web-dev-qa-db-ja.com

Ubuntu11.10のOpenVPN-デフォルトゲートウェイをリダイレクトできません

Ubuntu11.10マシンからOpenVPNサーバーに接続しようとしています。私はそれを行うために次のコマンドを使用します(rootユーザーの下で):

openvpn   --config /home/vladimir/client.ovpn

すべて問題ないようで、警告やエラーなしで正常に接続しますが、インターネットを閲覧しようとすると、まだ自分のIPアドレスを使用していることがわかり、VPN接続が機能しません。 openvpnコマンドを実行すると、特に次のメッセージが表示されます。

NOTE: unable to redirect default gateway -- Cannot read current default gateway from system

それがこの問題の原因だと思いますが、残念ながら修正方法がわかりません。

以下はopenvpnコマンドの完全な出力です:

    Sat Jun  9 23:51:36 2012 OpenVPN 2.2.0 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jul  4 2011
    Sat Jun  9 23:51:36 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Sat Jun  9 23:51:36 2012 Control Channel Authentication: tls-auth using INLINE static key file
    Sat Jun  9 23:51:36 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jun  9 23:51:36 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jun  9 23:51:36 2012 LZO compression initialized
    Sat Jun  9 23:51:36 2012 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Sat Jun  9 23:51:36 2012 Socket Buffers: R=[126976->200000] S=[126976->200000] 
    Sat Jun  9 23:51:36 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sat Jun  9 23:51:36 2012 Local Options hash (VER=V4): '504e774e'
    Sat Jun  9 23:51:36 2012 Expected Remote Options hash (VER=V4): '14168603'
    Sat Jun  9 23:51:36 2012 UDPv4 link local: [undef]
    Sat Jun  9 23:51:36 2012 UDPv4 link remote: [AF_INET]94.229.78.130:1194
    Sat Jun  9 23:51:37 2012 TLS: Initial packet from [AF_INET]94.229.78.130:1194, sid=13fd921b b42072ab
    Sat Jun  9 23:51:37 2012 VERIFY OK: depth=1, /CN=OpenVPN_CA
    Sat Jun  9 23:51:37 2012 VERIFY OK: nsCertType=SERVER
    Sat Jun  9 23:51:37 2012 VERIFY OK: depth=0, /CN=OpenVPN_Server
    Sat Jun  9 23:51:38 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Sat Jun  9 23:51:38 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jun  9 23:51:38 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Sat Jun  9 23:51:38 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jun  9 23:51:38 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Sat Jun  9 23:51:38 2012 [OpenVPN_Server] Peer Connection Initiated with [AF_INET]94.229.78.130:1194
    Sat Jun  9 23:51:40 2012 SENT CONTROL [OpenVPN_Server]: 'Push_REQUEST' (status=1)
    Sat Jun  9 23:51:40 2012 Push: Received control message: 'Push_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 5,ping-restart 40,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 5.5.0.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,register-dns,comp-lzo yes,ifconfig 5.5.117.43 255.255.0.0'
    Sat Jun  9 23:51:40 2012 Unrecognized option or missing parameter(s) in [Push-OPTIONS]:4: dhcp-pre-release (2.2.0)
    Sat Jun  9 23:51:40 2012 Unrecognized option or missing parameter(s) in [Push-OPTIONS]:5: dhcp-renew (2.2.0)
    Sat Jun  9 23:51:40 2012 Unrecognized option or missing parameter(s) in [Push-OPTIONS]:6: dhcp-release (2.2.0)
    Sat Jun  9 23:51:40 2012 Unrecognized option or missing parameter(s) in [Push-OPTIONS]:16: register-dns (2.2.0)
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: timers and/or timeouts modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: explicit notify parm(s) modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: LZO parms modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: --ifconfig/up options modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: route options modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: route-related options modified
    Sat Jun  9 23:51:40 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Sat Jun  9 23:51:40 2012 ROUTE: default_gateway=UNDEF
    Sat Jun  9 23:51:40 2012 TUN/TAP device tun0 opened
    Sat Jun  9 23:51:40 2012 TUN/TAP TX queue length set to 100
    Sat Jun  9 23:51:40 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Sat Jun  9 23:51:40 2012 /sbin/ifconfig tun0 5.5.117.43 netmask 255.255.0.0 mtu 1500 broadcast 5.5.255.255
    Sat Jun  9 23:51:45 2012 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
    Sat Jun  9 23:51:45 2012 Initialization Sequence Completed

ルートコマンドの出力:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 ppp0
5.5.0.0         *               255.255.0.0     U     0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 wlan0
192.168.0.0     *               255.255.255.0   U     0      0        0 wlan0
stream-ts1.net. *               255.255.255.255 UH    0      0        0 ppp0

Ifconfigコマンドの出力:

    eth0      Link encap:Ethernet  HWaddr 6c:62:6d:44:0d:12
              inet6 addr: fe80::6e62:6dff:fe44:d12/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:54594 errors:0 dropped:0 overruns:0 frame:0
              TX packets:59897 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:44922107 (44.9 MB)  TX bytes:8839969 (8.8 MB)
              Interrupt:41 Base address:0x8000

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:4561 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4561 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:685425 (685.4 KB)  TX bytes:685425 (685.4 KB)

    ppp0      Link encap:Point-to-Point Protocol
              inet addr:213.206.63.44  P-t-P:213.206.34.4  Mask:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
              RX packets:53577 errors:0 dropped:0 overruns:0 frame:0
              TX packets:58892 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:3
              RX bytes:43667387 (43.6 MB)  TX bytes:7504776 (7.5 MB)

    tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:5.5.117.43  P-t-P:5.5.117.43  Mask:255.255.0.0
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

    wlan0     Link encap:Ethernet  HWaddr 00:27:19:f6:b5:cf
              inet addr:192.168.0.1  Bcast:0.0.0.0  Mask:255.255.255.0
              inet6 addr: fe80::227:19ff:fef6:b5cf/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:12079 errors:0 dropped:0 overruns:0 frame:0
              TX packets:11178 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:1483691 (1.4 MB)  TX bytes:4307899 (4.3 MB)

だから私の質問は-OpenVPNリダイレクトをデフォルトゲートウェイにする方法は?

ありがとう!

私はこの問題の理由を見つけました。 OpenVPNは、routeコマンドで表示されなかったため、デフォルトゲートウェイを検出できませんでした。解決策は、PPP接続が確立された後にデフォルトゲートウェイを設定することです:

ip route replace default via 213.206.63.44 dev ppp0

まず、ターミナルで次のようにゲートウェイを表示する必要があります。

/sbin/ip addr show ppp0 | grep peer | awk ' { print $4 } ' | sed 's/\/32//'

次に、ターミナルで使用します。

ip route replace default via xx:xx:xx:xx dev ppp0

Xx:xx ...をステップ1で見つかったゲートウェイに置き換えます。

から見た ここ

0
9jera