我有一个地址为10.145.0.77的AWS VPC(10.145 / 24networking)上运行的RRAS服务器。
我在一个单独的Microsoft环回适配器上设置了DHCP服务器/范围(10.250 / 16networking),为我的VPN客户端提供DHCP选项集(RRAS服务器分配为10.250.0.5 – 客户端为DHCP10250.0.10到250) 。
还有另一个站点通过AWS硬件VPN(192.168.168 / 24networking)连接。
除了一种情况之外,一切正常,VPN客户端无法ping 192.168.168 / 24networking上的任何东西(即使RRAS服务器也可以)。 他们能够毫无问题地到达10.145 / 16networking。
我通过在10.145 / 16&192.168.168 / 24networking上pingtesting主机来指定源地址/适配器,使用以下方法来复制这个问题:
工作 – 从VPN客户端networking到10.145 / 16
PS I:\> ping -S 10.250.0.5 10.145.11.100 Pinging 10.145.11.100 from 10.250.0.5 with 32 bytes of data: Reply from 10.145.11.100: bytes=32 time=1ms TTL=127 Reply from 10.145.11.100: bytes=32 time=1ms TTL=127 工作 – 从VPCnetworking到192.168.168 / 24
PS I:\> ping -S 10.145.0.77 192.168.168.3 Pinging 192.168.168.3 from 10.145.0.77 with 32 bytes of data: Reply from 192.168.168.3: bytes=32 time=38ms TTL=127 Reply from 192.168.168.3: bytes=32 time=39ms TTL=127
失败 – 从VPN客户端networking到192.168.168 / 24
PS I:\> ping -S 10.250.0.5 192.168.168.3 Pinging 192.168.168.3 from 10.250.0.5 with 32 bytes of data: Request timed out. Request timed out.
这里有一个traceroute演示数据包正确路由到RRAS服务器:
Traceroute从VPN客户端到192.168.168 / 24
PS C:\Windows\system32> tracert 192.168.168.3 Tracing route to [redacted] [192.168.168.3] over a maximum of 30 hops: 1 49 ms * 54 ms [redacted] [10.250.0.14] 2 * * * Request timed out.
以下是RRAS服务器的路由表:
PS I:\> route print =========================================================================== Interface List 31...........................RAS (Dial In) Interface 16...02 00 4c 4f 4f 50 ......Microsoft KM-TEST Loopback Adapter 12...0a 40 10 6c 77 87 ......AWS PV Network Device #0 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.145.0.1 10.145.0.77 266 10.145.0.0 255.255.255.0 On-link 10.145.0.77 266 10.145.0.77 255.255.255.255 On-link 10.145.0.77 266 10.145.0.255 255.255.255.255 On-link 10.145.0.77 266 10.250.0.0 255.255.255.0 On-link 10.250.0.5 266 10.250.0.5 255.255.255.255 On-link 10.250.0.5 266 10.250.0.13 255.255.255.255 10.250.0.13 10.250.0.14 31 10.250.0.14 255.255.255.255 On-link 10.250.0.14 286 10.250.0.255 255.255.255.255 On-link 10.250.0.5 266 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.169.250 255.255.255.255 10.145.0.1 10.145.0.77 10 169.254.169.251 255.255.255.255 10.145.0.1 10.145.0.77 10 169.254.169.254 255.255.255.255 10.145.0.1 10.145.0.77 10 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.250.0.5 266 224.0.0.0 240.0.0.0 On-link 10.145.0.77 266 224.0.0.0 240.0.0.0 On-link 10.250.0.14 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.250.0.5 266 255.255.255.255 255.255.255.255 On-link 10.145.0.77 266 255.255.255.255 255.255.255.255 On-link 10.250.0.14 286 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.145.0.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 16 266 fe80::/64 On-link 12 266 fe80::/64 On-link 16 266 fe80::adb9:e96f:8722:b496/128 On-link 12 266 fe80::c4b0:bebf:ed1b:fecf/128 On-link 1 306 ff00::/8 On-link 16 266 ff00::/8 On-link 12 266 ff00::/8 On-link =========================================================================== Persistent Routes: None