Всем долгих лет!
ОС FreeBSD 9.0-RELEASE, pptpd-1.3.4.
Сеть:
em0 1.2.3.4 - external interface and ip
tun0 10.18.1.0/24 - network for openvpn clients
tun1 10.18.2.0/24 - network for pptp clients
Конфигурация.
/etc/ppp.conf:
default:
set timeout 0
set log Phase Chat LCP IPCP CCP TUN Command Connect
disable vjcomp deflate pred1
pptp:
set device localhost:pptp
set ifaddr 10.18.2.101 10.18.2.102-10.18.2.113 255.255.255.0
set server /tmp/loop "" 0177
enable chap
enable MSChapV2
disable pap
disable ipv6cp
enable proxy
allow mode direct
/usr/local/etc/pptpd.conf:
logwtmp
debug
noipparam
delegate
proxyarp
+MSChap-V2 mppe-128 mppe-stateless
pidfile /var/run/pptpd.pid
/etc/pf.conf:
table <sshguard> persist
block in quick on em0 proto tcp from <sshguard> to any port 22 label "ssh bruteforce"
pass quick on lo0 all
pass quick on em0 all
/etc/rc.conf:
gateway_enable="YES"
/etc/sysctl.conf:
net.link.ether.inet.proxyall=1
Некоторые предупреждения в файлах журнала:
tun1: Warning: Local: bind: Address already in use
tun1: Warning: set server: Failed 2
tun1: Warning: 10.18.2.112: Cannot determine ethernet address for proxy ARP
tun1: Warning: 10.18.2.112: Cannot determine ethernet address for proxy ARP
tun2: Warning: Local: bind: Address already in use
tun2: Warning: set server: Failed 2
tun2: Warning: 10.18.2.104: Cannot determine ethernet address for proxy ARP
Маршруты @ openvpn client:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
10.18.1.0 10.18.1.61 255.255.255.0 UG 0 0 0 tun0
10.18.1.61 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.18.2.0 10.18.1.61 255.255.255.0 UG 0 0 0 tun0
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
Итак, из клиента openvpn я могу пинговать 10.18.2.101, но не клиенты pptp. С сервера я могу пинговать любых клиентов pptp и openvpn, включая хосты в их внутренних сетях. Можно ли пройти квест с proxyarp или мне нужно искать NAT?