我正在尝试设置我的RP3,使WiFi连接通过L2TP VPN进行路由。 我已经得到了VPN的工作,并通过以下设置,所有通信都通过VPN连接进行路由(ppp0是VPN通道设备):
route add VPN_PUBLIC_IP gw 192.168.1.1 route add default dev ppp0 但是,正如我的标题所示,我只想要WLANstream量通过VPN连接路由。 我如何做到这一点? 下面你会发现一些可能有帮助的其他设置。
使用ifconfig:
root@raspberrypi:/home/pi# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.110 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::966b:f8b2:31f3:89c9 prefixlen 64 scopeid 0x20<link> ether b8:27:eb:f0:e4:76 txqueuelen 1000 (Ethernet) RX packets 151 bytes 13560 (13.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 132 bytes 20723 (20.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1280 inet 192.168.42.10 netmask 255.255.255.255 destination 192.168.42.1 ppp txqueuelen 3 (Point-to-Point Protocol) RX packets 4 bytes 70 (70.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4 bytes 64 (64.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.220.1 netmask 255.255.255.0 broadcast 192.168.220.255 inet6 fe80::36c5:7f74:7936:c953 prefixlen 64 scopeid 0x20<link> ether b8:27:eb:a5:b1:23 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 44 bytes 7290 (7.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
路线:
root@raspberrypi:/home/pi# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.1.1 0.0.0.0 UG 202 0 0 eth0 link-local 0.0.0.0 255.255.0.0 U 303 0 0 wlan0 192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0 192.168.42.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.220.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
ip路由:
default via 192.168.1.1 dev eth0 src 192.168.1.110 metric 202 169.254.0.0/16 dev wlan0 proto kernel scope link src 169.254.51.90 metric 303 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.110 metric 202 192.168.42.1 dev ppp0 proto kernel scope link src 192.168.42.10 192.168.220.0/24 dev wlan0 proto kernel scope link src 192.168.220.1
我们欢迎所有的build议!
你可以设置一个单独的路由表,并select一个“规则”:
echo "1 wlanvpn" > /etc/iproute2/rt_tables.d/wlanvpn.conf
(如果没有/etc/iproute2/rt_tables.d/目录,则需要附加到/etc/iproute2/rt_tables )
pre-up ) ip rule add iif wlan0 table wlanvpn # in case the vpn is not up the route might not exist, # blackhole by default with high metric ip route replace to blackhole default table wlanvpn metric 4095 ip route replace default dev ppp0 table wlanvpn
如果你想从wlan0到达其他networking,你必须克隆到这个表的路由(例如eth0 : ip route add 192.168.1.0/24 dev eth0 table wlanvpn )。
ip rule show的输出现在应该是:
0: from all lookup local 32765: from all iif wlan0 lookup wlanvpn 32766: from all lookup main 32767: from all lookup default
对于IPv6,所有ip rule和ip route命令都需要使用ip -6 ... ( 32767: from all lookup default情况下在ip -6 rule不存在32767: from all lookup default )复制。
作为一种替代方法,您只能指定不同的默认路由(因此手动路由的“内部”networking)仍可从VPN访问,而无需克隆路由:
echo "10 default-vpn" > /etc/iproute2/rt_tables.d/default-routes.conf echo "11 default-normal" >> /etc/iproute2/rt_tables.d/default-routes.conf
pre-up ) ip rule add pref 32768 iif wlan0 lookup default-vpn ip rule add pref 32769 lookup default-normal ip route replace to blackhole default table default-vpn metric 4095 ip route replace default dev ppp0 table default-vpn # move your normal default route (from table main) to table default-normal, eg: ip route replace default via 192.168.0.1 table default-normal ip route delete default table main
ip rule show的输出现在应该是:
0: from all lookup local 32766: from all lookup main 32767: from all lookup default 32768: from all iif wlan0 lookup default-vpn 32769: from all lookup default-normal