我正在尝试看看 softether 是否是满足我们需求的可行 VPN 解决方案。我已成功让 sstp 连接到 SE,但前提是启用了安全 NAT。当我禁用安全 NAT 时,请求将发送到我们的 DHCP 服务器,但租约不会返回给客户端,因此他们无法获得 IP 地址并且无法连接。
您可以从服务器日志中看到这些信息:
2019-04-05 11:10:00.319 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: Trying to request an IP address from the DHCP server.
2019-04-05 11:10:05.319 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: Acquiring an IP address from the DHCP server failed. To accept a PPP session, you need to have a DHCP server. Make sure that a DHCP server is working normally in the Ethernet segment which the Virtual Hub belongs to. If you do not have a DHCP server, you can use the Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
2019-04-05 11:10:13.501 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: The VPN Client sent a packet though an IP address of the VPN Client hasn't been determined.
2019-04-05 11:10:13.501 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: A PPP protocol error occurred, or the PPP session has been disconnected.
我已经设置了从虚拟集线器到私有 NIC 的桥接,并禁用了 SE 集线器中的安全 NAT 和 DHCP 功能。
当我尝试使用 SSTP 从 Windows 机器进行连接时,我从数据包日志中获取了以下信息:
-04-05,11:09:52.450,SID-LOCALBRIDGE- 1,-,A4580F42CBB6,FFFFFFFFFFFF,0x0800,358,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,001A4A160154,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.24,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.253 ServerIP=10.1.1.24 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,A4580F42CBB6,FFFFFFFFFFFF,0x0800,370,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,001A4A160154,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.24,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.253 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.210,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.203 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:56.159,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=2306803456 ClientIP=0.0.0.0 YourIP=10.1.2.112 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:10:00.400,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
2019-04-05,11:10:01.932,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
2019-04-05,11:10:03.516,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
2019-04-05,11:10:04.084,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=2306803456 ClientIP=0.0.0.0 YourIP=10.1.2.112 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:10:05.076,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
我认为导致此问题的一个原因是 DHCP 租约中应返回 IP 地址的中继地址不正确 (0.0.0.0)。但我不确定在 SE 服务器端应如何配置它。
我为此苦苦思索了一段时间,希望能够找到完成过类似设置的人来提供一些帮助。
答案1
对此问题的答案是,SOFT ether 仅向 radius 服务器发送基于文本的密码,但我们的 radius 服务器配置为仅接受加密密码,我发现的唯一解决方案(不太好)是将 radius 服务器更改为接受基于文本的密码。