|
$ ps aux | grep pppd /usr/sbin/pppd 230400 :169.254.2.1 noipdefault ipcp-accept-local noaccomp noauth default-asyncmap nopcomp receive-all nodefaultroute nodetach lcp-max-configure 40 mru 1354 logfd 2※ ppp0のremote IP addressがVPNサーバのIPアドレスになってしまうと、 物理NICを経由すべきVPNトラフィックがppp0を経由してし まってVPNサーバに届かなくなる。この結果、2.5分後にタイムアウトで切断さ れてしまう。
pppd 2.5.1 started by user, uid 0 Using interface ppp0 Connect: ppp0 <--> /dev/pts/5 local IP address xxx.xxx.xxx.xxx remote IP address yyy.yyy.yyy.yyy No response to 4 echo-requests Serial link appears to be disconnected. Connect time 2.5 minutes. Sent 18750 bytes, received 0 bytes. Connection terminated. Modem hangup Exit./etc/openfortivpn/config に 下記を記述しておけば良い。
pppd-accept-remote = 0しかし、ppp 2.5.x では、Peer側からの提案アドレスがある場合採用しないと、エラー(Peer refused to agree to his IP address)で停止する。
diff -urN ppp-2.5.2/pppd/ipcp.c ppp-2.5.2-new/pppd/ipcp.c --- ppp-2.5.2/pppd/ipcp.c 2025-05-11 11:49:26.000000000 +0900 +++ ppp-2.5.2-new/pppd/ipcp.c 2025-05-11 11:53:40.779157618 +0900 @@ -1811,11 +1811,13 @@ * We must have a non-zero IP address for both ends of the link. */ +#if 0 /* Do not error out if you do not accept the peer's idea of his address. */ if (wo->hisaddr && !wo->accept_remote && (!(ho->neg_addr || ho->old_addrs) || ho->hisaddr != wo->hisaddr)) { error("Peer refused to agree to his IP address"); ipcp_close(f->unit, "Refused his IP address"); return; } +#endif if (!ho->neg_addr && !ho->old_addrs) ho->hisaddr = wo->hisaddr;本来は、VPNサーバ側の設定で、Peer側からの提案アドレスを 169.254.2.1 に設定してもらう必要がありそうだ。
update: 2025/05/11 12:44 | path: /pub/software/linux/fortivpn
$ sudo apt install openfortivpn* /etc/openfortivpn/config
host = vpn-server-hostname # or IP address port = 443 username = user-name password = secret set-dns = 0 set-routes = 0 trusted-cert = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxこの例は、/etc/resolv.conf をそのまま使い、routing もopenfortivpn の設定を別途用意する場合の例です。
#!/bin/sh #### PDEV=ppp0 PIDFILE=/var/run/openfortivpn.pid LOGFILE=/var/log/openfortivpn.log CMD=/usr/bin/openfortivpn INTRANETS="10.0.0.0:255.0.0.0 192.168.0.0:255.255.0.0" #### case "$1" in start) sudo start-stop-daemon --start --quiet -m -b --pidfile $PIDFILE -O $LOGFILE --exec $CMD sleep 5 # wait a few seconds for connect for i in $INTRANETS do NETWORK=${i%:*} MASK=${i#*:} sudo /sbin/route add -net $NETWORK netmask $MASK dev $PDEV metric 1 done ;; stop) sudo start-stop-daemon --stop --pidfile $PIDFILE ;; *) echo "Usage: $0 {start|stop}" ;; esac
update: 2022/03/16 15:57 | path: /pub/software/linux/fortivpn