多节点通过PPP连接，节点/用户/客户机之间互相访问ping

多节点通过PPP连接，节点/用户/客户机之间互相访问ping

转载注明来源: 本文链接 来自osnosn的博客，写于 2019-04-14.

有A, B, C 三台客户机，通过ppp虚拟拨号连接到服务器。

• 搜索"ppp over ssh"
• VPN PPP-SSH Mini-HOWTO
• Poor man's VPN using PPP over SSH
• VPN over SSH

发现A, B, C分别能访问服务器，但A,B,C之间不能互访，不能互ping，即使ppp的IP都配置到一个网段。

经过反复测试，解决问题，A,B,C之间可以互相ping通，互相访问了。

以下是配置的关键点：

• server:

  • 打开内核IP转发
    
    sysctl -w net.ipv4.ip_forward=1
  • 开放iptables的转发规则，允许转发
    
    iptables -A FORWARD -s 192.168.33.0/24 -d 192.168.33.0/24 -j ACCEPT
  • 允许接收此网段的数据包(可选)
    
    iptables -A INPUT -s 192.168.33.0/24 -d 192.168.33.0/24 -j ACCEPT
  • 禁止此网段的数据包(TCP),从物理网口出去(可选)
    
    iptables -A OUTPUT -p tcp -o eth0 -d 192.168.33.0/24 -j REJECT --reject-with tcp-reset
  • 禁止此网段的数据包(其他类型的包),从物理网口出去(可选)
    
    iptables -A OUTPUT -o eth0 -d 192.168.33.0/24 -j REJECT --reject-with icmp-host-prohibited

• client: (每个客户端都需要加上192.168.33.0/24的路由)

#!/bin/sh -e

# debain: copy this file to "/etc/ppp/ip-up.d/" , and chmod +x file.
# centos: append this lines to "/etc/ppp/ip-up.local" , and chmod +x ip-up.local
# openwrt:append this lines to "/etc/ppp/ip-up" , and chmod +x ip-up

# PPP_IFACE="$1", PPP_LOCAL="$4", PPP_REMOTE="$5"
if [ "$5" = "192.168.33.2" ]; then
    #/sbin/ip route add 192.168.33.0/24 via $5 dev $1
    /sbin/ip route add 192.168.33.0/24 via $5
fi
exit 0

----完----

---

---

以下是几个脚本的备份。

# server
visudo:
     vpn     ALL=(root)      NOPASSWD: /usr/sbin/pppd

vpn-shell

#!/bin/sh
# vpn-shell , server

#echo "$*" >> /home/vpn/log

if [ -z "$*" ];then
   echo 'Login succeed.'
   exit 0
fi

a="`expr "$*" : '-c /usr/bin/sudo /usr/sbin/pppd '`"
b="`expr "$*" : '-c /usr/sbin/ppp -direct '`"
g="`expr "$*" : '-c sudo /usr/sbin/pppd '`"
h="`expr "$*" : '-c /usr/sbin/pppd '`"

if [ "$a" = "32" -o "$b" = "25" -o "$g" = "23" -o "$h" = "18" ] ;then
   a="`expr "$*" : '-c \(.*\)'`"
#   eval "$a"
   exec $a
#   echo "$a"
fi

exit 0
logout

vpn-pppssh.sh

#!/bin/sh
# vpn-pppssh.sh , client

#### check hostkey in file ".ssh/known_hosts"  #####

LINK_NAME=my-ppp-vpn
LINK_PEER_NAME=my-ppp-vpn
SERVER_HOSTNAME=6.6.6.6
SERVER_PORT=22
SERVER_USERNAME=vpn
SERVER_IFIPADDR=192.168.33.1   #fix IP
CLIENT_IFIPADDR=192.168.33.7
LOCAL_SSH_OPTS="-P"
PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/:
PPPD=/usr/sbin/pppd
SSH=/usr/bin/ssh
if ! test -f $PPPD  ; then echo "can't find $PPPD";  exit 3; fi
if ! test -f $SSH   ; then echo "can't find $SSH";   exit 4; fi
case "$1" in
  start)
    # echo -n "Starting vpn to $SERVER_HOSTNAME: "
    ${PPPD} ipparam ${LINK_NAME} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -t -l${SERVER_USERNAME} -p ${SERVER_PORT} -o Batchmode=yes /usr/bin/sudo ${PPPD} nodetach noauth ipparam ${LINK_PEER_NAME} idle 3700" ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR} nodefaultroute idle 1800 connect-delay 8000
    # echo "connected."
    ;;
  stop)
        # echo -n "Stopping vpn to $SERVER_HOSTNAME: "
        PID=`ps ax | grep "${PPPD} ipparam ${LINK_NAME} updetach noauth passive" | grep -v 'grep ' | awk '{print $1}'`
        if [ "${PID}" != "" ]; then
          kill $PID
          echo "disconnected."
        else
          echo "Failed to find PID for the connection"
        fi
    ;;
  config)
    echo "LINK_NAME=$LINK_NAME"
    echo "LINK_PEER_NAME=$LINK_PEER_NAME"
    echo "SERVER_HOSTNAME=$SERVER_HOSTNAME"
    echo "SERVER_USERNAME=$SERVER_USERNAME"
    echo "SERVER_IFIPADDR=$SERVER_IFIPADDR"
    echo "CLIENT_IFIPADDR=$CLIENT_IFIPADDR"
  ;;
  *)
    echo "Usage: vpn-pppssh {start|stop|config}"
    exit 1
    ;;
esac
exit 0

转载注明来源: 本文链接 来自osnosn的博客.