我建立了一个点对点使用 FritzBox 进行隧道 VPN在我的网络和远程计算机之间。我的目标是访问远程设备,就像它们在我的本地网络中一样。
以下是从远程设备看到的网络配置:
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:30:18:05:87:36 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.14/16 brd 192.168.255.255 scope global dynamic noprefixroute enp2s0
valid_lft 57552sec preferred_lft 57552sec
inet6 fe80::230:18ff:fe05:8736/64 scope link
valid_lft forever preferred_lft forever
3: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:30:18:05:87:37 brd ff:ff:ff:ff:ff:ff
4: wlp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 70:66:55:c2:f5:0d brd ff:ff:ff:ff:ff:ff
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1412 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 192.168.1.201/24 brd 192.168.1.255 scope global noprefixroute tun0
valid_lft forever preferred_lft forever
inet6 fe80::e28d:d83b:8dc:fe01/64 scope link stable-privacy
valid_lft forever preferred_lft forever
下面是本地机器的内容:
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 8c:89:a5:c1:d2:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.1.26/16 brd 192.168.255.255 scope global dynamic noprefixroute enp4s0
valid_lft 862067sec preferred_lft 862067sec
inet6 fe80::8e89:a5ff:fec1:d2cd/64 scope link
valid_lft forever preferred_lft forever
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 64:70:02:a0:fd:6f brd ff:ff:ff:ff:ff:ff
4: ztmjfge2h7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether e2:5c:ee:ca:9c:2d brd ff:ff:ff:ff:ff:ff
inet 172.22.107.117/16 brd 172.22.255.255 scope global ztmjfge2h7
valid_lft forever preferred_lft forever
inet6 fe80::5c50:83ff:fe2b:44ea/64 scope link
valid_lft forever preferred_lft forever
如你看到的:
远程机器:
enp2s0 192.168.0.14/16
tun0 192.168.1.201/24
本地机器:
enp4s0 192.168.1.26/16
如果我禁用 VPN,我可以从远程计算机访问 192.168.1.x 下的任何设备。但是当启用 VPN 时,我就不能访问了。
相反,即使 VPN 处于活动状态,192.168.0.x 以下的任何机器都是可以访问的。
恐怕问题出/24在 的网络掩码上tun0。不幸的是,FritzBox 的制造商说它是硬编码在固件中的,我无法更改它……
为了绕过这个限制,我可以在远程或本地机器上进行任何配置吗?