我试图负载平衡两个PPTP连接,连接到同一台服务器。 我使用以下脚本,但没有通过PPTP连接发送和接收。 我做错了什么部分? 有更好的方法来实现这个吗? 我也使用ip route命令的nexthop模式,但问题是多个连接到相同的IP路由通过相同的接口。
#!/bin/bash VPNSERVER=xxxx # Enable IP forwarding sysctl -w net.ipv4.ip_forward=1 echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter # Create a new table for physical interface physip=$(ip addr show eth0 | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1) echo "Physical interface's IP: $physip" ip route flush table 10 ip route add default via $physip dev eth0 table 10 ip rule add from $physip table 10 ip rule add fwmark 10 table 10 # Replace default gateway ip route replace default via 127.0.0.1 # Do not mark packets going to pptp server iptables -A OUTPUT -d $VPNSERVER -p gre -j ACCEPT iptables -A OUTPUT -d $VPNSERVER -p tcp --dport 1723 -j ACCEPT iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT pppd unit 101 noauth refuse-eap refuse-pap refuse-chap \ refuse-mschap require-mschap-v2 name "user01" remotename \ vpnserver file /etc/ppp/options.pptp maxfail 1 updetach \ pty "pptp $VPNSERVER --localbind $physip --nolaunchpppd" &> /dev/null pppd unit 102 noauth refuse-eap refuse-pap refuse-chap \ refuse-mschap require-mschap-v2 name "user01" remotename \ vpnserver file /etc/ppp/options.pptp maxfail 1 updetach \ pty "pptp $VPNSERVER --localbind $physip --nolaunchpppd" &> /dev/null # Get interface IP addresses ifip1=$(ip addr show ppp101 | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1) ifip2=$(ip addr show ppp102 | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1) # Create a unique routing table for each connection ip route flush table 101 ip route add default dev ppp101 table 101 ip rule add from $ifip1 table 101 ip rule add fwmark 101 table 101 # Create a unique routing table for each connection ip route flush table 102 ip route add default dev ppp102 table 102 ip rule add from $ifip2 table 102 ip rule add fwmark 102 table 102 # Load balance connections iptables -t mangle -A OUTPUT -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j MARK --set-mark 101 iptables -t mangle -A OUTPUT -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j MARK --set-mark 102 iptables -t nat -A POSTROUTING -m mark --mark 101 -j SNAT --to-source $ifip1 iptables -t nat -A POSTROUTING -m mark --mark 102 -j SNAT --to-source $ifip2 iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
以下是我使用的最终解决scheme:
server=xxxx physip=$(ip addr show $dev | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1) pppd unit 101 noauth refuse-eap refuse-pap refuse-chap \ refuse-mschap require-mschap-v2 name user01 remotename \ vpnserver file /etc/ppp/options.pptp persist maxfail 1 updetach \ pty "pptp $server --localbind $physip --nolaunchpppd" &> /dev/null pppd unit 102 noauth refuse-eap refuse-pap refuse-chap \ refuse-mschap require-mschap-v2 name user01 remotename \ vpnserver file /etc/ppp/options.pptp persist maxfail 1 updetach \ pty "pptp $server --localbind $physip --nolaunchpppd" &> /dev/null ifip1=$(ip addr show ppp101 | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1) ifip2=$(ip addr show ppp102 | grep inet | grep -v inet6 | cut -d' ' -f6 | cut -d'/' -f1) iptables -t nat -A POSTROUTING -o ppp101 -j SNAT --to-source $ifip1 iptables -t nat -A POSTROUTING -o ppp102 -j SNAT --to-source $ifip2 ip route flush cache ip route replace default scope global nexthop dev ppp101 weight 1 nexthop dev ppp102 weight 1