OpenVPN 分割隧道

tag-icon tag-icon linux routing openvpn
OpenVPN 分割隧道

我一直在嘗試為一個特定的 IP 位址設定 VPN。我想要的是讓發送到單一 ip(目前為 1.2.3.4)的所有流量都將通過 openvpn 用戶端。

我目前的網路設定如下:

  1. 我的電腦(連接到192.168.1.1)
  2. 我的伺服器伺服器有2個網路設備:
    2.1。 eth0 - 連接到網際網路
    2.2。 eth1 - 區域網路連線:192.168.1.1

OpenVPN 用戶端設定:

setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 443 tcp
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 1194 udp
remote uk-ln-001.privatetunnel.com 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

<ca>**********</ca>
<cert>**********</cert>
<key>**********</key>

key-direction 1
<tls-auth>***********</tls-auth>

OpenVPN 用戶端啟動:

Wed Dec  4 15:39:24 2013 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Nov 28 2013
Wed Dec  4 15:39:24 2013 Control Channel Authentication: tls-auth using INLINE static key file
Wed Dec  4 15:39:24 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec  4 15:39:24 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec  4 15:39:24 2013 Socket Buffers: R=[8388608->200000] S=[212992->200000]
Wed Dec  4 15:39:24 2013 UDPv4 link local: [undef]
Wed Dec  4 15:39:24 2013 UDPv4 link remote: [AF_INET]5.152.200.199:1194
Wed Dec  4 15:39:24 2013 TLS: Initial packet from [AF_INET]5.152.200.199:1194, sid=13b5c2ca 7e02a311
Wed Dec  4 15:39:24 2013 VERIFY OK: depth=1, CN=OpenVPN CA
Wed Dec  4 15:39:24 2013 VERIFY OK: nsCertType=SERVER
Wed Dec  4 15:39:24 2013 VERIFY OK: depth=0, CN=OpenVPN Server
Wed Dec  4 15:39:24 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Dec  4 15:39:24 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec  4 15:39:24 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Dec  4 15:39:24 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec  4 15:39:24 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Dec  4 15:39:24 2013 [OpenVPN Server] Peer Connection Initiated with [AF_INET]5.152.200.199:1194
Wed Dec  4 15:39:27 2013 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Wed Dec  4 15:39:27 2013 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 5.5.0.1,dhcp-option DNS 10.9.0.1,dhcp-option DNS 8.8.4.4,register-dns,comp-lzo yes,ifconfig 5.5.158.58 255.255.0.0'
Wed Dec  4 15:39:27 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.2)
Wed Dec  4 15:39:27 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.2)
Wed Dec  4 15:39:27 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.2)
Wed Dec  4 15:39:27 2013 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:16: register-dns (2.3.2)
Wed Dec  4 15:39:27 2013 OPTIONS IMPORT: timers and/or timeouts modified
Wed Dec  4 15:39:27 2013 OPTIONS IMPORT: explicit notify parm(s) modified
Wed Dec  4 15:39:27 2013 OPTIONS IMPORT: LZO parms modified
Wed Dec  4 15:39:27 2013 OPTIONS IMPORT: --ifconfig/up options modified
Wed Dec  4 15:39:27 2013 OPTIONS IMPORT: route options modified
Wed Dec  4 15:39:27 2013 OPTIONS IMPORT: route-related options modified
Wed Dec  4 15:39:27 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Dec  4 15:39:27 2013 ROUTE_GATEWAY 78.62.63.254/255.255.192.0 IFACE=eth0 HWADDR=90:2b:34:dc:f3:a8
Wed Dec  4 15:39:27 2013 TUN/TAP device tun0 opened
Wed Dec  4 15:39:27 2013 TUN/TAP TX queue length set to 100
Wed Dec  4 15:39:27 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Dec  4 15:39:27 2013 /sbin/ip link set dev tun0 up mtu 1500
Wed Dec  4 15:39:27 2013 /sbin/ip addr add dev tun0 5.5.158.58/16 broadcast 5.5.255.255
Wed Dec  4 15:39:32 2013 ROUTE remote_host is NOT LOCAL
Wed Dec  4 15:39:32 2013 /sbin/ip route add 5.152.200.199/32 via 78.62.63.254
Wed Dec  4 15:39:32 2013 /sbin/ip route add 0.0.0.0/1 via 5.5.0.1
Wed Dec  4 15:39:32 2013 /sbin/ip route add 128.0.0.0/1 via 5.5.0.1
Wed Dec  4 15:39:32 2013 /sbin/ip route add 10.10.10.0/24 via 5.5.0.1 metric 101
Wed Dec  4 15:39:32 2013 Initialization Sequence Completed

我遇到的問題:
1. 如果我運行openvpn client.ovpn,它會透過 VPN 路由所有流量,並且My computer根本沒有網路連線。
2. 我無法弄清楚如何僅透過 VPN 連線路由來自My computer並具有目標位址的所有流量。1.2.3.4

答案1

您可以先將該route-nopull選項新增至客戶端配置。透過這樣做,您的客戶端電腦上的路由不會被更改。

之後,您可以將路由語句新增至 OpenVPN 設定中,以設定特定主機或網路所需的任何靜態路由。您可以route 1.2.3.0 255.255.255.0在設定中新增類似的內容,以便網路可以透過 VPN 路由。

相關內容