你好关于PPTP L2TP无限691 问题

[alroyso]

安装ubuntu 14.04 验证就无限 691 DEBIAN7.0 就可以，这是为什么呀

[ftao]

log 里面有什么呢？ /var/log/pptpd.log

[alroyso]

Using interface ppp0 Connect: ppp0 <--> /dev/pts/2 sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x51d39181> ] rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x51d39181> ] rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x567f3990> ] sent [LCP ConfRej id=0x1 ] rcvd [LCP ConfReq id=0x2 <mru 1400> <magic 0x567f3990> ] sent [LCP ConfAck id=0x2 <mru 1400> <magic 0x567f3990> ] sent [LCP EchoReq id=0x0 magic=0x51d39181] sent [CHAP Challenge id=0x35 <758505fede52a6bf4953db40d2e06716>, name = "pptpd"] rcvd [LCP Ident id=0x3 magic=0x567f3990 "MSRASV5.20"] rcvd [LCP Ident id=0x4 magic=0x567f3990 "MSRAS-0-USER-GD91F6BBDH"] rcvd [LCP Ident id=0x5 magic=0x567f3990 "\032Bs\37777777621V\37777777750\37777777625B\37777777630.P\37777777723\37777777673\r\37777777776\37777777620"] rcvd [LCP EchoRep id=0x0 magic=0x567f3990] rcvd [CHAP Response id=0x35 <7e81e10a69a04d9b93279d32eae0f754000000000000000056299489ee66b8cf9a69ee2b3f7eeb06ec75d1095fd74d4300>, name = "yaya"] Peer yaya failed CHAP authentication sent [CHAP Failure id=0x35 ""] sent [LCP TermReq id=0x2 "Authentication failed"] rcvd [CHAP Response id=0x35 <7e81e10a69a04d9b93279d32eae0f754000000000000000056299489ee66b8cf9a69ee2b3f7eeb06ec75d1095fd74d4300>, name = "yaya"] Discarded non-LCP packet when LCP not open rcvd [LCP TermAck id=0x2 "Authentication failed"] Connection terminated. RADATTR plugin removed file /var/run/radattr.ppp0. Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Using interface ppp0

[ftao]

/etc/ppp/chap-secrets 里面的密码是正确吗？ 你试试重启一下 pptpd , service pptpd restart

[alroyso]

我用的认证的。

[alroyso]

机器都重启了很多便了。

[alroyso]

这是DEBIAN7.8 上面的日志

Using interface ppp0 Connect: ppp0 <--> /dev/pts/1 sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xe7fb7ae2> ] rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x40c16a55> <mrru 1614> <endpoint [local:90.9c.7d.76.ec.77.44.7e.9f.cf.f9.74.dc.f5.f1.1f.00.00.00.02]>] sent [LCP ConfRej id=0x0 <mrru 1614>] rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x40c16a55> <endpoint [local:90.9c.7d.76.ec.77.44.7e.9f.cf.f9.74.dc.f5.f1.1f.00.00.00.02]>] sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x40c16a55> <endpoint [local:90.9c.7d.76.ec.77.44.7e.9f.cf.f9.74.dc.f5.f1.1f.00.00.00.02]>] sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xe7fb7ae2> ] rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xe7fb7ae2> ] sent [LCP EchoReq id=0x0 magic=0xe7fb7ae2] sent [CHAP Challenge id=0x43 <53f9013057a3c51d95514cd7070ef7ac>, name = "pptpd"] rcvd [LCP Ident id=0x2 magic=0x40c16a55 "MSRASV5.20"] rcvd [LCP Ident id=0x3 magic=0x40c16a55 "MSRAS-0-PC-20151212SOSU"] rcvd [LCP Ident id=0x4 magic=0x40c16a55 "\377777777405l]a\177D\37777777646O\021\37777777647p\37777777706S&"] rcvd [LCP EchoRep id=0x0 magic=0x40c16a55] rcvd [CHAP Response id=0x43 , name = "waiyouvpn"] rc_avpair_gen: received unknown attribute 85 of length 4: 0x00000258 rc_avpair_gen: received unknown attribute 25 of length 30: 0x5279069B000001370001DE492FB301D139C25C0D01D00000000000017AD6 RADATTR plugin wrote 5 line(s) to file /var/run/radattr.ppp0. sent [CHAP Success id=0x43 "S=215C786C7C3B48B1398C356D621F6C228FD4604F"] peer from calling number 58.50.9.31 authorized sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>] rcvd [CCP ConfReq id=0x5 <mppe +H -M -S -L -D +C>] sent [CCP ConfNak id=0x5 <mppe +H -M +S -L -D -C>] rcvd [IPCP ConfReq id=0x6 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>] sent [IPCP TermAck id=0x6] rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>] rcvd [CCP ConfReq id=0x7 <mppe +H -M +S -L -D -C>] sent [CCP ConfAck id=0x7 <mppe +H -M +S -L -D -C>] MPPE 128-bit stateless compression enabled sent [IPCP ConfReq id=0x1 <addr 10.10.0.1>] rcvd [IPCP ConfAck id=0x1 <addr 10.10.0.1>] rcvd [IPCP ConfReq id=0x8 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>] sent [IPCP ConfRej id=0x8 <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>] rcvd [IPCP ConfReq id=0x9 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>] sent [IPCP ConfNak id=0x9 <addr 10.10.0.100> <ms-dns1 8.8.4.4> <ms-dns2 8.8.8.8>] rcvd [IPCP ConfReq id=0xa <addr 10.10.0.100> <ms-dns1 8.8.4.4> <ms-dns2 8.8.8.8>] sent [IPCP ConfAck id=0xa <addr 10.10.0.100> <ms-dns1 8.8.4.4> <ms-dns2 8.8.8.8>] Cannot determine ethernet address for proxy ARP local IP address 10.10.0.1 remote IP address 10.10.0.100 pptpd-logwtmp.so ip-up ppp0 waiyouvpn 58.50.9.31 Script /etc/ppp/ip-up started (pid 4181) Script /etc/ppp/ip-up finished (pid 4181), status = 0x0

[ftao]

你是说是 你用的 radius 认证？

[alroyso]

是的。

[alroyso]

会不会是LIUNX 内核版本的问题？ 我发现只要是在 liunx 3.2 或者以下的都是可以的？

[ftao]

你可以再看看 radius 服务器的日志里面有没有什么线索？

[alroyso]

没有，就只有拒绝

[ftao]

开启一下 debug , /etc/pptpd.conf

# TAG: debug
#   Turns on (more) debugging to syslog
#
debug

然后 /var/log/syslog 里面看看有什么日志。

[alroyso]

Dec 22 02:04:33 vultr pptpd[2469]: CTRL: Client 58.50.9.31 control connection finished Dec 22 02:05:00 vultr dhclient: message repeated 106 times: [ DHCPREQUEST of 45.32.22.107 on eth0 to 169.254.169.254 port 67 (xid=0x2f4df30d)] Dec 22 02:05:19 vultr dhclient: DHCPREQUEST of 45.32.22.107 on eth0 to 255.255.255.255 port 67 (xid=0x2f4df30d) Dec 22 02:05:19 vultr dhclient: DHCPACK of 45.32.22.107 from 45.63.125.88 Dec 22 02:05:19 vultr dhclient: bound to 45.32.22.107 -- renewal in 1448 seconds. Dec 22 02:07:05 vultr pptpd[2499]: CTRL: Client 58.50.9.31 control connection started Dec 22 02:07:05 vultr pptpd[2499]: CTRL: Starting call (launching pppd, opening GRE) Dec 22 02:07:05 vultr pppd[2500]: Plugin radius.so loaded. Dec 22 02:07:05 vultr pppd[2500]: RADIUS plugin initialized. Dec 22 02:07:05 vultr pppd[2500]: Plugin radattr.so loaded. Dec 22 02:07:05 vultr pppd[2500]: RADATTR plugin initialized. Dec 22 02:07:05 vultr pppd[2500]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Dec 22 02:07:05 vultr pppd[2500]: pppd 2.4.5 started by root, uid 0 Dec 22 02:07:05 vultr pppd[2500]: Using interface ppp0 Dec 22 02:07:05 vultr pppd[2500]: Connect: ppp0 <--> /dev/pts/1 Dec 22 02:07:07 vultr pppd[2500]: Peer qq51vpn failed CHAP authentication Dec 22 02:07:07 vultr pppd[2500]: Connection terminated. Dec 22 02:07:07 vultr charon: 12[KNL] interface ppp0 deleted Dec 22 02:07:07 vultr pppd[2500]: Exit. Dec 22 02:07:07 vultr pptpd[2499]: GRE: read(fd=6,buffer=b77b7480,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs Dec 22 02:07:07 vultr pptpd[2499]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Dec 22 02:07:07 vultr pptpd[2499]: CTRL: Reaping child PPP[2500] Dec 22 02:07:07 vultr pptpd[2499]: CTRL: Client 58.50.9.31 control connection finished Dec 22 02:17:01 vultr CRON[2516]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

[ftao]

开启了 debug 要重启pptpd 的? 重启了吗？ 我觉得你排除法吧？ 所有的 ubuntu 14.04 都不可以吗？ 所有的用户都不可以登录吗？

[alroyso]

装过几台14.04 都是这样的。

[alroyso]

请问，有没有可以统计VPN上线多少人的脚本呀？

[alroyso]

好像冒失vultr 的VPS 就有这个问题，验证不上

[ftao]

那可能是 vultr 的系统或者网络问题。

[alroyso]

ipsec 都能认证通过可以连接上，但是就是PPTP L2TP 不行。

[alroyso]

问题解决了

[alroyso]

关于IKV2的问题，windows 无法连接 手机可以 是不是需要开启根证书 ipsec_cert_source: "gen" 这样是开启吗？

[ftao]

这个只是生成证书， window 需要把证书下载下来， 导入到系统里面。 请google 相关操作。

[alroyso]

我不知道证书的具体位置，是在那个地方？

[ftao]

see https://github.com/ftao/vpn-deploy-playbook/blob/master/roles/strongswan/tasks/gen_cert.yml#L14

https://github.com/ftao/vpn-deploy-playbook/blob/master/roles/strongswan/tasks/gen_cert.yml#L30

[alroyso]

ca_cert.pem windows 是不是只会导入这个证书就行了？ 但是还是连接不上。

[ftao]

现在推荐下面的办法， 使用 let's encrypt 生成有效的证书。 windows 7 以上 / ios 9 就都不需要导入证书， 直接配置就好。 不推荐折腾 自己签名了。

https://github.com/ftao/vpn-deploy-playbook/wiki/Setup-IKEv2-VPN-Server-with-SSL-Certs-from-Let's-Encrypt

[ftao]

这个关于 691 的问题，上面已经基本确认是 vultr 的问题。 这边做不了什么。 close this issue .