为什么我的 PPTP VPN 连接无法路由到 Linux 中的远程网络?

为什么我的 PPTP VPN 连接无法路由到 Linux 中的远程网络?

我正在尝试通过 连接到我办公室的 Linux 上的 PPTP VPN ppp。网关在10.4.x.x网络中有一个本地 IP 地址,我需要访问10.x.x.x网络中的其他机器(我通常可以从办公室进行访问)。同事可以通过他们的 Apple 电脑连接和使用 VPN,但必须将其设为列表中的第一个网络服务。我能够连接并获取10.4.zzz.zzzIP 地址ppp0,但我无法从远程网络内部获得响应,无论是从ping还是通过尝试ssh进入其中一台机器。

在我的/etc/peers/office

pty "pptp pptp.<DOMAIN>.com --nolaunchpppd"
name <USER>
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam office

然后发行pon office debug dump logfd 2 nodetach似乎成功:

pppd options in effect:
debug       # (from command line)
nodetach        # (from command line)
logfd 2     # (from command line)
dump        # (from command line)
noauth      # (from /etc/ppp/options.pptp)
refuse-pap      # (from /etc/ppp/options.pptp)
refuse-chap     # (from /etc/ppp/options.pptp)
refuse-mschap       # (from /etc/ppp/options.pptp)
refuse-eap      # (from /etc/ppp/options.pptp)
name <USER>     # (from /etc/ppp/peers/office)
remotename PPTP     # (from /etc/ppp/peers/office)
        # (from /etc/ppp/options.pptp)
pty pptp pptp.<DOMAIN>.com --nolaunchpppd       # (from /etc/ppp/peers/office)
ipparam office      # (from /etc/ppp/peers/office)
nobsdcomp       # (from /etc/ppp/options.pptp)
nodeflate       # (from /etc/ppp/options.pptp)
require-mppe-128        # (from /etc/ppp/peers/office)
using channel 2
Using interface ppp0
Connect: ppp0 <--> /dev/pts/0
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x15814c2c> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0xd <accomp> <pcomp> <mru 1500> <magic 0x33c6e738> <auth chap MS-v2> <mrru 1600> <ssnhf> <endpoint [MAC:XX:XX:XX:XX:XX:XX]>]
sent [LCP ConfRej id=0xd <mrru 1600> <ssnhf>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x15814c2c> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0xe <accomp> <pcomp> <mru 1500> <magic 0x33c6e738> <auth chap MS-v2>]
sent [LCP ConfAck id=0xe <accomp> <pcomp> <mru 1500> <magic 0x33c6e738> <auth chap MS-v2>]
rcvd [CHAP Challenge id=0x1 <bb1e6894d1b6ef95af9a9c20b624e082>, name = ""]
added response cache entry 0
sent [CHAP Response id=0x1 <fabc6b0fce7e78f50a3822b482bb5127000000000000000030f78cf80000cdb449af8a264f1e417ad9c4b45b6bf37dbf00>, name = "<USER>"]
rcvd [CHAP Success id=0x1 "S=7D6A4E8B637EE57C21CC5800CBB4BF7B235C0799"]
response found in cache (entry 0)
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0xd6 <addr 10.4.xxx.xxx> <compress VJ 0f 00>]
sent [IPCP TermAck id=0xd6]
rcvd [CCP ConfReq id=0x76 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x76 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [IPCP ConfNak id=0x1 <addr 10.4.zzz.zzz>]
sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 10.4.zzz.zzz>]
rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 10.4.zzz.zzz>]
rcvd [IPCP ConfReq id=0xd7 <addr 10.4.xxx.xxx> <compress VJ 0f 00>]
sent [IPCP ConfAck id=0xd7 <addr 10.4.xxx.xxx> <compress VJ 0f 00>]
local  IP address 10.4.zzz.zzz
remote IP address 10.4.xxx.xxx
Script /etc/ppp/ip-up started (pid 13333)
Script /etc/ppp/ip-up finished (pid 13333), status = 0x0

我已经尝试适应此解决方案,因为这似乎是类似的问题,但无济于事。不过,这似乎很有希望,因为一旦我添加路由条目,它wireshark就会开始显示在 上传输的数据包。但是,我看不到传入流量。在 中ppp0仍然会出现此问题。defaultroute/etc/peers/office

$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         198.18.0.1      0.0.0.0         UG        0 0          0 wlp3s0
10.4.xxx.xxx    0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
xxx.xxx.xxx.xxx 198.18.0.1      255.255.255.255 UGH       0 0          0 wlp3s0
198.18.0.0      0.0.0.0         255.255.0.0     U         0 0          0 wlp3s0

$ route add -net 10.0.0.0 ppp0 netmask 255.0.0.0

$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         198.18.0.1      0.0.0.0         UG        0 0          0 wlp3s0
10.0.0.0        0.0.0.0         255.0.0.0       U         0 0          0 ppp0
10.4.xxx.xxx    0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
xxx.xxx.xxx.xxx 198.18.0.1      255.255.255.255 UGH       0 0          0 wlp3s0
198.18.0.0      0.0.0.0         255.255.0.0     U         0 0          0 wlp3s0

其中第三和第四个条目分别是办公室网关的公共 IP 地址。错误的网络配置是什么?为什么我无法接收传入数据包?如果这些问题可以解决,如何ppp配置才能自动采取正确的步骤。

答案1

这可能是防火墙的问题。该defaultroute选项最终确实有所帮助。

相关内容