Test the OpenVPN encrypted tunnel on a single machine and solve the problem

Test the OpenVPN encrypted tunnel on a single machine and solve the problem

In fact, the relationship between this article and OpenVPN is not very large, but the problems exposed during the OpenVPN test. This article contains many details about IP routing and conntrack.

Sometimes, to save on the machine, I want to simulate multiple devices on one device. Of course, you can use the network namespace, but my kernel version does not support it... so I want to use the protocol stack method. At this time, the problem to be solved is not less than when programmers write multi-threaded programs. You need to know what is shared, what is exclusive, and when the field will be modified by what module... and so on...

If you ping the IP address configured on a network card, the result will not pass through the network card because in the routing module, the protocol stack will find that this is actually communicating with itself, so it will directly bypass the real Nic. Now I want to add OpenVPN. The packet is sent through the path shown in the figure below, but in fact it does not. The cause comment is also shown in the figure:

No matter how you use OpenVPN for isolation, the protocol stack still finds that the IP address on tun1 is one of the local IP addresses. In fact, conntrack1 and conntrack2 are the same conntrack stored in the same place. Although it is the same conntrack, it is processed twice on the same machine, for conntrack1 and conntrack2. Although there is no problem, have I changed the conntrack module? After the change, the problem occurs, Because I cache the route information in the conntrack struct. As a result, the routing information of conntrack1 and conntrack2 is obviously not the same, so there will be problems. In this scenario, you cannot use conntrack to cache route information.

As shown in, the cause of the error has been given, and some additional analysis has been done. What is the correct method? Given:

OpenVPN client configuration tutorial in Ubuntu

Build OpenVPN in Ubuntu 10.04

Ubuntu 13.04 VPN (OpenVPN) configuration and connection cannot access the Intranet and Internet at the same time

How to build a secure remote network architecture using OpenVPN in Linux

Setting up an OpenVPN Server on Ubuntu Server 14.04 to protect your privacy

OpenVPN details: click here
OpenVPN: click here

This article permanently updates the link address: