我正在尝试看看 softether 是否是满足我们需求的可行 VPN 解决方案。我已经成功让 sstp 连接到 SE,但前提是启用了安全 NAT。当我禁用安全 NAT 时,请求将发送到我们的 DHCP 服务器,但租约没有返回给客户端,因此他们没有获得 IP 地址并且无法连接。
您可以从服务器日志中看到此信息:
2019-04-05 11:10:00.319 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: Trying to request an IP address from the DHCP server.
2019-04-05 11:10:05.319 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: Acquiring an IP address from the DHCP server failed. To accept a PPP session, you need to have a DHCP server. Make sure that a DHCP server is working normally in the Ethernet segment which the Virtual Hub belongs to. If you do not have a DHCP server, you can use the Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
2019-04-05 11:10:13.501 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: The VPN Client sent a packet though an IP address of the VPN Client hasn't been determined.
2019-04-05 11:10:13.501 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: A PPP protocol error occurred, or the PPP session has been disconnected.
我已经设置了一个从虚拟集线器到专用 NIC 的桥,并在 SE 集线器中禁用了安全 NAT 和 DHCP 功能。
当我尝试使用 SSTP 从 Windows 框连接时,我从数据包日志中获得以下信息:
-04-05,11:09:52.450,SID-LOCALBRIDGE- 1,-,A4580F42CBB6,FFFFFFFFFFFF,0x0800,358,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,001A4A160154,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.24,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.253 ServerIP=10.1.1.24 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,A4580F42CBB6,FFFFFFFFFFFF,0x0800,370,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,001A4A160154,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.24,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.253 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.210,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.203 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:56.159,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=2306803456 ClientIP=0.0.0.0 YourIP=10.1.2.112 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:10:00.400,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
2019-04-05,11:10:01.932,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
2019-04-05,11:10:03.516,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
2019-04-05,11:10:04.084,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=2306803456 ClientIP=0.0.0.0 YourIP=10.1.2.112 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:10:05.076,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
我认为导致该问题的一个问题是应该返回 IP 地址的 DHCP 租约中的中继地址不正确(0.0.0.0)。但我不确定这应该如何在 SE 服务器端进行配置。
一段时间以来,我一直在敲桌子,希望能找到完成类似设置的人来寻求帮助。
对此的答案是 SOFT ether 仅将基于文本的密码发送到 radius 服务器,但 radius 服务器配置为仅接受加密密码,我发现的唯一解决方案(不是很好)是将 radius 服务器更改为接受基于文本的密码。