{"id":5724,"date":"2021-05-20T13:59:24","date_gmt":"2021-05-20T10:59:24","guid":{"rendered":"https:\/\/skeletor.org.ua\/?p=5724"},"modified":"2021-07-29T15:14:31","modified_gmt":"2021-07-29T12:14:31","slug":"linux-%d0%a0%d0%b0%d0%b7%d1%80%d0%b5%d1%88%d0%b0%d0%b5%d0%bc-vpn-pptp-%d1%87%d0%b5%d1%80%d0%b5%d0%b7-nat-%d0%b4%d0%bb%d1%8f-%d0%bb%d0%be%d0%ba%d0%b0%d0%bb%d1%8c%d0%bd%d0%be%d0%b9-%d1%81%d0%b5%d1%82","status":"publish","type":"post","link":"https:\/\/skeletor.org.ua\/?p=5724","title":{"rendered":"[Linux] \u0420\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c vpn pptp \u0447\u0435\u0440\u0435\u0437 nat \u0434\u043b\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438"},"content":{"rendered":"\n

\u041a\u0430\u043a \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u043f\u0440\u043e\u0441\u0442\u043e \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c NAT <\/strong>\u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0434\u0430\u0436\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c helper <\/strong>\u0447\u0435\u0440\u0435\u0437 sysctl<\/strong>:<\/p>\n\n\n

net.netfilter.nf_conntrack_helper=1<\/pre>\n
\u0412 \u0441\u0435\u0442\u0438 \u043f\u0438\u0448\u0443\u0442, \u0447\u0442\u043e \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u0434\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0438 (\u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0435\u0449\u0451 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442, \u0447\u0442\u043e \u044d\u0442\u043e \u043d\u0443\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 8.\u0425<\/strong> \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c, \u0430 \u0441 9<\/strong>-\u043e\u0439 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c helper<\/strong> \u0447\u0435\u0440\u0435\u0437 sysctl<\/strong>, \u043d\u043e \u043a\u0430\u043a \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e)<\/p>\n
<\/p>\n
nf_nat_pptp\nnf_nat_proto_gre\nnf_conntrack_pptp\nnf_conntrack_proto_gre\nnf_nat\nnf_conntrack<\/pre>\n
\u041d\u0443 \u0447\u0442\u043e, \u0434\u0430\u0432\u0430\u0439\u0442\u0435 \u043f\u043e\u043f\u0440\u043e\u0431\u0443\u0435\u043c \u043c\u043e\u0434\u0433\u0440\u0443\u0437\u0438\u0442\u044c:<\/p>\n
insmod \/lib\/modules\/4.19.0-16-amd64\/kernel\/net\/ipv4\/netfilter\/nf_nat_pptp.ko\ninsmod: ERROR: could not insert module \/lib\/modules\/4.19.0-16-amd64\/kernel\/net\/ipv4\/netfilter\/nf_nat_pptp.ko: Unknown symbol in module<\/pre>\n
\u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432 \u043b\u043e\u0433\u0435 \u0431\u0443\u0434\u0443\u0442 \u043f\u043e\u0445\u043e\u0436\u0438\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f:<\/p>\n
ip_gre: Unknown symbol ip_tunnel_rcv (err -2)<\/pre>\n
\u041c\u043e\u0436\u043d\u043e \u043f\u043e\u0434\u0443\u043c\u0430\u0442\u044c, \u0447\u0442\u043e \u043c\u044b \u043f\u043e\u0434\u0433\u0440\u0443\u0437\u0438\u043b\u0438 \u043c\u043e\u0434\u0443\u043b\u0438 \u043d\u0435 \u0432 \u0442\u043e\u043c \u043f\u043e\u0440\u044f\u0434\u043a\u0435, \u043d\u043e \u043f\u0435\u0440\u0435\u043f\u043e\u0440\u043e\u0431\u043e\u0432\u0430\u0432 \u0432\u0441\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u0443\u0431\u0435\u0436\u0434\u0430\u0435\u043c\u0441\u044f, \u0447\u0442\u043e \u0434\u0435\u043b\u043e \u0432 \u0447\u0451\u043c-\u0442\u043e \u0434\u0440\u0443\u0433\u043e\u043c. \u041c\u0435\u0442\u043e\u0434\u043e\u043c \u0434\u0435\u0434\u0443\u043a\u0446\u0438\u0438, \u0440\u0435\u0448\u0438\u043b \u043f\u043e\u043f\u0440\u043e\u0431\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043d\u0430 \u0448\u043b\u044e\u0437\u0435 \u043f\u0430\u043a\u0435\u0442 pptpd<\/strong> (\u0434\u0430, \u043e\u043d \u043d\u0435 \u0441\u0442\u043e\u044f\u043b, \u0434\u0430 \u0438 \u0437\u0430\u0447\u0435\u043c \u0435\u043c\u0443 \u0441\u0442\u043e\u044f\u0442\u044c, \u043a\u043e\u0433\u0434\u0430 \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e NAT<\/strong>‘\u0438\u0442\u044c pptp<\/strong> \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0438\u0437 \u043b\u043e\u043a\u0430\u043b\u043a\u0438 \u0432 \u043c\u0438\u0440?). \u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438, \u043c\u043e\u0434\u0443\u043b\u0438 \u043f\u043e\u0434\u0433\u0440\u0443\u0437\u0438\u043b\u0438\u0441\u044c:<\/p>\n
lsmod  | grep pptp\nnf_nat_pptp            16384  0\nnf_nat_proto_gre       16384  1 nf_nat_pptp\nnf_conntrack_pptp      16384  1 nf_nat_pptp\nnf_conntrack_proto_gre    16384  1 nf_conntrack_pptp\nnf_nat                 36864  4 nf_nat_ipv4,xt_nat,nf_nat_pptp,nf_nat_proto_gre\nnf_conntrack          172032  10 xt_conntrack,nf_nat,xt_state,nf_conntrack_pptp,ipt_MASQUERADE,nf_nat_ipv4,xt_nat,nf_nat_pptp,nf_conntrack_netlink,nf_conntrack_proto_gre\n<\/pre>\n
\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0437\u0430\u043e\u0434\u043d\u043e, \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e \u043b\u0438 NAT<\/strong>‘\u0438\u0442\u0441\u044f gre\/pptp<\/strong>:<\/p>\n
conntrack -L | egrep -i \"gre|pptp\"
\ngre      47 18000 src=192.168.13.21 dst=X.X.X.X srckey=0x100 dstkey=0xde5 src=X.X.X.X dst=Y.Y.Y.Y srckey=0xde5 dstkey=0xd83f [ASSURED] mark=0 use=2
\ngre      47 17999 src=192.168.13.166 dst=X.X.X.X srckey=0x7ddd dstkey=0xde6 src=X.X.X.X dst=Y.Y.Y.Y srckey=0xde6 dstkey=0xed7d [ASSURED] mark=0 use=1
\ntcp      6 431953 ESTABLISHED src=192.168.13.166 dst=X.X.X.X sport=60797 dport=1723 src=X.X.X.X dst=Y.Y.Y.Y sport=1723 dport=60797 [ASSURED] mark=0 helper=pptp use=2
\ntcp      6 431986 ESTABLISHED src=192.168.13.21 dst=X.X.X.X sport=55359 dport=1723 src=X.X.X.X dst=Y.Y.Y.Y sport=1723 dport=55359 [ASSURED] mark=0 helper=pptp use=2<\/pre>\n
\u041f\u043e\u0434\u044b\u0442\u043e\u0436\u0438\u043c: \u0434\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f \u0446\u0435\u043b\u0438 \u043d\u0430 \u043f\u0443\u0441\u0442\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043d\u0443\u0436\u043d\u043e:
1) \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c helper<\/strong>, \u0435\u0441\u043b\u0438 \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0451\u043d
2) \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 pptpd<\/strong>, \u0435\u0441\u043b\u0438 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d.<\/p>","protected":false},"excerpt":{"rendered":"
\u041a\u0430\u043a \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u043f\u0440\u043e\u0441\u0442\u043e \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c NAT \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0434\u0430\u0436\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c helper \u0447\u0435\u0440\u0435\u0437 sysctl: net.netfilter.nf_conntrack_helper=1 \u0412 \u0441\u0435\u0442\u0438 \u043f\u0438\u0448\u0443\u0442, \u0447\u0442\u043e \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u0434\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0438 (\u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0435\u0449\u0451 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442, \u0447\u0442\u043e \u044d\u0442\u043e \u043d\u0443\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 8.\u0425 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c, \u0430 \u0441 9-\u043e\u0439 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c helper \u0447\u0435\u0440\u0435\u0437 sysctl, \u043d\u043e \u043a\u0430\u043a \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e)<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,12],"tags":[],"class_list":["post-5724","post","type-post","status-publish","format-standard","hentry","category-linux","category-routers"],"_links":{"self":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/5724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5724"}],"version-history":[{"count":2,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/5724\/revisions"}],"predecessor-version":[{"id":5746,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/5724\/revisions\/5746"}],"wp:attachment":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}