Centos

如何通過 VPN 客戶端路由特定流量

  • October 15, 2021

我有基於 VPN 網路的 CentOS 8 和 OpenConnect 包。我需要允許 VPN 客戶端使用本地網際網路而不是伺服器端進行瀏覽。目前所有 VPN 客戶端都使用伺服器端網際網路進行瀏覽。

ip 添加

   1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
      valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
   link/ether 2c:27:d7:19:03:4a brd ff:ff:ff:ff:ff:ff
   inet 200.200.200.3/24 brd 200.200.200.255 scope global dynamic noprefixroute eno1
      valid_lft 84701sec preferred_lft 84701sec
   inet6 fe80::c53b:410a:9d0f:cc5b/64 scope link noprefixroute 
      valid_lft forever preferred_lft forever
6: vpns0: <POINTOPOINT,UP,LOWER_UP> mtu 1434 qdisc fq_codel state UNKNOWN group default qlen 500
   link/none 
   inet 10.10.10.1 peer 10.10.10.76/32 scope global vpns0
      valid_lft forever preferred_lft forever
   inet6 fe80::8da5:409d:a886:5bfb/64 scope link stable-privacy 
      valid_lft forever preferred_lft forever

ip路由

default via 200.200.200.1 dev eno1 proto dhcp metric 100 
10.10.10.76 dev vpns0 proto kernel scope link src 10.10.10.1 
200.200.200.0/24 dev eno1 proto kernel scope link src 200.200.200.3 metric 100

防火牆-cmd –list-all

public (active)
 target: default
 icmp-block-inversion: no
 interfaces: eno1
 sources: 
 services: cockpit dhcpv6-client http https ipsec ssh
 ports: 500/udp 4500/udp 443/tcp 443/udp 80/tcp
 protocols: 
 forward: no
 masquerade: yes
 forward-ports: 
 source-ports: 
 icmp-blocks: 
 rich rules: 
   rule protocol value="ah" accept
   rule protocol value="esp" accept
   rule family="ipv4" source address="10.10.10.0/24” masquerade

網路統計 -rn

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         200.200.200.1   0.0.0.0         UG        0 0          0 eno1
10.10.10.76     0.0.0.0         255.255.255.255 UH        0 0          0 vpns0
200.200.200.0   0.0.0.0         255.255.255.0   U         0 0          0 eno1

它是通過在 ocserv.conf 文件中禁用預設路由和廣告本地路由來解決的

route = xx.xx.xx.0/xx
route = 10.10.10.0/255.255.255.0
route = 192.168.0.0/255.255.0.0
route = fef4:db8:1000:1001::/64
#route = default

引用自:https://unix.stackexchange.com/questions/655636

相關問答

Centos

Wireguard 不會將流量從客戶端路由到網路上的其他伺服器

  • February 3, 2021
檢視問答
Ubuntu

wireguard 會握手,但 ping 不通

  • April 19, 2022
檢視問答
Ip

通過 VPN 網關路由 LAN 流量

  • April 16, 2022
檢視問答
Iptables

VPN介面和別名介面之間的路由

  • February 23, 2022
檢視問答
Ssh

將 ssh 與特定的網路介面一起使用

  • February 22, 2022
檢視問答
Ip

為什麼 VPN 需要直接訪問公共 IP 地址(而不是通過隧道)?

  • January 6, 2022
檢視問答