启动 VPN 连接后,我无法访问互联网。
无需 VPN 连接:
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 wlp4s0
default _gateway 0.0.0.0 UG 600 0 0 wlp4s0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp4s0
192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp4s0
$ ip route show
default via 192.168.0.1 dev wlp4s0
default via 192.168.0.1 dev wlp4s0 proto dhcp metric 600
169.254.0.0/16 dev wlp4s0 scope link metric 1000
192.168.0.0/24 dev wlp4s0 proto kernel scope link src 192.168.0.9 metric 600
使用 VPN 连接 ( route/ ip route show/ ifconfig):
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 0.0.0.0 0.0.0.0 U 0 0 0 tun0
default ta-bb.localdom. 0.0.0.0 UG 600 0 0 wlp4s0
87.54.37.61 ta-bb.localdom. 255.255.255.255 UGH 0 0 0 wlp4s0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp4s0
172.17.5.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp4s0
$ ip route show
default dev tun0 scope link
default via 192.168.0.1 dev wlp4s0 proto dhcp metric 600
87.54.37.61 via 192.168.0.1 dev wlp4s0 src 192.168.0.9
169.254.0.0/16 dev wlp4s0 scope link metric 1000
172.17.5.0/24 dev tun0 scope link
192.168.0.0/24 dev wlp4s0 proto kernel scope link src 192.168.0.9 metric 600
$ ifconfig
enp0s31f6: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether c8:5b:76:e8:2a:36 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xb4800000-b4820000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3238 bytes 297728 (297.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3238 bytes 297728 (297.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1412
inet 172.17.5.28 netmask 255.255.255.255 destination 172.17.5.28
inet6 fe80::7d4e:fa72:9b2a:84ae prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 6 bytes 712 (712.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 54 bytes 3832 (3.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.9 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::e727:a946:6bd5:cc2f prefixlen 64 scopeid 0x20<link>
ether f4:8c:50:d0:ed:6e txqueuelen 1000 (Ethernet)
RX packets 22268 bytes 13166296 (13.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20900 bytes 5395432 (5.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我尝试按照route del default dev tun0以下答案删除默认路线:https://askubuntu.com/a/1003324/305690但我这样做并没有获得互联网访问权限。
如何在保持与 VPN 服务器连接的同时实现互联网访问?
我正在使用 Ubuntu 18.04 和 Cisco VPN 客户端vpnc。
答案1
编辑
对于 OpenVPN:
最后,我尝试了两个不同的自有 VPN 服务器,找到了解决我的问题的方法。
首先,检查服务器是否使用 LZO 或 LZ4 压缩设置,如果服务器使用 LZ4 设置,则检查您的客户端是否支持 LZ4 压缩,显然 network-manager-openvpn 不支持它,但 2.4 以上的任何 openvpn 都支持。
对于CiscoVPN,我无法给出确切的答案,但考虑到情况类似,我建议看看服务器和客户端的压缩解压缩方法。
我可以确认我在使用 OpenVPN 客户端时遇到了同样的问题,我也无法 ssh 进入连接到 VPN 服务器的机器等等。
我知道这不是 DNS 解析问题,因为我无法 ping ip 号码。我检查了所有基本和高级设置,它们看起来都很好。我试过上面的解决方案,但没有用。我也试过不同文章中的其他解决方案(主题1,主题2),但没有运气。
我检查了 tcpdump,所有传出的包都没有传入的包。当 VPN 开启时,traceroute 不会超出计算机范围。输出与上面相同。
编辑:
我仍未解决问题,但我设法找出了一些细节,并找到了解决方法。首先,我遇到的问题与网络管理器有关。当我通过命令启动 VPN 连接时,$ sudo openvpn --config vpnconfigfile.ovpn一切正常。如果我将 vpn 配置文件导入网络管理器并从那里启动它,它不起作用。
您如何使用 VPN?
我检查了输出journalctl -xe并发现了这一点:
...
nm-applet[1889]: gtk_widget_destroy: assertion 'GTK_IS_WIDGET (widget)' failed
nm-applet[1889]: gtk_widget_destroy: assertion 'GTK_IS_WIDGET (widget)' failed
nm-openvpn[7291]: OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Can't set a parent on widget which has a parent
....
nm-openvpn[7291]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
nm-openvpn[7291]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
nm-openvpn[7291]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1570'
nm-openvpn[7291]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
nm-openvpn[7291]: [server_E4ejDM49LNC3gjYs] Peer Connection Initiated with [AF_INET]xxx.xx.xxx.xx:xxx
nm-openvpn[7291]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: block-outside-dns (2.4.4)
nm-openvpn[7291]: TUN/TAP device tun1 opened
nm-openvpn[7291]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 7285 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_22 --tun -- tun1 1500 1552 10.8.0.3 255.255.255.0 init
systemd-udevd[7292]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
NetworkManager[1010]: <info> [1538869518.6350] manager: (tun1): new Tun device (/org/freedesktop/NetworkManager/Devices/16)
cinnamon[1870]: JS LOG: Unknown network device type, is 16
nm-applet[1889]: gtk_widget_destroy: assertion 'GTK_IS_WIDGET (widget)' failed
nm-applet[1889]: gtk_widget_destroy: assertion 'GTK_IS_WIDGET (widget)' failed
NetworkManager[1010]: <info> [1538869518.6401] vpn-connection[0x561394b487d0,9ace9715-f9a7-4e9e-a602-b2ae3bbccebf,"xxx",0]: VPN connection: (IP Config Get) reply
received.
....