我有一个与Ubuntu 14.04的亚马逊EC2实例,在那里我安装了Cisco VPN客户端。 我正在使用Cisco AnyConnect安全移动客户端(版本3.1.04072)。
当我运行VPN客户端,我可以看到一些初始输出,这表明VPN连接正在build立成功,之后,我失去了访问服务器。 我需要从控制台重新启动服务器才能重新获得访问权限。
我假设VPN拧紧了路由表,但我不知道如何解决这个问题。 我试图添加一个默认的网关路由,然后我开始openvpn,因为这个答案解释: https : //serverfault.com/a/649855/105464 ,但没有运气
我能够成功地在本地Ubuntu机器上运行相同的VPN客户端。 这是我在VPN连接前后的本地路由表:
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0 $ ifconfig cscotun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:172.22.145.31 PtP:172.22.145.31 Mask:255.255.240.0 inet6 addr: fe80::8863:d678:a432:4ba9/128 Scope:Link UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:903 errors:0 dropped:0 overruns:0 frame:0 TX packets:969 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:371960 (371.9 KB) TX bytes:268199 (268.1 KB) eth0 Link encap:Ethernet HWaddr b4:b5:2f:75:f7:b5 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:3323045 errors:0 dropped:6 overruns:0 frame:0 TX packets:2694039 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3003631663 (3.0 GB) TX bytes:464943796 (464.9 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:673096 errors:0 dropped:0 overruns:0 frame:0 TX packets:673096 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:92228222 (92.2 MB) TX bytes:92228222 (92.2 MB) $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 cscotun0 0.0.0.0 192.168.1.1 0.0.0.0 UG 256 0 0 wlan0 130.132.2.14 192.168.1.1 255.255.255.255 UGH 0 0 0 wlan0 172.22.144.0 0.0.0.0 255.255.240.0 U 0 0 0 cscotun0 192.168.1.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0 192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 wlan0 $ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ciscovpn all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ciscovpn all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ciscovpn all -- anywhere anywhere Chain ciscovpn (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ciscovpnfw all -- anywhere anywhere ciscovpnfw all -- anywhere anywhere ciscovpnfw udp -- anywhere anywhere udp spt:bootpc dpt:bootps ciscovpnfw udp -- anywhere anywhere udp spt:bootps dpt:bootpc ciscovpnfw udp -- anywhere anywhere udp spt:dhcpv6-client dpt:dhcpv6-server ciscovpnfw udp -- anywhere anywhere udp spt:dhcpv6-server dpt:dhcpv6-client ciscovpnfw tcp -- 192.168.1.124 vpn4.its.yale.edu tcp dpt:https ciscovpnfw tcp -- vpn4.its.yale.edu 192.168.1.124 tcp spt:https ciscovpnfw udp -- 192.168.1.124 vpn4.its.yale.edu udp dpt:https ciscovpnfw udp -- vpn4.its.yale.edu 192.168.1.124 udp spt:https ciscovpnfw all -- 192.168.1.124 192.168.1.0/24 ciscovpnfw all -- 192.168.1.0/24 192.168.1.124 ciscovpnfw all -- 192.168.1.0/24 192.168.1.255 ciscovpnfw all -- 192.168.1.124 192.168.1.255 ciscovpnfw udp -- 192.168.1.0/24 224.0.0.251 udp dpt:mdns ciscovpnfw udp -- 192.168.1.124 224.0.0.251 udp dpt:mdns ciscovpnfw udp -- 192.168.1.0/24 239.255.255.250 udp dpt:1900 ciscovpnfw udp -- 192.168.1.124 239.255.255.250 udp dpt:1900 ciscovpnfw all -- anywhere 255.255.255.255 ciscovpnfw all -- 192.168.1.124 255.255.255.255 ciscovpnfw udp -- 192.168.1.124 anywhere udp dpt:domain ciscovpnfw udp -- anywhere 192.168.1.124 udp spt:domain ciscovpnfw udp -- anywhere anywhere udp spt:bootpc dpt:bootps ciscovpnfw udp -- anywhere anywhere udp spt:bootps dpt:bootpc ciscovpnfw udp -- anywhere anywhere udp spt:dhcpv6-client dpt:dhcpv6-server ciscovpnfw udp -- anywhere anywhere udp spt:dhcpv6-server dpt:dhcpv6-client ciscovpnfw all -- anywhere anywhere ciscovpnfw all -- vpn172022145031.its.yale.internal anywhere DROP all -- anywhere anywhere Chain ciscovpnfw (28 references) target prot opt source destination ACCEPT all -- anywhere anywhere