Network Manager를 사용하여 VPN을 설정하려고 합니다. 내 구성으로 openvpn을 수동으로 실행하면 제대로 작동합니다( sudo openvpn --config MyVPN.ovpn). 그런 다음 Route( )를 인쇄하면 다음 sudo route -n이 제공됩니다.
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 600 0 0 wlp3s0
10.c.d.0 172.a.b.1 255.255.255.0 UG 0 0 0 tun0
10.e.f.0 172.a.b.1 255.255.255.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp3s0
172.a.b.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
네트워크 관리자(openvpn 플러그인 포함)를 사용할 때 10. 게이트웨이 경로가 누락되었습니다.
ipv4와 6을 확인했습니다 Use this connection only for resources on its network(모든 트래픽이 해당 VPN을 통과하는 것을 원하지 않습니다).
네트워크 관리자를 통한 라우팅이 누락되는 이유는 무엇입니까?
저는 Linux Mint 18.2, 네트워크 관리자 1.2.6-0ubuntu0.16.04.1 및 openvpn 2.3.10-1ubuntu2.1을 사용하고 있습니다.
tail -f /var/log/syslogNM을 사용하면 이런 일이 발생합니다.
Sep 6 12:32:05 MyMint NetworkManager[867]: <info> [1504693925.1089] audit: op="connection-activate" uuid="d4e40650-bc76-4139-a92f-ab51276287e2" name="MyVPN" pid=15515 uid=1000 result="success"
Sep 6 12:32:05 MyMint NetworkManager[867]: <info> [1504693925.1171] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",0]: Started the VPN service, PID 31326
Sep 6 12:32:05 MyMint NetworkManager[867]: <info> [1504693925.1314] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",0]: Saw the service appear; activating connection
Sep 6 12:32:12 MyMint NetworkManager[867]: <info> [1504693932.3783] keyfile: update /etc/NetworkManager/system-connections/MyVPN (d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN")
Sep 6 12:32:12 MyMint NetworkManager[867]: nm-openvpn-Message: openvpn[31341] started
Sep 6 12:32:12 MyMint NetworkManager[867]: <info> [1504693932.3865] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",0]: VPN plugin: state changed: starting (3)
Sep 6 12:32:12 MyMint NetworkManager[867]: <info> [1504693932.3866] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",0]: VPN connection: (ConnectInteractive) reply received
Sep 6 12:32:12 MyMint nm-openvpn[31341]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Sep 6 12:32:12 MyMint nm-openvpn[31341]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Sep 6 12:32:12 MyMint nm-openvpn[31341]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 6 12:32:12 MyMint nm-openvpn[31341]: WARNING: file '/home/laurian/MyVPN/MyVPN.key' is group or others accessible
Sep 6 12:32:12 MyMint nm-openvpn[31341]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Sep 6 12:32:12 MyMint nm-openvpn[31341]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sep 6 12:32:12 MyMint nm-openvpn[31341]: UDPv4 link local: [undef]
Sep 6 12:32:12 MyMint nm-openvpn[31341]: UDPv4 link remote: [AF_INET]170.75.241.82:1194
Sep 6 12:32:14 MyMint nm-openvpn[31341]: [MyVPN] Peer Connection Initiated with [AF_INET]170.75.241.82:1194
Sep 6 12:32:16 MyMint nm-openvpn[31341]: TUN/TAP device tun0 opened
Sep 6 12:32:16 MyMint nm-openvpn[31341]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --bus-name org.freedesktop.NetworkManager.openvpn.Connection_8 --tun -- tun0 1500 1558 172.a.b.4 255.255.255.0 init
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7477] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/8)
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7562] devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7562] device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7796] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",0]: VPN connection: (IP Config Get) reply received.
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7852] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: VPN connection: (IP4 Config Get) reply received
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7861] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: VPN Gateway: 170.x.y.z
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Tunnel Device: "tun0"
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: IPv4 configuration:
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Internal Gateway: 172.a.b.1
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Internal Address: 172.a.b.4
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Internal Prefix: 24
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Internal Point-to-Point Address: 172.a.b.4
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7862] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Maximum Segment Size (MSS): 0
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7863] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Static Route: 10.c.d.0/24 Next Hop: 172.a.b.1
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7863] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Static Route: 10.e.f.0/24 Next Hop: 172.a.b.1
Sep 6 12:32:16 MyMint nm-openvpn[31341]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7863] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: Forbid Default Route: yes
Sep 6 12:32:16 MyMint nm-openvpn[31341]: GID set to nm-openvpn
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7863] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: DNS Domain: '(none)'
Sep 6 12:32:16 MyMint nm-openvpn[31341]: UID set to nm-openvpn
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7863] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: Data: No IPv6 configuration
Sep 6 12:32:16 MyMint nm-openvpn[31341]: Initialization Sequence Completed
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7864] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: VPN plugin: state changed: started (4)
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7890] vpn-connection[0x1ba5460,d4e40650-bc76-4139-a92f-ab51276287e2,"MyVPN",9:(tun0)]: VPN connection: (IP Config Get) complete
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.7893] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Sep 6 12:32:16 MyMint dbus[823]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8035] keyfile: add connection in-memory (6cc36f83-a713-494f-a153-8c0ef8482c23,"tun0")
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8041] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8061] device (tun0): Activation: starting connection 'tun0' (6cc36f83-a713-494f-a153-8c0ef8482c23)
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8070] device (tun0): state change: disconnected -> prepare (reason 'none') [30 40 0]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8075] device (tun0): state change: prepare -> config (reason 'none') [40 50 0]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8078] device (tun0): state change: config -> ip-config (reason 'none') [50 70 0]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8081] device (tun0): state change: ip-config -> ip-check (reason 'none') [70 80 0]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8088] device (tun0): state change: ip-check -> secondaries (reason 'none') [80 90 0]
Sep 6 12:32:16 MyMint systemd[1]: Starting Network Manager Script Dispatcher Service...
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8132] device (tun0): state change: secondaries -> activated (reason 'none') [90 100 0]
Sep 6 12:32:16 MyMint NetworkManager[867]: <info> [1504693936.8238] device (tun0): Activation: successful, device activated.
Sep 6 12:32:16 MyMint dbus[823]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Sep 6 12:32:16 MyMint systemd[1]: Started Network Manager Script Dispatcher Service.
Sep 6 12:32:16 MyMint nm-dispatcher: req:1 'vpn-up' [tun0]: new request (1 scripts)
Sep 6 12:32:16 MyMint nm-dispatcher: req:1 'vpn-up' [tun0]: start running ordered scripts...
Sep 6 12:32:16 MyMint nm-dispatcher: req:2 'up' [tun0]: new request (1 scripts)
Sep 6 12:32:16 MyMint nm-dispatcher: req:2 'up' [tun0]: start running ordered scripts...
Sep 6 12:32:16 MyMint ntpdate[31411]: the NTP socket is in use, exiting
Sep 6 12:32:17 MyMint ntpdate[31471]: the NTP socket is in use, exiting
Sep 6 12:32:17 MyMint ntpdate[31530]: the NTP socket is in use, exiting
Sep 6 12:32:18 MyMint ntpd[1364]: Listen normally on 28 tun0 172.a.b.4:123
Sep 6 12:32:18 MyMint ntpd[1364]: Listen normally on 29 tun0 [fe80::a1e0:e276:5803:2ce5%9]:123
Sep 6 12:32:18 MyMint ntpd[1364]: new interface(s) found: waking up resolver
답변1
이는 NetworkManager의 오랜 버그입니다. 그것은몇 년 전에 우분투에보고되었습니다,그리고업스트림 보고, 그러나 지금까지 업스트림 프로젝트의 어느 누구도 이를 수행하지 않았습니다.
이 문제는 제가 직접 겪었기 때문에 내부에 /etc/NetworkManager/dispatcher.d/01vpnbypass.sh경로 자체를 추가하고 제거하는 스케줄러 스크립트를 작성하여 해결했습니다. 이것은 성가신 해결 방법이지만 작동합니다.
#!/bin/bash
# These networks will bypass the VPN
v4subnets="5.42.160.0/19 24.105.0.0/18 37.244.0.0/18 59.153.40.0/22 103.4.114.0/23 103.198.32.0/23 137.221.64.0/18 158.115.192.0/19 185.60.112.0/22 198.74.32.0/21 198.74.40.0/23 202.9.66.0/23"
v6subnets="2a04:e800::/29 2401:ef00::/32 2620:10b:9000::/44"
IF=$1
STATUS=$2
v4gateway=$(ip r s default | grep -v $IF | awk '{print $3}')
v4device=$(ip r s default | grep -v $IF | awk '{print $5}')
v6gateway=$(ip -6 r s default | grep -v $IF | awk '{print $3}')
v6device=$(ip -6 r s default | grep -v $IF | awk '{print $5}')
if [ "$IF" == "tun0" ]
then
case "$2" in
vpn-up)
for v4subnet in $v4subnets; do
ip r add $v4subnet via $v4gateway dev $v4device
done
for v6subnet in $v6subnets; do
ip -6 r add $v6subnet via $v6gateway dev $v4device
done
;;
vpn-down)
for v4subnet in $v4subnets; do
ip r del $v4subnet via $v4gateway dev $v4device
done
for v6subnet in $v6subnets; do
ip -6 r del $v6subnet via $v6gateway dev $v4device
done
;;
*)
;;
esac
fi