因工作原因,我需要使用 ubuntu 通过 vpn 连接 到国外的网络。 使用 windows 设置 vpn client 非常容易就成功了,但是在ubuntu下, 按照教程反复试了很多次也没有成功, 最终使用命令行的方式连接成功了。
因为涉及到许多网络操作, 感觉还是比较有价值, 特此记录一下:
第一步:安装 ubuntu 客户端软件
~ sudo apt-get install pptp-linux正常情况下, 该软件应该是已经安装好了的。
第二步: 查看网络配置
~ ifconfig结果大致如下:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:255 errors:0 dropped:0 overruns:0 frame:0
TX packets:255 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:52525 (52.5 KB) TX bytes:52525 (52.5 KB)
p3p1 Link encap:Ethernet HWaddr b0:83:fe:84:2e:60
inet addr:192.168.2.182 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::b283:feff:fe84:2e60/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:998 errors:0 dropped:0 overruns:0 frame:0
TX packets:1023 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:389146 (389.1 KB) TX bytes:207345 (207.3 KB)查看路由信息
~ route -n信息如下:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 p3p1
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 p3p1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 p3p1列出路由表条目
~ ip route show结果如下:
169.254.0.0/16 dev p3p1 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.2.0/24 dev p3p1 proto kernel scope link src 192.168.2.182 建立 vpn 链接
现在, 让我们建立一个名为 myvpn 的连接
~ sudo pptpsetup --create myvpn --server xxx.xxx.xxx.xxx --username xx1--password xx2 --encrypt --start返回结果如下, 显示成功连接
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
CHAP authentication succeeded
local IP address 192.168.1.211
remote IP address 192.168.1.2成功连接到远程VPN服务器。
刚才的命令, 会在 /etc/ppp/peers 目录下, 会生成一个叫myvpn的文件。
在/etc/ppp目录下面,用户名和密码会写在chap-secrets文件中。
测试测试VPN
安装traceroute
~ sudo apt-get install traceroute 查看路由细节
~ traceroute www.163.com返回结果如下:
traceroute to www.google.com (8.7.198.45), 30 hops max, 60 byte packets
1 192.168.2.1 (192.168.2.1) 0.367 ms 0.363 ms 0.368 ms
2 111.204.38.33 (111.204.38.33) 3.002 ms 3.789 ms 4.499 ms
3 * * *
4 124.65.63.249 (124.65.63.249) 1.476 ms 1.952 ms 1.972 ms
5 123.126.8.169 (123.126.8.169) 2.234 ms 124.65.57.113 (124.65.57.113) 3.730 ms 3.731 ms
6 * * *
7 * 219.158.112.46 (219.158.112.46) 42.740 ms *
8 219.158.103.42 (219.158.103.42) 42.498 ms 219.158.24.126 (219.158.24.126) 40.778 ms 40.793 ms
9 219.158.24.134 (219.158.24.134) 40.229 ms 40.226 ms 40.200 ms
10 219.158.96.30 (219.158.96.30) 196.130 ms 195.833 ms 195.793 ms
11 * * *我们发现虽然VPN已经连接成功,但是路由没有通过VPN上网,第1跳还是localhost (192.168.2.1)
再查看网络连接配置
~ ifconfig返回结果如下:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:405 errors:0 dropped:0 overruns:0 frame:0
TX packets:405 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:104287 (104.2 KB) TX bytes:104287 (104.2 KB)
p3p1 Link encap:Ethernet HWaddr b0:83:fe:84:2e:60
inet addr:192.168.2.182 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::b283:feff:fe84:2e60/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8762 errors:0 dropped:0 overruns:0 frame:0
TX packets:7325 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3815784 (3.8 MB) TX bytes:1856716 (1.8 MB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.1.211 P-t-P:192.168.1.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1460 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:342 (342.0 B) TX bytes:46 (46.0 B)查看 路由表
~ route -n返回
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 p3p1
124.205.150.18 192.168.2.1 255.255.255.255 UGH 0 0 0 p3p1
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 p3p1
192.168.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 p3p1列出路由表条目
ip route showdefault via 192.168.2.1 dev p3p1
124.205.150.18 via 192.168.2.1 dev p3p1 src 192.168.2.182
169.254.0.0/16 dev p3p1 scope link metric 1000
192.168.1.2 dev ppp0 proto kernel scope link src 192.168.1.211
192.168.2.0/24 dev p3p1 proto kernel scope link src 192.168.2.182 我们发现默认路由是指向eth0, 我们要修改路由配置, 使其指向ppp0
修改路由配置
修改路由命令
~ sudo ip route del default
~ sudo ip route add default dev ppp0
再看看路由信息
~ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
124.205.150.18 192.168.2.1 255.255.255.255 UGH 0 0 0 p3p1
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 p3p1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 p3p1~ ip route
default dev ppp0 scope link
124.205.150.18 via 192.168.2.1 dev p3p1 src 192.168.2.182
169.254.0.0/16 dev p3p1 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.1.2 dev ppp0 proto kernel scope link src 192.168.1.211
192.168.2.0/24 dev p3p1 proto kernel scope link src 192.168.2.182 ~ traceroute www.google.com
traceroute to www.google.com (4.35.153.251), 30 hops max, 60 byte packets
traceroute to www.google.com (4.35.153.251), 30 hops max, 60 byte packets
1 192.168.1.2 (192.168.1.2) 79.715 ms 80.120 ms 80.113 ms
2 67.203.7.193.rdns.ColocationAmerica.com (67.203.7.193) 82.697 ms 82.829 ms 83.315 ms
3 * * *
4 67.203.3.161.rdns.ColocationAmerica.com (67.203.3.161) 232.638 ms 232.631 ms 232.624 ms
5 * * *
6 tge4-1.cr2.lax.multacom.com (208.64.231.6) 265.099 ms 256.633 ms 242.120 ms
7 los-edge-07.inet.qwest.net (65.153.29.221) 246.835 ms 246.829 ms 246.823 ms
8 los-brdr-01.inet.qwest.net (67.14.102.110) 233.854 ms los-brdr-01.inet.qwest.net (67.14.102.114) 233.992 ms 233.986 ms查看第一跳, 已经通过VPN实现路由。
这个时候, 你如果使用浏览器访问 google 的话, 可以发现已经成功翻墙了。
停止VPN
~ poff myvpn再ping网站, 发现网络出现问题。
ping: unknown host www.google.com~ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
124.205.150.18 192.168.2.1 255.255.255.255 UGH 0 0 0 p3p1
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 p3p1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 p3p1~ ip route
124.205.150.18 via 192.168.2.1 dev p3p1 src 192.168.2.182
169.254.0.0/16 dev p3p1 scope link metric 1000
192.168.2.0/24 dev p3p1 proto kernel scope link src 192.168.2.182重置路由
~ sudo ip route add default via 192.168.1.1这样, 就有可以上网了。
通过ip-up, ip-down 配置路由
~ sudo vi /etc/ppp/ip-up.d/route-traffic#!/bin/bash
/sbin/ip route add 50.116.27.194 via 192.168.1.1
/sbin/ip route del default
/sbin/ip route add default dev ppp0~ sudo vi /etc/ppp/ip-down.d/disableroute#!/bin/bash
/sbin/ip route add default via 192.168.1.1重启VPN连接
~ sudo pon myvpn正常退出
~ sudo poff myvpn