《PPTP隧道连接应用实例》由会员分享,可在线阅读,更多相关《PPTP隧道连接应用实例(9页珍藏版)》请在金锄头文库上搜索。
1、PPTP隧道连接应用实例以下是一个使用互联网上的加密PPTP隧道连接两个企业网局域网的例子:在这个例子中有两个不同地区办公室的路由器,需要让两个办公局域网的主机之间实现互访:HomeOffice 接口LocalHomeOffice 10.150.2.254/24接口ToInternet 192.168.80.1/24RemoteOffice 接口ToInternet 192.168.81.1/24接口 LocalRemoteOffice 10.150.1.254/24每个路由器连接到当地的ISP,任何一个路由器可以通过互联网访问到对端的路由器。HomeOffice配置在HomeOffice端建
2、立PPTP服务器,首先我们进入/ppp secret目录下添加客户端账号:adminHomeOffice ppp secret add name=ex service=pptp password=123456local-address=10.0.103.1 remote-address=10.0.103.2adminHomeOffice ppp secret print detailFlags: X - disabled 0 name=ex service=pptp caller-id= password=123456 profile=default local-address=10.0.10
3、3.1 remote-address=10.0.103.2 routes= adminHomeOffice ppp secretWinbox操作如下:在interface pptp-server server目录下,启用pptp服务器:adminHomeOffice interface pptp-server server set enabled=yesadminHomeOffice interface pptp-server server print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2 default-profil
4、e: defaultadminHomeOffice interface pptp-server serverWinbox下配置进入ppp目录下启用pptp server:RemoteOffice配置在RemoteOffice路由器添加一个PPTP客户:adminRemoteOffice interface pptp-client add connect-to=192.168.80.1 user=ex . password=123456 disabled=noadminRemoteOffice interface pptp-client printFlags: X - disabled, R -
5、 running 0 R name=pptp-out1 mtu=1460 mru=1460 connect-to=192.168.80.1 user=ex password=123456 profile=default add-default-route=no adminRemoteOffice interface pptp-clientWinbox在interface中添加pptp-client这样,一个PPTP隧道就在路由器之间创建好了。这个隧道就像在IP地址为10.0.103.1及10.0.103.2的路由器之间的三层点对点连接。pptp局域网的互访pptp隧道建立完成后,仅是路由器间可
6、以互访,但两个企业间的局域网需要通过设置路由完成连接为了在PPTP隧道上互访企业间本地网络,需要添加以下路由:adminHomeOffice ip route add dst-address=10.150.1.0/24 gateway=10.0.103.2adminRemoteOffice ip route add dst-address=10.150.2.0/24 gateway=10.0.103.1或者也可以在PPTP服务器(HomeOffice)上通过用户配置的routes参数完成,RemoteOffice还是需要在/ip route中配置路由:adminHomeOffice ppp s
7、ecret print detailFlags: X - disabled 0 name=ex service=pptp caller-id= password=123456 profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes= adminHomeOffice ppp secret set 0 routes=10.150.1.0/24 10.0.103.2 1adminHomeOffice ppp secret print detailFlags: X - disabled 0 name=ex se
8、rvice=pptp caller-id= password=123456 profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes=10.150.1.0/24 10.0.103.2 1 adminHomeOffice ppp secret目的路由:10.150.1.0/24pptp的网关:10.0.103.2Distance路径: 1Winbox中修改routes参数测试PPTP隧道连接:adminRemoteOffice /ping 10.0.103.110.0.103.1 pong: ttl=255
9、 time=3 ms10.0.103.1 pong: ttl=255 time=3 ms10.0.103.1 pong: ttl=255 time=3 msping interrupted3 packets transmitted, 3 packets received, 0% packet lossround-trip min/avg/max = 3/3.0/3 ms测试通过PPTP隧道到LocalHomeOffice接口的连接:adminRemoteOffice /ping 10.150.2.25410.150.2.254 pong: ttl=255 time=3 ms10.150.2.2
10、54 pong: ttl=255 time=3 ms10.150.2.254 pong: ttl=255 time=3 msping interrupted3 packets transmitted, 3 packets received, 0% packet lossround-trip min/avg/max = 3/3.0/3 ms通过PPTP隧道连接终端客户下面的例子显示了通过终端电脑与远程办公网络进行PPTP加密隧道通信,如外地出差的同时,通过笔记本电脑连接会公司的网络进行远程信息管理和查询这个例子中的路由器:RemoteOffice 接口ToInternet 192.168.81.
11、1/24接口Office 10.150.1.254/24在PPTP服务器上设置用户帐号:adminRemoteOffice ppp secret add name=ex service=pptp password=123456local-address=10.150.1.254 remote-address=10.150.1.2adminRemoteOffice ppp secret print detailFlags: X - disabled 0 name=ex service=pptp caller-id= password=123456 profile=default local-ad
12、dress=10.150.1.254 remote-address=10.150.1.2 routes= adminRemoteOffice ppp secret启用pptp服务:adminRemoteOffice interface pptp-server server set enabled=yesadminRemoteOffice interface pptp-server server print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2 default-profile: defaultadminRemoteOff
13、ice interface pptp-server server在笔记本电脑访问回公司后,需要访问内部网络资源,需要配置规则才能确保通常,有两种方法:局域网连接方法1:代理ARP必须在Office接口上启用,这样可以通过代理arp访问,但有个缺点是内外的DHCP服务可能会受到影响:adminRemoteOffice interface ethernet set Office arp=proxy-arpadminRemoteOffice interface ethernet printFlags: X - disabled, R - running # NAME MTU MAC-ADDRESS
14、ARP 0 R ToInternet 1500 00:30:4F:0B:7B:C1 enabled 1 R Office 1500 00:30:4F:06:62:12 proxy-arpadminRemoteOffice interface ethernet在winbox中进入interface目录下,选择office接口设置arp为proxy-arp局域网连接方法2:通过nat设置masquerade,规则要求对所有来访数据进行伪装,这样保证内外网通过转换通信adminRemoteOffice /ip firewall nat add chain=srcnat action=masquerade adminRemoteOffice /ip firewall nat printFlags: X - disabled, R - running Flags: X - disabled, I - invalid, D - dynamic 0 chain=srcnat action=masqueradeadminRemoteOff