EdgeRouter PPtP Server訪問本地DNS服務(wù) | @sskaje

xxqa的新文藝 2019-08-16

展開全文

By @sskaje
Link: https:///2016/02/edgerouter-pptp-server-dns-service/

UBNT EdgeRouter 自帶了PPTP Server，典型的配置方法是

set vpn pptp remote-access authentication local-users username sskaje password PASSWORD

set vpn pptp remote-access authentication mode local

set vpn pptp remote-access client-ip-pool start 192.168.100.210

set vpn pptp remote-access client-ip-pool stop 192.168.100.219

set vpn pptp remote-access dns-servers server-1 8.8.8.8

set vpn pptp remote-access mtu 1492

官方參考guide: https://help./hc/en-us/articles/205220840-EdgeMAX-PPTP-VPN-with-local-users-RADIUS

這個案例里，我的路由eth0是LAN口，eth0的IP是 192.168.100.1，這個配置下我的pptp客戶端能正常訪問到我的內(nèi)網(wǎng)的機器。
但是如果我需要把DNS設(shè)成 192.168.100.1，DNS請求就會一直沒響應(yīng)。
路由端抓 UDP 53 的包，可以看到pptp客戶端發(fā)出的dns請求，但是沒有回包。
看了眼/etc/dnsmasq.conf:

log-facility=/var/log/dnsmasq.log

interface=eth0

interface=eth2

cache-size=10000

man dnsmasq

-i, –interface=
Listen only on the specified interface(s). Dnsmasq automatically adds the loopback (local) interface to the list of interfaces to use when the –interface option is used. If no –interface or –listen-address options
are given dnsmasq listens on all available interfaces except any given in –except-interface options. IP alias interfaces (eg “eth1:0”) cannot be used with –interface or –except-interface options, use –listen-
address instead. A simple wildcard, consisting of a trailing ‘*’, can be used in –interface and –except-interface options.

嘗試了加一個 interface=pptp*，無效。
順手先把dnsmasq的請求隔離到一個新的網(wǎng)段 192.168.101.0/24，服務(wù)端的local-ip設(shè)成 192.168.101.1，推送dns 192.168.101.1，再設(shè)置options ‘listen-address=192.168.101.1’，解決。
全部命令如下