我在尝试连接到 ubuntu 15.10(32 位) 上的 openvpn 时遇到问题。我有 15.04 64 位,要安装 open vpn,我只需运行命令“sudo apt-get install openvpn network-manager-openvpn-gnome”并选择 openvpn 配置文件,它就可以正常工作。
现在的问题是,它连接正常,但连接后,我无法通过 Firefox 访问互联网。页面请求超时。但当我直接连接时,它工作正常。这是我的系统日志。
Dec 4 07:11:19 user-pc nm-openvpn[3039]: TUN/TAP device tun0 opened
Dec 4 07:11:19 user-pc nm-openvpn[3039]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --tun -- tun0 1500 1559 10.101.0.6 10.101.0.5 init
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): new Tun device (carrier: OFF, driver: 'tun', ifindex: 9)
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> VPN connection '11->xxxVPN.com TCP-443' (IP Config Get) reply received.
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> VPN connection '11->xxxVPN.com TCP-443' (IP4 Config Get) reply received.
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> VPN Gateway: 189.102.037.102
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Tunnel Device: tun0
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> IPv4 configuration:
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Internal Gateway: 10.101.0.5
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Internal Address: 10.101.0.6
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Internal Prefix: 32
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Internal Point-to-Point Address: 10.101.0.5
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Maximum Segment Size (MSS): 0
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Static Route: 10.101.0.0/16 Next Hop: 10.101.0.5
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Static Route: 10.101.0.1/32 Next Hop: 10.101.0.5
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Forbid Default Route: no
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Internal DNS: 10.101.0.1
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> DNS Domain: '(none)'
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> No IPv6 configuration
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> VPN plugin state changed: started (4)
Dec 4 07:11:19 user-pc nm-openvpn[3039]: Initialization Sequence Completed
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> VPN connection '11->xxxVPN.com TCP-443' (IP Config Get) complete.
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): link connected
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> NetworkManager state is now CONNECTED_LOCAL
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> NetworkManager state is now CONNECTED_GLOBAL
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Writing DNS information to /sbin/resolvconf
Dec 4 07:11:19 user-pc dnsmasq[2010]: setting upstream servers from DBus
Dec 4 07:11:19 user-pc dnsmasq[2010]: using nameserver 10.101.0.1#53
Dec 4 07:11:19 user-pc dbus[791]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> keyfile: add connection in-memory (10173ed3-3e98-4fe0-9742-a8f2a9980adc,"tun0")
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): device state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): device state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Dec 4 07:11:19 user-pc systemd[1]: Starting Network Manager Script Dispatcher Service...
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Device 'tun0' has no connection; scheduling activate_check in 0 seconds.
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): Activation: starting connection 'tun0' (10173ed3-3e98-4fe0-9742-a8f2a9980adc)
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): device state change: prepare -> config (reason 'none') [40 50 0]
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): device state change: config -> ip-config (reason 'none') [50 70 0]
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
Dec 4 07:11:19 user-pc dbus[791]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Dec 4 07:11:19 user-pc systemd[1]: Started Network Manager Script Dispatcher Service.
Dec 4 07:11:19 user-pc nm-dispatcher: Dispatching action 'vpn-up' for tun0
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> (tun0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Dec 4 07:11:19 user-pc gnome-session[1409]: ** (nm-connection-editor:3002): WARNING **: Unsupported connection type 'generic'
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> NetworkManager state is now CONNECTED_LOCAL
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> NetworkManager state is now CONNECTED_GLOBAL
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Policy set 'tun0' (tun0) as default for IPv4 routing and DNS.
这是我的 iptables 规则:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
正如您所看到的,它是空的,这是正常的吗?如果它是空的,它是否应该停止 vpn 工作?
答案1
日志文件的最后一行是这样的:
Dec 4 07:11:19 user-pc NetworkManager[821]: <info> Policy set 'tun0' (tun0) as default for IPv4 routing and DNS
这意味着您的tun0或 VPN 接口被用作 Internet 连接的默认路由。如果 OpenVPN 服务器未配置为允许您的 VPN 网络访问 Internet,那么您的连接将像现在一样超时。
在您的 Ubuntu 15.10 32 位(OpenVPN 服务器)上,您必须运行以下 iptables 命令(或类似命令)以允许您的 VPN 子网访问 Internet。
# iptables -t nat -A POSTROUTING -s $your_vpn_network -o $wan_interface -j MASQUERADE
此规则的作用是对来自您的 VPN 网络的任何连接进行 NAT,该连接的目的地址为 WAN 接口之外的网络,这应该可以解决您的问题。
希望这可以帮助