Vpn
Windows 10 上的 OpenVPN,不帶重定向網關選項,或僅提供處理 VPN 流量的選項
我的主要目標是讓一台特定的 Windows 10 機器可以從任何地方訪問,如果你連接到 VPN。那台機器在辦公室的超快連接上,下載速度達到了 100mb,但是當完全連接到 VPN(使用預設的 OpenVPN 配置
redirect-gateway def1 bypass-dhcp)時,下載速度可能會下降到 20mb。在VPN上,VPN伺服器是10.8.0.1,本機是10.8.0.2,10.8.0.x上大概還有5個其他的VPN客戶端。我想從 VPN 獲得的只是 10.8.0.x 機器具有正常的非 VPN 連接,並且可以相互通信。
所有連接都很好,直到我嘗試 remove
redirect-gateway ...。無論我嘗試什麼配置,沒有那條線,當連接到 VPN 時,我沒有網際網路連接,並且到處都有 DNS 超時。我認為僅通過路由 VPN 流量的主要選項是
route 10.8.0.0 255.255.255.0,雖然這確實使機器可以訪問 VPN 上的其他機器,但我仍然失去了網際網路連接。我有什麼誤解嗎?我希望所有客戶端只通過 VPN 路由 VPN 流量,而其他一切都通過他們的正常路由。我認為這可以通過刪除重定向網關並添加靜態路由來實現。
tracert -d 8.8.8.8VPN 連接時的輸出,但沒有redirect-gateway連接(即沒有網際網路連接/DNS 問題):Tracing route to 8.8.8.8 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 10.247.28.1 2 1 ms 1 ms 1 ms 80.169.236.161 3 <1 ms <1 ms <1 ms 80.169.58.193 4 1 ms 1 ms 1 ms 212.74.69.151 5 12 ms 12 ms 12 ms 185.6.36.57 6 12 ms 12 ms 12 ms 216.239.43.3 7 11 ms 11 ms 11 ms 8.8.8.8 Trace complete.沒有VPN:
ipconfig /allEthernet adapter Ethernet: Description . . . . . . . . . . . : Intel(R) I211 Gigabit Network Connection Physical Address. . . . . . . . . : 2C-FD-A1-xxxx DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.247.29.176(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.254.0 Lease Obtained. . . . . . . . . . : Tuesday, June 26, 2018 5:55:10 PM Lease Expires . . . . . . . . . . : Tuesday, July 3, 2018 8:00:57 PM Default Gateway . . . . . . . . . : 10.247.28.1 DHCP Server . . . . . . . . . . . : 10.247.28.1 DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 NetBIOS over Tcpip. . . . . . . . : Enabled
route print -4IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.247.28.1 10.247.29.176 25 10.247.28.0 255.255.254.0 On-link 10.247.29.176 281 10.247.29.176 255.255.255.255 On-link 10.247.29.176 281 10.247.29.255 255.255.255.255 On-link 10.247.29.176 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.247.29.176 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.247.29.176 281 =========================================================================== Persistent Routes: None使用 VPN(無重定向網關/損壞/無連接):
ipconfig /allEthernet adapter VPN: Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-73-xxxx DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::1d1a:6e1c:e80e:3dcf%3(Preferred) IPv4 Address. . . . . . . . . . . : 10.8.0.2(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, July 3, 2018 10:42:37 AM Lease Expires . . . . . . . . . . : Wednesday, July 3, 2019 10:42:36 AM Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.8.0.254 DHCPv6 IAID . . . . . . . . . . . : 5039xxxx DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-xxxx DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Ethernet: Description . . . . . . . . . . . : Intel(R) I211 Gigabit Network Connection Physical Address. . . . . . . . . : 2C-FD-A1-xxxx DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.247.29.176(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.254.0 Lease Obtained. . . . . . . . . . : Tuesday, June 26, 2018 5:55:10 PM Lease Expires . . . . . . . . . . : Tuesday, July 3, 2018 8:00:56 PM Default Gateway . . . . . . . . . : 10.247.28.1 DHCP Server . . . . . . . . . . . : 10.247.28.1 DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 NetBIOS over Tcpip. . . . . . . . : Enabled
route print -4IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.247.28.1 10.247.29.176 25 10.8.0.0 255.255.255.0 On-link 10.8.0.2 259 10.8.0.2 255.255.255.255 On-link 10.8.0.2 259 10.8.0.255 255.255.255.255 On-link 10.8.0.2 259 10.247.28.0 255.255.254.0 On-link 10.247.29.176 281 10.247.29.176 255.255.255.255 On-link 10.247.29.176 281 10.247.29.255 255.255.255.255 On-link 10.247.29.176 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.247.29.176 281 224.0.0.0 240.0.0.0 On-link 10.8.0.2 259 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.247.29.176 281 255.255.255.255 255.255.255.255 On-link 10.8.0.2 259 =========================================================================== Persistent Routes: None為了完整起見,使用 VPN 和重定向網關,
ipconfig /allEthernet adapter VPN: Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-73-xxxx DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::1d1a:6e1c:e80e:3dcf%3(Preferred) IPv4 Address. . . . . . . . . . . : 10.8.0.2(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, June 28, 2018 5:50:04 PM Lease Expires . . . . . . . . . . : Friday, June 28, 2019 5:50:02 PM Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.8.0.254 DHCPv6 IAID . . . . . . . . . . . : 5039xxxx DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-xxxx DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Ethernet: Description . . . . . . . . . . . : Intel(R) I211 Gigabit Network Connection Physical Address. . . . . . . . . : 2C-FD-A1-xxxx DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.247.29.176(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.254.0 Lease Obtained. . . . . . . . . . : Tuesday, June 26, 2018 5:55:10 PM Lease Expires . . . . . . . . . . : Friday, June 29, 2018 9:01:01 PM Default Gateway . . . . . . . . . : 10.247.28.1 DHCP Server . . . . . . . . . . . : 10.247.28.1 DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 NetBIOS over Tcpip. . . . . . . . : Enabled
route print -4IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.247.28.1 10.247.29.176 25 0.0.0.0 128.0.0.0 10.8.0.1 10.8.0.2 35 10.8.0.0 255.255.255.0 On-link 10.8.0.2 291 10.8.0.2 255.255.255.255 On-link 10.8.0.2 291 10.8.0.255 255.255.255.255 On-link 10.8.0.2 291 10.247.28.0 255.255.254.0 On-link 10.247.29.176 281 10.247.29.176 255.255.255.255 On-link 10.247.29.176 281 10.247.29.255 255.255.255.255 On-link 10.247.29.176 281 52.49.219.24 255.255.255.255 10.247.28.1 10.247.29.176 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 128.0.0.0 128.0.0.0 10.8.0.1 10.8.0.2 35 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.8.0.2 291 224.0.0.0 240.0.0.0 On-link 10.247.29.176 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.8.0.2 291 255.255.255.255 255.255.255.255 On-link 10.247.29.176 281 =========================================================================== Persistent Routes: None
所以我的一個朋友做了很多這樣的事情,他建議我這樣做,
> tracert -d 8.8.8.8 Tracing route to 8.8.8.8 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 10.247.28.1 2 1 ms 1 ms 1 ms 80.169.236.161 3 <1 ms <1 ms <1 ms 80.169.58.193 4 1 ms 1 ms 1 ms 212.74.69.151 5 12 ms 12 ms 12 ms 185.6.36.57 6 12 ms 12 ms 12 ms 216.239.43.3 7 11 ms 11 ms 11 ms 8.8.8.8 Trace complete.然後,
> tracert -d 10.8.0.1 Tracing route to 10.8.0.1 over a maximum of 30 hops 1 13 ms 13 ms 13 ms 10.8.0.1 Trace complete.然後,在伺服器上,
$ sudo netstat -tunpl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 29471/memcached tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 22123/sshd tcp6 0 0 :::22 :::* LISTEN 22123/sshd udp 0 0 0.0.0.0:1194 0.0.0.0:* 17359/openvpn udp 0 0 0.0.0.0:68 0.0.0.0:* 966/dhclient當他看到時,他意識到伺服器上沒有DNS伺服器*,*並讓我安裝DNSMasq,
$ sudo apt install dnsmasq然後
netstat在伺服器上看起來像這樣,$ sudo netstat -tunpl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 29471/memcached tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 22123/sshd tcp6 0 0 :::22 :::* LISTEN 22123/sshd udp 0 0 0.0.0.0:1194 0.0.0.0:* 17359/openvpn udp 0 0 0.0.0.0:68 0.0.0.0:* 966/dhclient但這仍然不起作用,所以我在 Windows 機器上重新嘗試了一個我之前嘗試過的選項(但沒有奏效),
dhcp-option DNS 10.8.0.1回到它的 OpenVPN 選項……一切正常。所以現在,這正是我想要的,我擁有辦公室網路的全速,但也有完整的 vpn 連接。
感謝@felix-h 和@kevin-k 幫助我調試了這個問題,我現在對這一切有了更好的理解,但就我的情況而言,問題並不完全是客戶端的。
redirect-gateway刪除指令時,請務必驗證以下事項:
- 檢查您的 IP 配置。你是從openvpn-server(程序)得到的嗎?或者通過來自網路後面的真實 DHCP 伺服器的 DHCP,或者通過本地 openvpn 配置文件靜態或通過介面配置靜態?
- 確保不要從 vpn 介面的上述任何配置中獲取預設網關 IP 地址。Windows 有時會出現奇怪的行為,將網關地址切換到隧道介面,然後由於介面更改而失去與伺服器的連接。
- 如果不需要,請確保不要為隧道介面獲取 DNS 伺服器。
最簡單的選擇 - 至少對於測試但不是非常動態 - 將是在 Windows 10 客戶端上靜態配置界面。僅配置 IP 地址和子網遮罩。嘗試
route PRINT -4在連接時使用 cmd/powershell 來分析預設網關,並且網際網路連接停止工作。