Vpn
通過 VPN 節點路由所有流量,同時接受傳入的 WAN 連接
我想通過另一個 VPN 節點路由所有流量,同時:
- 保持與 VPN-Server 的連接處於活動狀態(已經有效)
- 仍在該客戶端上接受 WAN 連接。
我的客戶端節點配置:
# 35.1.1.1: WAN IP of VPN-Server # 192.168.8.1: WAN Gateway of Client # 10.25.0.1: Internal VPN Server IP (not used below) # 10.25.0.3: VPN Gatway for the Client (The gatway itself is also an Client) ip route add 35.1.1.1/32 via 192.168.8.1 # protect route to VPN-Server ip route del default via 192.168.8.1 # remove original default route ip route add default via 10.25.0.3 # redirect to another VPN Node
執行這些命令時,網關工作 - 來自客戶端節點的每個流量都通過 VPN 網關 (10.25.0.3) 路由,同時保持與伺服器 (35.1.1.1/10.25.0.1) 的連接完好無損。
唯一的問題是,客戶端將不再接受連接。我讀了一些東西
fwmark
,sourced based policy rules
但我不明白我真正需要什麼以及我需要輸入什麼命令。
要使其正常工作:
這種方式不需要
fwmark
或任何額外的防火牆規則。這是我的工作配置腳本。我試圖盡可能多地發表評論。
INTERFACE=tun0 # the VPN interface #REMOTEADDRESS=35.1.1.1 # Real IP of VPN server REMOTEADDRESS=`dig +short <VPN-Server>` # Enter the hostname of the VPN srever or replace the expression via IP, see above VPN_GATEWAY=10.25.0.3 #ORIGINAL_GATEWAY="via 192.168.8.1 dev eth0" ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5` ORIGINAL_NAMESERVER=`cat /etc/resolv.conf | grep ^nameserver | cut -d ' ' -f 2` # Disable Reverse Path filtering echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter # ETH device echo 0 > /proc/sys/net/ipv4/conf/tun0/rp_filter # VPN device ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY # protect route to VPN-Server ip route add $ORIGINAL_NAMESERVER $ORIGINAL_GATEWAY # OPTIONAL: protect route to DNS. Required for Google Cloud. ip route add $VPN_GATEWAY dev $INTERFACE ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE # Add custom routing table echo 200 custom >> /etc/iproute2/rt_tables ip rule add from 192.168.8.100 table custom prio 1 # Real Client IP ip route del default via 192.168.8.1 # Real Gateway ip route add default via 192.168.8.1 dev eth0 table custom