我试图在Docker中运行控制台Cisco VPN client 。 我开始这样的容器:
docker run -it -v /srv/vpn/keys/:/root/keys/ --network=host --cap-add=NET_ADMIN --device=/dev/net/tun -v /dev/net/tun:/dev/net/tun vpn-vpnc-client_img
然后在Docker容器中运行vpnc客户端
vpnc-connect /root/keys/vpnc.conf --local-port 0
它产生以下输出:
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system VPNC started in background (pid: 257)...
vpnc连接并创build适当的路由,所以VPN似乎工作。 我关心的是警告信息。 根据文档, /proc/sys/net/ipv4/route/flush
写入此文件会导致路由caching刷新。
我不明白这个说法。 路由caching没有被刷新至关重要?
另外,据我所知,我可以发布
echo 1 > /proc/sys/net/ipv4/route/flush
在容器启动后手动。 但是,如果连接丢失,我使用monit容器中的vpnc重新启动vpnc 。 我可以以某种方式从容器内的主机绑定mount /proc/sys/net/ipv4/route/flush ,并发出命令从容器内的monit脚本刷新路由caching?