祝大家长时间正常运行!
操作系统 FreeBSD 9.0-RELEASE,pptpd-1.3.4。
网络:
em0 1.2.3.4 - external interface and ip
tun0 10.18.1.0/24 - network for openvpn clients
tun1 10.18.2.0/24 - network for pptp clients
配置。
/etc/ppp.conf:
default:
set timeout 0
set log Phase Chat LCP IPCP CCP TUN Command Connect
disable vjcomp deflate pred1
pptp:
set device localhost:pptp
set ifaddr 10.18.2.101 10.18.2.102-10.18.2.113 255.255.255.0
set server /tmp/loop "" 0177
enable chap
enable MSChapV2
disable pap
disable ipv6cp
enable proxy
allow mode direct
/usr/local/etc/pptpd.conf:
logwtmp
debug
noipparam
delegate
proxyarp
+MSChap-V2 mppe-128 mppe-stateless
pidfile /var/run/pptpd.pid
/etc/pf.conf:
table <sshguard> persist
block in quick on em0 proto tcp from <sshguard> to any port 22 label "ssh bruteforce"
pass quick on lo0 all
pass quick on em0 all
/etc/rc.conf:
gateway_enable="YES"
/etc/sysctl.conf:
net.link.ether.inet.proxyall=1
日志文件中的一些警告:
tun1: Warning: Local: bind: Address already in use
tun1: Warning: set server: Failed 2
tun1: Warning: 10.18.2.112: Cannot determine ethernet address for proxy ARP
tun1: Warning: 10.18.2.112: Cannot determine ethernet address for proxy ARP
tun2: Warning: Local: bind: Address already in use
tun2: Warning: set server: Failed 2
tun2: Warning: 10.18.2.104: Cannot determine ethernet address for proxy ARP
Routes@openvpn 客户端:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
10.18.1.0 10.18.1.61 255.255.255.0 UG 0 0 0 tun0
10.18.1.61 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.18.2.0 10.18.1.61 255.255.255.0 UG 0 0 0 tun0
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
因此,从 openvpn 客户端我可以 ping 10.18.2.101,但不能 ping pptp 客户端。从服务器我可以 ping 任何 pptp 和 openvpn 客户端,包括其内部网络中的主机。是否可以使用 proxyarp 完成任务,或者我需要寻找 NAT?