一旦 tun0 出現(這是一個 openvpn 隧道),我將套用以下路由規則。這些規則有助於將我的網路上的某些用戶端推送到 VPN 之外並直接連接到網路。應用這些的最佳方法是什麼?
更新:運行 Ubuntu 18.04。
ip route add default via 192.168.8.1 table novpn
ip route add 192.168.1.0/24 dev enp4s0 table novpn
ip rule add from 192.168.1.220 table novpn
iptables -t nat -A POSTROUTING -m iprange --src-range 192.168.1.210-192.168.1.220 -o enp5s0 -j MASQUERADE
答案1
您可以從 openvpn 設定執行指令,例如:
script-security 2
up /path/to/routing/script
down /path/to/routing/downscript
來自 man openvpn:
--up cmd Run command cmd after successful TUN/TAP device open (pre --user UID change). cmd consists of a path to script (or executable program), op‐ tionally followed by arguments. The path and arguments may be single- or double-quoted and/or escaped using a backslash, and should be separated by one or more spaces. The up command is useful for specifying route commands which route IP traffic destined for private subnets which exist at the other end of the VPN connection into the tunnel. For --dev tun execute as: cmd tun_dev tun_mtu link_mtu ifconfig_local_ip ifconfig_re‐ mote_ip [ init | restart ]
答案2
你可以試試這個(將其添加到/etc/rc.local)
ip route add default via 192.168.8.1 table novpn
ip route add 192.168.1.0/24 dev enp4s0 table novpn
ip rule add from 192.168.1.220 table novpn
iptables -t nat -A POSTROUTING -m iprange --src-range 192.168.1.210-192.168.1.220 -o enp5s0 -j MASQUERADE