之前在网站中看到有人提出问题"如何知道资料是否有正常的走vpn?",我之前也有这样的疑问,经过简单的资料寻找,再参考gvpe的说明,有几个方法可以知道gvpe是否运作正常。
1、tcpdump:这是最直接的想法,直接sniffer 虚拟网卡(vpn0),使用类似下列的指令
tcpdump -i vpn0 -vv
tcpdump: listening on vpn0, link-type EN10MB (Ethernet), capture size 96 bytes
13:35:57.530767 IP (tos 0x0, ttl 127, id 42249, offset 0, flags [DF], proto: TCP (6), length: 50) 192.168.14.8.1027 > 192.168.11.25.ftp: P, cksum 0x6baf (correct), 1147511673:1147511683(10) ack 3847595045 win 16887
13:35:57.603298 IP (tos 0x0, ttl 63, id 28938, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.11.25.ftp > 192.168.14.8.1027: ., cksum 0x8916 (correct), 1:1(0) ack 10 win 5840
....
用dmesg看系统留下的log
dmesg
device vpn0 entered promiscuous mode
audit(126404129.464:5): dev=vpn0 prom=256 old_prom=0 auid=494967295 ses=494967295
.....
2、iptstate:因为系统中另外运行iptables,所以有可用iptstate,透过监控iptables的运作看到gvpe的运作,使用类似下列的指令:
iptstate -s
IP Tables State Top -- Sort by: SrcIP
Source Destination Proto State TTL
......
192.168.14.8:1521 192.168.11.25:40705 tcp TIME_WAIT 0:01:26
192.168.14.8:1519 192.168.11.25:52395 tcp TIME_WAIT 0:01:22
192.168.14.8:1027 192.168.11.25:21 tcp ESTABLISHED 119:59:27
3、gvpe的启动选项:gvpe启动方式中有提到"-l"就是留下log,範例中是使用"-linfo",这个只有简单的连线、断线的讯息,而"-lnoise"会留下更多讯息,我就是用这个选项发现设定档中有错误的。一般使用类似指令可以在messages看到gvpe运作的讯息,syslog.conf里要设定类似这样kern.* /var/log/messages
gvpe -D -L -lnoise <node name> 2>&1tail -f /var/log/messages
<<?/icmp/xxx.yyy.zzz.mmm:0 received possible vpn packet type 1 from 1 to 3, length 102.
<node name> >> received packet type 1 from 1 to 3.
<<?/icmp/xxx.yyy.zzz.mmm:0 received possible vpn packet type 1 from 1 to 3, length 86.
<node name> >> received packet type 1 from 1 to 3.
<<?/icmp/xxx.yyy.zzz.mmm:0 received possible vpn packet type 1 from 1 to 3, length 86.
<node name> >> received packet type 1 from 1 to 3.
......