Q&A
取り急ぎ。PP auth usernameにある情報はダミーですか?そうでなければ、公開すべき情報ではないので、マスクする等修正すべきです。
YAMAHA RTX830のVPN設定について
いつもお世話になっております。
自己解決できない事象が発生したので御助力ください。
◆事象
MacOSやiphone端末からはVPN接続できるのにWindowsクライアントから接続ができない。
◆構成
ONU:HG8045Q(192.168.1.1)
ルータ:RTX830(192.168.1.2)
→RTXから先は100.x
◆試した事
・https://qiita.com/hellfire/items/e10bf16bfffdf21d30f6
を参考にRTX830にDMZ転送
・https://network.yamaha.com/setting/router_firewall/vpn/vpn_client/vpn-smartphone-setup-rtx1210
を参考にVPN設定
・Windows端末をテザリングで繋いでVPNアクセス
NG
・MacOやiphoneでアクセス
OK
Windows端末で別VPNにアクセス
https://www.vpngate.net/ja/や知人のVPNサーバには接続OK。
- Configリスト
user attribute connection=serial,telnet,remote,ssh,sftp,http gui-page=dashboard,lan-map,config login-timer=3600
ip route default gateway 192.168.1.1 filter 500000
ip keepalive 1 icmp-echo 10 5 192.168.1.1
ip lan1 address 192.168.100.1/24
ip lan1 proxyarp on
ip lan2 address 192.168.1.2/24
ip lan2 secure filter in 999
ip lan2 secure filter out 999
ip lan2 nat descriptor 200
pp select anonymous
pp bind tunnel1
pp auth request chap-pap
pp auth username XXXX XXXX
ppp ipcp ipaddress on
ppp ipcp msext on
ppp ccp type none
ip pp remote address pool dhcp
ip pp mtu 1258
pp enable anonymous
tunnel select 1
tunnel encapsulation l2tp
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive use 1 off
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text XXX
ipsec ike remote address 1 any
l2tp tunnel disconnect time off
ip tunnel tcp mss limit auto
tunnel enable 1
ip filter 999 pass-log * * * * *
ip filter 101000 reject 10.0.0.0/8 * * * *
ip filter 101001 reject 172.16.0.0/12 * * * *
ip filter 101002 reject 192.168.0.0/16 * * * *
ip filter 101003 reject 192.168.100.0/24 * * * *
ip filter 101010 reject * 10.0.0.0/8 * * *
ip filter 101011 reject * 172.16.0.0/12 * * *
ip filter 101012 reject * 192.168.0.0/16 * * *
ip filter 101013 reject * 192.168.100.0/24 * * *
ip filter 101020 reject * * udp,tcp 135 *
ip filter 101021 reject * * udp,tcp * 135
ip filter 101022 reject * * udp,tcp netbios_ns-netbios_ssn *
ip filter 101023 reject * * udp,tcp * netbios_ns-netbios_ssn
ip filter 101024 reject * * udp,tcp 445 *
ip filter 101025 reject * * udp,tcp * 445
ip filter 101026 restrict * * tcpfin * www,21,nntp
ip filter 101027 restrict * * tcprst * www,21,nntp
ip filter 101030 pass * 192.168.100.0/24 icmp * *
ip filter 101031 pass * 192.168.100.0/24 established * *
ip filter 101032 pass * 192.168.100.0/24 tcp * ident
ip filter 101033 pass * 192.168.100.0/24 tcp ftpdata *
ip filter 101034 pass * 192.168.100.0/24 tcp,udp * domain
ip filter 101035 pass * 192.168.100.0/24 udp domain *
ip filter 101036 pass * 192.168.100.0/24 udp * ntp
ip filter 101037 pass * 192.168.100.0/24 udp ntp *
ip filter 101099 pass * * * * *
ip filter 101100 pass * 192.168.100.1 udp * 500
ip filter 101101 pass * 192.168.100.1 esp * *
ip filter 101102 pass * 192.168.100.1 udp * 4500
ip filter 101103 pass * 192.168.100.1 udp * 1701
ip filter 500000 restrict * * * * *
ip filter dynamic 101080 * * ftp
ip filter dynamic 101081 * * domain
ip filter dynamic 101082 * * www
ip filter dynamic 101083 * * smtp
ip filter dynamic 101084 * * pop3
ip filter dynamic 101085 * * submission
ip filter dynamic 101098 * * tcp
ip filter dynamic 101099 * * udp
nat descriptor type 200 masquerade
nat descriptor address outer 200 primary
nat descriptor masquerade static 200 1 192.168.100.1 udp 500
nat descriptor masquerade static 200 2 192.168.100.1 esp
nat descriptor masquerade static 200 3 192.168.100.1 udp 4500
nat descriptor masquerade static 200 4 192.168.100.1 udp 1701
nat descriptor masquerade static 200 5 192.168.100.1 tcp 1723
nat descriptor masquerade static 200 6 192.168.100.1 gre
ipsec auto refresh on
ipsec transport 1 1 udp 1701
telnetd host lan
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.100.2-192.168.100.191/24
dns host lan1
dns server select 500201 8.8.8.8 any .
dns private address spoof on
schedule at 1 / 00:00:00 * ntpdate ntp.nict.jp syslog
l2tp service on
httpd host lan1
statistics traffic on
自己解決
