最近在玩 IPSec VPN 及 PPTP VPN,Client 端有感覺的差異大概的是:
IPSec VPN 只針對遠端內部的網段才透過 VPN 連線,其餘的還是走本地端的網路。
PPTP VPN 則是 Client 全部的連線均得透過 VPN 進行連線。
後來我同事 Peter 告訴我說,他之前在外派的時候,就有別家的工程師去修改設定,讓使用 PPTP VPN 時,所有的連線不用都要透過 VPN 連線。所以,我當然也要試試看囉!
附上我的測試架構:
在利用 PPTP 連上 VPN 後,先確認一下目前的網路狀態,PPTP 的網路也有 Default Gateway:
|
C:\>ipconfig
Windows IP Configuration
Ethernet adapter 區域連線:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . . : 192.168.1.168
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway. . . . . . . . . : 192.168.1.1
PPP adapter QUMA:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . . : 192.168.0.202
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway. . . . . . . . . : 192.168.0.202
|
做一下對外連線的路由追蹤,果然是走 VPN Tunnel 上網:
|
C:\>tracert -d 168.95.1.1
Tracing route to 168.95.1.1 over a maximum of 30 hops
1 60 ms 58 ms 59 ms 192.168.0.10
2 89 ms 88 ms 89 ms 60.124.67.254
3 88 ms 88 ms 88 ms 168.95.82.206
4 88 ms 89 ms 89 ms 220.128.2.230
5 88 ms 88 ms 89 ms 220.128.2.217
6 89 ms 90 ms 89 ms 210.59.204.189
7 89 ms 89 ms 89 ms 168.95.1.1
Trace complete.
|
檢視一下目前的路由設定,Default Gateway 是指向遠端 VPN 的 Gateway,當然會都從遠端那邊上網:
C:\>route print
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.202 192.168.0.202 1
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.168 21
114.43.131.226 255.255.255.255 192.168.1.1 192.168.1.168 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.202 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.0.255 255.255.255.255 192.168.0.202 192.168.0.202 50
192.168.1.0 255.255.255.0 192.168.1.168 192.168.1.168 20
192.168.1.168 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.168 192.168.1.168 20
224.0.0.0 240.0.0.0 192.168.1.168 192.168.1.168 20
224.0.0.0 240.0.0.0 192.168.0.202 192.168.0.202 1
255.255.255.255 255.255.255.255 192.168.0.202 192.168.0.202 1
255.255.255.255 255.255.255.255 192.168.1.168 192.168.1.168 1
Default Gateway: 192.168.0.202
===========================================================================
Persistent Routes:
None |
將因撥入 PPTP VPN 所產生的新預設閘道刪除:
| C:\>route delete 0.0.0.0 192.168.0.202
C:\>route print
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.168 21
114.43.131.226 255.255.255.255 192.168.1.1 192.168.1.168 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.202 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.0.255 255.255.255.255 192.168.0.202 192.168.0.202 50
192.168.1.0 255.255.255.0 192.168.1.168 192.168.1.168 20
192.168.1.168 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.168 192.168.1.168 20
224.0.0.0 240.0.0.0 192.168.1.168 192.168.1.168 20
224.0.0.0 240.0.0.0 192.168.0.202 192.168.0.202 1
255.255.255.255 255.255.255.255 192.168.0.202 192.168.0.202 1
255.255.255.255 255.255.255.255 192.168.1.168 192.168.1.168 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
|
測試一下 VPN 是否可以正常運作,結果是不行的:
| C:\>ping 192.168.0.10
Pinging 192.168.0.10 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
|
所以要將 VPN 的網段路由加進去:
| C:\>route add 192.168.0.0 mask 255.255.255.0 192.168.0.202
C:\>route print
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.168 21
114.43.131.226 255.255.255.255 192.168.1.1 192.168.1.168 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.202 192.168.0.202 1
192.168.0.202 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.0.255 255.255.255.255 192.168.0.202 192.168.0.202 50
192.168.1.0 255.255.255.0 192.168.1.168 192.168.1.168 20
192.168.1.168 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.168 192.168.1.168 20
192.168.173.0 255.255.255.0 192.168.173.2 192.168.1.168 20
192.168.173.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.173.255 255.255.255.255 192.168.173.2 192.168.1.168 20
224.0.0.0 240.0.0.0 192.168.1.168 192.168.1.168 20
224.0.0.0 240.0.0.0 192.168.0.202 192.168.0.202 1
255.255.255.255 255.255.255.255 192.168.0.202 192.168.0.202 1
255.255.255.255 255.255.255.255 192.168.1.168 192.168.1.168 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
|
再測試一下 VPN 是否可以正常連線,是 OK 的:
| C:\>ping 192.168.0.10
Pinging 192.168.0.10 with 32 bytes of data:
Reply from 192.168.0.10: bytes=32 time=59ms TTL=255
Reply from 192.168.0.10: bytes=32 time=58ms TTL=255
Reply from 192.168.0.10: bytes=32 time=57ms TTL=255
Reply from 192.168.0.10: bytes=32 time=58ms TTL=255
Ping statistics for 192.168.0.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 57ms, Maximum = 59ms, Average = 58ms
|
再測試一下對外連線的路由,哈!已經是走本地端的網路,而非透過 VPN Tunnel:
| C:\Documents and Settings\Jeff>tracert -d 168.95.1.1
Tracing route to 168.95.1.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.1
2 37 ms 37 ms 37 ms 203.67.219.1
3 36 ms 36 ms 37 ms 192.72.177.252
4 37 ms 36 ms 37 ms 139.175.57.37
5 37 ms 39 ms 37 ms 139.175.57.106
6 37 ms 37 ms 37 ms 210.242.214.142
7 37 ms 37 ms 37 ms 220.128.4.246
8 36 ms 37 ms 43 ms 220.128.4.193
9 41 ms 37 ms 37 ms 210.59.204.189
10 37 ms 38 ms 37 ms 168.95.1.1
Trace complete.
|
如果能這樣做,PPTP 的 Client 端設定方便,是可以考慮的。要不然都吃 VPN Tunnel 的頻寬,既慢又佔公司頻寬,是比較不理想的。感謝我同事 Peter 的提點!
不過,因為要寫篇 Windows 7 設定 PPTP 的文章,發現無法用這樣的方式進行設定。說不得,就得向 Google 大帝要 Solution 囉!所幸,找到了篇好文章。
依照所述,在「網路連線」→「QUMA」→「內容」。
在「網路功能」頁籤,「VPN 的類型」:「PPTP」,點選「Internet Protocol(TCP/IP)」→「內容」。
再點選「進階」。
勾消「使用遠端網路的預設閘道」。
檢視路由表及做路徑追蹤,已符合自己想要的需求。還真是簡單!!
20110227
我在MIS的日誌 (11)