search

rssnsj / minivtun

A fast, secure and reliable VPN service based on non-standard protocol
GNU General Public License v3.0
246 stars 102 forks source link

如何通过minivtun访问google, facebook等 #22

Closed gavinshao closed 6 years ago

gavinshao commented 6 years ago

sever (aws vps ): /usr/sbin/minivtun -l 0.0.0.0:555 -a 10.7.0.1/24 -e password -n mv0 -v 172.31.0.1/20=10.7.0.23 server 内网ip172.31.12.87 client :(Gateway 192.168.0.1):/usr/sbin/minivtun -r vpn.aigg.shop:555 -a 10.7.0.23/24 -e password -n mv0 -d client :ip route replace 52.53.223.4/32 dev eth0 via 192.168.0.1 ip route change default dev mv0 via 10.7.0.164 bytes from 172.31.12.87: icmp_seq=697 ttl=255 time=184 ms

64 bytes from 10.7.0.1: icmp_seq=1 ttl=255 time=167 ms 64 bytes from 10.7.0.1: icmp_seq=2 ttl=255 time=167 ms 64 bytes from 10.7.0.1: icmp_seq=3 ttl=255 time=167 ms 64 bytes from 10.7.0.1: icmp_seq=4 ttl=255 time=167 ms 64 bytes from 10.7.0.1: icmp_seq=5 ttl=255 time=168 ms 64 bytes from 10.7.0.1: icmp_seq=6 ttl=255 time=168 ms 64 bytes from 10.7.0.1: icmp_seq=7 ttl=255 time=167 ms

64 bytes from 172.31.12.87: icmp_seq=698 ttl=255 time=184 ms 64 bytes from 172.31.12.87: icmp_seq=699 ttl=255 time=184 ms 64 bytes from 172.31.12.87: icmp_seq=700 ttl=255 time=184 ms 64 bytes from 172.31.12.87: icmp_seq=701 ttl=255 time=184 ms 64 bytes from 172.31.12.87: icmp_seq=702 ttl=255 time=184 ms

以上独能ping通,但ping www.google.com 不可以,要怎么配置

boytm commented 6 years ago

本地 Linux minivtun 启动后,还需要添加路由:

  1. 获取一份 US 或者 非大陆 的路由表,可以直接参考 chnroute 项目 https://raw.githubusercontent.com/sabersalv/freedom-routes/dist/linux.tar.gz

  2. 类似下面逐个添加路由。

    ip route add net/mask via 10.7.0.1 dev  mv0

    其实上面项目有现成 routes-up.sh 直接执行应该就好。不行就稍微修改下里面 gateway 语法

gavinshao commented 6 years ago

@boytm 在client上执行了routes-up.sh,但还是ping不通www.google.com ,你提到“不行就稍微修改下里面 gateway 语法”,对这个也是一知半解,不知如何下手,请再帮助下。谢谢!

boytm commented 6 years ago

更正一下,上面 https://github.com/sabersalv/freedom-routes 下载出来的 routes-up.sh 是 大陆路由表 所以操作应该变为

# 加载大陆路由表,使用默认路由
sh routes-up.sh          
# 限定 minivtun server 流量继续走默认路由
ip route replace 52.53.223.4/32 dev eth0 via 192.168.0.1
# 更换  大陆、minivtun server  之外的所有流量走 minivtun VPN 通道
ip route  replace default via 10.7.0.1

然后把电脑 DNS 改为 8.8.8.8 就可以访问了 Facebook 了。

gavinshao commented 6 years ago

sever : /usr/sbin/minivtun -l 0.0.0.0:1194 -a 10.7.0.1/24 -e password -n mv0 client: /usr/sbin/minivtun -r {server_vps_ip}:1194 -a 10.7.0.23/24 -e password -n tun0 -d linux 下执行以下: /sbin/ip route add {server_vps_ip}/32 via 192.168.0.1 /sbin/ip route add 0.0.0.0/1 via 10.7.0.23 /sbin/ip route add 128.0.0.0/1 via 10.7.0.23 /sbin/ip route add 10.7.0.1/32 via 10.7.0.23 mac 下执行以下: sudo route add -net {server_vps_ip}/32 192.168.0.1 sudo route add -net 0.0.0.0/1 10.7.0.23 sudo route add -net 128.0.0.0/1 10.7.0.23 sudo route add -net 10.7.0.1/32 10.7.0.23