strongswan vpn 在客户端打印

strongswan vpn 在客户端打印

我正在使用 strongswan (IKEv2) 从我的 Debian 11 计算机(“客户端”,192.168.0.217)连接到 bintec 路由器(德国电信的 Digitalisierungsbox 标准 192.168.0.254)后面的网络。连接正常,我可以通过远程桌面在路由器后面的计算机(“服务器”192.168.0.100:Windows 10 和 Windows server 2012)上工作。现在我想在连接到客户端的打印机上从服务器打印,但我做不到(我很确定它应该可以工作,因为在 Debian 10 上使用 shrew-soft-client (IKEv1) 可以正常工作)。为了方便起见,我尝试在客户端上访问 Cups-Page,但超时了。在服务器网络路由器的日志中,我看到包被发送到正确的目的地:

192.168.0.254   Jan 12 12:59:31     local0  debug   INET    SIF: Accept [39000000:192.168.0.100:64720] -> [38100002:192.168.0.217:631] :6 
192.168.0.254   Jan 12 12:59:31     local0  debug   INET    interface 38100002: TCP SYN [192.168.0.100:64720] -> [192.168.0.217:631]  clamp MSS 1460 ==> 1331 
192.168.0.254   Jan 12 12:59:31     local0  debug   INET    NAT: new outgoing session on ifc 38100002 prot 6 192.168.0.100:64720/192.168.0.254:62698 -> 192.168.0.217:631 
192.168.0.254   Jan 12 12:59:32     local0  debug   INET    new session, 192.168.0.100:64721->192.168.0.217:631 prot: 6 parent: false 
192.168.0.254   Jan 12 12:59:32     local0  debug   INET    SIF: Accept [39000000:192.168.0.100:64721] -> [38100002:192.168.0.217:631] :6 
192.168.0.254   Jan 12 12:59:32     local0  debug   INET    interface 38100002: TCP SYN [192.168.0.100:64721] -> [192.168.0.217:631]  clamp MSS 1460 ==> 1331 
192.168.0.254   Jan 12 12:59:32     local0  debug   INET    NAT: new outgoing session on ifc 38100002 prot 6 192.168.0.100:64721/192.168.0.254:43087 -> 192.168.0.217:631

并且在客户端的 wireshark 中(同时)我看到到达的包裹,但是端口非常不同:

48759   2022-01-12 12:59:31,035254804   192.168.0.100   192.168.0.217   TCP 66  3389 → 55808 [ACK] Seq=3134167 Ack=870419 Win=63596 Len=0 TSval=174652356 TSecr=3628752175
48761   2022-01-12 12:59:31,051359519   192.168.0.100   192.168.0.217   TCP 66  3389 → 55808 [ACK] Seq=3134167 Ack=870621 Win=63394 Len=0 TSval=174652358 TSecr=3628752191
48763   2022-01-12 12:59:31,067284339   192.168.0.100   192.168.0.217   TCP 66  3389 → 55808 [ACK] Seq=3134167 Ack=870823 Win=63192 Len=0 TSval=174652359 TSecr=3628752207
48765   2022-01-12 12:59:31,083193849   192.168.0.100   192.168.0.217   TCP 66  3389 → 55808 [ACK] Seq=3134167 Ack=871025 Win=62990 Len=0 TSval=174652361 TSecr=3628752223
48774   2022-01-12 12:59:31,187280462   192.168.0.100   192.168.0.217   TCP 66  3389 → 55808 [ACK] Seq=3134167 Ack=871227 Win=62788 Len=0 TSval=174652371 TSecr=3628752329
48776   2022-01-12 12:59:31,211830656   192.168.0.100   192.168.0.217   TCP 66  3389 → 55808 [ACK] Seq=3134167 Ack=871429 Win=64000 Len=0 TSval=174652374 TSecr=3628752343
48778   2022-01-12 12:59:31,227295312   192.168.0.100   192.168.0.217   TCP 66  3389 → 55808 [ACK] Seq=3134167 Ack=871631 Win=63798 Len=0 TSval=174652375 TSecr=3628752367
48780   2022-01-12 12:59:31,258747303   192.168.0.100   192.168.0.217   TLSv1.2 1335    Application Data
48791   2022-01-12 12:59:32,508038748   192.168.0.100   192.168.0.217   TLSv1.2 1239    Application Data
48795   2022-01-12 12:59:32,642949411   192.168.0.100   192.168.0.217   TLSv1.2 119 Application Data
48798   2022-01-12 12:59:32,698302263   192.168.0.100   192.168.0.217   TCP 1385    3389 → 55808 [ACK] Seq=3136662 Ack=871934 Win=63495 Len=1319 TSval=174652521 TSecr=3628753769 [TCP segment of a reassembled PDU]
48801   2022-01-12 12:59:32,703330974   192.168.0.100   192.168.0.217   TCP 1385    3389 → 55808 [ACK] Seq=3137981 Ack=871934 Win=63495 Len=1319 TSval=174652521 TSecr=3628753769 [TCP segment of a reassembled PDU]
48804   2022-01-12 12:59:32,704846648   192.168.0.100   192.168.0.217   TLSv1.2 313 Application Data

所以我认为他们没有到达目的地(即客户端上的cups-Server)。

从客户端到服务器的回显有效,从服务器到客户端的回显超时。此外,Samba 以前与 shrew-soft-client 配合使用,现在不再适用。

我尝试了在互联网上找到的一些“任意”iptables 规则,但没有成功。IP 转发已打开。

感谢 Bernd 的帮助或任何提示

答案1

好吧,经过几个小时的搜索并尝试了所有可能的办法后,我终于重新启动了路由器——现在可以正常工作了!

相关内容