"多用戶用PPP連接vpn,用戶/客戶機之間互相訪問" 轉載註明來源: "本文鏈接" 來自 "osnosn的博客" ,寫於 2019 04 14. 有A, B, C 三台客戶機,通過ppp虛擬撥號連接到伺服器。 搜索"ppp over ssh" "VPN PPP SSH Mini HOWTO" "P ...
多節點通過PPP連接,節點/用戶/客戶機之間互相訪問ping
轉載註明來源: 本文鏈接 來自osnosn的博客,寫於 2019-04-14.
有A, B, C 三台客戶機,通過ppp虛擬撥號連接到伺服器。
- 搜索"ppp over ssh"
- VPN PPP-SSH Mini-HOWTO
- Poor man's VPN using PPP over SSH
- VPN over SSH
發現A, B, C分別能訪問伺服器,但A,B,C之間不能互訪,不能互ping,即使ppp的IP都配置到一個網段。
經過反覆測試,解決問題,A,B,C之間可以互相ping通,互相訪問了。
以下是配置的關鍵點:
- server: (打開內核IP轉發,開放iptables的轉發規則)
- sysctl -w net.ipv4.ip_forward=1
- iptables -A FORWARD -s 192.168.33.0/24 -d 192.168.33.0/24 -j ACCEPT
- client: (每個客戶端都需要加上192.168.33.0/24的路由)
#!/bin/sh -e
# debain: copy this file to "/etc/ppp/ip-up.d/" , and chmod +x file.
# centos: append this lines to "/etc/ppp/ip-up.d/ip-up.local" , and chmod +x ip-up.local
# openwrt:append this lines to "/etc/ppp/ip-up" , and chmod +x ip-up
# PPP_IFACE="$1", PPP_LOCAL="$4", PPP_REMOTE="$5"
if [ "$5" = "192.168.33.2" ]; then
/sbin/ip route add 192.168.33.0/24 via $5 dev $1
fi
exit 0
----完----
以下是幾個腳本的備份。
# server
visudo:
vpn ALL=(root) NOPASSWD: /usr/sbin/pppdvpn-shell
#!/bin/sh
# vpn-shell , server
#echo "$*" >> /home/vpn/log
if [ -z "$*" ];then
echo 'Login succeed.'
exit 0
fi
a="`expr "$*" : '-c /usr/bin/sudo /usr/sbin/pppd '`"
b="`expr "$*" : '-c /usr/sbin/ppp -direct '`"
g="`expr "$*" : '-c sudo /usr/sbin/pppd '`"
h="`expr "$*" : '-c /usr/sbin/pppd '`"
if [ "$a" = "32" -o "$b" = "25" -o "$g" = "23" -o "$h" = "18" ] ;then
a="`expr "$*" : '-c \(.*\)'`"
# eval "$a"
exec $a
# echo "$a"
fi
exit 0
logoutvpn-pppssh.sh
#!/bin/sh
# vpn-pppssh.sh , client
#### check hostkey in file ".ssh/known_hosts" #####
LINK_NAME=my-ppp-vpn
LINK_PEER_NAME=my-ppp-vpn
SERVER_HOSTNAME=6.6.6.6
SERVER_USERNAME=vpn
SERVER_IFIPADDR=192.168.33.1 #fix IP
CLIENT_IFIPADDR=192.168.33.7
LOCAL_SSH_OPTS="-P"
PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/:
PPPD=/usr/sbin/pppd
SSH=/usr/bin/ssh
if ! test -f $PPPD ; then echo "can't find $PPPD"; exit 3; fi
if ! test -f $SSH ; then echo "can't find $SSH"; exit 4; fi
case "$1" in
start)
# echo -n "Starting vpn to $SERVER_HOSTNAME: "
${PPPD} ipparam ${LINK_NAME} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -t -l${SERVER_USERNAME} -p 443 -o Batchmode=yes /usr/bin/sudo ${PPPD} nodetach noauth ipparam ${LINK_PEER_NAME} idle 3700" ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR} nodefaultroute idle 1800 connect-delay 8000
# echo "connected."
;;
stop)
# echo -n "Stopping vpn to $SERVER_HOSTNAME: "
PID=`ps ax | grep "${PPPD} ipparam ${LINK_NAME} updetach noauth passive" | grep -v 'grep ' | awk '{print $1}'`
if [ "${PID}" != "" ]; then
kill $PID
echo "disconnected."
else
echo "Failed to find PID for the connection"
fi
;;
config)
echo "LINK_NAME=$LINK_NAME"
echo "LINK_PEER_NAME=$LINK_PEER_NAME"
echo "SERVER_HOSTNAME=$SERVER_HOSTNAME"
echo "SERVER_USERNAME=$SERVER_USERNAME"
echo "SERVER_IFIPADDR=$SERVER_IFIPADDR"
echo "CLIENT_IFIPADDR=$CLIENT_IFIPADDR"
;;
*)
echo "Usage: vpn-pppssh {start|stop|config}"
exit 1
;;
esac
exit 0
