scope link src 10.8.0.2
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 172.17.0.0 dev docker0 table local proto kernel scope link src 172.17.0.1 linkdown
local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1 linkdown
broadcast 172.18.0.0 dev br-5a527ab22980 table local proto kernel scope link src 172.18.0.1 linkdown
local 172.18.0.1 dev br-5a527ab22980 table local proto kernel scope host src 172.18.0.1
broadcast 172.18.255.255 dev br-5a527ab22980 table local proto kernel scope link src 172.18.0.1 linkdown
broadcast 172.29.0.0 dev docker_gwbridge table local proto kernel scope link src 172.29.0.1 linkdown
local 172.29.0.1 dev docker_gwbridge table local proto kernel scope host src 172.29.0.1
broadcast 172.29.255.255 dev docker_gwbridge table local proto kernel scope link src 172.29.0.1 linkdown
broadcast 192.168.43.0 dev wlp2s0 table local proto kernel scope link src 192.168.43.178
local 192.168.43.178 dev wlp2s0 table local proto kernel scope host src 192.168.43.178
broadcast 192.168.43.255 dev wlp2s0 table local proto kernel scope link src 192.168.43.178
2a04:cec0:118c:56c5::/64 dev wlp2s0 proto ra metric 600 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 600 pref medium
default via fe80::5a20:59ff:fed7:ea52 dev wlp2s0 proto ra metric 600 pref high
local ::1 dev lo table local proto kernel metric 0 pref medium
local 2a04:cec0:118c:56c5:b871:ba8b:2c0:2e7d dev wlp2s0 table local proto kernel metric 0 pref medium
local fe80::a68d:6eb6:9fbd:ae6d dev wlp2s0 table local proto kernel metric 0 pref medium
ff00::/8 dev wlp2s0 table local metric 256 pref medium