環境如下:
CentOS (pptp服務器)公網IP win7(PPTP客戶端)內網IP
使用客戶端連接服務器時,報網絡錯誤619.
使用手機wifi熱點,client連接熱點后再使用vpn,報錯誤619.
在centos服務器上查看日志,統一錯誤如下:
Aug 31 11:07:36 pptpd[9162]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Aug 31 11:07:36 pptpd[9162]: CTRL: Client 14.16.135.232 control connection finished
Aug 31 11:07:47 pptpd[9214]: CTRL: Client 14.16.135.232 control connection started
Aug 31 11:07:47 pptpd[9214]: CTRL: Starting call (launching pppd, opening GRE)
Aug 31 11:07:47 pppd[9215]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Aug 31 11:07:47 pppd[9215]: pppd 2.4.5 started by root, uid 0
Aug 31 11:07:47 pppd[9215]: Using interface ppp0
Aug 31 11:07:47 pppd[9215]: Connect: ppp0 <--> /dev/pts/1
Aug 31 11:07:47 NetworkManager[640]: <info> (ppp0): new Generic device (carrier: UNKNOWN, driver: 'unknown', ifindex: 20) 問題1
Aug 31 11:08:17 pppd[9215]: LCP: timeout sending Config-Requests 問題2
Aug 31 11:08:17 pppd[9215]: Connection terminated.
Aug 31 11:08:17 pppd[9215]: Modem hangup
Aug 31 11:08:17 pppd[9215]: Exit.
Aug 31 11:08:17 pptpd[9214]: GRE: read(fd=6,buffer=7f234b1cb480,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Aug 31 11:08:17 pptpd[9214]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Aug 31 11:08:17 pptpd[9214]: CTRL: Client 14.16.135.232 control connection finished
問題還在定位中,記錄一下
問題跟蹤如下:
1)對於問題1, 關掉 networkmanager 即可。
sudo systemctl NetwokManager stop
2)對於問題2,更改配置文件 /etc/ppp/options.pptpd, 屏蔽不用的方式,添加允許的方式
# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
# {{{
#refuse-pap
#refuse-chap
#refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#require-mppe-128
require-chap #t添加允許的方式
# }}}
修改后,連接仍然沒有成功,server端異常日志如下:
Aug 31 13:41:40 testhostname0001 pptpd[15464]: CTRL: Client 14.16.135.232 control connection started
Aug 31 13:41:40 testhostname0001 pptpd[15464]: CTRL: Starting call (launching pppd, opening GRE)
Aug 31 13:41:40 testhostname0001 pppd[15465]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Aug 31 13:41:40 testhostname0001 pppd[15465]: pppd 2.4.5 started by root, uid 0
Aug 31 13:41:40 testhostname0001 pppd[15465]: Using interface ppp0
Aug 31 13:41:40 testhostname0001 pppd[15465]: Connect: ppp0 <--> /dev/pts/2
Aug 31 13:42:10 testhostname0001 pppd[15465]: LCP: timeout sending Config-Requests 問題1
Aug 31 13:42:10 testhostname0001 pppd[15465]: Connection terminated.
Aug 31 13:42:10 testhostname0001 pppd[15465]: Modem hangup
Aug 31 13:42:10 testhostname0001 pppd[15465]: Exit.
Aug 31 13:42:10 testhostname0001 pptpd[15464]: GRE: read(fd=6,buffer=7f559256a480,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Aug 31 13:42:10 testhostname0001 pptpd[15464]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Aug 31 13:42:10 testhostname0001 pptpd[15464]: CTRL: Client 14.16.135.232 control connection finished
說明問題仍然沒有解決,繼續更改:
百度得知:
LCP: timeout sending Config-Requests
很多人在撥VPN的時候卡在驗證用戶名和密碼,然后會出現619的錯誤,這種錯誤90%以上是由於客戶端到服務器的網絡中有設備不支持GRE協議或NAT-T造成的,最常見的是由於客戶端的路由器等不支持造成的,在更換以后立馬能撥上VPN。而這種錯誤在服務端的日志也有體現。例如
下面是雙方加解密不一致的:
LCP terminated by peer (^O^XH-^@<M-Mt^@^@^@^@)
|
還有其他問題可去這里排查:
http://pptpclient.sourceforge.net/howto-diagnosis.phtml
由於client端和sever端都存在這個問題,因此按照網上的方法,更改了client端(ubuntu):
1)添加 nf_conntrack_pptp nf_conntrack_proto_gre 模塊
sudo modprobe nf_conntrack_pptp
2) 添加 nat模塊
sudo modprobe ip_nat_pptp
3)開啟silent模式
修改/etc/ppp/options文件
# With this option, pppd will not transmit LCP packets to initiate a
# connection until a valid LCP packet is received from the peer (as for
# the "passive" option with old versions of pppd).
silent
然后client端問題解決,由於server端采用的是centos,沒有找到相關文件,因此server端仍然有此問題。
備注: 有用URL: https://askubuntu.com/questions/269399/failed-to-connect-to-pptp-vpn-server-on-ubuntu
=====================================
更新:
centos 服務器端錯誤更改:
修改/etc/ppp/options
添加 “silent” 即可。