Test the OpenVPN encrypted tunnel on a single machine and solve the problem

Source: Internet
Author: User

Test the OpenVPN encrypted tunnel on a single machine and solve the problem
In fact, the relationship between this article and OpenVPN is not very large, but the problems exposed during the OpenVPN test. This article contains many details about IP routing and conntrack.
If you ping the IP address configured on a network card, the result will not pass through the network card because in the routing module, the protocol stack will find that this is actually communicating with itself, so it will directly bypass the real Nic. Now I want to add OpenVPN. The packet is sent through the path shown in the figure below, but in fact it does not. The cause comment is also shown in the figure:



No matter how you use OpenVPN for isolation, the protocol stack still finds that the IP address on tun1 is one of the local IP addresses. In fact, conntrack1 and conntrack2 are the same conntrack stored in the same place. Although it is the same conntrack, it is processed twice on the same machine, for conntrack1 and conntrack2. Although there is no problem, have I changed the conntrack module? After the change, the problem occurs, Because I cache the route information in the conntrack struct. As a result, the routing information of conntrack1 and conntrack2 is obviously not the same, so there will be problems. In this scenario, you cannot use conntrack to cache route information.
As shown in, the cause of the error has been given, and some additional analysis has been done. What is the correct method? Given:


VcD48cD48aW1nIHNyYz0 = "http://www.2cto.com/uploadfile/Collfiles/20150112/201501120947046.jpg" alt = ""/>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.