我正在尝试在工业 ProRoute M2M 4G 路由器上设置 VPN 服务器。我的目标是让客户端能够登录 VPN 并能够“本地”访问路由器 LAN 上的主机。我的第一个挑战来自路由器配置页面上模糊的 PPTP 服务器设置。我尝试了所有我能想到的组合。但是,下面包含的组合是用于生成以下输出的组合。
我的本地机器是 192.168.1.64,本地网关是 192.168.1.254。远程路由器的网关是 192.168.8.1,DHCP 分配 LAN 地址 192.168.8.100-192.168.8.200。我运行的是 Windows 7,但也尝试过使用 OS X。路由器使用的是固定公共 IP SIM 卡。
路由器设置
本地 IP - 192.168.8.100-192.168.8.200
远程 IP - 192.168.1.100-192.168.1.200
加密 - MPPE 128 位(也测试了不加密的所有内容)
用户名和密码 - 设置
用户静态 IP - 留空
远程 LAN/掩码 - 192.168.8.0/24
请注意,我无法在任何地方为 PPTP 服务器启用 DHCP。
本地客户端设置
IPv6 - 已禁用
IPv4 - 全部自动,尽管使用静态测试结果相同,但 DNS 手动指向 8.8.8.8/8.8.4.4(Google 公共 DNS),并且选中默认网关框
没有 VPN 连接的 ipconfig 输出:
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Link-local IPv6 Address . . . . . : fe80::a985:527b:f5e3:a66b%11
IPv4 Address. . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
Tunnel adapter isatap.gateway.2wire.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:34ff:3fd9:3f57:febf
Link-local IPv6 Address . . . . . : fe80::34ff:3fd9:3f57:febf%13
Default Gateway . . . . . . . . . : ::
无需 VPN 连接的路线打印:
===========================================================================
Interface List
11...44 8a 5b 61 bd d3 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 266
192.168.1.64 255.255.255.255 On-link 192.168.1.64 266
192.168.1.255 255.255.255.255 On-link 192.168.1.64 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 259
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:34ff:3fd9:3f57:febf/128
On-link
11 266 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::34ff:3fd9:3f57:febf/128
On-link
11 266 fe80::a985:527b:f5e3:a66b/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
使用 VPN 连接的 ipconfig:
Windows IP Configuration
PPP adapter VPN Connection:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Link-local IPv6 Address . . . . . : fe80::a985:527b:f5e3:a66b%11
IPv4 Address. . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
Tunnel adapter isatap.gateway.2wire.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Tunnel adapter Local Area Connection* 11:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:102f:dd7:3f57:fe9b
Link-local IPv6 Address . . . . . : fe80::102f:dd7:3f57:fe9b%13
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{C4127ACE-546B-4448-B79A-D0807C092C0B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
使用 VPN 连接进行路线打印:
===========================================================================
Interface List
20...........................VPN Connection
11...44 8a 5b 61 bd d3 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 4235
0.0.0.0 0.0.0.0 On-link 192.168.1.100 11
93.91.45.109 255.255.255.255 192.168.1.254 192.168.1.64 4236
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
192.168.1.0 255.255.255.0 On-link 192.168.1.64 4491
192.168.1.64 255.255.255.255 On-link 192.168.1.64 4491
192.168.1.100 255.255.255.255 On-link 192.168.1.100 266
192.168.1.255 255.255.255.255 On-link 192.168.1.64 4491
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 192.168.1.64 4485
224.0.0.0 240.0.0.0 On-link 192.168.1.100 11
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 192.168.1.64 4491
255.255.255.255 255.255.255.255 On-link 192.168.1.100 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:6abd:102f:dd7:3f57:fe9b/128
On-link
11 266 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::102f:dd7:3f57:fe9b/128
On-link
11 266 fe80::a985:527b:f5e3:a66b/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
使用 VPN 连接 tracert 192.168.8.1(远程路由器网关):
Tracing route to 192.168.8.1 over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
我可以成功建立 VPN 连接。如果使用 IP 地址,我可以通过路由器访问互联网(DNS 似乎不起作用)。但是,我无法访问远程路由器 LAN 上的任何内部主机。
答案1
解决了!问题在于远程/本地 IP 范围不正确。确保远程 IP 和远程子网是客户端网络的 IP 范围,而本地是路由器网络的 IP 范围。