我正在尝试通过 连接到我办公室的 Linux 上的 PPTP VPN ppp。网关在10.4.x.x网络中有一个本地 IP 地址,我需要访问10.x.x.x网络中的其他机器(我通常可以从办公室进行访问)。同事可以通过他们的 Apple 电脑连接和使用 VPN,但必须将其设为列表中的第一个网络服务。我能够连接并获取10.4.zzz.zzzIP 地址ppp0,但我无法从远程网络内部获得响应,无论是从ping还是通过尝试ssh进入其中一台机器。
在我的/etc/peers/office:
pty "pptp pptp.<DOMAIN>.com --nolaunchpppd"
name <USER>
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam office
然后发行pon office debug dump logfd 2 nodetach似乎成功:
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
refuse-pap # (from /etc/ppp/options.pptp)
refuse-chap # (from /etc/ppp/options.pptp)
refuse-mschap # (from /etc/ppp/options.pptp)
refuse-eap # (from /etc/ppp/options.pptp)
name <USER> # (from /etc/ppp/peers/office)
remotename PPTP # (from /etc/ppp/peers/office)
# (from /etc/ppp/options.pptp)
pty pptp pptp.<DOMAIN>.com --nolaunchpppd # (from /etc/ppp/peers/office)
ipparam office # (from /etc/ppp/peers/office)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
require-mppe-128 # (from /etc/ppp/peers/office)
using channel 2
Using interface ppp0
Connect: ppp0 <--> /dev/pts/0
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x15814c2c> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0xd <accomp> <pcomp> <mru 1500> <magic 0x33c6e738> <auth chap MS-v2> <mrru 1600> <ssnhf> <endpoint [MAC:XX:XX:XX:XX:XX:XX]>]
sent [LCP ConfRej id=0xd <mrru 1600> <ssnhf>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x15814c2c> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0xe <accomp> <pcomp> <mru 1500> <magic 0x33c6e738> <auth chap MS-v2>]
sent [LCP ConfAck id=0xe <accomp> <pcomp> <mru 1500> <magic 0x33c6e738> <auth chap MS-v2>]
rcvd [CHAP Challenge id=0x1 <bb1e6894d1b6ef95af9a9c20b624e082>, name = ""]
added response cache entry 0
sent [CHAP Response id=0x1 <fabc6b0fce7e78f50a3822b482bb5127000000000000000030f78cf80000cdb449af8a264f1e417ad9c4b45b6bf37dbf00>, name = "<USER>"]
rcvd [CHAP Success id=0x1 "S=7D6A4E8B637EE57C21CC5800CBB4BF7B235C0799"]
response found in cache (entry 0)
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0xd6 <addr 10.4.xxx.xxx> <compress VJ 0f 00>]
sent [IPCP TermAck id=0xd6]
rcvd [CCP ConfReq id=0x76 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x76 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [IPCP ConfNak id=0x1 <addr 10.4.zzz.zzz>]
sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 10.4.zzz.zzz>]
rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 10.4.zzz.zzz>]
rcvd [IPCP ConfReq id=0xd7 <addr 10.4.xxx.xxx> <compress VJ 0f 00>]
sent [IPCP ConfAck id=0xd7 <addr 10.4.xxx.xxx> <compress VJ 0f 00>]
local IP address 10.4.zzz.zzz
remote IP address 10.4.xxx.xxx
Script /etc/ppp/ip-up started (pid 13333)
Script /etc/ppp/ip-up finished (pid 13333), status = 0x0
我已经尝试适应此解决方案,因为这似乎是类似的问题,但无济于事。不过,这似乎很有希望,因为一旦我添加路由条目,它wireshark就会开始显示在 上传输的数据包。但是,我看不到传入流量。在 中ppp0仍然会出现此问题。defaultroute/etc/peers/office
$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 198.18.0.1 0.0.0.0 UG 0 0 0 wlp3s0
10.4.xxx.xxx 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
xxx.xxx.xxx.xxx 198.18.0.1 255.255.255.255 UGH 0 0 0 wlp3s0
198.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlp3s0
$ route add -net 10.0.0.0 ppp0 netmask 255.0.0.0
$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 198.18.0.1 0.0.0.0 UG 0 0 0 wlp3s0
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 ppp0
10.4.xxx.xxx 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
xxx.xxx.xxx.xxx 198.18.0.1 255.255.255.255 UGH 0 0 0 wlp3s0
198.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlp3s0
其中第三和第四个条目分别是办公室网关的公共 IP 地址。错误的网络配置是什么?为什么我无法接收传入数据包?如果这些问题可以解决,如何ppp配置才能自动采取正确的步骤。
答案1
这可能是防火墙的问题。该defaultroute选项最终确实有所帮助。