openvpn 不重定向,客户端问题

openvpn 不重定向,客户端问题

我有一个 openvpn 服务器。网关重定向的配置在我的手机上有效,但在 Linux 电脑上无效。这意味着我的手机上的 ip 会改变,但电脑上不会。这是我的 .ovpn 文件(手机和电脑上都一样):

client                                                                                                                                                                                                               
dev tun                                                                                                                                                                                                              
proto udp4                                                                                                                                                                                                            
sndbuf 0                                                                                                                                                                                                             
rcvbuf 0                                                                                                                                                                                                             
mssfix 1200                                                                                                                                                                                                          
tun-mtu 1200                                                                                                                                                                                                         
remote ip_server port                                                                                                                                                                                            
resolv-retry infinite                                                                                                                                                                                                
nobind                                                                                                                                                                                                               
persist-key                                                                                                                                                                                                          
persist-tun                                                                                                                                                                                                          
remote-cert-tls server                                                                                                                                                                                               
auth SHA512                                                                                                                                                                                                          
cipher AES-256-CBC                                                                                                                                                                                                   
comp-lzo                                                                                                                                                                                                             
setenv opt block-outside-dns                                                                                                                                                                                         
key-direction 1                                                                                                                                                                                                      
verb 3                                                                                                                                                                                                               
<ca>  
....

在服务器端,配置的重要部分如下:

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

我还在服务器上的 IP 表中设置了后路由的配置:

sudo /sbin/iptables -P FORWARD ACCEPT
sudo /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE

最后连接vpn之后的结果ip route show table all如下:

0.0.0.0/1 via 10.8.0.1 dev tun0 
default via 192.168.43.1 dev wlp2s0 proto dhcp metric 600 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2 
ip_server via 192.168.43.1 dev wlp2s0 
128.0.0.0/1 via 10.8.0.1 dev tun0 
169.254.0.0/16 dev wlp2s0 scope link metric 1000 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
172.18.0.0/16 dev br-5a527ab22980 proto kernel scope link src 172.18.0.1 linkdown 
172.29.0.0/16 dev docker_gwbridge proto kernel scope link src 172.29.0.1 linkdown 
192.168.43.0/24 dev wlp2s0 proto kernel scope link src 192.168.43.178 metric 600 
broadcast 10.8.0.0 dev tun0 table local proto kernel scope link src 10.8.0.2 
local 10.8.0.2 dev tun0 table local proto kernel scope host src 10.8.0.2 
broadcast 10.8.0.255 dev tun0 table local proto kernel scope link src 10.8.0.2 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 172.17.0.0 dev docker0 table local proto kernel scope link src 172.17.0.1 linkdown 
local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1 
broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1 linkdown 
broadcast 172.18.0.0 dev br-5a527ab22980 table local proto kernel scope link src 172.18.0.1 linkdown 
local 172.18.0.1 dev br-5a527ab22980 table local proto kernel scope host src 172.18.0.1 
broadcast 172.18.255.255 dev br-5a527ab22980 table local proto kernel scope link src 172.18.0.1 linkdown 
broadcast 172.29.0.0 dev docker_gwbridge table local proto kernel scope link src 172.29.0.1 linkdown 
local 172.29.0.1 dev docker_gwbridge table local proto kernel scope host src 172.29.0.1 
broadcast 172.29.255.255 dev docker_gwbridge table local proto kernel scope link src 172.29.0.1 linkdown 
broadcast 192.168.43.0 dev wlp2s0 table local proto kernel scope link src 192.168.43.178 
local 192.168.43.178 dev wlp2s0 table local proto kernel scope host src 192.168.43.178 
broadcast 192.168.43.255 dev wlp2s0 table local proto kernel scope link src 192.168.43.178 
2a04:cec0:118c:56c5::/64 dev wlp2s0 proto ra metric 600 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 600 pref medium
default via fe80::5a20:59ff:fed7:ea52 dev wlp2s0 proto ra metric 600 pref high
local ::1 dev lo table local proto kernel metric 0 pref medium
local 2a04:cec0:118c:56c5:b871:ba8b:2c0:2e7d dev wlp2s0 table local proto kernel metric 0 pref medium
local fe80::a68d:6eb6:9fbd:ae6d dev wlp2s0 table local proto kernel metric 0 pref medium
ff00::/8 dev wlp2s0 table local metric 256 pref medium

相关内容