Network Managerを使用してVPNを設定しようとしています。私の設定でopenvpnを手動で実行すると正常に動作します(sudo openvpn --config MyVPN.ovpn
)。その後、Route()を印刷すると、次のようにsudo route -n
なります。
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 600 0 0 wlp3s0
10.c.d.0 172.a.b.1 255.255.255.0 UG 0 0 0 tun0
10.e.f.0 172.a.b.1 255.255.255.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp3s0
172.a.b.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
ネットワーク管理者(openvpnプラグインを含む)を使用するとき10.ゲートウェイパスがありません。
ipv4と6を確認しましたUse this connection only for resources on its network
(すべてのトラフィックがそのVPNを通過したくありません)。
ネットワーク管理者によるルーティングが欠落しているのはなぜですか?
私はLinux Mint 18.2、ネットワーク管理者1.2.6-0ubuntu0.16.04.1、openvpn 2.3.10-1ubuntu2.1を使用しています。
tail -f /var/log/syslog
NMを使用すると、これが起こります。
Sep 6 12:32:05 MyMint NetworkManager[867]: <info> [1504693925.1089] audit: op="connection-activate" uuid="d4e40650-bc76-4139-a92f-ab51276287e2" name="MyVPN" pid=15515 uid=1000 result="success"
Sep 6 12:32:05 MyMint NetworkManager[867]: <info> [1504693925.1171] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",0]: Started the VPN service, PID 31326
Sep 6 12:32:05 MyMint NetworkManager[867]: <info> [1504693925.1314] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",0]: Saw the service appear; activating connection
Sep 6 12:32:12 MyMint NetworkManager[867]: <info> [1504693932.3783] keyfile: update /etc/NetworkManager/system-connections/MyVPN (d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN")
Sep 6 12:32:12 MyMint NetworkManager[867]: nm-openvpn-Message: openvpn[31341] started
Sep 6 12:32:12 MyMint NetworkManager[867]: <info> [1504693932.3865] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",0]: VPN plugin: state changed: starting (3)
Sep 6 12:32:12 MyMint NetworkManager[867]: <info> [1504693932.3866] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",0]: VPN connection: (ConnectInteractive) reply received
Sep 6 12:32:12 MyMint nm-openvpn[31341]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Sep 6 12:32:12 MyMint nm-openvpn[31341]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Sep 6 12:32:12 MyMint nm-openvpn[31341]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 6 12:32:12 MyMint nm-openvpn[31341]: WARNING: file '/home/laurian/MyVPN/MyVPN.key' is group or others accessible
Sep 6 12:32:12 MyMint nm-openvpn[31341]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Sep 6 12:32:12 MyMint nm-openvpn[31341]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sep 6 12:32:12 MyMint nm-openvpn[31341]: UDPv4 link local: [undef]
Sep 6 12:32:12 MyMint nm-openvpn[31341]: UDPv4 link remote: [AF_INET]170.75.241.82:1194
Sep 6 12:32:14 MyMint nm-openvpn[31341]: [MyVPN] Peer Connection Initiated with [AF_INET]170.75.241.82:1194
Sep 6 12:32:16 MyMint nm-openvpn[31341]: TUN/TAP device tun0 opened
Sep 6 12:32:16 MyMint nm-openvpn[31341]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --bus-name org.freedesktop.NetworkManager.openvpn.Connection_8 --tun -- tun0 1500 1558 172.a.b.4 255.255.255.0 init
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7477] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/8)
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7562] devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7562] device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7796] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",0]: VPN connection: (IP Config Get) reply received.
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7852] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: VPN connection: (IP4 Config Get) reply received
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7861] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: VPN Gateway: 170.x.y.z
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Tunnel Device: "tun0"
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: IPv4 configuration:
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Internal Gateway: 172.a.b.1
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Internal Address: 172.a.b.4
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Internal Prefix: 24
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Internal Point-to-Point Address: 172.a.b.4
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Maximum Segment Size (MSS): 0
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7863] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Static Route: 10.c.d.0/24 Next Hop: 172.a.b.1
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7863] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Static Route: 10.e.f.0/24 Next Hop: 172.a.b.1
Sep 6 12:32:16 MyMint nm-openvpn[31341]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7863] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Forbid Default Route: yes
Sep 6 12:32:16 MyMint nm-openvpn[31341]: GID set to nm-openvpn
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7863] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: DNS Domain: '(none)'
Sep 6 12:32:16 MyMint nm-openvpn[31341]: UID set to nm-openvpn
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7863] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: No IPv6 configuration
Sep 6 12:32:16 MyMint nm-openvpn[31341]: Initialization Sequence Completed
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7864] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: VPN plugin: state changed: started (4)
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7890] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: VPN connection: (IP Config Get) complete
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7893] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Sep 6 12:32:16 MyMint dbus[823]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8035] keyfile: add connection in-memory (6cc36f83-a713-494f-a153-8c0ef8482c23,"tun0")
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8041] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8061] device (tun0): Activation: starting connection 'tun0' (6cc36f83-a713-494f-a153-8c0ef8482c23)
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8070] device (tun0): state change: disconnected -> prepare (reason 'none') [30 40 0]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8075] device (tun0): state change: prepare -> config (reason 'none') [40 50 0]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8078] device (tun0): state change: config -> ip-config (reason 'none') [50 70 0]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8081] device (tun0): state change: ip-config -> ip-check (reason 'none') [70 80 0]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8088] device (tun0): state change: ip-check -> secondaries (reason 'none') [80 90 0]
Sep 6 12:32:16 MyMint systemd[1]: Starting Network Manager Script Dispatcher Service...
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8132] device (tun0): state change: secondaries -> activated (reason 'none') [90 100 0]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8238] device (tun0): Activation: successful, device activated.
Sep 6 12:32:16 MyMint dbus[823]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Sep 6 12:32:16 MyMint systemd[1]: Started Network Manager Script Dispatcher Service.
Sep 6 12:32:16 MyMint nm-dispatcher: req:1 'vpn-up' [tun0]: new request (1 scripts)
Sep 6 12:32:16 MyMint nm-dispatcher: req:1 'vpn-up' [tun0]: start running ordered scripts...
Sep 6 12:32:16 MyMint nm-dispatcher: req:2 'up' [tun0]: new request (1 scripts)
Sep 6 12:32:16 MyMint nm-dispatcher: req:2 'up' [tun0]: start running ordered scripts...
Sep 6 12:32:16 MyMint ntpdate[31411]: the NTP socket is in use, exiting
Sep 6 12:32:17 MyMint ntpdate[31471]: the NTP socket is in use, exiting
Sep 6 12:32:17 MyMint ntpdate[31530]: the NTP socket is in use, exiting
Sep 6 12:32:18 MyMint ntpd[1364]: Listen normally on 28 tun0 172.a.b.4:123
Sep 6 12:32:18 MyMint ntpd[1364]: Listen normally on 29 tun0 [fe80::a1e0:e276:5803:2ce5%9]:123
Sep 6 12:32:18 MyMint ntpd[1364]: new interface(s) found: waking up resolver
答え1
これはNetworkManagerの長いバグです。それ数年前にUbuntuに報告されました、そしてアップストリームレポートしかし、これまでの上流プロジェクトのどれもこれを実行していません。
この問題は、私が直面していたので、内部に/etc/NetworkManager/dispatcher.d/01vpnbypass.sh
パス自体を追加して削除するスケジューラスクリプトを書くことで解決しました。これは迷惑な解決策ですが、うまくいきます。
#!/bin/bash
# These networks will bypass the VPN
v4subnets="5.42.160.0/19 24.105.0.0/18 37.244.0.0/18 59.153.40.0/22 103.4.114.0/23 103.198.32.0/23 137.221.64.0/18 158.115.192.0/19 185.60.112.0/22 198.74.32.0/21 198.74.40.0/23 202.9.66.0/23"
v6subnets="2a04:e800::/29 2401:ef00::/32 2620:10b:9000::/44"
IF=$1
STATUS=$2
v4gateway=$(ip r s default | grep -v $IF | awk '{print $3}')
v4device=$(ip r s default | grep -v $IF | awk '{print $5}')
v6gateway=$(ip -6 r s default | grep -v $IF | awk '{print $3}')
v6device=$(ip -6 r s default | grep -v $IF | awk '{print $5}')
if [ "$IF" == "tun0" ]
then
case "$2" in
vpn-up)
for v4subnet in $v4subnets; do
ip r add $v4subnet via $v4gateway dev $v4device
done
for v6subnet in $v6subnets; do
ip -6 r add $v6subnet via $v6gateway dev $v4device
done
;;
vpn-down)
for v4subnet in $v4subnets; do
ip r del $v4subnet via $v4gateway dev $v4device
done
for v6subnet in $v6subnets; do
ip -6 r del $v6subnet via $v6gateway dev $v4device
done
;;
*)
;;
esac
fi