即使在同一子网下,也无法通过 VPN 访问远程设备

tag-icon tag-icon networking router vpn subnet fritzbox
即使在同一子网下,也无法通过 VPN 访问远程设备

我建立了一个点对点使用 FritzBox 进行隧道 VPN在我的网络和远程计算机之间。我的目标是访问远程设备,就像它们在我的本地网络中一样。

以下是从远程设备看到的网络配置:

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:30:18:05:87:36 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.14/16 brd 192.168.255.255 scope global dynamic noprefixroute enp2s0
       valid_lft 57552sec preferred_lft 57552sec
    inet6 fe80::230:18ff:fe05:8736/64 scope link 
       valid_lft forever preferred_lft forever
3: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 00:30:18:05:87:37 brd ff:ff:ff:ff:ff:ff
4: wlp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 70:66:55:c2:f5:0d brd ff:ff:ff:ff:ff:ff
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1412 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet 192.168.1.201/24 brd 192.168.1.255 scope global noprefixroute tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::e28d:d83b:8dc:fe01/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

下面是本地机器的内容:

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 8c:89:a5:c1:d2:cd brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.26/16 brd 192.168.255.255 scope global dynamic noprefixroute enp4s0
       valid_lft 862067sec preferred_lft 862067sec
    inet6 fe80::8e89:a5ff:fec1:d2cd/64 scope link 
       valid_lft forever preferred_lft forever
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 64:70:02:a0:fd:6f brd ff:ff:ff:ff:ff:ff
4: ztmjfge2h7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether e2:5c:ee:ca:9c:2d brd ff:ff:ff:ff:ff:ff
    inet 172.22.107.117/16 brd 172.22.255.255 scope global ztmjfge2h7
       valid_lft forever preferred_lft forever
    inet6 fe80::5c50:83ff:fe2b:44ea/64 scope link 
       valid_lft forever preferred_lft forever

如你看到的:

远程机器:

enp2s0 192.168.0.14/16
tun0   192.168.1.201/24

本地机器:

enp4s0 192.168.1.26/16

如果我禁用 VPN,我可以从远程计算机访问 192.168.1.x 下的任何设备。但是当启用 VPN 时,我就不能访问了。

相反,即使 VPN 处于活动状态,192.168.0.x 以下的任何机器都是可以访问的。

恐怕问题出/24在 的网络掩码上tun0。不幸的是,FritzBox 的制造商说它是硬编码在固件中的,我无法更改它……

为了绕过这个限制,我可以在远程或本地机器上进行任何配置吗?

相关内容