我有一台最近连接到VPN服务的Ubuntu路由器来绕过networking过滤。 这个想法是使用VPN的一切,机器也承载一些东西,所以正常的IP仍然需要工作。 当VPN连接时,我无法从networking外部ping外部接口,它还托pipe一个只有在VPN没有连接时才能到达的networking服务器。
路由器看到传入的数据包,但似乎没有发送回复。
传入的数据包不会击中INPUT iptables链,我看到这个
Capturing on 'p5p1' 1 0.000000000 91.121.133.139 → 86.13.39.252 TCP 74 46830→443 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=43316855 TSecr=0 WS=128 2 0.998501403 91.121.133.139 → 86.13.39.252 TCP 74 [TCP Retransmission] 46830→443 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=43317105 TSecr=0 WS=128 3 3.002695195 91.121.133.139 → 86.13.39.252 TCP 74 [TCP Retransmission] 46830→443 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=43317606 TSecr=0 WS=128 但是这个数字并没有增加
1 44 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
看看周围听起来像是路由或连接跟踪,但我没有find任何人有确切的问题。
其他一些信息可能是有意义的
路由表
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.34.10.5 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 86.13.39.1 0.0.0.0 UG 0 0 0 p5p1 10.34.10.1 10.34.10.5 255.255.255.255 UGH 0 0 0 tun0 10.34.10.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 81.187.30.110 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 81.187.30.111 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 81.187.30.112 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 81.187.30.113 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 81.187.30.114 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 81.187.30.115 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 81.187.30.116 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 81.187.30.117 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 81.187.30.118 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 81.187.30.119 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 86.13.39.0 0.0.0.0 255.255.255.0 U 0 0 0 p5p1 90.155.3.0 86.13.39.1 255.255.255.0 UG 0 0 0 p5p1 90.155.103.0 86.13.39.1 255.255.255.0 UG 0 0 0 p5p1 104.238.169.126 86.13.39.1 255.255.255.255 UGH 0 0 0 p5p1 128.0.0.0 10.34.10.5 128.0.0.0 UG 0 0 0 tun0 185.150.144.0 86.13.39.1 255.255.252.0 UG 0 0 0 p5p1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 p4p1
路由规则
jacek@saturn: ~ $ ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default
使用ifconfig
jacek@saturn: ~ $ ifconfig lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 163286 bytes 151310144 (151.3 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 163286 bytes 151310144 (151.3 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 p4p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::96de:80ff:feac:6b53 prefixlen 64 scopeid 0x20<link> ether 94:de:80:ac:6b:53 txqueuelen 1000 (Ethernet) RX packets 64227222 bytes 90185530723 (90.1 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4077370 bytes 5387966885 (5.3 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 p5p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 86.13.39.252 netmask 255.255.255.0 broadcast 255.255.255.255 inet6 fe80::96de:80ff:feac:6b51 prefixlen 64 scopeid 0x20<link> ether 94:de:80:ac:6b:51 txqueuelen 1000 (Ethernet) RX packets 15457848 bytes 5153012970 (5.1 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1002737 bytes 205402684 (205.4 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.34.10.6 netmask 255.255.255.255 destination 10.34.10.5 inet6 fe80::35ba:653d:44a:1dc3 prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC) RX packets 54434 bytes 63968785 (63.9 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 17087 bytes 1622925 (1.6 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
任何意见将不胜感激:)
你的默认路由是通过VPN。 所以ping进入正常的界面,但通过vpn出去(随后丢失)。
如果你的路由器本身不需要连接任何东西,那么我根本就没有通过vpn的默认路由,但是使用源nat规则来映射客户端stream量,使得10.34.10.6作为源地址,使得stream量通过VPN。