我正在使用 strongswan (IKEv2) 从我的 Debian 11 计算机(“客户端”,192.168.0.217)连接到 bintec 路由器(德国电信的 Digitalisierungsbox 标准 192.168.0.254)后面的网络。连接正常,我可以通过远程桌面在路由器后面的计算机(“服务器”192.168.0.100:Windows 10 和 Windows server 2012)上工作。现在我想在连接到客户端的打印机上从服务器打印,但我做不到(我很确定它应该可以工作,因为在 Debian 10 上使用 shrew-soft-client (IKEv1) 可以正常工作)。为了方便起见,我尝试在客户端上访问 Cups-Page,但超时了。在服务器网络路由器的日志中,我看到包被发送到正确的目的地:
192.168.0.254 Jan 12 12:59:31 local0 debug INET SIF: Accept [39000000:192.168.0.100:64720] -> [38100002:192.168.0.217:631] :6
192.168.0.254 Jan 12 12:59:31 local0 debug INET interface 38100002: TCP SYN [192.168.0.100:64720] -> [192.168.0.217:631] clamp MSS 1460 ==> 1331
192.168.0.254 Jan 12 12:59:31 local0 debug INET NAT: new outgoing session on ifc 38100002 prot 6 192.168.0.100:64720/192.168.0.254:62698 -> 192.168.0.217:631
192.168.0.254 Jan 12 12:59:32 local0 debug INET new session, 192.168.0.100:64721->192.168.0.217:631 prot: 6 parent: false
192.168.0.254 Jan 12 12:59:32 local0 debug INET SIF: Accept [39000000:192.168.0.100:64721] -> [38100002:192.168.0.217:631] :6
192.168.0.254 Jan 12 12:59:32 local0 debug INET interface 38100002: TCP SYN [192.168.0.100:64721] -> [192.168.0.217:631] clamp MSS 1460 ==> 1331
192.168.0.254 Jan 12 12:59:32 local0 debug INET NAT: new outgoing session on ifc 38100002 prot 6 192.168.0.100:64721/192.168.0.254:43087 -> 192.168.0.217:631
并且在客户端的 wireshark 中(同时)我看到到达的包裹,但是端口非常不同:
48759 2022-01-12 12:59:31,035254804 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=870419 Win=63596 Len=0 TSval=174652356 TSecr=3628752175
48761 2022-01-12 12:59:31,051359519 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=870621 Win=63394 Len=0 TSval=174652358 TSecr=3628752191
48763 2022-01-12 12:59:31,067284339 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=870823 Win=63192 Len=0 TSval=174652359 TSecr=3628752207
48765 2022-01-12 12:59:31,083193849 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=871025 Win=62990 Len=0 TSval=174652361 TSecr=3628752223
48774 2022-01-12 12:59:31,187280462 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=871227 Win=62788 Len=0 TSval=174652371 TSecr=3628752329
48776 2022-01-12 12:59:31,211830656 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=871429 Win=64000 Len=0 TSval=174652374 TSecr=3628752343
48778 2022-01-12 12:59:31,227295312 192.168.0.100 192.168.0.217 TCP 66 3389 → 55808 [ACK] Seq=3134167 Ack=871631 Win=63798 Len=0 TSval=174652375 TSecr=3628752367
48780 2022-01-12 12:59:31,258747303 192.168.0.100 192.168.0.217 TLSv1.2 1335 Application Data
48791 2022-01-12 12:59:32,508038748 192.168.0.100 192.168.0.217 TLSv1.2 1239 Application Data
48795 2022-01-12 12:59:32,642949411 192.168.0.100 192.168.0.217 TLSv1.2 119 Application Data
48798 2022-01-12 12:59:32,698302263 192.168.0.100 192.168.0.217 TCP 1385 3389 → 55808 [ACK] Seq=3136662 Ack=871934 Win=63495 Len=1319 TSval=174652521 TSecr=3628753769 [TCP segment of a reassembled PDU]
48801 2022-01-12 12:59:32,703330974 192.168.0.100 192.168.0.217 TCP 1385 3389 → 55808 [ACK] Seq=3137981 Ack=871934 Win=63495 Len=1319 TSval=174652521 TSecr=3628753769 [TCP segment of a reassembled PDU]
48804 2022-01-12 12:59:32,704846648 192.168.0.100 192.168.0.217 TLSv1.2 313 Application Data
所以我认为他们没有到达目的地(即客户端上的cups-Server)。
从客户端到服务器的回显有效,从服务器到客户端的回显超时。此外,Samba 以前与 shrew-soft-client 配合使用,现在不再适用。
我尝试了在互联网上找到的一些“任意”iptables 规则,但没有成功。IP 转发已打开。
感谢 Bernd 的帮助或任何提示
答案1
好吧,经过几个小时的搜索并尝试了所有可能的办法后,我终于重新启动了路由器——现在可以正常工作了!