我正在运行OpenBSD 5.8,npppd,mpath并在5.7和5.3上尝试过相同的操作。 npppd工作正常,客户端可以使用Windows pptp客户端连接。 客户端将pptp连接设置为默认网关,可以通过vpn网关访问Internet但无法访问LAN网络 流量到达pppx0接口但从未转发到LAN IP地址。 我一直在寻找和尝试超过2周,并且无法想象那一个。 将所有内容设置为在pf.conf中传递并仅启用nat - 仍然没有结果。
设定: 使用pppx0或tun0和pf的带有npppd的OpenBSD 5.8 2 WAN接口等成本路由(net.inet.ip.multipath = 1), 1个LAN接口
sysctl.conf的
net.inet.ip.forwarding=1
net.inet.ip.multipath=1
net.inet.gre.allow=1
net.pipex.enable=1
npptp.conf:
set max-session 20
set user-max-session 5
authentication LOCAL type local {
users-file "/etc/npppd/npppd-users"
}
tunnel VPN protocol pptp {
listen on 0.0.0.0
}
ipcp IPCP {
pool-address 10.219.219.2-10.219.219.100
dns-servers 192.168.0.189 192.168.0.19
nbns-servers 192.168.0.189 192.168.0.19
}
interface pppx0 address 10.219.219.1 ipcp IPCP
bind tunnel from VPN authenticated by LOCAL to pppx0
pf.conf文件
### NAT
match out log on $ext1_if from $int_net nat-to ($ext1_if)
match out log on $ext2_if from $int_net nat-to ($ext2_if)
## vpn
pass quick log on pppx
match out log on $ext1_if from $vpn_net nat-to ($ext1_if)
match out log on $ext2_if from $vpn_net nat-to ($ext2_if)
match out log on $int_if from $vpn_net nat-to ($int_if)
### FILTER RULES
block log quick inet6
block in log on $ext1_if
block in log on $ext2_if
## allow ping, traceroute and echo
pass in log inet proto icmp all icmp-type $icmp_types
## pass connections to vpn server
pass log proto { gre } from any to any keep state
pass in log on $ext1_if proto tcp from any to $ext1_if port 1723
pass in log on $ext2_if proto tcp from any to $ext2_if port 1723
pass in on enc0 from $vpn_net to $int_net keep state (if-bound)
pass out on enc0 from $int_net to $vpn_net keep state (if-bound)
pass in on pppx from $vpn_net to $int_net keep state (if-bound)
pass out on pppx from $int_net to $vpn_net keep state (if-bound)
netstat -rn 路由表
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default a.a.a.113 UGSP 0 1073494 - 8 em0
default b.b.b.97 UGSP 4 10294 - 8 em1
10.219.219.1 10.219.219.1 UHl 0 0 - 1 lo0
10.219.219.14 10.219.219.1 UH 0 679 - 8 pppx0
127/8 127.0.0.1 UGRS 0 0 32768 8 lo0
127.0.0.1 127.0.0.1 UHl 1 4 32768 1 lo0
b.b.b.96/28 b.b.b.110 UC 1 0 - 8 em1
b.b.b.97 bc:16:65:34:33:81 UHLc 1 0 - 8 em1
b.b.b.110 00:15:17:48:7b:23 HLl 0 0 - 1 lo0
b.b.b.111 b.b.b.110 UHb 0 0 - 1 em1
192.168.0/22 192.168.0.238 UC 9 0 - 8 em3
192.168.0.4 00:25:90:7c:40:cf UHLc 0 4 - 8 em3
192.168.0.5 00:30:48:7d:7c:64 UHLc 0 1 - 8 em3
192.168.0.6 00:25:90:3c:30:67 UHLc 0 2 - 8 em3
192.168.0.10 f4:6d:04:29:ea:f7 UHLc 0 4 - 8 em3
192.168.0.19 00:25:90:72:89:1a UHLc 0 8388 - 8 em3
192.168.0.189 00:30:48:d8:f0:0b UHLc 0 9661 - 8 em3
192.168.0.238 00:25:90:d0:17:10 HLl 0 0 - 1 lo0
192.168.0.253 00:25:90:af:5d:0a UHLc 0 154 - 8 em3
192.168.2.167 50:e5:49:e6:c3:3c UHLc 0 2048 - 8 em3
192.168.3.202 00:25:90:af:5d:0a UHLc 1 9329 - L 8 em3
192.168.3.255 192.168.0.238 UHb 0 0 - 1 em3
a.a.a.112/28 a.a.a.126 UC 2 0 - 8 em0
a.a.a.113 00:00:5e:00:01:0c UHLc 1 0 - 8 em0
a.a.a.116 00:25:90:af:5d:0b UHLc 2 34417 - L 8 em0
a.a.a.126 00:15:17:48:7b:22 HLl 0 0 - 1 lo0
a.a.a.127 a.a.a.126 UHb 0 0 - 1 em0
224/4 127.0.0.1 URS 0 0 32768 8 lo0