多节点通过PPP连接，节点/用户/客户机之间互相访问ping

多节点通过ppp连接，节点/用户/客户机之间互相访问ping

转载注明来源: 来自，写于 2019-04-14.

有a, b, c 三台客户机，通过ppp虚拟拨号连接到服务器。

• 搜索"ppp over ssh"
• vpn ppp-ssh mini-howto
• poor man's vpn using ppp over ssh
• vpn over ssh

发现a, b, c分别能访问服务器，但a,b,c之间不能互访，不能互ping，即使ppp的ip都配置到一个网段。

经过反复测试，解决问题，a,b,c之间可以互相ping通，互相访问了。
以下是配置的关键点：

• server: (打开内核ip转发，开放iptables的转发规则)
  • sysctl -w net.ipv4.ip_forward=1
  • iptables -a forward -s 192.168.33.0/24 -d 192.168.33.0/24 -j accept
• client: (每个客户端都需要加上192.168.33.0/24的路由)

#!/bin/sh -e

# debain: copy this file to "/etc/ppp/ip-up.d/" , and chmod +x file.
# centos: append this lines to "/etc/ppp/ip-up.d/ip-up.local" , and chmod +x ip-up.local
# openwrt:append this lines to "/etc/ppp/ip-up" , and chmod +x ip-up

# ppp_iface="$1", ppp_local="$4", ppp_remote="$5"
if [ "$5" = "192.168.33.2" ]; then
    /sbin/ip route add 192.168.33.0/24 via $5 dev $1
fi
exit 0

----完----

以下是几个脚本的备份。

# server
visudo:
     vpn     all=(root)      nopasswd: /usr/sbin/pppd

vpn-shell

#!/bin/sh
# vpn-shell , server

#echo "$*" >> /home/vpn/log

if [ -z "$*" ];then
   echo 'login succeed.'
   exit 0
fi

a="`expr "$*" : '-c /usr/bin/sudo /usr/sbin/pppd '`"
b="`expr "$*" : '-c /usr/sbin/ppp -direct '`"
g="`expr "$*" : '-c sudo /usr/sbin/pppd '`"
h="`expr "$*" : '-c /usr/sbin/pppd '`"

if [ "$a" = "32" -o "$b" = "25" -o "$g" = "23" -o "$h" = "18" ] ;then
   a="`expr "$*" : '-c \(.*\)'`"
#   eval "$a"
   exec $a
#   echo "$a"
fi

exit 0
logout

vpn-pppssh.sh

#!/bin/sh
# vpn-pppssh.sh , client

#### check hostkey in file ".ssh/known_hosts"  #####

link_name=my-ppp-vpn
link_peer_name=my-ppp-vpn
server_hostname=6.6.6.6
server_username=vpn
server_ifipaddr=192.168.33.1   #fix ip
client_ifipaddr=192.168.33.7
local_ssh_opts="-p"
path=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/x11/:
pppd=/usr/sbin/pppd
ssh=/usr/bin/ssh
if ! test -f $pppd  ; then echo "can't find $pppd";  exit 3; fi
if ! test -f $ssh   ; then echo "can't find $ssh";   exit 4; fi
case "$1" in
  start)
    # echo -n "starting vpn to $server_hostname: "
    ${pppd} ipparam ${link_name} updetach noauth passive pty "${ssh} ${local_ssh_opts} ${server_hostname} -t -l${server_username} -p 443 -o batchmode=yes /usr/bin/sudo ${pppd} nodetach noauth ipparam ${link_peer_name} idle 3700" ${client_ifipaddr}:${server_ifipaddr} nodefaultroute idle 1800 connect-delay 8000
    # echo "connected."
    ;;
  stop)
        # echo -n "stopping vpn to $server_hostname: "
        pid=`ps ax | grep "${pppd} ipparam ${link_name} updetach noauth passive" | grep -v 'grep ' | awk '{print $1}'`
        if [ "${pid}" != "" ]; then
          kill $pid
          echo "disconnected."
        else
          echo "failed to find pid for the connection"
        fi
    ;;
  config)
    echo "link_name=$link_name"
    echo "link_peer_name=$link_peer_name"
    echo "server_hostname=$server_hostname"
    echo "server_username=$server_username"
    echo "server_ifipaddr=$server_ifipaddr"
    echo "client_ifipaddr=$client_ifipaddr"
  ;;
  *)
    echo "usage: vpn-pppssh {start|stop|config}"
    exit 1
    ;;
esac
exit 0

转载注明来源: 来自.