设置完之后,anyconnect可以连接成功,但是无法访问google.com,请问该如何解决?或者说该如何排查?下面是服务器配置信息和服务...
设置完之后,anyconnect可以连接成功,但是无法访问google.com,请问该如何修复这个问题?或者说如何排查这个问题?下面是我部署的服务器配置信息和服务状态。
root@xxx:~# ufw status
Status: inactive
连接成功时的路由表
default via 181.214.136.1 dev eth0 proto static
10.12.0.86 dev vpns0 proto kernel scope link src 10.12.0.1
181.214.136.0/24 dev eth0 proto kernel scope link src 181.214.136.245
网卡信息
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
link/ether bc:24:11:ba:a9:68 brd ff:ff:ff:ff:ff:ff
altname enp0s18
altname ens18
inet 181.214.136.245/24 brd 181.214.136.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a12:f8c1:50:8::1124/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::be24:11ff:feba:a968/64 scope link
valid_lft forever preferred_lft forever
17: vpns0: <POINTOPOINT,UP,LOWER_UP> mtu 1392 qdisc fq state UNKNOWN group default qlen 500
link/none
inet 10.12.0.1 peer 10.12.0.86/32 scope global vpns0
valid_lft forever preferred_lft forever
inet6 fe80::ef03:f3a7:d7ab:dd7c/64 scope link stable-privacy
valid_lft forever preferred_lft forever
ocserv 日志
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* suggesting DPD of 300 secs
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* configured link MTU is 1420
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* peer's link MTU is 1500
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* sending IPv4 10.12.0.86
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* adding DNS 8.8.8.8
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* adding DNS 1.1.1.1
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* adding special split DNS for Apple
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* Link MTU is 1420 bytes
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* selected DTLS compression method lzs
Aug 08 06:08:23 adolph ocserv[72628]: worker[passfirewall]: *.*.*.* selected CSTP compression method lzs
ocserv 配置
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
enable-auth = "certificate"
tcp-port = 443
run-as-user = nobody
run-as-group = daemon
socket-file = /run/ocserv.socket
server-cert = /root/.acme.sh/passfirewall.xyz_ecc/passfirewall.xyz.cer
server-key = /root/.acme.sh/passfirewall.xyz_ecc/passfirewall.xyz.key
ca-cert = /etc/ocserv/cert/ca-cert.pem
isolate-workers = true
max-clients = 1024
max-same-clients = 0
server-stats-reset-time = 604800
keepalive = 300
dpd = 60
mobile-dpd = 300
switch-to-tcp-timeout = 25
try-mtu-discovery = true
cert-user-oid = 0.9.2342.19200300.100.1.1
crl = /etc/ocserv/cert/crl.pem
compression = true
no-compress-limit = 256
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"
auth-timeout = 240
idle-timeout = 1200
mobile-idle-timeout = 1800
min-reauth-time = 300
max-ban-score = 80
ban-reset-time = 300
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /run/ocserv.pid
device = vpns
predictable-ips = true
default-domain = example.com
ipv4-network = 10.12.0.0
ipv4-netmask = 255.255.255.0
dns = 8.8.8.8
dns = 1.1.1.1
ping-leases = false
mtu = 1420
cisco-client-compat = true
dtls-legacy = true