由于很多原因, 经常会使用 VPN. VPN 有很多优点, 比如安全, 比如可以避开一些不必要的麻烦. 不过 VPN 也带来一些新麻烦, 例如, 访问一些本地服务器速度往往会慢很多.
如何才能让部分数据包走 VPN, 部分走本地网呢?
经过分析, 发现一般 VPN 客户端在 VPN 连接建立后, 会修改路由表添加一个默认路由, 让所有的数据包都走 VPN. 如果对路由表进行相应调整, 应该可以达到目的.
连接 VPN 前的路由表
$ route print
...
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.235.1 192.168.235.1 30
192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 20
192.168.1.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.4 192.168.1.4 20
192.168.20.0 255.255.255.0 192.168.20.1 192.168.20.1 20
192.168.20.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.20.255 255.255.255.255 192.168.20.1 192.168.20.1 20
192.168.235.0 255.255.255.0 192.168.235.1 192.168.235.1 20
192.168.235.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.235.255 255.255.255.255 192.168.235.1 192.168.235.1 20
224.0.0.0 240.0.0.0 192.168.1.4 192.168.1.4 20
224.0.0.0 240.0.0.0 192.168.20.1 192.168.20.1 20
224.0.0.0 240.0.0.0 192.168.235.1 192.168.235.1 20
255.255.255.255 255.255.255.255 192.168.1.4 192.168.1.4 1
255.255.255.255 255.255.255.255 192.168.20.1 192.168.20.1 1
255.255.255.255 255.255.255.255 192.168.235.1 6 1
255.255.255.255 255.255.255.255 192.168.235.1 4 1
255.255.255.255 255.255.255.255 192.168.235.1 192.168.235.1 1
255.255.255.255 255.255.255.255 192.168.235.1 8 1
255.255.255.255 255.255.255.255 192.168.235.1 7 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
到 yun09.com 的路径
$ tracert yun09.com
Tracing route to yun09.com [220.198.249.163]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.1.1
2 48 ms 49 ms 48 ms xxx.30.144.1
3 43 ms 44 ms 44 ms xxx.15.150.125
4 71 ms 44 ms 43 ms xxx.133.30.230
5 47 ms 46 ms 46 ms xxx.145.47.90
6 47 ms 47 ms 48 ms xxx.97.60.210
7 * * * Request timed out.
8 79 ms 79 ms 78 ms xxx.158.5.205
9 121 ms 121 ms 121 ms xxx.158.4.82
10 130 ms 132 ms 131 ms xxx.158.14.238
11 130 ms 130 ms 130 ms xxx.80.0.66
12 127 ms 126 ms 126 ms xxx.80.2.86
13 136 ms 138 ms 132 ms xxx.4.224.14
14 136 ms 136 ms 137 ms xxx.4.224.174
15 125 ms 125 ms 125 ms xxx.198.249.163
Trace complete.
连接 VPN 后的路由表
$ route print
...
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.4.52.206 1
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 1
10.0.0.0 255.0.0.0 10.4.52.206 10.4.52.206 1
10.4.52.206 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.4.52.206 10.4.52.206 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
130.158.6.85 255.255.255.255 192.168.1.1 192.168.1.4 1
169.254.0.0 255.255.0.0 192.168.235.1 192.168.235.1 30
192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 20
192.168.1.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.4 192.168.1.4 20
192.168.20.0 255.255.255.0 192.168.20.1 192.168.20.1 20
192.168.20.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.20.255 255.255.255.255 192.168.20.1 192.168.20.1 20
192.168.235.0 255.255.255.0 192.168.235.1 192.168.235.1 20
192.168.235.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.235.255 255.255.255.255 192.168.235.1 192.168.235.1 20
224.0.0.0 240.0.0.0 10.4.52.206 10.4.52.206 1
224.0.0.0 240.0.0.0 192.168.1.4 192.168.1.4 20
224.0.0.0 240.0.0.0 192.168.20.1 192.168.20.1 20
224.0.0.0 240.0.0.0 192.168.235.1 192.168.235.1 20
255.255.255.255 255.255.255.255 10.4.52.206 10.4.52.206 1
255.255.255.255 255.255.255.255 10.4.52.206 7 1
255.255.255.255 255.255.255.255 10.4.52.206 8 1
255.255.255.255 255.255.255.255 10.4.52.206 4 1
255.255.255.255 255.255.255.255 192.168.1.4 192.168.1.4 1
255.255.255.255 255.255.255.255 192.168.20.1 192.168.20.1 1
255.255.255.255 255.255.255.255 192.168.235.1 192.168.235.1 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None
到 yun09.com 的路径
$ tracert yun09.com
Tracing route to yun09.com [220.198.249.163]
over a maximum of 30 hops:
1 339 ms 339 ms 337 ms 10.0.0.1
2 341 ms 337 ms 337 ms univ-tsukuba-accc-axxx-gw.softether.co.jp [xxx.117.219.209]
3 348 ms 358 ms 352 ms est1bfxxx.vectant.ne.jp [xxx.139.126.26]
4 345 ms 355 ms 347 ms xxx-139-126-30.rv.vectant.ne.jp [xxx.139.126.30]
5 352 ms 351 ms 351 ms xxx-139-126-5.rv.vectant.ne.jp [xxx.139.126.5]
6 348 ms 348 ms 354 ms ae0.peer1.nihonbashi.vectant.ne.jp [xxx.139.128.226]
7 362 ms 360 ms 360 ms tky001bb10.iij.net [58.138.100.37]
8 358 ms 354 ms 358 ms tky008bf00.iij.net [58.138.80.9]
9 354 ms 349 ms 351 ms tky008bb01.iij.net [58.138.80.250]
10 349 ms 354 ms 351 ms tky010ix03.iij.net [58.138.105.182]
11 800 ms * * 210.130.133.70
12 803 ms 851 ms * 219.158.29.41
13 860 ms 862 ms 828 ms xxx.158.5.113
14 * 845 ms 867 ms xxx.158.12.17
15 877 ms 852 ms 874 ms xxx.158.10.214
16 864 ms 887 ms 878 ms xxx.80.0.66
17 1033 ms 873 ms 892 ms xxx.80.2.86
18 868 ms 858 ms 896 ms xxx.81.184.2
19 866 ms 871 ms 859 ms xxx.4.224.174
20 867 ms 851 ms 852 ms xxx.198.249.163
Trace complete.
修改路由表
$ route add 220.198.249.163 mask 255.255.255.255 192.168.1.1 metric 5
$ route change 0.0.0.0 mask 0.0.0.0 10.0.0.1 metric 10
$ route print
...
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.4.52.206 10
10.0.0.0 255.0.0.0 10.4.52.206 10.4.52.206 1
10.4.52.206 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.4.52.206 10.4.52.206 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
130.158.6.85 255.255.255.255 192.168.1.1 192.168.1.4 1
169.254.0.0 255.255.0.0 192.168.235.1 192.168.235.1 30
192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 20
192.168.1.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.4 192.168.1.4 20
192.168.20.0 255.255.255.0 192.168.20.1 192.168.20.1 20
192.168.20.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.20.255 255.255.255.255 192.168.20.1 192.168.20.1 20
192.168.235.0 255.255.255.0 192.168.235.1 192.168.235.1 20
192.168.235.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.235.255 255.255.255.255 192.168.235.1 192.168.235.1 20
220.198.249.163 255.255.255.255 192.168.1.1 192.168.1.4 5
224.0.0.0 240.0.0.0 10.4.52.206 10.4.52.206 1
224.0.0.0 240.0.0.0 192.168.1.4 192.168.1.4 20
224.0.0.0 240.0.0.0 192.168.20.1 192.168.20.1 20
224.0.0.0 240.0.0.0 192.168.235.1 192.168.235.1 20
255.255.255.255 255.255.255.255 10.4.52.206 10.4.52.206 1
255.255.255.255 255.255.255.255 10.4.52.206 7 1
255.255.255.255 255.255.255.255 10.4.52.206 8 1
255.255.255.255 255.255.255.255 10.4.52.206 4 1
255.255.255.255 255.255.255.255 192.168.1.4 192.168.1.4 1
255.255.255.255 255.255.255.255 192.168.20.1 192.168.20.1 1
255.255.255.255 255.255.255.255 192.168.235.1 192.168.235.1 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None
到 yun09.com 的路径
$ tracert yun09.com
Tracing route to yun09.com [220.198.249.163]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.1.1
2 48 ms 49 ms 48 ms xxx.30.144.1
3 43 ms 44 ms 44 ms xxx.15.150.125
4 71 ms 44 ms 43 ms xxx.133.30.230
5 47 ms 46 ms 46 ms xxx.145.47.90
6 47 ms 47 ms 48 ms xxx.97.60.210
7 * * * Request timed out.
8 79 ms 79 ms 78 ms xxx.158.5.205
9 121 ms 121 ms 121 ms xxx.158.4.82
10 130 ms 132 ms 131 ms xxx.158.14.238
11 130 ms 130 ms 130 ms xxx.80.0.66
12 127 ms 126 ms 126 ms xxx.80.2.86
13 136 ms 138 ms 132 ms xxx.4.224.14
14 136 ms 136 ms 137 ms xxx.4.224.174
15 125 ms 125 ms 125 ms xxx.198.249.163
可以看到, 现在到 yun09.com 的路径与连接 VPN 之前一样.