我在 CentOS 6.5 机器上设置了一个 PPTP 服务器,以便从公共网络和其他杂项脚本使用 VPN。一切似乎都运行正常,只是一旦连接,我就无法通过其公共 IP 或名称 ping VPN 服务器!
假设我有以下设置
服务器
host: vpn.myserver.com,
public ip: 178.62.x.x
private ip (pptp): 10.0.0.1
host range /dhcp: 10.0.0.100-200
客户
private ip:= 10.241.0.76
在连接到 VPN 之前,我可以顺利 ping 服务器(通过名称或公共 IP)。但是,一旦我连接上,我必须使用服务器的私有地址通过 ssh 连接到服务器。
Iptable 规则(转储到文件)
# Generated by iptables-save v1.4.7 on Tue Sep 29 10:51:16 2015
*nat
:PREROUTING ACCEPT [3279:270754]
:POSTROUTING ACCEPT [16:1761]
:OUTPUT ACCEPT [354:21503]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Sep 29 10:51:16 2015
# Generated by iptables-save v1.4.7 on Tue Sep 29 10:51:16 2015
*filter
:INPUT ACCEPT [76829:9558834]
:FORWARD ACCEPT [67632:61015363]
:OUTPUT ACCEPT [90822:67426561]
COMMIT
# Completed on Tue Sep 29 10:51:16 2015
Sysctl 配置:
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
网络统计
netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.100 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.0.0.101 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1
178.62.xx.xx 0.0.0.0 255.255.192.0 U 0 0 0 eth0
10.131.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 178.62.xx.xx 0.0.0.0 UG 0 0 0 eth0
是否缺少一些路由规则?
更新
忘记添加跟踪路由详细信息..
traceroute to 178.62.x.x (178.62.x.x), 64 hops max, 52 byte packets
1 10.241.254.254 (10.241.254.254) 15.450 ms 15.955 ms 10.267 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *