本文共 5997 字,大约阅读时间需要 19 分钟。
按照网上的教程,在一台centos7上安装完PPTP VPN服务器之后,IOS一直报错,连不上,查看VAR LOG MESSAGES发现报如下错误:
Aug 4 16:05:04 oltsvr pptpd[15707]: CTRL: Client 112.17.247.42 control connection started Aug 4 16:05:04 oltsvr pptpd[15707]: CTRL: Starting call (launching pppd, opening GRE) Aug 4 16:05:05 oltsvr kernel: conntrack: generic helper won’t handle protocol 47. Please consider loading the specific helper module. Aug 4 16:05:05 oltsvr pppd[15708]: /usr/lib/pptpd/pptpd-logwtmp.so: wrong ELF class: ELFCLASS32 Aug 4 16:05:05 oltsvr pppd[15708]: Couldn’t load plugin /usr/lib/pptpd/pptpd-logwtmp.so Aug 4 16:05:05 oltsvr pptpd[15707]: GRE: read(fd=6,buffer=8059680,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs Aug 4 16:05:05 oltsvr pptpd[15707]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Aug 4 16:05:05 oltsvr pptpd[15707]: CTRL: Client 112.17.247.42 control connection finished后来,修改了/etc/pptpd.conf
将logwtmp这一行去掉就OK了。成功的日志如下:
Aug 5 10:05:44 oltsvr pptpd[42095]: CTRL: Client 112.17.247.42 control connection started
Aug 5 10:05:44 oltsvr pptpd[42095]: CTRL: Starting call (launching pppd, opening GRE) Aug 5 10:05:44 oltsvr kernel: PPP generic driver version 2.4.2 Aug 5 10:05:44 oltsvr pppd[42096]: pppd 2.4.5 started by root, uid 0 Aug 5 10:05:44 oltsvr pppd[42096]: Using interface ppp0 Aug 5 10:05:44 oltsvr pppd[42096]: Connect: ppp0 <–> /dev/pts/4 Aug 5 10:05:44 oltsvr NetworkManager[1274]: (ppp0): new Generic device (carrier: UNKNOWN, driver: ‘unknown’, ifindex: 8)Aug 5 10:05:47 oltsvr kernel: PPP MPPE Compression module registered
Aug 5 10:05:47 oltsvr pppd[42096]: MPPE 128-bit stateless compression enabled Aug 5 10:05:47 oltsvr pppd[42096]: Cannot determine ethernet address for proxy ARP Aug 5 10:05:47 oltsvr pppd[42096]: local IP address 10.12.2.100 Aug 5 10:05:47 oltsvr pppd[42096]: remote IP address 10.12.2.101 Aug 5 10:05:47 oltsvr NetworkManager[1274]: keyfile: add connection in-memory (5fa4eb7b-1f2f-4ea4-9374-024a1561e71f,”ppp0”) Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: unmanaged -> unavailable (reason ‘connection-assumed’) [10 20 41] Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: unavailable -> disconnected (reason ‘connection-assumed’) [20 30 41] Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): Activation: starting connection ‘ppp0’ (5fa4eb7b-1f2f-4ea4-9374-024a1561e71f) Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: disconnected -> prepare (reason ‘none’) [30 40 0] Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: prepare -> config (reason ‘none’) [40 50 0] Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: config -> ip-config (reason ‘none’) [50 70 0] Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: ip-config -> ip-check (reason ‘none’) [70 80 0] Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: ip-check -> secondaries (reason ‘none’) [80 90 0] Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: secondaries -> activated (reason ‘none’) [90 100 0] Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): Activation: successful, device activated. Aug 5 10:05:47 oltsvr dbus-daemon: dbus[1199]: [system] Activating via systemd: service name=’org.freedesktop.nm_dispatcher’ unit=’dbus-org.freedesktop.nm-dispatcher.service’ Aug 5 10:05:47 oltsvr dbus[1199]: [system] Activating via systemd: service name=’org.freedesktop.nm_dispatcher’ unit=’dbus-org.freedesktop.nm-dispatcher.service’Aug 5 10:05:47 oltsvr systemd: Starting Network Manager Script Dispatcher Service…
Aug 5 10:05:47 oltsvr dbus[1199]: [system] Successfully activated service ‘org.freedesktop.nm_dispatcher’ Aug 5 10:05:47 oltsvr systemd: Started Network Manager Script Dispatcher Service. Aug 5 10:05:47 oltsvr dbus-daemon: dbus[1199]: [system] Successfully activated service ‘org.freedesktop.nm_dispatcher’ Aug 5 10:05:47 oltsvr nm-dispatcher: Dispatching action ‘up’ for ppp0 Aug 5 10:05:47 oltsvr systemd: Unit iscsi.service cannot be reloaded because it is inactive. Aug 5 10:05:47 oltsvr systemd: Stopping Sendmail Mail Transport Client… Aug 5 10:05:47 oltsvr systemd: Stopping Sendmail Mail Transport Agent… Aug 5 10:05:47 oltsvr systemd: Starting Sendmail Mail Transport Agent…这里总结一下几点:
1、内核不需要重新编译,日志中报告的连接跟踪 GRE问题可以忽略,只有做PPTPD ALG时才需要重编译内核。 2、PPTPD的启动通过SYSTEMCTL RESTART PPTPD.SERVICE重启或停止。 3、通过FIREWALL-CMD来设置防火墙,注意RELOAD。firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -i eth0 -p tcp --dport 1723 -j ACCEPTfirewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPTfirewall-cmd --permanent --direct --add-rule ipv4 filter POSTROUTING 0 -t nat -o enp7s0f2 -j MASQUERADE firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i ppp+ -o eth0 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i enp7s0f2 -o ppp+ -j ACCEPT
FAQ:
1、IOS拔号时提示通信中断 因为logwtmp与PPP冲突,去掉2、能拔号成功,但路由不通,只能到达PPTPD这台CENTOS服务器,其他地方都到达不了
TCPDUMP -I PPP0捕包看,第一个SYN连接就被回复ICMP不可达。 原因是防火墙拦住了,-o eth0配错,应该是我的enp7s0f1接口名: firewall-cmd –permanent –direct –add-rule ipv4 filter FORWARD 0 -i ppp+ -o enp7s0f1 -j ACCEPT3、能到达内网,但INTERNET网又不通。
还是防火墙拦了,再加一个出接口许可规则。只要从外网接口ENP7S0F2出去的就允许。 firewall-cmd –permanent –direct –add-rule ipv4 filter FORWARD 0 -i ppp+ -o enp7s0f2 -j ACCEPT备注:
我的路由表:[root@oltsvr ~]# ip rdefault via 218.75.33.25 dev enp7s0f2 10.7.0.0/16 via 10.7.100.1 dev enp7s0f1 10.7.100.0/24 dev enp7s0f1 proto kernel scope link src 10.7.100.234 metric 100 10.11.0.0/16 via 10.7.100.1 dev enp7s0f1 10.12.0.0/16 via 10.7.100.1 dev enp7s0f1 10.13.0.0/16 via 10.7.100.1 dev enp7s0f1 10.14.0.0/16 via 10.7.100.1 dev enp7s0f1 192.168.100.1 dev ppp0 proto kernel scope link src 192.168.10.1 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 218.75.33.24/29 dev enp7s0f2 proto kernel scope link src 218.75.33.29
转载地址:http://noypi.baihongyu.com/