PfSense Fedora L2TP VPN 在 HTTP 命中时停止流量
PfSense Fedora L2TP VPN stop traffic flow on HTTP hit
我已经在 PfSense 21.05-RELEASE (amd64) 和 fedora 33 上配置了 L2TP VPN 作为客户端,连接 VPN 后我可以 ping 远程主机但是一旦我连接到 HTTP 流量 VPN 就停止流动流量。
在 TCP 转储中可以看到传出流量,但在 HTTP 请求之后看不到返回的传入流量似乎与加壳程序重组有关
链输入(策略接受)
target prot opt source destination
接受所有 -- 任何地方任何地方状态 RELATED,ESTABLISHED
ACCEPT icmp -- 任何地方
全部接受 -- 任何地方
ACCEPT tcp -- 任何地方任何地方状态 NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
向前链(策略接受)
目标保护选择源目标
REJECT all -- anywhere anywhere 拒绝使用 icmp-host-prohibited
链输出(策略接受)
目标保护选择源目标
2: ppp0: mtu 1400 qdisc fq_codel 状态未知组默认 qlen 3
link/ppp
inet 10.200.200.0 peer 10.200.0.1/32 scope global ppp0
valid_lft forever preferred_lft forever
14:10:37.880312 IP fedora > b.resolvers.Level3.net: ICMP echo 请求,id 25,seq 1,长度 64
14:10:38.046771 IP b.resolvers.Level3.net > fedora: ICMP echo reply, id 25, seq 1, length 64
14:10:38.880819 IP fedora > b.resolvers.Level3.net: ICMP echo 请求,id 25,seq 2,长度 64
14:10:39.047254 IP b.resolvers.Level3.net > fedora: ICMP echo reply, id 25, seq 2, length 64
14:10:39.880860 IP fedora > b.resolvers.Level3.net: ICMP echo 请求,id 25,seq 3,长度 64
14:10:40.046325 IP b.resolvers.Level3.net > fedora: ICMP echo reply, id 25, seq 3, length 64
14:10:52.048093 IP xcal1.vodafone.co.uk.http > fedora.37900: Flags [.], ack 140, win 123, 长度 0
14:10:52.050555 IP xcal1.vodafone.co.uk.http > fedora.37900: Flags [.], seq 1:1361, ack 140, win 123, length 1360: HTTP: HTTP/1. 1 200 行
14:10:52.050575 IP fedora.37900 > xcal1.vodafone.co.uk.http: Flags [.], ack 1361, win 502, 长度 0
14:10:52.050593 IP xcal1.vodafone.co.uk.http > fedora.37900: Flags [.], seq 1361:2721, ack 140, win 123, length 1360: HTTP
14:10:52.050603 IP fedora.37900 > xcal1.vodafone.co.uk.http: Flags [.], ack 2721, win 496, 长度 0
14:10:52.050605 IP xcal1.vodafone.co.uk.http > fedora.37900: Flags [.], seq 2721:4081, ack 140, win 123, length 1360: HTTP
14:10:52.050608 IP fedora.37900 > xcal1.vodafone.co.uk.http: Flags [.], ack 4081, win 489, 长度 0
14:10:52.051180 IP xcal1.vodafone.co.uk.http > fedora.37900: Flags [.], seq 4081:5441, ack 140, win 123, length 1360: HTTP
14:10:52.051193 IP fedora.37900 > xcal1.vodafone.co.uk.http: Flags [.], ack 5441, win 481, 长度 0
14:13:06.781830 IP fedora.38648 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 684941377, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:32.424321 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:32.674485 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:33.469787 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:33.725967 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:35.517903 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:35.773924 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:39.549856 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:39.805863 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:47.741806 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:48.253781 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:14:04.125969 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:14:04.637813 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:14:36.381831 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:14:36.893792 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
如果您使用 visual studio 2015 和 c# 6
你很容易到达 属性 class 的名字。
示例:
class Person
{
public string FirstName{get;set;}
}
得到属性名字
nameof(Person.FirstName);
它将return你"FirstName"
希望我理解你的问题
未处于 运行 状态的 xl2tpd 服务存在问题,启动 xl2tpd 服务将出现问题
我已经在 PfSense 21.05-RELEASE (amd64) 和 fedora 33 上配置了 L2TP VPN 作为客户端,连接 VPN 后我可以 ping 远程主机但是一旦我连接到 HTTP 流量 VPN 就停止流动流量。
在 TCP 转储中可以看到传出流量,但在 HTTP 请求之后看不到返回的传入流量似乎与加壳程序重组有关
链输入(策略接受)
target prot opt source destination
接受所有 -- 任何地方任何地方状态 RELATED,ESTABLISHED
ACCEPT icmp -- 任何地方
全部接受 -- 任何地方
ACCEPT tcp -- 任何地方任何地方状态 NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
向前链(策略接受)
目标保护选择源目标
REJECT all -- anywhere anywhere 拒绝使用 icmp-host-prohibited
链输出(策略接受) 目标保护选择源目标
2: ppp0:
link/ppp
inet 10.200.200.0 peer 10.200.0.1/32 scope global ppp0
valid_lft forever preferred_lft forever
14:10:37.880312 IP fedora > b.resolvers.Level3.net: ICMP echo 请求,id 25,seq 1,长度 64
14:10:38.046771 IP b.resolvers.Level3.net > fedora: ICMP echo reply, id 25, seq 1, length 64
14:10:38.880819 IP fedora > b.resolvers.Level3.net: ICMP echo 请求,id 25,seq 2,长度 64
14:10:39.047254 IP b.resolvers.Level3.net > fedora: ICMP echo reply, id 25, seq 2, length 64
14:10:39.880860 IP fedora > b.resolvers.Level3.net: ICMP echo 请求,id 25,seq 3,长度 64
14:10:40.046325 IP b.resolvers.Level3.net > fedora: ICMP echo reply, id 25, seq 3, length 64
14:10:52.048093 IP xcal1.vodafone.co.uk.http > fedora.37900: Flags [.], ack 140, win 123, 长度 0
14:10:52.050555 IP xcal1.vodafone.co.uk.http > fedora.37900: Flags [.], seq 1:1361, ack 140, win 123, length 1360: HTTP: HTTP/1. 1 200 行
14:10:52.050575 IP fedora.37900 > xcal1.vodafone.co.uk.http: Flags [.], ack 1361, win 502, 长度 0
14:10:52.050593 IP xcal1.vodafone.co.uk.http > fedora.37900: Flags [.], seq 1361:2721, ack 140, win 123, length 1360: HTTP
14:10:52.050603 IP fedora.37900 > xcal1.vodafone.co.uk.http: Flags [.], ack 2721, win 496, 长度 0
14:10:52.050605 IP xcal1.vodafone.co.uk.http > fedora.37900: Flags [.], seq 2721:4081, ack 140, win 123, length 1360: HTTP
14:10:52.050608 IP fedora.37900 > xcal1.vodafone.co.uk.http: Flags [.], ack 4081, win 489, 长度 0
14:10:52.051180 IP xcal1.vodafone.co.uk.http > fedora.37900: Flags [.], seq 4081:5441, ack 140, win 123, length 1360: HTTP
14:10:52.051193 IP fedora.37900 > xcal1.vodafone.co.uk.http: Flags [.], ack 5441, win 481, 长度 0
14:13:06.781830 IP fedora.38648 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 684941377, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:32.424321 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:32.674485 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:33.469787 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:33.725967 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:35.517903 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:35.773924 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:39.549856 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:39.805863 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:47.741806 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:13:48.253781 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:14:04.125969 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:14:04.637813 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:14:36.381831 IP fedora.38650 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3466381594, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
14:14:36.893792 IP fedora.38652 > 239.237.117.34.bc.googleusercontent.com.https: Flags [S], seq 3214804727, win 65280, options [mss 1360,nop,nop,sackOK,nop,wscale 7], 长度0
如果您使用 visual studio 2015 和 c# 6 你很容易到达 属性 class 的名字。
示例:
class Person
{
public string FirstName{get;set;}
}
得到属性名字
nameof(Person.FirstName);
它将return你"FirstName"
希望我理解你的问题
未处于 运行 状态的 xl2tpd 服务存在问题,启动 xl2tpd 服务将出现问题