Networking
我正在嘗試綁定兩個 Internet 上行鏈路以提高 VPN 速度,但沒有運氣
我正在嘗試在本指南下綁定兩個 Internet 上行鏈路以提高 VPN 速度: 如何綁定兩個(多個)Internet 連接以提高速度和故障轉移
但是我有一些問題:
我已經為此工作了好幾天,但它從來沒有工作過。
首先,我的網路拓撲:https ://i.imgur.com/yEj6JGM.png
在我的場景中,請查看我的配置:
客戶端:
vim /etc/網路/介面
auto ens160 iface ens160 inet static address 192.168.50.254 netmask 255.255.255.0 gateway 192.168.50.1 post-up /usr/local/bin/vpn-start pre-down /usr/local/bin/vpn-stop我的路由是否在 vpn-start 中正確設置?
# vim /usr/local/bin/vpn-start #!/bin/bash openvpn --config /etc/openvpn/tap0.conf openvpn --config /etc/openvpn/tap1.conf ip link add bond0 type bond ip addr add 10.80.0.2/30 dev bond0 ip link set tap0 master bond0 ip link set tap1 master bond0 ip link set bond0 up mtu 1440 ip route add 192.168.50.0/24 via 10.80.0.1 <--Is this right?防火牆配置怎麼樣?
version 6 lan="ens160" vpn="bond+" interface "${lan}" lan policy accept interface "${vpn}" vpn policy accept router vpn2lan inface "${vpn}" outface "${lan}" policy accept伺服器端:
tap0.conf:
# disable encryption, traffic continues unencrypted anyways auth none cipher none dev tap0 mode p2p port 1194 local 192.168.0.250 <-- Local ip or public ip? proto udp log /var/log/tap0.log verb 3 ping 2 ping-restart 10 persist-tun compress lz4-v2 daemon防火牆配置:
version 6 server_vpn_ports="udp/1194-1195" client_vpn_ports="default" snat4 to 192.168.0.250 outface ens33 dst not 192.168.0.250 <-- What does this mean? local ip or public ip? interface ens33 web protection strong server ssh accept server vpn accept # more servers here as per your needs client all accept interface bond0 vpn policy accept router4 web2vpn inface ens33 outface bond0 dst 192.168.50.0/24,10.80.0.2 <--Is this right? client all accept完成所有設置後,連結似乎已建立:
客戶端:
root@ubcloud:~# cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: load balancing (round-robin) MII Status: down MII Polling Interval (ms): 0 Up Delay (ms): 0 Down Delay (ms): 0客戶端 tap1.log:
Sat Aug 1 06:44:39 2020 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION! Sat Aug 1 06:44:39 2020 Preserving previous TUN/TAP instance: tap1 Sat Aug 1 06:44:39 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]118.152.247.193:1195 Sat Aug 1 06:44:39 2020 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Aug 1 06:44:39 2020 UDP link local (bound): [AF_INET]192.168.50.254:1195 Sat Aug 1 06:44:39 2020 UDP link remote: [AF_INET]118.152.247.193:1195 Sat Aug 1 06:44:39 2020 Peer Connection Initiated with [AF_INET]118.152.247.193:1195 Sat Aug 1 06:44:41 2020 Initialization Sequence Completed從客戶端 ping 隧道 ip:
root@ubcloud:~# ping 10.80.0.2 PING 10.80.0.2 (10.80.0.2) 56(84) bytes of data. 64 bytes from 10.80.0.2: icmp_seq=1 ttl=64 time=0.019 ms 64 bytes from 10.80.0.2: icmp_seq=2 ttl=64 time=0.025 ms 64 bytes from 10.80.0.2: icmp_seq=3 ttl=64 time=0.026 ms ^C --- 10.80.0.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2050ms rtt min/avg/max/mdev = 0.019/0.023/0.026/0.005 ms root@ubcloud:~# ping 10.80.0.1 PING 10.80.0.1 (10.80.0.1) 56(84) bytes of data. From 10.80.0.2 icmp_seq=1 Destination Host Unreachable From 10.80.0.2 icmp_seq=2 Destination Host Unreachable From 10.80.0.2 icmp_seq=3 Destination Host Unreachable伺服器端:
root@ubcloud:~# cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: load balancing (round-robin) MII Status: up MII Polling Interval (ms): 0 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: tap0 MII Status: up Speed: 10 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: a6:fa:e9:55:79:2c Slave queue ID: 0 Slave Interface: tap1 MII Status: up Speed: 10 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: ae:b9:4a:50:b0:dc Slave queue ID: 0伺服器 tap0.log:
root@ubcloud:~# cat /var/log/tap0.log Sat Aug 1 06:43:27 2020 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode Sat Aug 1 06:43:27 2020 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 30 2019 Sat Aug 1 06:43:27 2020 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.08 Sat Aug 1 06:43:27 2020 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION! Sat Aug 1 06:43:27 2020 TUN/TAP device tap0 opened Sat Aug 1 06:43:27 2020 TUN/TAP TX queue length set to 100 Sat Aug 1 06:43:27 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET Sat Aug 1 06:43:27 2020 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Aug 1 06:43:27 2020 UDPv4 link local (bound): [AF_INET]192.168.0.250:1194 Sat Aug 1 06:43:27 2020 UDPv4 link remote: [AF_UNSPEC] Sat Aug 1 06:43:30 2020 Peer Connection Initiated with [AF_INET]172.227.224.139:1194 Sat Aug 1 06:43:30 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sat Aug 1 06:43:30 2020 Initialization Sequence Completed從伺服器 ping 隧道 ip:
root@ubcloud:~# ping 10.80.0.1 PING 10.80.0.1 (10.80.0.1) 56(84) bytes of data. 64 bytes from 10.80.0.1: icmp_seq=1 ttl=64 time=0.048 ms 64 bytes from 10.80.0.1: icmp_seq=2 ttl=64 time=0.059 ms ^C --- 10.80.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1030ms rtt min/avg/max/mdev = 0.048/0.053/0.059/0.009 ms root@ubcloud:~# ping 10.80.0.2 PING 10.80.0.2 (10.80.0.2) 56(84) bytes of data. From 10.80.0.1 icmp_seq=1 Destination Host Unreachable From 10.80.0.1 icmp_seq=2 Destination Host Unreachable From 10.80.0.1 icmp_seq=3 Destination Host Unreachable任何想法我做錯了什麼?如何在客戶端設置路由,讓區域網路內的所有流量讓區域網路內的流量通過隧道從伺服器出去?
再次感謝!
我認為您應該考慮升級 VPN 基礎設施而不是綁定作為解決方法。
2 個綁定的 VPN 連結永遠不會像具有單個連結所需頻寬的專用 VPN 連接那樣好。
在我們的姊妹網站 Network Engineering 上提出的類似問題:
將這些連結“粘合”在一起在紙面上聽起來是個好主意,但在實踐中效果並不好。如果您嘗試在兩個連結之間拆分單個連接,您將得到無序數據包,尤其是在兩個不同的網路上,這將顯著降低您的吞吐量。你最好只使用一個連結。
遠端使用者的 VPN 軟體不夠複雜,無法建立兩個 VPN 連接,然後做出路由決策以使用最佳路徑。我不知道有任何此類產品。您可能必須創建一些自定義的東西,但我懷疑這是否值得付出努力。