以下操作会更改客户端的网络环境,除非你知道自己在做什么,请谨慎操作!
$ ip route add SERVER_IP/32 dev eth0 # 请根据实际情况替换SERVER_IP和eth0
$ ip route del default # 删除默认的路由
$ ip route add default via 192.168.123.2 # 使用新的默认路由
按照以上配置后,在CLIENT访问百度是正常的,但是访问google.com出现证书错误,但是在SERVER端是正常的。
$curl https://www.google.com
curl: (60) SSL: no alternative certificate subject name matches target host name 'www.google.com'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
ginuerzh
commented
1 year ago
按照下面链接配置tun:https://v2.gost.run/tuntap/,客户端加上default 路由后,在客户端访问google.com 出现证书错误。服务端
开启IP转发并设置防火墙规则
$ sysctl -w net.ipv4.ip_forward=1
$ iptables -t nat -A POSTROUTING -s 192.168.123.0/24 ! -o tun0 -j MASQUERADE $ iptables -A FORWARD -i tun0 ! -o tun0 -j ACCEPT $ iptables -A FORWARD -o tun0 -j ACCEPT 客户端
设置路由规则
以下操作会更改客户端的网络环境,除非你知道自己在做什么,请谨慎操作! $ ip route add SERVER_IP/32 dev eth0 # 请根据实际情况替换SERVER_IP和eth0 $ ip route del default # 删除默认的路由 $ ip route add default via 192.168.123.2 # 使用新的默认路由
按照以上配置后,在CLIENT访问百度是正常的,但是访问google.com出现证书错误,但是在SERVER端是正常的。 $curl https://www.google.com curl: (60) SSL: no alternative certificate subject name matches target host name 'www.google.com' More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.