我在 VPN 设置中遇到了一个可能的问题。我有两个不同的客户端网络入口点,因此我设置了两个服务,由于其中一个 VPN 连接对我们来说略好一些,因此将其度量设置为 100,将另一个设置为 101,如下所示。
/etc/ppp/ip-up.local
metric=100
if [[ $PPP_IFACE == 'ppp2' ]]; then
metric=101;
# ppp2 have lower priority
fi;
route add -net 10.20.0.0 netmask 255.255.0.0 dev $PPP_IFACE metric $metric
接口名称用/etc/ppp/*.options和unit 2来设置unit 3:
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
#noaccomp
mtu 1280
mru 1280
noipdefault
#defaultroute
nodefaultroute
#usepeerdns
unit 2
connect-delay 5000
name myname
password mypassword
自从我知道接口的名称,我很懒,只是添加了修复规则iptables并认为我已经完成了(而不是在脚本中添加/删除它们)。
但后来我看到一个ppp0界面......
经过一些研究我得到了这个。
sudo grep -iRn "pppd" /var/log/给我这个
/var/log/syslog:5697:Jul 29 10:55:58 debian-router pppd[5153]: LCP terminated by peer
/var/log/syslog:5698:Jul 29 10:55:58 debian-router pppd[5153]: Connect time 643.1 minutes.
/var/log/syslog:5699:Jul 29 10:55:58 debian-router pppd[5153]: Sent 0 bytes, received 0 bytes.
/var/log/syslog:5702:Jul 29 10:55:58 debian-router pppd[5153]: Overriding mtu 1500 to 1280
/var/log/syslog:5703:Jul 29 10:55:58 debian-router pppd[5153]: Overriding mru 1500 to mtu value 1280
/var/log/syslog:5707:Jul 29 10:55:58 debian-router xl2tpd[3016]: Terminating pppd: sending TERM signal to pid 5153
/var/log/syslog:5708:Jul 29 10:55:58 debian-router pppd[5153]: Terminating on signal 15
/var/log/syslog:5713:Jul 29 10:56:01 debian-router xl2tpd[3016]: start_pppd: I'm running:
/var/log/syslog:5714:Jul 29 10:56:01 debian-router xl2tpd[3016]: "/usr/sbin/pppd"
/var/log/syslog:5724:Jul 29 10:56:01 debian-router pppd[5613]: Plugin pppol2tp.so loaded.
/var/log/syslog:5725:Jul 29 10:56:01 debian-router pppd[5613]: pppd 2.4.7 started by root, uid 0
/var/log/syslog:5726:Jul 29 10:56:01 debian-router pppd[5613]: Couldn't allocate PPP unit 2 as it is already in use
/var/log/syslog:5727:Jul 29 10:56:01 debian-router pppd[5613]: Using interface ppp0
/var/log/syslog:5728:Jul 29 10:56:01 debian-router pppd[5613]: Connect: ppp0 <-->
/var/log/syslog:5729:Jul 29 10:56:01 debian-router pppd[5613]: Overriding mtu 1500 to 1280
/var/log/syslog:5730:Jul 29 10:56:01 debian-router pppd[5613]: Overriding mru 1500 to mtu value 1280
/var/log/syslog:5732:Jul 29 10:56:01 debian-router pppd[5613]: Overriding mtu 1500 to 1280
/var/log/syslog:5733:Jul 29 10:56:01 debian-router pppd[5613]: PAP authentication succeeded
/var/log/syslog:5734:Jul 29 10:56:01 debian-router pppd[5153]: Connection terminated.
/var/log/syslog:5736:Jul 29 10:56:01 debian-router pppd[5153]: Modem hangup
/var/log/syslog:5737:Jul 29 10:56:01 debian-router pppd[5153]: Exit.
那么发生的事情一定是……由于某些(可能无关的)原因,连接被终止,然后xl2tpd发送TERM到pppd[5153],然后pppd[5613]为新连接启动新的连接。但pppd[5153]需要一些时间才能退出,因此pppd[5613]无法使用指定的接口名称ppp2。
/etc/xl2tpd/xl2tpd.conf是这样的。
[lac vpn1]
lns = 10.20.30.40
;ppp debug = yes
pppoptfile = /etc/ppp/options.vpn1.l2tpd
length bit = yes
redial = yes
redial timeout = 2
; max redials = 15
[lac vpn2]
lns = 10.20.30.41
;ppp debug = yes
pppoptfile = /etc/ppp/options.vpn2.l2tpd
length bit = yes
redial = yes
redial timeout = 2
; max redials = 15
现在,我想我可以设置redial timeout得xl2tpd.conf更高,但这不会是解决问题的干净方法。所以问题是,是否可以确保设备名称在重新连接时保持不变?(如果不能,我想我只能使用$PPP_REMOTE-- 但实际上不是,因为它不是lns = 10.20.30.41! -- 在我的ip-up.local代替$PPP_IFACE和添加/删除iptables规则中,但也许有更好的方法)。
更新
我在文件中添加了ipparam vpn1和并使用来区分两者;我猜这是最稳定的解决方案。ipparam vpn2/etc/ppp/*.options$PPP_IPPARAM
附加信息:
- 操作系统:Debian GNU/Linux 10 (buster)
- ipsec:Linux strongSwan U5.7.2/K4.19.0-9-amd64
- xl2tpd:xl2tpd-1.3.12