我可能做了一件非常愚蠢的事情,但我似乎不知道是什么。我想实现以下目标:我希望远程用户能够登录我们的网络,因此我在 XenCenter 中将 Windows 2008 Server 设置为内部 VPN 服务器,作为虚拟机。我们叫他本杰明。他还兼作文件服务器。
到目前为止,有效的方法如下:
- 使用 Mac、Windows 和 iOS 客户端进行远程 VPN 登录
- 访问 Benjamin 上的文件共享
- 对本地网络和互联网上的所有主机进行 ping 操作,即使数据包很大(>1000 字节)
不可以:除了 Benjamin 本身,我无法与本地网络上的主机建立任何 TCP 连接(SSH、HTTP 等)。在 Wireshark 中,我可以看到客户端和我尝试连接的计算机上的 SYN 和 SYN-ACK,但从来没有 ACK。(有趣的是,在我准备的 Wireshark 日志中,出于某种原因有一些 DUP ACK - 而且它们的方向与应有的方向完全相反。我不知道为什么。)
之前甚至在 ping Benjamin 以外的任何东西时都会出现问题,但我通过禁用 Benjamin 上的 IP 校验和卸载解决了这个问题(不知何故它不起作用然后数据包会被丢弃)。
我尝试在客户端上设置非常小的 MTU,在内部网络的计算机上设置到 Benjamin 的网关以及许多其他东西,但都没有任何帮助。
我怀疑这是某种路由问题,但找不到这些 ACK。有什么想法吗?我应该在哪里进一步调查?提前致谢!
更新: 我刚刚发现一件奇怪的事情:当我尝试从内部网络 ssh 进入 VPN 客户端时,客户端会收到 SYN(我在 Wireshark 中看到它),但它再也没有响应。我觉得这一定是客户端上的一些配置问题,但在全部有多少?那会是什么?没有防火墙,根据 Wireshark 的说法,数据包看起来是有效的(包括校验和和所有内容)。有谁知道为什么它既不响应 SYN 也不响应 SYN-ACK,而没有防火墙可以丢弃这些数据包?
更新 2:更令人困惑的是,我刚刚确认使用 netcat 和UDP,一切正常,双向(nc 在内部网络主机和 VPN 客户端上监听)。也许 TCP 不再喜欢我了?
以下是更多信息:
Local net: 172.17.0.0/16
Router: 172.17.0.1 (Port Forwarding TCP 1701, UDP 500 and 4500)
XenServer: 172.17.0.10
Benjamin: 172.17.1.1
VPN DHCP range: 172.17.7.1..240客户端上的Wireshark日志(VPN时为172.17.7.2):
No. Time Source Destination Protocol Length Info
1 0.000000 172.17.4.4 172.17.7.2 TCP 68 ssh > 61653 [SYN, ACK] Seq=0 Ack=0 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641695654 TSecr=440887504 SACK_PERM=1
Frame 1: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61653 (61653), Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol Length Info
2 5.337197 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887658 TSecr=0 SACK_PERM=1
Frame 2: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
3 5.479947 172.17.4.4 172.17.7.2 TCP 68 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641701208 TSecr=440887658 SACK_PERM=1
Frame 3: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
4 6.256638 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887667 TSecr=0 SACK_PERM=1
Frame 4: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
5 6.449901 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 3#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641702152 TSecr=440887667
Frame 5: 56 bytes on wire (448 bits), 56 bytes captured (448 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
6 6.609908 172.17.4.4 172.17.7.2 TCP 68 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641702305 TSecr=440887667 SACK_PERM=1
Frame 6: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
7 7.258316 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887677 TSecr=0 SACK_PERM=1
Frame 7: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
8 7.450032 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 6#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641703139 TSecr=440887677
Frame 8: 56 bytes on wire (448 bits), 56 bytes captured (448 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
9 8.259938 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887687 TSecr=0 SACK_PERM=1
Frame 9: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
10 8.490122 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 6#2] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641704143 TSecr=440887687
Frame 10: 56 bytes on wire (448 bits), 56 bytes captured (448 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
11 9.249943 172.17.4.4 172.17.7.2 TCP 68 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641704904 TSecr=440887687 SACK_PERM=1
Frame 11: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
12 9.261766 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887697 TSecr=0 SACK_PERM=1
Frame 12: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
13 9.430047 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 11#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641705119 TSecr=440887697
Frame 13: 56 bytes on wire (448 bits), 56 bytes captured (448 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
14 10.263852 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887707 TSecr=0 SACK_PERM=1
Frame 14: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
15 10.439839 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 11#2] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641706132 TSecr=440887707
Frame 15: 56 bytes on wire (448 bits), 56 bytes captured (448 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
16 12.267344 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887727 TSecr=0 SACK_PERM=1
Frame 16: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
17 12.469629 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 11#3] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641708126 TSecr=440887727
Frame 17: 56 bytes on wire (448 bits), 56 bytes captured (448 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
18 16.719912 172.17.4.4 172.17.7.2 TCP 68 ssh > 61653 [SYN, ACK] Seq=0 Ack=0 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641712353 TSecr=440887504 SACK_PERM=1
Frame 18: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61653 (61653), Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol Length Info
19 21.679611 172.17.4.4 172.17.7.2 TCP 68 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641717388 TSecr=440887727 SACK_PERM=1
Frame 19: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Point-to-Point Protocol
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0Wireshark 登录本地网络(172.17.4.4)中的电脑:
No. Time Source Destination Protocol Length Info
1 0.000000 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887658 TSecr=0 SACK_PERM=1
Frame 1: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff)
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
2 0.000102 172.17.4.4 172.17.7.2 TCP 78 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641701208 TSecr=440887658 SACK_PERM=1
Frame 2: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
3 0.950403 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887667 TSecr=0 SACK_PERM=1
Frame 3: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff)
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
4 0.950567 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 2#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641702152 TSecr=440887667
Frame 4: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
5 1.104130 172.17.4.4 172.17.7.2 TCP 78 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641702305 TSecr=440887667 SACK_PERM=1
Frame 5: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
6 1.940779 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887677 TSecr=0 SACK_PERM=1
Frame 6: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff)
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
7 1.940962 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 5#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641703139 TSecr=440887677
Frame 7: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
8 2.950009 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887687 TSecr=0 SACK_PERM=1
Frame 8: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff)
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
9 2.950198 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 5#2] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641704143 TSecr=440887687
Frame 9: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
10 3.714242 172.17.4.4 172.17.7.2 TCP 78 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641704904 TSecr=440887687 SACK_PERM=1
Frame 10: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
11 3.929627 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887697 TSecr=0 SACK_PERM=1
Frame 11: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff)
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
12 3.929819 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 10#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641705119 TSecr=440887697
Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
13 4.949931 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887707 TSecr=0 SACK_PERM=1
Frame 13: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff)
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
14 4.950122 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 10#2] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641706132 TSecr=440887707
Frame 14: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
15 6.950093 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887727 TSecr=0 SACK_PERM=1
Frame 15: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff)
Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4)
Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
16 6.950281 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 10#3] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641708126 TSecr=440887727
Frame 16: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
17 7.955752 172.17.4.4 172.17.7.2 TCP 78 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641709126 TSecr=440887727 SACK_PERM=1
Frame 17: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
18 11.196585 172.17.4.4 172.17.7.2 TCP 78 ssh > 61653 [SYN, ACK] Seq=0 Ack=0 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641712353 TSecr=440887504 SACK_PERM=1
Frame 18: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61653 (61653), Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol Length Info
19 16.252632 172.17.4.4 172.17.7.2 TCP 78 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641717388 TSecr=440887727 SACK_PERM=1
Frame 19: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec)
Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0可能相关的服务器故障问题,但到目前为止对我没有帮助:
答案1
我首先要看一下您的掩码。如果一般主机位于 172.17.0.0/16 中,而您的 VPN 子网位于 172.17.7.0/24 中,那么完全有可能出现一些不确定的连接情况。
172.17.0.0/16 中的一般主机在向 172.17.7.0/24 中的 VPN 主机发送数据包时,将尝试对 VPN 主机的地址进行 ARP(而不是将其发送给网关)。
反过来,VPN 主机尝试将帧发送到通用子网中的主机。它将通过其网关发送。如果此网关是 /24 和 /16 的成员,那么您会遇到类似的问题 - 要么是非法配置,要么数据包实际上是被桥接而不是被路由。
您可能已经配置了代理 arp - 这会导致路由设备在较大的子网中回答它有路由到的主机的 ARP 请求,但从您发布的材料中这一点并不清楚。
也有可能您在混合中设置了桥接。这可能会产生一些奇怪的情况,因为标准 ARP 在一个方向上可以工作,但在另一个方向上,某种网关将被调用将名义上路由的帧转发回接收接口 - 同样,这在某些情况下可能有效,但并不好(注 - 这可能是重复 ACK 的来源)。
你能将 VPN 主机放在不重叠的子网中吗?比如给它一个 172.18.xx 地址,然后在这个新子网的网关和 172.17.0.0/16 的默认网关之间配置路由?至少这会使整个事情更容易排除故障,而且很可能解决问题。