服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 没有到VPN服务器(SYN,SYN-ACK,但是没有ACK),UDP,ICMP的主机的TCP连接起作用
Intereting Posts
Mac OS X的远程pipe理? 你最喜欢的开源工具是什么? Chef中有没有办法在运行时传递参数? 删除文件和文件夹 从主剧本传递主机到包含的剧本 使用中间证书将PEM转换为PKCS12 找出哪个输出端口需要打开 Squid3基于URLpath的反向代理 LDAP部分validation。 密码被replace Git服务器端钩子使用C# 帮助为openvpnconfigurationiptables 相同的IP和端口上的虚拟主机 IPTables只从我的服务器上的一个IP转发 Windows CA和.pfx文件 如何dynamic查找连接到系统的接口的名称和types

没有到VPN服务器(SYN,SYN-ACK,但是没有ACK),UDP,ICMP的主机的TCP连接起作用

我可能正在做一些令人难以置信的愚蠢的事情,但我似乎无法弄清楚什么。 以下是我想要完成的工作:我希望远程用户能够login到我们的networking,因此我在XenCenter中将一台Windows 2008 Server作为一个VPN服务器设置为一个虚拟机。 我们叫他本杰明吧。 他也是一个文件服务器。

到目前为止,什么工作:

  • 使用Mac,Windows和iOS客户端进行远程VPNlogin
  • 访问Benjamin上的文件共享
  • Ping到本地networking和互联网上的所有主机,即使是大包(> 1000字节)

什么不:除了本杰明本身,我不能build立任何TCP连接(SSH,HTTP,…)到本地networking上的主机。 在Wireshark中,我可以在客户端和计算机上看到SYN和SYN-ACK,但是没有确认。 (有趣的是,在我准备的Wireshark日志中,出于某种原因,有一些DUP确认 – 而且它们确实是错误的方式,我不知道为什么)。

之前甚至还有一个问题,除了Benjamin之外,还有其他方法,但是我通过在Benjamin上禁用了IP校验和卸载来解决这个问题(不知何故,它不起作用,然后数据包就会被丢弃)。

我尝试在客户端设置非常小的MTU,在内部networking的计算机上设置了Benjamin的网关,但没有任何帮助。

我怀疑这是某种路由问题,但这些ACK无处可寻。 有任何想法吗? 我应该在哪里进一步调查? 提前致谢!

更新 :我刚刚发现的奇怪的事情:当我尝试从内部networkingssh到VPN客户端,客户端获得SYN(我看到它在Wireshark中),但他再也没有回应。 我觉得客户端应该是一些configuration问题,但是所有这些问题呢? 它会是什么? 没有防火墙,根据Wireshark,数据包看起来有效(校验和全部)。 有没有人知道为什么它不会响应一个SYN或SYN-ACK,当没有防火墙可以扔掉这些数据包?

更新2 :为了增加混淆,我刚刚证实,使用netcat和UDP ,一切工作正常,在两个方向(nc监听内部networking主机和VPN客户端)。 也许TCP只是不喜欢我了?

以下是更多信息: 

Local net: 172.17.0.0/16 Router: 172.17.0.1 (Port Forwarding TCP 1701, UDP 500 and 4500) XenServer: 172.17.0.10 Benjamin: 172.17.1.1 VPN DHCP range: 172.17.7.1..240

Wiresharklogin客户端(172.17.7.2在VPN中): 

 No. Time Source Destination Protocol Length Info 1 0.000000 172.17.4.4 172.17.7.2 TCP 68 ssh > 61653 [SYN, ACK] Seq=0 Ack=0 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641695654 TSecr=440887504 SACK_PERM=1 Frame 1: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61653 (61653), Seq: 0, Ack: 0, Len: 0 No. Time Source Destination Protocol Length Info 2 5.337197 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887658 TSecr=0 SACK_PERM=1 Frame 2: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 3 5.479947 172.17.4.4 172.17.7.2 TCP 68 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641701208 TSecr=440887658 SACK_PERM=1 Frame 3: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 4 6.256638 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887667 TSecr=0 SACK_PERM=1 Frame 4: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 5 6.449901 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 3#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641702152 TSecr=440887667 Frame 5: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6 6.609908 172.17.4.4 172.17.7.2 TCP 68 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641702305 TSecr=440887667 SACK_PERM=1 Frame 6: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 7 7.258316 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887677 TSecr=0 SACK_PERM=1 Frame 7: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 8 7.450032 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 6#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641703139 TSecr=440887677 Frame 8: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 9 8.259938 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887687 TSecr=0 SACK_PERM=1 Frame 9: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 10 8.490122 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 6#2] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641704143 TSecr=440887687 Frame 10: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 11 9.249943 172.17.4.4 172.17.7.2 TCP 68 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641704904 TSecr=440887687 SACK_PERM=1 Frame 11: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 12 9.261766 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887697 TSecr=0 SACK_PERM=1 Frame 12: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 13 9.430047 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 11#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641705119 TSecr=440887697 Frame 13: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 14 10.263852 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887707 TSecr=0 SACK_PERM=1 Frame 14: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 15 10.439839 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 11#2] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641706132 TSecr=440887707 Frame 15: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 16 12.267344 172.17.7.2 172.17.4.4 TCP 68 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887727 TSecr=0 SACK_PERM=1 Frame 16: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 17 12.469629 172.17.4.4 172.17.7.2 TCP 56 [TCP Dup ACK 11#3] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641708126 TSecr=440887727 Frame 17: 56 bytes on wire (448 bits), 56 bytes captured (448 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 18 16.719912 172.17.4.4 172.17.7.2 TCP 68 ssh > 61653 [SYN, ACK] Seq=0 Ack=0 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641712353 TSecr=440887504 SACK_PERM=1 Frame 18: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61653 (61653), Seq: 0, Ack: 0, Len: 0 No. Time Source Destination Protocol Length Info 19 21.679611 172.17.4.4 172.17.7.2 TCP 68 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641717388 TSecr=440887727 SACK_PERM=1 Frame 19: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) Point-to-Point Protocol Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0

Wiresharklogin本地networking中的计算机(172.17.4.4): 

 No. Time Source Destination Protocol Length Info 1 0.000000 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887658 TSecr=0 SACK_PERM=1 Frame 1: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff) Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 2 0.000102 172.17.4.4 172.17.7.2 TCP 78 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641701208 TSecr=440887658 SACK_PERM=1 Frame 2: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 3 0.950403 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887667 TSecr=0 SACK_PERM=1 Frame 3: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff) Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 4 0.950567 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 2#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641702152 TSecr=440887667 Frame 4: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 5 1.104130 172.17.4.4 172.17.7.2 TCP 78 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641702305 TSecr=440887667 SACK_PERM=1 Frame 5: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6 1.940779 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887677 TSecr=0 SACK_PERM=1 Frame 6: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff) Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 7 1.940962 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 5#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641703139 TSecr=440887677 Frame 7: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 8 2.950009 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887687 TSecr=0 SACK_PERM=1 Frame 8: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff) Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 9 2.950198 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 5#2] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641704143 TSecr=440887687 Frame 9: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 10 3.714242 172.17.4.4 172.17.7.2 TCP 78 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641704904 TSecr=440887687 SACK_PERM=1 Frame 10: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 11 3.929627 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887697 TSecr=0 SACK_PERM=1 Frame 11: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff) Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 12 3.929819 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 10#1] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641705119 TSecr=440887697 Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 13 4.949931 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887707 TSecr=0 SACK_PERM=1 Frame 13: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff) Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 14 4.950122 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 10#2] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641706132 TSecr=440887707 Frame 14: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 15 6.950093 172.17.7.2 172.17.4.4 TCP 78 61655 > ssh [SYN] Seq=0 Win=65535 Len=0 MSS=1240 WS=8 TSval=440887727 TSecr=0 SACK_PERM=1 Frame 15: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec), Dst: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff) Internet Protocol Version 4, Src: 172.17.7.2 (172.17.7.2), Dst: 172.17.4.4 (172.17.4.4) Transmission Control Protocol, Src Port: 61655 (61655), Dst Port: ssh (22), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 16 6.950281 172.17.4.4 172.17.7.2 TCP 66 [TCP Dup ACK 10#3] ssh > 61655 [ACK] Seq=1 Ack=1 Win=262140 Len=0 TSval=1641708126 TSecr=440887727 Frame 16: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 17 7.955752 172.17.4.4 172.17.7.2 TCP 78 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641709126 TSecr=440887727 SACK_PERM=1 Frame 17: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 18 11.196585 172.17.4.4 172.17.7.2 TCP 78 ssh > 61653 [SYN, ACK] Seq=0 Ack=0 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641712353 TSecr=440887504 SACK_PERM=1 Frame 18: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61653 (61653), Seq: 0, Ack: 0, Len: 0 No. Time Source Destination Protocol Length Info 19 16.252632 172.17.4.4 172.17.7.2 TCP 78 ssh > 61655 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1060 WS=4 TSval=1641717388 TSecr=440887727 SACK_PERM=1 Frame 19: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) Ethernet II, Src: Apple_4e:5b:ff (c8:2a:14:4e:5b:ff), Dst: c6:4f:51:a3:48:ec (c6:4f:51:a3:48:ec) Internet Protocol Version 4, Src: 172.17.4.4 (172.17.4.4), Dst: 172.17.7.2 (172.17.7.2) Transmission Control Protocol, Src Port: ssh (22), Dst Port: 61655 (61655), Seq: 0, Ack: 1, Len: 0

潜在的服务器故障问题,但是目前为止还没有帮助我:

PPTP网关路由ICMP但没有http

SNAT通过Racoon IPSec VPN

Linux无法解释ACK,不断重发SYN + ACK

我会先看看你的掩护。 如果一般主机位于172.17.0.0/16,而你的VPN子网位于172.17.7.0/24,那么完全有可能存在一些不确定的连接情况。

当向172.17.7.0/24中的VPN主机发送数据包时,172.17.0.0/16中的普通主机将尝试使用ARP来获取VPN主机的地址(而不是发送给网关)。

VPN主机又尝试向通用子网中的主机发送帧。 它将通过其网关发送。 如果这个网关是/ 24和/ 16的成员,那么你也有类似的问题 – 要么是非法的configuration,要么数据包实际上被桥接而不是路由。

你可能已经configuration了proxy-arp – 这会导致路由设备在它有路由的主机的较大的子网中应答ARP请求,但是这从发布的资料中是不清楚的。

也有可能你在搭配的某个地方搭桥了。 这可能会产生一些奇怪的情况,因为一个标准的ARP将在一个方向上工作,但另一个网关将被要求将名义上路由的帧从接收接口转回 – 这在某些情况下也可能工作, (好 – 这可能是一个重复ACK的来源)。

你可以把你的VPN主机在一个不重叠的子网? 说给它一个172.18.xx地址,然后在网关之间configuration这个新的子网和172.17.0.0/16的默认网关路由? 至less这会使整个事情更简单的排除故障,它可以很好地解决问题。