VPNトンネルを介してすべてのネットワークトラフィックを安全なインターネット接続に転送する方法についてTinCガイドに従ってください。一般的な安全でないコーヒーショップの接続タイプの問題です。
とにかく私はTinCを使用しており、問題なくサーバーに接続できますが、この接続を介してインターネットトラフィックをルーティングすることはありません。私のパブリックIPがVPNのセキュリティの観点から期待しているIPとは異なるので、これを確信しています。
以下は接続設定ですが、Tinc-up用のインターネットトラフィックはありません。
ip link set $INTERFACE up
ip addr add 10.0.0.3/32 dev $INTERFACE
ip route add 10.0.0.0/24 dev $INTERFACE
これはコメントダウンです。
ip route del 10.0.0.0/24 dev $INTERFACE
ip addr del 10.0.0.3/32 dev $INTERFACE
ip link set $INTERFACE down
クライアントホストファイルは次のとおりです。
Subnet = 10.0.0.3/32
これはサーバーのホストファイルです。
Address = foo.bar.net
Port = 655
Subnet = 10.0.0.1/32
....大丈夫です...以下はいくつかのサンプル出力です。
foo@local:~ » route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.254 0.0.0.0 UG 202 0 0 enp0s3
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 alpha
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 enp0s3
しかし、私はここでこのガイドに従おうとしました。 https://www.tinc-vpn.org/examples/redirect-gateway/
新しい調整:
set -x
ip link set dev $INTERFACE up
#ip addr add 10.0.0.3/32 dev $INTERFACE
#ip route add 10.0.0.0/24 dev $INTERFACE
VPN_GATEWAY=10.0.0.0
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5`
ip route add $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route add $VPN_GATEWAY dev $INTERFACE
ip route add 0.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE
ip route add 128.0.0.0/1 via $VPN_GATEWAY dev $INTERFACE
ニューシーク橋ダウン:
set -x
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 2-5`
ip route del $REMOTEADDRESS $ORIGINAL_GATEWAY
ip route del $VPN_GATEWAY dev $INTERFACE
ip route del 0.0.0.0/1 dev $INTERFACE
ip route del 128.0.0.0/1 dev $INTERFACE
ip link set dev $INTERFACE down
スクリプトはIPパスの構文エラーを発生させ、もちろん何も起こりません。いくつかのパスを試してみましたが、いくつかの変数を明示的に定義してみましたが、シェルで段階的に実行してみましたが、何も機能しないようです。ホストは常にアクセスできません。
私がここで何を間違っているのか?
ありがとう
編集2: 以下は、set-xオプションを含むコメントの提案で機能している新しいTinc-up / Downファイルです。上記のTinc-downスクリプトは、Tinc-upスクリプトを最初に実行してからプロセスを終了することによって開始されます。
:~ » sudo tincd -n alpha -D -d3
tincd 1.0.31 starting, debug level 3
/dev/net/tun is a Linux tun/tap device (tun mode)
Executing script tinc-up
+ ip link set dev alpha up
+ VPN_GATEWAY=10.0.0.0
++ ip route show
++ cut -d ' ' -f 2-5
++ grep '^default'
+ ORIGINAL_GATEWAY='via 192.168.0.254 dev enp0s3'
+ ip route add via 192.168.0.254 dev enp0s3
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
+ ip route add 10.0.0.0 dev alpha
+ ip route add 0.0.0.0/1 via 10.0.0.0 dev alpha
+ ip route add 128.0.0.0/1 via 10.0.0.0 dev alpha
Listening on 0.0.0.0 port 655
Ready
Trying to connect to alpha (74.78.156.164 port 655)
Error while connecting to alpha (74.78.156.164 port 655): Network is unreachable
Could not set up a meta connection to alpha
Trying to re-establish outgoing connection in 5 seconds
Purging unreachable nodes
Trying to connect to alpha (74.78.156.164 port 655)
Error while connecting to alpha (74.78.156.164 port 655): Network is unreachable
Could not set up a meta connection to alpha
Trying to re-establish outgoing connection in 10 seconds
Purging unreachable nodes
Got TERM signal
Statistics for Linux tun/tap device (tun mode) /dev/net/tun:
total bytes in: 346
total bytes out: 306
Closing connection with charlie (MYSELF)
Executing script tinc-down
++ cut -d ' ' -f 2-5
++ grep '^default'
++ ip route show
+ ORIGINAL_GATEWAY='via 192.168.0.254 dev enp0s3'
+ ip route del via 192.168.0.254 dev enp0s3
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
+ ip route del dev alpha
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
+ ip route del 0.0.0.0/1 dev alpha
+ ip route del 128.0.0.0/1 dev alpha
+ ip link set dev alpha down
Terminating
編集3:
次の変更が見つかりました。
ORIGINAL_GATEWAY=`ip route show | grep ^default | cut -d ' ' -f 3-5`
192.168.0.254 dev enp0s3 提供
今私のスクリプトはiproute構文エラーを発生させません。しかし、次のことについて文句を言います。
+ ip route add 192.168.0.254 dev enp0s3
RTNETLINK answers: File exists