Test the OpenVPN encrypted tunnel on a single machine and solve the problem
In fact, the relationship between this article and OpenVPN is not very large, but the problems exposed during the OpenVPN test. This article contains many details about IP routing and conntrack.
If you ping the IP address configured on a network card, the result will not pass through the network card because in the routing module, the protocol stack will find that this is actually communicating with itself, so it will directly bypass the real Nic. Now I want to add OpenVPN. The packet is sent through the path shown in the figure below, but in fact it does not. The cause comment is also shown in the figure:
No matter how you use OpenVPN for isolation, the protocol stack still finds that the IP address on tun1 is one of the local IP addresses. In fact, conntrack1 and conntrack2 are the same conntrack stored in the same place. Although it is the same conntrack, it is processed twice on the same machine, for conntrack1 and conntrack2. Although there is no problem, have I changed the conntrack module? After the change, the problem occurs, Because I cache the route information in the conntrack struct. As a result, the routing information of conntrack1 and conntrack2 is obviously not the same, so there will be problems. In this scenario, you cannot use conntrack to cache route information.
As shown in, the cause of the error has been given, and some additional analysis has been done. What is the correct method? Given:
VcD48cD48aW1nIHNyYz0 = "http://www.2cto.com/uploadfile/Collfiles/20150112/201501120947046.jpg" alt = ""/>