问题[networkmanager](server)

我已使用 nmcli 导入 o​​vpn 配置文件，它正确执行此操作：

nmcli connection import type openvpn file mycon.ovpn 

连接“mycon”（7ca383e3-ade9-4a8b-9402-16a93cd8f0e8）已成功添加

当我随后通过 GUI 检查连接时，一切似乎都是正确的。

该文件不包含用户名，因此我尝试使用修改命令更新连接：

nmcli connection modify mycon vpn.data username="myuser"

此命令也成功，只是当我现在查看“/etc/NetworkManager/system-connections/mycon.nmconnection”中的配置文件时，我可以看到整个 [vpn] 部分被完全覆盖：

[vpn]
username=myuser
service-type=org.freedesktop.NetworkManager.openvpn

据我在 nmcli 的文档中看到，这是不应该发生的。

系统详细信息：

❯ neofetch --off
xxxxx@ganymede 
--------------- 
OS: Pop!_OS 22.04 LTS x86_64 
Kernel: 6.4.6-76060406-generic 
Shell: zsh 5.8.1 
DE: GNOME 42.5 
WM: Mutter 
WM Theme: Pop 
Terminal: gnome-terminal 

我需要连接到 VPN，但我根本不是这方面的专家，所以如果有人可以帮助我，我将不胜感激。

我得到了以下数据，告诉我此信息用于“纯模式下的思科配置”。我将按字面意思粘贴电子邮件中的单词：

• 专用公共 IP：它显示一个以 9 结尾的 IP。我真的不知道这是为了什么...
• 远程：它显示一个域名。如果我检查它的 IP，我得到的 IP 与“专用公共 IP”中写的 IP 相同，但以 1 结尾。这是网关吗？
• PSK：好的，它显示了一个预共享密钥，但我没有字段可以写入它。
• 组名：组名。
• 用户：用户名。
• 密码：用户名的密码。

我正在使用 Kubuntu。有了这些数据，知道这件事的人，你应该在网络管理器中选择哪个VPN？

如果我选择Cisco AnyConnect Compatible VPN (openconnect)，我可以填写Gateway、CA Certificate、Proxy、User Certificate、Private Key ... 但没有 PSK、没有组、没有用户、没有密码。

如果我选择Cisco Compatible VPN (vpnc)，我可以填写Gateway，User name，User password，Group name，Group password（我没有给这个）...几乎，但没有PSK。

左边的 VPN 类型要求其他完全不同的字段。

我发现唯一能让我有机会填写 PSK 的 VPN 类型是第 2 层隧道协议 (L2TP)，在其高级设置中，但我无法指定其他数据，例如组。

谁能给我一个关于如何做的线索？

我尝试通过 IKEv2 手动连接到 surfshark VPN 提供商。这是日志

 charon-nm[5070]: 05[CFG] received initiate for NetworkManager connection Surfshark IKE2
 charon-nm[5070]: 05[CFG] using gateway identity 'ru-mos.prod.surfshark.com'
 charon-nm[5070]: 05[IKE] initiating IKE_SA Surfshark IKE2[1] to 92.38.138.139
 charon-nm[5070]: 05[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
 charon-nm[5070]: 05[NET] sending packet: from 192.168.2.35[35071] to 92.38.138.139[500] (1096 bytes)
 NetworkManager[4583]: <info>  [1636055533.4566] vpn-connection[0x56150178a510,6c89b390-d6ee-47d8-a547-346f75797487,"Surfshark IKE2",0]: VPN plugin: state changed: starting (3)
 charon-nm[5070]: 15[NET] received packet: from 92.38.138.139[500] to 192.168.2.35[35071] (38 bytes)
 charon-nm[5070]: 15[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
 charon-nm[5070]: 15[IKE] peer didn't accept DH group ECP_256, it requested ECP_521
 charon-nm[5070]: 15[IKE] initiating IKE_SA Surfshark IKE2[1] to 92.38.138.139
 charon-nm[5070]: 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
 charon-nm[5070]: 15[NET] sending packet: from 192.168.2.35[35071] to 92.38.138.139[500] (1164 bytes)
 charon-nm[5070]: 01[NET] received packet: from 92.38.138.139[500] to 192.168.2.35[35071] (332 bytes)
 charon-nm[5070]: 01[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
 charon-nm[5070]: 01[CFG] selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_521
 charon-nm[5070]: 01[IKE] local host is behind NAT, sending keep alives
 charon-nm[5070]: 01[IKE] sending cert request for "C=VG, O=Surfshark, CN=Surfshark Root CA"
 charon-nm[5070]: 01[IKE] establishing CHILD_SA Surfshark IKE2{1}
 charon-nm[5070]: 01[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
 charon-nm[5070]: 01[NET] sending packet: from 192.168.2.35[58480] to 92.38.138.139[4500] (438 bytes)
 charon-nm[5070]: 07[NET] received packet: from 92.38.138.139[4500] to 192.168.2.35[58480] (1248 bytes)
 charon-nm[5070]: 07[ENC] parsed IKE_AUTH response 1 [ EF(1/3) ]
 charon-nm[5070]: 07[ENC] received fragment #1 of 3, waiting for complete IKE message
 charon-nm[5070]: 08[NET] received packet: from 92.38.138.139[4500] to 192.168.2.35[58480] (1248 bytes)
 charon-nm[5070]: 08[ENC] parsed IKE_AUTH response 1 [ EF(2/3) ]
 charon-nm[5070]: 08[ENC] received fragment #2 of 3, waiting for complete IKE message
 charon-nm[5070]: 09[NET] received packet: from 92.38.138.139[4500] to 192.168.2.35[58480] (579 bytes)
 charon-nm[5070]: 09[ENC] parsed IKE_AUTH response 1 [ EF(3/3) ]
 charon-nm[5070]: 09[ENC] received fragment #3 of 3, reassembled fragmented IKE message (2949 bytes)
 charon-nm[5070]: 09[ENC] parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
 charon-nm[5070]: 09[IKE] received end entity cert "CN=ru-mos.prod.surfshark.com"
 charon-nm[5070]: 09[IKE] received issuer cert "C=VG, O=Surfshark, CN=Surfshark Intermediate CA"
 charon-nm[5070]: 09[CFG]   using certificate "CN=ru-mos.prod.surfshark.com"
 charon-nm[5070]: 09[CFG]   using untrusted intermediate certificate "C=VG, O=Surfshark, CN=Surfshark Intermediate CA"
 charon-nm[5070]: 09[CFG] checking certificate status of "CN=ru-mos.prod.surfshark.com"
 charon-nm[5070]: 09[CFG] certificate status is not available
 charon-nm[5070]: 09[CFG]   using trusted ca certificate "C=VG, O=Surfshark, CN=Surfshark Root CA"
 charon-nm[5070]: 09[CFG] checking certificate status of "C=VG, O=Surfshark, CN=Surfshark Intermediate CA"
 charon-nm[5070]: 09[CFG] certificate status is not available
 charon-nm[5070]: 09[CFG]   reached self-signed root ca with a path length of 1
 charon-nm[5070]: 09[IKE] authentication of 'ru-mos.prod.surfshark.com' with RSA_EMSA_PKCS1_SHA2_256 successful
 charon-nm[5070]: 09[IKE] server requested EAP_IDENTITY (id 0x00), sending 'mYidENtitY'
 charon-nm[5070]: 09[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
 charon-nm[5070]: 09[NET] sending packet: from 192.168.2.35[58480] to 92.38.138.139[4500] (90 bytes)
 charon-nm[5070]: 10[NET] received packet: from 92.38.138.139[4500] to 192.168.2.35[58480] (67 bytes)
 charon-nm[5070]: 10[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/PEAP ]
 charon-nm[5070]: 10[IKE] server requested EAP_PEAP authentication (id 0x01)
 charon-nm[5070]: 10[TLS] EAP_PEAP version is v0
 charon-nm[5070]: 10[ENC] generating IKE_AUTH request 3 [ EAP/RES/PEAP ]
 charon-nm[5070]: 10[NET] sending packet: from 192.168.2.35[58480] to 92.38.138.139[4500] (275 bytes)
 charon-nm[5070]: 11[NET] received packet: from 92.38.138.139[4500] to 192.168.2.35[58480] (1065 bytes)
 charon-nm[5070]: 11[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/PEAP ]
 charon-nm[5070]: 11[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 charon-nm[5070]: 11[ENC] generating IKE_AUTH request 4 [ EAP/RES/PEAP ]
 charon-nm[5070]: 11[NET] sending packet: from 192.168.2.35[58480] to 92.38.138.139[4500] (67 bytes)
 charon-nm[5070]: 12[NET] received packet: from 92.38.138.139[4500] to 192.168.2.35[58480] (1061 bytes)
 charon-nm[5070]: 12[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/PEAP ]
 charon-nm[5070]: 12[ENC] generating IKE_AUTH request 5 [ EAP/RES/PEAP ]
 charon-nm[5070]: 12[NET] sending packet: from 192.168.2.35[58480] to 92.38.138.139[4500] (67 bytes)
 charon-nm[5070]: 13[NET] received packet: from 92.38.138.139[4500] to 192.168.2.35[58480] (747 bytes)
 charon-nm[5070]: 13[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/PEAP ]
 charon-nm[5070]: 13[TLS] received TLS server certificate 'C=FR, ST=Radius, O=Example Inc., CN=Example Server Certificate, [email protected]'
 charon-nm[5070]: 13[TLS] received TLS intermediate certificate 'C=FR, ST=Radius, L=Somewhere, O=Example Inc., [email protected], CN=Example Certificate Authority'
 charon-nm[5070]: 13[CFG]   using certificate "C=FR, ST=Radius, O=Example Inc., CN=Example Server Certificate, [email protected]"
 charon-nm[5070]: 13[CFG]   using untrusted intermediate certificate "C=FR, ST=Radius, L=Somewhere, O=Example Inc., [email protected], CN=Example Certificate Authority"
 charon-nm[5070]: 13[CFG] subject certificate invalid (valid from Apr 12 17:41:01 2021 to Jun 11 17:41:01 2021)
 charon-nm[5070]: 13[TLS] no TLS public key found for server '%any'
 charon-nm[5070]: 13[TLS] sending fatal TLS alert 'certificate unknown'
 charon-nm[5070]: 13[ENC] generating IKE_AUTH request 6 [ EAP/RES/PEAP ]
 charon-nm[5070]: 13[NET] sending packet: from 192.168.2.35[58480] to 92.38.138.139[4500] (74 bytes)
 charon-nm[5070]: 14[NET] received packet: from 92.38.138.139[4500] to 192.168.2.35[58480] (65 bytes)
 charon-nm[5070]: 14[ENC] parsed IKE_AUTH response 6 [ EAP/FAIL ]
 charon-nm[5070]: 14[IKE] received EAP_FAILURE, EAP authentication failed

一切看起来都很好，直到在响应 5 我得到一些奇怪的证书。我不知道 PEAP 协议到底是如何进行的，以及在该步骤中应该发生什么，但连接在 Windows 上有效，所以我认为我这边有问题。

我在本地服务器上安装了 RedHat Enterprise Linux 8.4（最小安装），并遇到了一些与 docker 相关的问题。

然后我发现 /etc/resolv.conf 不见了。

执行“systemctl reload NetworkManager”后，文件已生成，docker 工作。

我不确定为什么我必须重新加载 NetworkManager 来创建 resolv.conf 以及我的网络是否正常工作。在 RHEL8 上有什么通用的方法可以做到这一点吗？

在禁用 netplan 并仅使用 NetworkManager 的 Pi 上运行 Ubuntu 20.04。让 wlan0 在 AP 模式下运行，并将以太网电缆连接到 Pi。

我希望与 wlan0 上的 wifi AP 建立连接，以便能够通过 eth0 访问互联网。

我相信这可以通过在 wlan0 和 eth0 之间转发流量来实现。

我已经尝试使用许多其他答案中提到的 iptables，但我似乎无法让它工作。这不起作用：iptables forwarding between two interface

有没有严格的 NetworkManager 方法来做到这一点？

注意：我已经使用 nmcli、iptables、brctl 和 ip 尝试了大约 10 个我在网上找到的演练。没有任何工作。如果我提供了一个能让这个工作正常的答案，我会给别人我所有的声誉。

我有一个包含 2 个 VLAN 的网络，一个用于个人设备的个人互连和互联网访问，另一个用于 IOT 设备等不受信任的设备。这是网络拓扑：

简而言之，我有两个子网和两个 VLAN。192.168.1.0/24 和 192.168.2.0/24 分别具有 VLAN 1 和 2。他们不允许相互交流。我有一个在 Ubuntu Server 20.04.02 LTS VM 上运行的 Jellyfin 服务器，它与一个静态 IP 192.168.1.223 的 Hyper-V 交换机桥接。它是反向代理的，以便于访问。（http://jellyfin/）。

我想让任何连接到 VPN (192.168.2.15) 的人都可以在浏览器中输入 Jellyfin 的 VM VLAN 2 IP (192.168.2.17) 并访问我的 jellyfin 服务器。我可以处理的 apache2 方面。我的问题始于我的 jellyfin 服务器似乎无法访问第二个 VLAN。我设置它：

sudo ip link add link eth0 name eth0.2 type vlan id 2

然后我编辑了 /etc/NetworkManager/NetworkManager.conf

[keyfile]
unmanaged-devices=*,except:type:wifi,except:type:wwan,except:type:ethernet,except:type:vlan

我添加了“除了：类型：vlan”。我重新启动了网络管理器。然后我打开 NMTUI 并将 eth0.2 设备设置为静态 IP 192.168.2.17，网关 192.168.2.1，DNS 192.168.2.1，子网 192.168.2.0/24

然后我激活了设备。

这打破了虚拟机的 DNS 记录，但我仍然能够从子网 1 上的任何设备访问 http://jellyfin/。我可以从 VLAN 1 ping 任何 IP 地址，但 VLAN 2 的主机目标无法访问。

关于如何改进的任何想法？如果有人问我，我愿意用更多信息来编辑它。谢谢！

谁能阐明我在下面列出的差异。也许可以解释为什么 NetworkManager 做的不同。请告知我们是否可以将 NetworkManager 更改为更像非 NetworkManager 场景。

两台 CentOS 7.8 服务器都使用 dhclient，但其中一台由 NetworkManager 控制。两者每隔几天都有相同的开关/NIC 关闭/向上事件（此时无法控制 - 出于多种原因，而且我们是远程的）

使用 NetworkManager 的服务器#0 在停机/停机后立即尝试请求 DHCP。它无法从 DHCP 获得任何响应（另一个交换机问题），然后取消 DHCP 事务并将状态更改为超时。然后它什么也不做，除非重新启动 NetworkManager（显然这只能在控制台完成）。请看下面的整个序列。

未使用 NetworkManager 的服务器#1 通过这些停机/停机中断恢复正常，似乎它只是在整个 NIC 停机时保持其租约，甚至不更新 NIC，只是继续使用它的 IP！稍后，它能够以常规租用超时间隔更新 DHCP。请看下面的整个序列。

请让我知道我是否可以将 NetworkManager 更改为更像普通的 dhclient。也许可以将其配置为在关闭/启动后仅保留当前租约，并以常规租约超时间隔续订？谢谢！！

服务器#0：

-- Last regular DHCP renew:
Feb 26 09:31:21 server0 dhclient[4766]: DHCPREQUEST on enp96s0f0 to 10.20.20.131 port 67 (xid=0x58eefe09)
Feb 26 09:31:21 server0 dhclient[4766]: DHCPACK from 10.20.20.131 (xid=0x58eefe09)
Feb 26 09:31:21 server0 NetworkManager[3701]: <info>  [1614349881.5084] dhcp4 (enp96s0f0):   address 10.20.20.223
Feb 26 09:31:21 server0 NetworkManager[3701]: <info>  [1614349881.5090] dhcp4 (enp96s0f0):   plen 22 (255.255.252.0)
Feb 26 09:31:21 server0 NetworkManager[3701]: <info>  [1614349881.5090] dhcp4 (enp96s0f0):   gateway 10.20.20.1
Feb 26 09:31:21 server0 NetworkManager[3701]: <info>  [1614349881.5090] dhcp4 (enp96s0f0):   lease time 18000
Feb 26 09:31:21 server0 NetworkManager[3701]: <info>  [1614349881.5090] dhcp4 (enp96s0f0):   nameserver '10.20.20.49'
Feb 26 09:31:21 server0 NetworkManager[3701]: <info>  [1614349881.5091] dhcp4 (enp96s0f0):   nameserver '10.20.20.48'
Feb 26 09:31:21 server0 NetworkManager[3701]: <info>  [1614349881.5091] dhcp4 (enp96s0f0):   domain name 'dom.com'
Feb 26 09:31:21 server0 NetworkManager[3701]: <info>  [1614349881.5091] dhcp4 (enp96s0f0): state changed bound -> bound
Feb 26 09:31:21 server0 dhclient[4766]: bound to 10.20.20.223 -- renewal in 8129 seconds.
Feb 26 09:31:21 server0 systemd: Starting Network Manager Script Dispatcher Service...
Feb 26 09:31:21 server0 systemd: Started Network Manager Script Dispatcher Service.
Feb 26 09:31:21 server0 nm-dispatcher: req:1 'dhcp4-change' [enp96s0f0]: new request (4 scripts)
Feb 26 09:31:21 server0 nm-dispatcher: req:1 'dhcp4-change' [enp96s0f0]: start running ordered scripts...
-- Random switch outage:
Feb 26 10:49:10 SERVER0 kernel: i40e 0000:60:00.0 enp96s0f0: NIC Link is Down
Feb 26 10:49:16 SERVER0 NetworkManager[3701]: <info>  [1614354556.8263] device (enp96s0f0): state change: activated -> unavailable (reason 'carrier-changed', sys-iface-state: 'managed')
Feb 26 10:49:16 SERVER0 NetworkManager[3701]: <info>  [1614354556.8467] dhcp4 (enp96s0f0): canceled DHCP transaction, DHCP client pid 4766
Feb 26 10:49:16 SERVER0 NetworkManager[3701]: <info>  [1614354556.8468] dhcp4 (enp96s0f0): state changed bound -> done
Feb 26 10:49:16 SERVER0 NetworkManager[3701]: <info>  [1614354556.8679] manager: NetworkManager state is now CONNECTED_LOCAL
Feb 26 10:49:16 SERVER0 systemd: Starting Network Manager Script Dispatcher Service...
Feb 26 10:49:16 SERVER0 systemd: Started Network Manager Script Dispatcher Service.
Feb 26 10:49:16 SERVER0 nm-dispatcher: req:1 'down' [enp96s0f0]: new request (4 scripts)
Feb 26 10:49:16 SERVER0 nm-dispatcher: req:1 'down' [enp96s0f0]: start running ordered scripts...
Feb 26 10:49:16 SERVER0 nm-dispatcher: req:2 'connectivity-change': new request (4 scripts)
Feb 26 10:49:16 SERVER0 nm-dispatcher: req:2 'connectivity-change': start running ordered scripts...
Feb 26 10:58:46 SERVER0 kernel: i40e 0000:60:00.0 enp96s0f0: NIC Link is Up, 1000 Mbps Full Duplex, Flow Control: None
-- Machine is not accessible
-- NetworkManager tries to recover and request DHCP:
Feb 26 10:58:46 SERVER0 NetworkManager[3701]: <info>  [1614355126.6768] device (enp96s0f0): carrier: link connected
Feb 26 10:58:46 SERVER0 NetworkManager[3701]: <info>  [1614355126.6783] device (enp96s0f0): state change: unavailable -> disconnected (reason 'carrier-changed', sys-iface-state: 'managed')
Feb 26 10:58:46 SERVER0 NetworkManager[3701]: <info>  [1614355126.6823] policy: auto-activating connection 'enp96s0f0' (7bdb7768-49c5-4cc4-a740-ee0a86cd90d5)
Feb 26 10:58:46 SERVER0 NetworkManager[3701]: <info>  [1614355126.6835] device (enp96s0f0): Activation: starting connection 'enp96s0f0' (7bdb7768-49c5-4cc4-a740-ee0a86cd90d5)
Feb 26 10:58:46 SERVER0 NetworkManager[3701]: <info>  [1614355126.6837] device (enp96s0f0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Feb 26 10:58:46 SERVER0 NetworkManager[3701]: <info>  [1614355126.6844] manager: NetworkManager state is now CONNECTING
Feb 26 10:58:46 SERVER0 NetworkManager[3701]: <info>  [1614355126.6848] device (enp96s0f0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Feb 26 10:58:46 SERVER0 NetworkManager[3701]: <info>  [1614355126.7360] device (enp96s0f0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Feb 26 10:58:46 SERVER0 NetworkManager[3701]: <info>  [1614355126.7369] dhcp4 (enp96s0f0): activation: beginning transaction (timeout in 45 seconds)
Feb 26 10:58:46 SERVER0 NetworkManager[3701]: <info>  [1614355126.7435] dhcp4 (enp96s0f0): dhclient started with pid 44653
Feb 26 10:58:46 SERVER0 dhclient[44653]: DHCPREQUEST on enp96s0f0 to 255.255.255.255 port 67 (xid=0x161525b4)
Feb 26 10:58:54 SERVER0 dhclient[44653]: DHCPREQUEST on enp96s0f0 to 255.255.255.255 port 67 (xid=0x161525b4)
Feb 26 10:59:13 SERVER0 dhclient[44653]: DHCPDISCOVER on enp96s0f0 to 255.255.255.255 port 67 interval 3 (xid=0x2f70b1a3)
Feb 26 10:59:16 SERVER0 dhclient[44653]: DHCPDISCOVER on enp96s0f0 to 255.255.255.255 port 67 interval 6 (xid=0x2f70b1a3)
Feb 26 10:59:22 SERVER0 dhclient[44653]: DHCPDISCOVER on enp96s0f0 to 255.255.255.255 port 67 interval 9 (xid=0x2f70b1a3)
Feb 26 10:59:31 SERVER0 dhclient[44653]: DHCPDISCOVER on enp96s0f0 to 255.255.255.255 port 67 interval 14 (xid=0x2f70b1a3)
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <warn>  [1614355171.8451] dhcp4 (enp96s0f0): request timed out
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8451] dhcp4 (enp96s0f0): state changed unknown -> timeout
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8540] dhcp4 (enp96s0f0): canceled DHCP transaction, DHCP client pid 44653
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8541] dhcp4 (enp96s0f0): state changed timeout -> done
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8545] device (enp96s0f0): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed')
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8553] manager: NetworkManager state is now CONNECTED_LOCAL
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <warn>  [1614355171.8559] device (enp96s0f0): Activation: failed for connection 'enp96s0f0'
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8563] device (enp96s0f0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8606] policy: auto-activating connection 'enp96s0f0' (7bdb7768-49c5-4cc4-a740-ee0a86cd90d5)
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8615] device (enp96s0f0): Activation: starting connection 'enp96s0f0' (7bdb7768-49c5-4cc4-a740-ee0a86cd90d5)
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8617] device (enp96s0f0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
-- NetworkManager tries to recover and request DHCP again following a different process:
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8624] manager: NetworkManager state is now CONNECTING
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.8628] device (enp96s0f0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.9420] device (enp96s0f0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.9429] dhcp4 (enp96s0f0): activation: beginning transaction (timeout in 45 seconds)
Feb 26 10:59:31 SERVER0 NetworkManager[3701]: <info>  [1614355171.9489] dhcp4 (enp96s0f0): dhclient started with pid 44712
Feb 26 10:59:32 SERVER0 dhclient[44712]: DHCPREQUEST on enp96s0f0 to 255.255.255.255 port 67 (xid=0x5bd6c866)
Feb 26 10:59:36 SERVER0 dhclient[44712]: DHCPREQUEST on enp96s0f0 to 255.255.255.255 port 67 (xid=0x5bd6c866)
Feb 26 10:59:44 SERVER0 dhclient[44712]: DHCPDISCOVER on enp96s0f0 to 255.255.255.255 port 67 interval 5 (xid=0x3ffbeab4)
Feb 26 10:59:49 SERVER0 dhclient[44712]: DHCPDISCOVER on enp96s0f0 to 255.255.255.255 port 67 interval 5 (xid=0x3ffbeab4)
Feb 26 10:59:54 SERVER0 dhclient[44712]: DHCPDISCOVER on enp96s0f0 to 255.255.255.255 port 67 interval 7 (xid=0x3ffbeab4)
Feb 26 10:59:59 SERVER0 NetworkManager[3701]: <info>  [1614355199.5823] device (enp96s0f0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Feb 26 10:59:59 SERVER0 NetworkManager[3701]: <info>  [1614355199.5846] device (enp96s0f0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Feb 26 10:59:59 SERVER0 NetworkManager[3701]: <info>  [1614355199.5850] device (enp96s0f0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
Feb 26 10:59:59 SERVER0 NetworkManager[3701]: <info>  [1614355199.5869] manager: NetworkManager state is now CONNECTED_LOCAL
Feb 26 10:59:59 SERVER0 NetworkManager[3701]: <info>  [1614355199.5982] manager: NetworkManager state is now CONNECTED_SITE
Feb 26 10:59:59 SERVER0 NetworkManager[3701]: <info>  [1614355199.5988] policy: set 'enp96s0f0' (enp96s0f0) as default for IPv6 routing and DNS
Feb 26 10:59:59 SERVER0 NetworkManager[3701]: <info>  [1614355199.5992] device (enp96s0f0): Activation: successful, device activated.
Feb 26 10:59:59 SERVER0 NetworkManager[3701]: <info>  [1614355199.6003] manager: NetworkManager state is now CONNECTED_GLOBAL
Feb 26 10:59:59 SERVER0 systemd: Starting Network Manager Script Dispatcher Service...
Feb 26 10:59:59 SERVER0 systemd: Started Network Manager Script Dispatcher Service.
Feb 26 10:59:59 SERVER0 nm-dispatcher: req:1 'up' [enp96s0f0]: new request (4 scripts)
Feb 26 10:59:59 SERVER0 nm-dispatcher: req:1 'up' [enp96s0f0]: start running ordered scripts...
Feb 26 10:59:59 SERVER0 nm-dispatcher: req:2 'connectivity-change': new request (4 scripts)
Feb 26 10:59:59 SERVER0 nm-dispatcher: req:2 'connectivity-change': start running ordered scripts...
Feb 26 11:00:01 SERVER0 dhclient[44712]: DHCPDISCOVER on enp96s0f0 to 255.255.255.255 port 67 interval 14 (xid=0x3ffbeab4)
Feb 26 11:00:15 SERVER0 dhclient[44712]: DHCPDISCOVER on enp96s0f0 to 255.255.255.255 port 67 interval 21 (xid=0x3ffbeab4)
-- NetworkManager cancels and times out and does nothing anymore
Feb 26 11:00:16 SERVER0 NetworkManager[3701]: <warn>  [1614355216.8456] dhcp4 (enp96s0f0): request timed out
Feb 26 11:00:16 SERVER0 NetworkManager[3701]: <info>  [1614355216.8463] dhcp4 (enp96s0f0): state changed unknown -> timeout
Feb 26 11:00:16 SERVER0 NetworkManager[3701]: <info>  [1614355216.8649] dhcp4 (enp96s0f0): canceled DHCP transaction, DHCP client pid 44712
Feb 26 11:00:16 SERVER0 NetworkManager[3701]: <info>  [1614355216.8650] dhcp4 (enp96s0f0): state changed timeout -> done

服务器＃1：

-- Last regular DHCP renew:
Feb 26 10:34:00 server1 dhclient[5252]: DHCPREQUEST on enp96s0f0 to 10.20.20.131 port 67 (xid=0x71bfdb34)
Feb 26 10:34:00 server1 dhclient[5252]: DHCPACK from 10.20.20.131 (xid=0x71bfdb34)
Feb 26 10:34:02 server1 dhclient[5252]: bound to 10.20.20.224 -- renewal in 8195 seconds.
-- Random switch outage:
Feb 26 10:49:10 server1 kernel: i40e 0000:60:00.0 enp96s0f0: NIC Link is Down
Feb 26 10:58:46 server1 kernel: i40e 0000:60:00.0 enp96s0f0: NIC Link is Up, 1000 Mbps Full Duplex, Flow Control: None
-- Machine is accessible during this time!
-- Next regular DHCP renew:
Feb 26 12:50:37 server1 dhclient[5252]: DHCPREQUEST on enp96s0f0 to 10.20.20.131 port 67 (xid=0x71bfdb34)
Feb 26 12:50:37 server1 dhclient[5252]: DHCPACK from 10.20.20.131 (xid=0x71bfdb34)
Feb 26 12:50:39 server1 dhclient[5252]: bound to 10.20.20.224 -- renewal in 8611 seconds.

如果我使用 Network-Manager GUI 创建 VPN L2TP IPSEC 连接，我会引入 PSK，但这个在 /etc/NetworkManager/system-connection/myvpn.nmconnection 上看起来不同

我在想 PSK 以某种方式被编码，因为它以 0 开头，它可能是二进制 base64 编码（我在 NetworkManager 的文档中读到了这个）。我不知道如何编码。

我也在猜测，如果我想nmcli connection add从终端创建连接（我使用 Ubuntu Server 20.04），我需要对 PSK 进行编码，以便在配置文件中正确读取它。我该怎么办？我可以在命令中输入纯文本的 PSK 或更改 .nmconnection 文件中的键/值对而不使用 GUI，以便以正确的方式读取和解释它吗？

谢谢！

我正在尝试让一些 Ubuntu 20.04 客户端工作，以连接到我们的新服务器提供商提供的新 OpenVPN 服务器。

目标是仅将某些流量路由到隧道中（相应的路由由 OpenVPN 服务器推送），并使客户端也使用 OpenVPN 服务器推送的 DNS 服务器。

这适用于 Windows 10 客户端和开箱即用的 OpenVPN GUI 2.5。从这样的终端使用openvpn（2.4.7）也可以正常工作：sudo openvpn --config config.ovpn以及以下客户端配置文件config.ovpn：

dev tun
tun-ipv6
persist-tun
persist-key
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote <ipadressOfProvider> <port> udp4
verify-x509-name "<name>" name
auth-user-pass
remote-cert-tls server
compress 
# The following is added only in the config for Ubuntu 20.04 
dhcp-option DOMAIN <domainToResolveWithRemoteSiteDNS>
script-security 2
up /etc/openvpn/update-systemd-resolved
up-restart
down /etc/openvpn/update-systemd-resolved
down-pre

使用network-manager-openvpn（1.8.12）和上述配置文件时问题开始。连接已建立，推送的 DNS 服务器在 systemd-resolved中正确更新（即使在 openvpn 配置中没有附加up和脚本）。down

但是，所有流量都会路由到tun0接口，甚至是公共流量。结果是即使使用内部域名我也可以访问远程站点的资源，但无法访问互联网，因为 OpenVPN 子网没有直接的互联网访问权限。

在网络管理器 openvpn 配置中更改选项将此连接仅用于其网络上的资源（与通过ipv4.neverdefault显示的选项相对应nmcli c show config）解决了路由问题：现在，只有与推送路由有关的流量被引导到隧道中。但是，它也阻止了推送的 DNS 服务器应用于/run/systemd/resolve/resolv.conf.

到目前为止，我还没有找到一个选项来接受推送的 DNS并仅路由与网络管理器同时与推送的路由有关的流量。

到目前为止，一些可能有趣的观察结果：

1. 路线

ipv4.neverdefault=no除了推送的路由之外，网络管理器还会创建第二个具有较低度量的默认网关：

$ ip route
default via 10.*.*.* dev tun0 proto static metric 50 
default via 192.168.***.** dev wlp3s0 proto dhcp metric 600 
10.*.*.*/24 dev tun0 proto kernel scope link src 10.*.*.* metric 50 
158.***.**.** via 192.168.***.** dev wlp3s0 proto static metric 600 
169.254.0.0/16 dev wlp3s0 scope link metric 1000 
172.**.***.*/24 via 10.*.*.* dev tun0 proto static metric 50 
192.168.*.*/24 via 10.*.*.* dev tun0 proto static metric 50 
192.168.*.*/24 via 10.*.*.* dev tun0 proto static metric 50 
192.168.***.*/24 dev wlp3s0 proto kernel scope link src 192.168.***.*** metric 600 
192.168.***.** dev wlp3s0 proto static scope link metric 600 

ipv4.neverdefault=yes除了推送的路由之外，网络管理器不创建第二个默认网关（与上面相同，没有第一行）。

openvpn在终端中，除了推送的路由之外，不创建辅助默认网关：

default via 192.168.***.** dev wlp3s0 proto dhcp metric 600 
10.*.*.*/24 dev tun0 proto kernel scope link src 10.*.*.* 
169.254.0.0/16 dev wlp3s0 scope link metric 1000 
172.**.***.*/24 via 10.*.*.* dev tun0 
192.168.*.*/24 via 10.*.*.* dev tun0 
192.168.*.*/24 via 10.*.*.* dev tun0 
192.168.***.*/24 dev wlp3s0 proto kernel scope link src 192.168.***.*** metric 600 

2.DNS服务器

ipv4.neverdefault=no具有覆盖的网络管理器/run/systemd/resolve/resolv.conf：

nameserver 172.**.***.**

网络管理器ipv4.neverdefault=yes不：

nameserver 192.168.***.**
nameserver ****:***:****:****::**

openvpn在终端中将 dns 服务器添加到现有服务器中，并添加由远程 dns 服务器提供的域名，如以下定义config.ovpn：

nameserver 192.168.***.**
nameserver ****:***:****:****::**
nameserver 172.**.***.***
search <domainToResolveWithRemoteSiteDNS>

如果您知道可以在网络管理器中更改哪些选项以config.ovpn像 openvpn 终端客户端那样处理，我将很高兴听到您的想法。

谢谢，瓦伦丁

我对网络上的 DHCP 服务器没有任何控制权，每两周左右就会出现几个小时的中断，我的 CentOS 7.8 服务器没有得到对 DHCP 续订请求的响应。据我所知，这些服务器的配置完全相同。在此中断期间，一些服务器会不断请求 DHCP，直到 DHCP 更新成功并且系统重新连接到网络上。但是，一些服务器似乎遇到了一些极端情况并在一段时间后停止了 DHCP 请求，然后再也没有回到网络上。当看到我发布的日志中的差异时，任何人都可以告知发生了什么不同。
server003 是一个失败案例
server004 是一个很好的案例 谢谢！

我看到的一些奇怪是在失败的 server003 上
“绑定：在 2134686840 秒内续订”
“尝试记录的租约 192.168.2.72”
192.168.2.72 是我们曾经使用的一个非常旧的网络是 dhclient 实际上在接口上设置了这个 IP 吗？

server003日志：

Nov 18 07:01:41 got DHCP
Nov 18 07:21:02 something killed, MFE?
Nov 18 09:00:09 DHCP started failing
Nov 18 09:00:09 server003 dhclient[45214]: DHCPREQUEST on enp4s0 to 10.20.193.131 port 67 (xid=0x44d64e6c)
-- DHCPREQUEST on enp4s0 repeatedly till 12:01 --
Nov 18 12:01:27 server003 dhclient[45214]: DHCPREQUEST on enp4s0 to 255.255.255.255 port 67 (xid=0x44d64e6c)
Nov 18 12:01:41 server003 avahi-daemon[1973]: Withdrawing address record for 10.20.232.222 on enp4s0.
Nov 18 12:01:41 server003 avahi-daemon[1973]: Leaving mDNS multicast group on interface enp4s0.IPv4 with address 10.20.232.222.
Nov 18 12:01:41 server003 avahi-daemon[1973]: Interface enp4s0.IPv4 no longer relevant for mDNS.
Nov 18 12:01:42 server003 NetworkManager[2553]: <info>  [1605718902.1357] dhcp4 (enp4s0): state changed bound -> expire
Nov 18 12:01:42 server003 NetworkManager[2553]: <info>  [1605718902.1364] device (enp4s0): DHCPv4: 480 seconds grace period started
Nov 18 12:01:42 server003 NetworkManager[2553]: <info>  [1605718902.1469] dhcp4 (enp4s0): state changed expire -> unknown
Nov 18 12:02:41 server003 dhclient[45214]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 2 (xid=0x40f44748)
Nov 18 12:02:43 server003 dhclient[45214]: No DHCPOFFERS received.
Nov 18 12:02:43 server003 dhclient[45214]: Trying recorded lease 192.168.2.72
Nov 18 12:02:43 server003 NetworkManager[2553]: <info>  [1605718963.8053] dhcp4 (enp4s0): state changed unknown -> timeout
Nov 18 12:02:43 server003 dhclient[45214]: bound: renewal in 2134686840 seconds.
Nov 18 12:09:42 server003 NetworkManager[2553]: <info>  [1605719382.2119] device (enp4s0): DHCPv4: grace period expired
Nov 18 13:06:02 server003 NetworkManager[2553]: <info>  [1605722762.3311] policy: set 'enp4s0' (enp4s0) as default for IPv6 routing and DNS
-- nothing else after this --

server004 日志

Nov 18 07:27:10 got DHCP
Nov 18 09:26:55 DHCP started failing
Nov 18 09:26:55 server004 dhclient[5179]: DHCPREQUEST on enp4s0 to 10.20.193.131 port 67 (xid=0x26458456)
-- DHCPREQUEST on enp4s0 repeatedly till 12:27 --
Nov 18 12:27:04 server004 dhclient[5179]: DHCPREQUEST on enp4s0 to 255.255.255.255 port 67 (xid=0x26458456)
Nov 18 12:27:10 server004 avahi-daemon[1869]: Withdrawing address record for 10.20.232.229 on enp4s0.
Nov 18 12:27:10 server004 avahi-daemon[1869]: Leaving mDNS multicast group on interface enp4s0.IPv4 with address 10.20.232.229.
Nov 18 12:27:10 server004 avahi-daemon[1869]: Interface enp4s0.IPv4 no longer relevant for mDNS.
Nov 18 12:27:11 server004 NetworkManager[2609]: <info>  [1605720431.3993] dhcp4 (enp4s0): state changed bound -> expire
Nov 18 12:27:11 server004 NetworkManager[2609]: <info>  [1605720431.4000] device (enp4s0): DHCPv4: 480 seconds grace period started
Nov 18 12:27:11 server004 NetworkManager[2609]: <info>  [1605720431.4106] dhcp4 (enp4s0): state changed expire -> unknown
Nov 18 12:27:11 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 5 (xid=0x1e6890d0)
Nov 18 12:27:16 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 9 (xid=0x1e6890d0)
Nov 18 12:27:25 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 10 (xid=0x1e6890d0)
Nov 18 12:27:35 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 15 (xid=0x1e6890d0)
Nov 18 12:27:50 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 15 (xid=0x1e6890d0)
Nov 18 12:28:05 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 7 (xid=0x1e6890d0)
Nov 18 12:28:12 server004 dhclient[5179]: No DHCPOFFERS received.
Nov 18 12:28:12 server004 dhclient[5179]: No working leases in persistent database - sleeping.
Nov 18 12:28:12 server004 NetworkManager[2609]: <info>  [1605720492.1971] dhcp4 (enp4s0): state changed unknown -> fail
Nov 18 12:32:08 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 8 (xid=0x47045c24)
Nov 18 12:32:16 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 13 (xid=0x47045c24)
Nov 18 12:32:29 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 20 (xid=0x47045c24)
Nov 18 12:32:49 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 14 (xid=0x47045c24)
Nov 18 12:33:03 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 6 (xid=0x47045c24)
Nov 18 12:33:09 server004 dhclient[5179]: No DHCPOFFERS received.
Nov 18 12:33:09 server004 dhclient[5179]: No working leases in persistent database - sleeping.
-- DHCPDISCOVER -> No DHCPOFFERS received -> DHCPDISCOVER happens repeatedly every 5 mins until 13:05 and then got DHCP
Nov 18 13:05:04 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 7 (xid=0x6a52e1ae)
Nov 18 13:05:11 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 14 (xid=0x6a52e1ae)
Nov 18 13:05:25 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 15 (xid=0x6a52e1ae)
Nov 18 13:05:40 server004 dhclient[5179]: DHCPDISCOVER on enp4s0 to 255.255.255.255 port 67 interval 17 (xid=0x6a52e1ae)
Nov 18 13:05:40 server004 dhclient[5179]: DHCPREQUEST on enp4s0 to 255.255.255.255 port 67 (xid=0x6a52e1ae)
Nov 18 13:05:40 server004 dhclient[5179]: DHCPOFFER from 10.20.232.1
Nov 18 13:05:40 server004 dhclient[5179]: DHCPACK from 10.20.232.1 (xid=0x6a52e1ae)
Nov 18 13:05:40 server004 NetworkManager[2609]: <info>  [1605722740.0476] dhcp4 (enp4s0):   address 10.20.232.229
Nov 18 13:05:40 server004 NetworkManager[2609]: <info>  [1605722740.0483] dhcp4 (enp4s0):   plen 22 (255.255.252.0)
Nov 18 13:05:40 server004 NetworkManager[2609]: <info>  [1605722740.0483] dhcp4 (enp4s0):   gateway 10.20.232.1
Nov 18 13:05:40 server004 NetworkManager[2609]: <info>  [1605722740.0483] dhcp4 (enp4s0):   lease time 18000
Nov 18 13:05:40 server004 NetworkManager[2609]: <info>  [1605722740.0483] dhcp4 (enp4s0):   nameserver '10.20.10.49'
Nov 18 13:05:40 server004 NetworkManager[2609]: <info>  [1605722740.0483] dhcp4 (enp4s0):   nameserver '10.20.10.48'
Nov 18 13:05:40 server004 NetworkManager[2609]: <info>  [1605722740.0484] dhcp4 (enp4s0):   domain name 'company.com'
Nov 18 13:05:40 server004 NetworkManager[2609]: <info>  [1605722740.0484] dhcp4 (enp4s0): state changed fail -> bound
Nov 18 13:05:40 server004 dhclient[5179]: bound to 10.20.232.229 -- renewal in 7548 seconds.
Nov 18 13:05:40 server004 avahi-daemon[1869]: Joining mDNS multicast group on interface enp4s0.IPv4 with address 10.20.232.229.
Nov 18 13:05:40 server004 NetworkManager[2609]: <info>  [1605722740.0519] policy: set 'enp4s0' (enp4s0) as default for IPv4 routing and DNS
Nov 18 13:05:40 server004 avahi-daemon[1869]: New relevant interface enp4s0.IPv4 for mDNS.
Nov 18 13:05:40 server004 avahi-daemon[1869]: Registering new address record for 10.20.232.229 on enp4s0.IPv4.
Nov 18 13:05:40 server004 dbus[1896]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Nov 18 13:05:40 server004 systemd: Starting Network Manager Script Dispatcher Service...
Nov 18 13:05:40 server004 dbus[1896]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Nov 18 13:05:40 server004 systemd: Started Network Manager Script Dispatcher Service.
Nov 18 13:05:40 server004 nm-dispatcher: req:1 'dhcp4-change' [enp4s0]: new request (4 scripts)
Nov 18 13:05:40 server004 nm-dispatcher: req:1 'dhcp4-change' [enp4s0]: start running ordered scripts...
Nov 18 13:06:02 server004 NetworkManager[2609]: <info>  [1605722762.4182] policy: set 'enp4s0' (enp4s0) as default for IPv6 routing and DNS