Установить VPN-соединение от клиента за маршрутизатором Debian
РЕДАКТИРОВАТЬ: Мои поиски привели меня к пакетам GRE: они, кажется, обмениваются на порт IP (не TCP) 47. Кажется, довольно больно с этим справляться iptables , Поэтому возникает вопрос: как я могу передавать пакеты GRE через интерфейсы на моем настраиваемом маршрутизаторе? Этот ответ, кажется, не работает в моем случае.
Я пытаюсь построить свой собственный маршрутизатор на основе безвентиляторной машины, на которой я установил Debian 9.6.
Пока работает на обычном соединении, трафик корректно перенаправляется с lan в wan, У меня проблемы с установлением VPN-соединения с настольного компьютера на VPN-сервер. Это соединение работает, когда я удаляю свой маршрутизатор из пути.
Пока что я сделал:
- Переименование интерфейса (у меня сейчас
wanа такжеlan, через/etc/udev/rules.d/70-persistent-net.rules)
IP-адрес шоу
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 11:22:33:44:55:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.108/24 brd 192.168.0.255 scope global wan
valid_lft forever preferred_lft forever
inet6 fe80::4262:31ff:fe01:14ad/64 scope link
valid_lft forever preferred_lft forever
3: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 77:88:99:00:aa:bb brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global lan
valid_lft forever preferred_lft forever
inet6 fe80::4262:31ff:fe01:14ae/64 scope link
valid_lft forever preferred_lft forever
- DHCP-сервер для локальной подсети (192.168.1.0/24)
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.254;
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
}
- Переадресация трафика с использованием iptables
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i wan -o lan -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lan -o wan -j ACCEPT
мой /etc/network/interfaces файл:
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto wan
allow-hotplug wan
iface wan inet dhcp
auto lan
allow-hotplug lan
iface lan inet static
address 192.168.1.1
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
auto wifi
allow-hotplug wifi
iface wifi inet static
address 192.168.2.1
netmask 255.255.255.0
broadcast 192.168.2.255
gateway 192.168.2.1
/var/log/syslog выводит это во время попытки соединения:
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:939]: Outgoing call established (call ID 28628, peer's call ID 27745).
Nov 29 14:59:51 nicolas pppd[7202]: LCP: timeout sending Config-Requests
Обратите внимание, что задержка ниже 2 трасс составляет 30 секунд, так как указано, что это выглядит как тайм-аут.
Полный след ниже:
Nov 29 14:59:19 nicolas NetworkManager[927]: <info> [1543499959.8921] audit: op="connection-activate" uuid="bc714f1c-5ba0-44f8-800f-1a1cf45d17d1" name="Niort" pid=6877 uid=1000 result="success"
Nov 29 14:59:19 nicolas NetworkManager[927]: <info> [1543499959.8965] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: Started the VPN service, PID 7195
Nov 29 14:59:19 nicolas NetworkManager[927]: <info> [1543499959.9059] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: Saw the service appear; activating connection
Nov 29 14:59:20 nicolas NetworkManager[927]: <info> [1543499960.0440] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN connection: (ConnectInteractive) reply received
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: pppd started with pid 7202
Nov 29 14:59:20 nicolas NetworkManager[927]: <info> [1543499960.0468] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN plugin: state changed: starting (3)
Nov 29 14:59:20 nicolas pppd[7202]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
Nov 29 14:59:20 nicolas NetworkManager[927]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
Nov 29 14:59:20 nicolas pppd[7202]: pppd 2.4.7 started by root, uid 0
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
Nov 29 14:59:20 nicolas pppd[7202]: Using interface ppp0
Nov 29 14:59:20 nicolas NetworkManager[927]: Using interface ppp0
Nov 29 14:59:20 nicolas NetworkManager[927]: Connect: ppp0 <--> /dev/pts/4
Nov 29 14:59:20 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Nov 29 14:59:20 nicolas pppd[7202]: Connect: ppp0 <--> /dev/pts/4
Nov 29 14:59:20 nicolas NetworkManager[927]: nm_device_get_device_type: assertion 'NM_IS_DEVICE (self)' failed
Nov 29 14:59:20 nicolas NetworkManager[927]: <info> [1543499960.0525] manager: (ppp0): new Generic device (/org/freedesktop/NetworkManager/Devices/23)
Nov 29 14:59:20 nicolas pptp[7207]: nm-pptp-service-7195 log[main:pptp.c:350]: The synchronous pptp option is NOT activated
Nov 29 14:59:20 nicolas NetworkManager[927]: <info> [1543499960.0582] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Nov 29 14:59:20 nicolas NetworkManager[927]: <info> [1543499960.0585] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Nov 29 14:59:20 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 1 'Start-Control-Connection-Request'
Nov 29 14:59:20 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:781]: Received Start Control Connection Reply
Nov 29 14:59:20 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:815]: Client connection established.
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 7 'Outgoing-Call-Request'
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:900]: Received Outgoing Call Reply.
Nov 29 14:59:21 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_disp:pptp_ctrl.c:939]: Outgoing call established (call ID 28628, peer's call ID 27745).
Nov 29 14:59:51 nicolas pppd[7202]: LCP: timeout sending Config-Requests
Nov 29 14:59:51 nicolas NetworkManager[927]: LCP: timeout sending Config-Requests
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
Nov 29 14:59:51 nicolas NetworkManager[927]: Connection terminated.
Nov 29 14:59:51 nicolas pppd[7202]: Connection terminated.
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: Terminated ppp daemon with PID 7202.
Nov 29 14:59:51 nicolas NetworkManager[927]: <warn> [1543499991.0852] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN plugin: failed: connect-failed (1)
Nov 29 14:59:51 nicolas NetworkManager[927]: <info> [1543499991.0853] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN plugin: state changed: stopping (5)
Nov 29 14:59:51 nicolas NetworkManager[927]: <error> [1543499991.0867] platform-linux: do-change-link[24]: failure changing link: failure 19 (Aucun périphérique de ce type)
Nov 29 14:59:51 nicolas NetworkManager[927]: <warn> [1543499991.0873] device (ppp0): failed to disable userspace IPv6LL address handling
Nov 29 14:59:51 nicolas NetworkManager[927]: <info> [1543499991.0891] devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Nov 29 14:59:51 nicolas NetworkManager[927]: <info> [1543499991.0895] vpn-connection[0x22395b0,bc714f1c-5ba0-44f8-800f-1a1cf45d17d1,"Niort",0]: VPN service disappeared
Nov 29 14:59:51 nicolas gnome-session[3198]: Gjs-Message: JS LOG: Removing a network device that was not added
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
Nov 29 14:59:51 nicolas pptp[7207]: nm-pptp-service-7195 warn[decaps_hdlc:pptp_gre.c:220]: short read (-1): Input/output error
Nov 29 14:59:51 nicolas NetworkManager[927]: Terminating on signal 15
Nov 29 14:59:51 nicolas NetworkManager[927]: Child process /usr/sbin/pptp 88.175.185.134 --nolaunchpppd --loglevel 0 --logstring nm-pptp-service-7195 (pid 7205) terminated with signal 15
Nov 29 14:59:51 nicolas NetworkManager[927]: Modem hangup
Nov 29 14:59:51 nicolas NetworkManager[927]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
Nov 29 14:59:51 nicolas pptp[7207]: nm-pptp-service-7195 warn[decaps_hdlc:pptp_gre.c:232]: pppd may have shutdown, see pppd log
Nov 29 14:59:51 nicolas pppd[7202]: Terminating on signal 15
Nov 29 14:59:51 nicolas pptp[7225]: nm-pptp-service-7195 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Nov 29 14:59:51 nicolas pppd[7202]: Child process /usr/sbin/pptp 88.175.185.134 --nolaunchpppd --loglevel 0 --logstring nm-pptp-service-7195 (pid 7205) terminated with signal 15
Nov 29 14:59:51 nicolas pppd[7202]: Modem hangup
Nov 29 14:59:51 nicolas pptp[7225]: nm-pptp-service-7195 log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 12 'Call-Clear-Request'
Nov 29 14:59:51 nicolas pptp[7225]: nm-pptp-service-7195 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Nov 29 14:59:51 nicolas pppd[7202]: Exit.
Кто-нибудь узнает об ошибке здесь? Как настроить VPN-клиент или маршрутизатор для правильной пересылки трафика VPN?
Спасибо,