이상한 문제가 있습니다. Archlinux의 마지막 업데이트까지는 모든 것이 잘 작동했습니다.
내 ufw 방화벽은 tun0과 기본 openvpn IP(openvpn 첫 번째 연결에 사용됨)를 제외한 모든 것을 차단하도록 설정되어 있습니다! 완벽해요. VPN을 꺼도 누출이 없어요...
하지만 업데이트한 후에 openvpn은 아무런 진전이 없었습니다. 모든 구성(네트워크/openvpn/ufw)을 재설정하려고 시도했지만 아무 효과가 없었습니다. 이제 ufw를 비활성화해야하는데 정말 귀찮습니다.
OpenVPN은 모든 것이 괜찮다고 말하지만 내 IP는 여전히 기본 ISP 라우터입니다. 모든 트래픽이 tun0 대신 enp3s0을 통과하는 것 같습니다.
[root@user ~]# sudo systemctl status openvpn@Netherlands
● [email protected] - OpenVPN connection to Netherlands
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled)
Drop-In: /etc/systemd/system/[email protected]
└─restart.conf
Active: active (running) since dim. 2014-08-03 00:50:10 CEST; 8s ago
Process: 7401 ExecStart=/usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/%i.conf --daemon openvpn@%i --writepid /run/openvpn@%i.pid (code=exited, status=0/SUCCESS)
Main PID: 7402 (openvpn)
CGroup: /system.slice/system-openvpn.slice/[email protected]
└─7402 /usr/bin/openvpn --cd /etc/openvpn --config /etc/openvpn/Netherlands.conf --daemon openvpn@Netherlands --writepid /run/[email protected]
août 03 00:50:10 user openvpn@Netherlands[7402]: UDPv4 link local: [undef]
août 03 00:50:10 user openvpn@Netherlands[7402]: UDPv4 link remote: [AF_INET]109.xx.xx.xx:1194
août 03 00:50:10 user openvpn@Netherlands[7402]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
août 03 00:50:10 user openvpn@Netherlands[7402]: [VPN] Peer Connection Initiated with [AF_INET]109.xx.xx.xx:1194
août 03 00:50:12 user openvpn@Netherlands[7402]: TUN/TAP device tun0 opened
août 03 00:50:12 user openvpn@Netherlands[7402]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
août 03 00:50:12 user openvpn@Netherlands[7402]: /usr/bin/ip link set dev tun0 up mtu 1500
août 03 00:50:12 user openvpn@Netherlands[7402]: /usr/bin/ip addr add dev tun0 local 10.192.1.6 peer 10.192.1.5
août 03 00:50:12 user openvpn@Netherlands[7402]: Initialization Sequence Completed
[root@user ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 1024 0 0 enp3s0
10.192.1.1 10.192.1.5 255.255.255.255 UGH 20 0 0 tun0
10.192.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
109.xx.xx.xx 192.168.1.1 255.255.255.255 UGH 0 0 0 enp3s0
128.0.0.0 10.192.1.5 128.0.0.0 UG 20 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0
[root@user ~]# ifconfig
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9000
inet 192.168.1.111 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::12bf:48ff:fe7d:a5cc prefixlen 64 scopeid 0x20<link>
ether 10:bf:48:7d:a5:cc txqueuelen 1000 (Ethernet)
RX packets 13226 bytes 7955537 (7.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12985 bytes 2539362 (2.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 8581 bytes 34060996 (32.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8581 bytes 34060996 (32.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.192.1.6 netmask 255.255.255.255 destination 10.192.1.5
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 42 bytes 27761 (27.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 61 bytes 7072 (6.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0user
답변1
마침내 네트워크 설정을 재설정하기로 결정했습니다.
- openvpn/dhclient/networkmanager/iptables/ufw(및 모든 관련 패키지)를 제거하고 구성을 삭제했습니다.
- dhcpcd가 설치됨
- 재시작
- openvpn/iptables/ufw 설치
- 재시작
모든 것이 다시 정상으로 돌아왔습니다! :)