PPTP 和 OpenVPN 之间的隧道流量

tag-icon tag-icon vpn openvpn pptp
PPTP 和 OpenVPN 之间的隧道流量

我的办公室 ( office_network) 使用 PPTP VPN 为远程员工提供服务。在 macOS Catalina 发布之前,一切都还好。Macos 不再支持 PPTP。

因此,为了访问office_network网络,我决定在我的 Ubuntu 服务器上设置“vpn tunel”(ubuntu)。

  • 我已经安装了 PPTP 客户端ubuntu并连接到office_network
  • ubuntu我已经在 MacBook 上安装了 openVPN 服务器和客户端 ( macbook),并成功连接 ( ubuntu<-> macbook)。我可以通过ubuntu

但我仍然无法office_network从访问macbook

ifconfig 来自ubuntu

root@server:/etc/openvpn# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet X.Y.244.154  netmask 255.255.255.0  broadcast X.Y.244.255
        inet6 ....  prefixlen 64  scopeid 0x0<global>
        inet6 ....  prefixlen 64  scopeid 0x20<link>
        ether ....  txqueuelen 1000  (Ethernet)
        RX packets 8115596  bytes 1387222400 (1.3 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10933097  bytes 2330386079 (2.3 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 132556  bytes 90634105 (90.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 132556  bytes 90634105 (90.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1492
        inet 10.10.10.2  netmask 255.255.255.255  destination 10.10.10.1
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 102  bytes 115715 (115.7 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 94  bytes 9170 (9.1 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 ....  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 29916  bytes 6166802 (6.1 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 126423  bytes 156305569 (156.3 MB)
        TX errors 0  dropped 4791 overruns 0  carrier 0  collisions 0

ppp0- 它是 pptp 接口。tun0- openvpn 服务器

实际上我只需要访问一个子网office_network,所以我添加了一条路由

ip route add 10.80.16.0/24 dev ppp0

结果我可以从 访问 10.80.16.X ubuntu,但不能从 访问macbook

traceroute來自macbook

成功谷歌:

➜  ~ traceroute google.com
traceroute to google.com (172.217.169.46), 64 hops max, 52 byte packets
 1  10.8.0.1 (10.8.0.1)  48.696 ms  45.363 ms  48.516 ms
 2  router2-lon.hosting-server.com (X.Y.33.230)  46.275 ms  49.215 ms  49.843 ms
 3  109.74.207.20 (109.74.207.20)  46.062 ms  48.806 ms  45.548 ms
 ...

失败office_network

➜  ~ traceroute 10.80.16.14
traceroute to 10.80.16.14 (10.80.16.14), 64 hops max, 52 byte packets
 1  10.8.0.1 (10.8.0.1)  47.852 ms  48.493 ms  64.061 ms
 2  * * *
 3  * * *
 ......

最后我尝试添加如下 NAT 规则:

iptables -t nat -A POSTROUTING -s 10.80.16.0/24 -j MASQUERADE

但这也无济于事。

我忘了什么?

答案1

将此路由添加到 NAT 表:

iptables -t nat -I POSTROUTING -o ppp0 -s 10.8.0.0/24 -j MASQUERADE

相关内容