透過單獨實例 OpenWRT 的 VPN

tag-icon tag-icon networking wireless-networking router vpn openvpn
透過單獨實例 OpenWRT 的 VPN

幾天來我一直在努力實現這一目標,但到目前為止我還沒有成功。我的情況很像SSID #2 上的 VPN (OpenWRT),但略有不同。

就我而言,我使用的是 OpenVPN;我的 2,4ghz 和 5ghz 有一個單獨的 SSID,並且 5ghz 上有一個單獨的實例,應該通過 OpenVPN。

據我了解,我需要了解 IP 路由,但我的網路知識太有限,無法實現這一點。

我在 IP 範圍 192.168.1.x 上執行「常規」實例。應透過 VPN 的實例位於 192.168.55.x。

關於我嘗試過的比較問題的答案

ip route add 192.168.55.0/24 dev tun0

但這給了我一個錯誤:

Cannot find device "tun0"

顯然tun0是OpenVPN。

我真的不知道如何解決這個問題或我需要朝哪個方向走。也許有人可以幫助我實現這個目標。

編輯:我已經嘗試過以下步驟將特定子網路路由到 VPN 隧道這也可以在 OpenVPN 設定中看到,但沒有成功。

我的設定檔:

/etc/config/網絡

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd15:4503:4ed4::/48'

config interface 'lan'
    option ifname 'eth1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option ifname 'eth0'
    option proto 'dhcp'

config interface 'wan6'
    option ifname 'eth0'
    option proto 'dhcpv6'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0 2 3 4 5'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '1 6'

config interface 'VPN'
    option proto 'none'
    option ifname 'tun0'

config interface 'OVPN'
    option _orig_ifname 'wlan0-1'
    option _orig_bridge 'false'
    option proto 'static'
    option ipaddr '192.168.55.1'
    option netmask '255.255.255.0'

到目前為止,我用它來連接 OpenVPN。

/etc/openvpn/client.ovpn

client
dev tun
proto udp
port 1194
remote 108.61.152.187
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
auth-user-pass ./pass.txt
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3
#Prevents default gateway from being set on the default routing table
route-noexec
#Allows route-up script to be executed
script-security 2
#Calls custom shell script after connection to add necessary routes
route-up /etc/openvpn/route-up.sh

/etc/config/無線

config wifi-device 'radio0'
    option type 'mac80211'
    option hwmode '11a'
    option path 'pci0000:01/0000:01:00.0'
    option country '00'
    option htmode 'VHT80'
    option channel '157'
    option txpower '30'

config wifi-iface
    option device 'radio0'
    option network 'lan'
    option mode 'ap'
    option ssid 'TP-Link 5G'
    option encryption 'psk2'
    option key 'key'

config wifi-device 'radio1'
    option type 'mac80211'
    option channel '5'
    option hwmode '11n'
    option path 'platform/qca955x_wmac'
    option htmode 'HT40'
    option txpower '30'
    option country '00'

config wifi-iface
    option device 'radio1'
    option network 'lan'
    option mode 'ap'
    option ssid 'TP-Link'
    option encryption 'psk-mixed+ccmp'
    option key 'key'

config wifi-iface
    option device 'radio0'
    option mode 'ap'
    option ssid 'TP-Link VPN'
    option network 'OVPN'
    option encryption 'psk2'
    option key 'key'

路由-up.sh

#!/bin/sh

#Clear all routes on vpn routing table (this is to make sure there isn't any crap left over from a previous vpn connection
ip route flush table vpn

#Copy routing table from main routing table into vpn table
ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table vpn $ROUTE; done

#Add default gateway to vpn routing table
ip route add default via ${route_vpn_gateway} dev ${dev} table vpn

結果如果配置

6rd-wan_6rd Link encap:IPv6-in-IPv4
          inet6 addr: ::77.174.30.80/96 Scope:Compat
          inet6 addr: 2001:838:ad1e:5000::1/40 Scope:Global
          UP RUNNING NOARP  MTU:1280  Metric:1
          RX packets:256964 errors:0 dropped:0 overruns:0 frame:0
          TX packets:160291 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:284886943 (271.6 MiB)  TX bytes:18047017 (17.2 MiB)

br-lan    Link encap:Ethernet  HWaddr E8:DE:27:F5:E7:F6
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:838:ad1e:5000::1/60 Scope:Global
          inet6 addr: fe80::eade:27ff:fef5:e7f6/64 Scope:Link
          inet6 addr: fd15:4503:4ed4::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19173187 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13930435 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:21346350453 (19.8 GiB)  TX bytes:19757831552 (18.4 GiB)

br-lan:1  Link encap:Ethernet  HWaddr E8:DE:27:F5:E7:F6
          inet addr:10.3.5.3  Bcast:10.255.255.255  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr E8:DE:27:F5:E7:F7
          inet addr:77.174.30.80  Bcast:77.174.31.255  Mask:255.255.252.0
          inet6 addr: fe80::eade:27ff:fef5:e7f7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7978235 errors:0 dropped:0 overruns:2 frame:0
          TX packets:3747223 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3172877058 (2.9 GiB)  TX bytes:259141128 (247.1 MiB)
          Interrupt:4

eth1      Link encap:Ethernet  HWaddr E8:DE:27:F5:E7:F6
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5749 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21872 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:968857 (946.1 KiB)  TX bytes:4234774 (4.0 MiB)
          Interrupt:5

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1389 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1389 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:108498 (105.9 KiB)  TX bytes:108498 (105.9 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                                                                                        -00
          inet addr:10.8.0.22  P-t-P:10.8.0.21  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr E8:DE:27:F5:E7:F4
          inet6 addr: fe80::eade:27ff:fef5:e7f4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1398316 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5616658 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:116548785 (111.1 MiB)  TX bytes:3907071356 (3.6 GiB)

wlan0-1   Link encap:Ethernet  HWaddr EA:DE:27:F5:E7:F4
          inet addr:192.168.55.1  Bcast:192.168.55.255  Mask:255.255.255.0
          inet6 addr: fe80::e8de:27ff:fef5:e7f4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:1944 (1.8 KiB)

wlan1     Link encap:Ethernet  HWaddr E8:DE:27:F5:E7:F5
          inet6 addr: fe80::eade:27ff:fef5:e7f5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17805065 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8380514 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:32356101 (30.8 MiB)  TX bytes:3263563261 (3.0 GiB)

相關內容