很长的正常运行时间给大家
OS FreeBSD 9.0-RELEASE,pptpd-1.3.4。
networking:
em0 1.2.3.4 - external interface and ip tun0 10.18.1.0/24 - network for openvpn clients tun1 10.18.2.0/24 - network for pptp clients 组态。
/etc/ppp.conf:
default: set timeout 0 set log Phase Chat LCP IPCP CCP TUN Command Connect disable vjcomp deflate pred1 pptp: set device localhost:pptp set ifaddr 10.18.2.101 10.18.2.102-10.18.2.113 255.255.255.0 set server /tmp/loop "" 0177 enable chap enable MSChapV2 disable pap disable ipv6cp enable proxy allow mode direct
/usr/local/etc/pptpd.conf:
logwtmp debug noipparam delegate proxyarp +MSChap-V2 mppe-128 mppe-stateless pidfile /var/run/pptpd.pid
/etc/pf.conf中:
table <sshguard> persist block in quick on em0 proto tcp from <sshguard> to any port 22 label "ssh bruteforce" pass quick on lo0 all pass quick on em0 all
/etc/rc.conf中:
gateway_enable="YES"
/etc/sysctl.conf中:
net.link.ether.inet.proxyall=1
日志文件中的一些警告:
tun1: Warning: Local: bind: Address already in use tun1: Warning: set server: Failed 2 tun1: Warning: 10.18.2.112: Cannot determine ethernet address for proxy ARP tun1: Warning: 10.18.2.112: Cannot determine ethernet address for proxy ARP tun2: Warning: Local: bind: Address already in use tun2: Warning: set server: Failed 2 tun2: Warning: 10.18.2.104: Cannot determine ethernet address for proxy ARP
路由@ openvpn客户端:
Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 10.18.1.0 10.18.1.61 255.255.255.0 UG 0 0 0 tun0 10.18.1.61 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.18.2.0 10.18.1.61 255.255.255.0 UG 0 0 0 tun0 10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
所以,从openvpn客户端,我可以ping 10.18.2.101,但不是pptp客户端。 从服务器上,我可以ping任何pptp和openvpn客户端,包括内部networking中的主机。 是否有可能完成与proxyarp任务或我需要寻找NAT?