编辑:我的搜索让我找到了 GRE 数据包:它们似乎在IP 端口(非 TCP 端口) 47。处理起来似乎相当痛苦iptables。所以问题变成:如何通过自定义路由器上的接口传输 GRE 数据包? 这个答案对我来说似乎不起作用。
我正在尝试基于安装了 Debian 9.6 的无风扇机器构建自己的路由器。
到目前为止,它在正常连接上运行,流量从 到 正确lan转发wan。我无法从我的台式机到 VPN 服务器建立 VPN 连接。当我从路径上移除路由器时,此连接仍然有效。
到目前为止,我做了:
- 接口重命名(我现在有
wan和lan,到/etc/udev/rules.d/70-persistent-net.rules)
ip 地址显示
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 11:22:33:44:55:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.108/24 brd 192.168.0.255 scope global wan
valid_lft forever preferred_lft forever
inet6 fe80::4262:31ff:fe01:14ad/64 scope link
valid_lft forever preferred_lft forever
3: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 77:88:99:00:aa:bb brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global lan
valid_lft forever preferred_lft forever
inet6 fe80::4262:31ff:fe01:14ae/64 scope link
valid_lft forever preferred_lft forever
- LAN 子网的 DHCP 服务器(192.168.1.0/24)
subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.254; option routers 192.168.1.1; option broadcast-address 192.168.1.255; }
- 使用 iptables 转发流量
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -i wan -o lan -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i lan -o wan -j ACCEPT
我的/etc/network/interfaces文件:
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto wan
allow-hotplug wan
iface wan inet dhcp
auto lan
allow-hotplug lan
iface lan inet static
address 192.168.1.1
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
auto wifi
allow-hotplug wifi
iface wifi inet static
address 192.168.2.1
netmask 255.255.255.0
broadcast 192.168.2.255
gateway 192.168.2.1
/var/log/syslog尝试建立连接时输出以下内容:
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:939]: Outgoing call established (call ID 28628, peer's call ID 27745).
Nov 29 14:59:51 nicolas pppd[7202]: LCP: timeout sending Config-Requests
请注意,2 条跟踪以下有 30 秒的延迟,因为它表明它看起来像超时。
完整踪迹如下:
Nov 29 14:59:19 nicolas NetworkManager[927]: <info> [1543499959.8921] audit: op="connection-activate" uuid="bc714f1c-5ba0-44f8-800f-1a1cf45d17d1" name="Niort" pid=6877 uid=1000 result="success"
Nov 29 14:59:19 nicolas NetworkManager[927]: <info> [1543499959.8965] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: Started the VPN service, PID 7195
Nov 29 14:59:19 nicolas NetworkManager[927]: <info> [1543499959.9059] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: Saw the service appear; activating connection
Nov 29 14:59:20 nicolas NetworkManager[927]: <info> [1543499960.0440] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN connection: (ConnectInteractive) reply received
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: pppd started with pid 7202
Nov 29 14:59:20 nicolas NetworkManager[927]: <info> [1543499960.0468] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN plugin: state changed: starting (3)
Nov 29 14:59:20 nicolas pppd[7202]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
Nov 29 14:59:20 nicolas NetworkManager[927]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
Nov 29 14:59:20 nicolas pppd[7202]: pppd 2.4.7 started by root, uid 0
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
Nov 29 14:59:20 nicolas pppd[7202]: Using interface ppp0
Nov 29 14:59:20 nicolas NetworkManager[927]: Using interface ppp0
Nov 29 14:59:20 nicolas NetworkManager[927]: Connect: ppp0 <--> /dev/pts/4
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Nov 29 14:59:20 nicolas pppd[7202]: Connect: ppp0 <--> /dev/pts/4
Nov 29 14:59:20 nicolas NetworkManager[927]: nm_device_get_device_type: assertion 'NM_IS_DEVICE (self)' failed
Nov 29 14:59:20 nicolas NetworkManager[927]: <info> [1543499960.0525] manager: (ppp0): new Generic device (/org/freedesktop/NetworkManager/Devices/23)
Nov 29 14:59:20 nicolas pptp[7207]: nm-pptp-service-7195 log[main:pptp.c:350]: The synchronous pptp option is NOT activated
Nov 29 14:59:20 nicolas NetworkManager[927]: <info> [1543499960.0582] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Nov 29 14:59:20 nicolas NetworkManager[927]: <info> [1543499960.0585] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Nov 29 14:59:20 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 1 'Start-Control-Connection-Request'
Nov 29 14:59:20 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:781]: Received Start Control Connection Reply
Nov 29 14:59:20 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:815]: Client connection established.
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 7 'Outgoing-Call-Request'
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:900]: Received Outgoing Call Reply.
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:939]: Outgoing call established (call ID 28628, peer's call ID 27745).
Nov 29 14:59:51 nicolas pppd[7202]: LCP: timeout sending Config-Requests
Nov 29 14:59:51 nicolas NetworkManager[927]: LCP: timeout sending Config-Requests
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
Nov 29 14:59:51 nicolas NetworkManager[927]: Connection terminated.
Nov 29 14:59:51 nicolas pppd[7202]: Connection terminated.
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: Terminated ppp daemon with PID 7202.
Nov 29 14:59:51 nicolas NetworkManager[927]: <warn> [1543499991.0852] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN plugin: failed: connect-failed (1)
Nov 29 14:59:51 nicolas NetworkManager[927]: <info> [1543499991.0853] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN plugin: state changed: stopping (5)
Nov 29 14:59:51 nicolas NetworkManager[927]: <error> [1543499991.0867] platform-linux: do-change-link[24]: failure changing link: failure 19 (Aucun périphérique de ce type)
Nov 29 14:59:51 nicolas NetworkManager[927]: <warn> [1543499991.0873] device (ppp0): failed to disable userspace IPv6LL address handling
Nov 29 14:59:51 nicolas NetworkManager[927]: <info> [1543499991.0891] devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Nov 29 14:59:51 nicolas NetworkManager[927]: <info> [1543499991.0895] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN service disappeared
Nov 29 14:59:51 nicolas gnome-session[3198]: Gjs-Message: JS LOG: Removing a network device that was not added
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
Nov 29 14:59:51 nicolas pptp[7207]: nm-pptp-service-7195 warn[decaps_hdlc:pptp_gre.c:220]: short read (-1): Input/output error
Nov 29 14:59:51 nicolas NetworkManager[927]: Terminating on signal 15
Nov 29 14:59:51 nicolas NetworkManager[927]: Child process /usr/sbin/pptp 88.175.185.134 --nolaunchpppd --loglevel 0 --logstring nm-pptp-service-7195 (pid 7205) terminated with signal 15
Nov 29 14:59:51 nicolas NetworkManager[927]: Modem hangup
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
Nov 29 14:59:51 nicolas pptp[7207]: nm-pptp-service-7195 warn[decaps_hdlc:pptp_gre.c:232]: pppd may have shutdown, see pppd log
Nov 29 14:59:51 nicolas pppd[7202]: Terminating on signal 15
Nov 29 14:59:51 nicolas pptp[7225]: nm-pptp-service-7195 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Nov 29 14:59:51 nicolas pppd[7202]: Child process /usr/sbin/pptp 88.175.185.134 --nolaunchpppd --loglevel 0 --logstring nm-pptp-service-7195 (pid 7205) terminated with signal 15
Nov 29 14:59:51 nicolas pppd[7202]: Modem hangup
Nov 29 14:59:51 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 12 'Call-Clear-Request'
Nov 29 14:59:51 nicolas pptp[7225]: nm-pptp-service-7195 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Nov 29 14:59:51 nicolas pppd[7202]: Exit.
有人知道这里存在的错误吗?如何配置我的 VPN 客户端或路由器以正确转发 VPN 流量?
谢谢,