无法连接到 Ubuntu 上的 PPTP VPN 服务器

无法连接到 Ubuntu 上的 PPTP VPN 服务器

我正在尝试连接到 PPTP VPN 服务器。同样的配置在 Windows 中运行良好,但在 Ubuntu 12.10 中失败。一定是配置问题。

sudo pptpsetup --create MYVPN --server xxx.xxx.xxx.xxx --username username --password password

一切都设置正确。但是当我尝试实际运行 VPN 时,我得到了以下信息:

$ sudo pppd call MYVPN updetach
Using interface ppp1
Connect: ppp1 <--> /dev/pts/2
LCP: timeout sending Config-Requests
Connection terminated.
Modem hangup

当我这样做以获取更多详细信息时:

tail -n 30 /var/log/syslog | grep -i ppp

Mar 18 06:33:08 tp pppd[5082]: pppd 2.4.5 started by root, uid 0
Mar 18 06:33:08 tp pppd[5082]: Using interface ppp1
Mar 18 06:33:08 tp pppd[5082]: Connect: ppp1 <--> /dev/pts/2
Mar 18 06:33:08 tp NetworkManager[988]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp1, iface: ppp1)
Mar 18 06:33:08 tp NetworkManager[988]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp1, iface: ppp1): no ifupdown configuration found.
Mar 18 06:33:08 tp NetworkManager[988]: <warn> /sys/devices/virtual/net/ppp1: couldn't determine device driver; ignoring...
Mar 18 06:34:18 tp pppd[5082]: LCP: timeout sending Config-Requests
Mar 18 06:34:18 tp pppd[5082]: Connection terminated.
Mar 18 06:34:18 tp NetworkManager[988]:    SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp1, iface: ppp1)
Mar 18 06:34:18 tp pppd[5082]: Modem hangup
Mar 18 06:34:18 tp pptp[5084]: anon warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
Mar 18 06:34:18 tp pppd[5082]: Exit.

为什么无法连接?它在 Windows 上运行良好,因此一定是 Ubuntu 12.10 设置出了问题...

编辑:

sudo pppd call MYVPN debug dump logfd 2 updetach

是否有关于如何利用这些信息来查看可能出了什么问题的信息?

    pppd options in effect:
debug       # (from command line)
updetach        # (from command line)
logfd 2     # (from command line)
dump        # (from command line)
noauth      # (from /etc/ppp/peers/MYVPN)
name username       # (from /etc/ppp/peers/MYVPN)
remotename MYVPN        # (from /etc/ppp/peers/MYVPN)
        # (from /etc/ppp/peers/MYVPN)
pty pptp xxx.xxx.xxx.xxx --nolaunchpppd     # (from /etc/ppp/peers/MYVPN)
crtscts     # (from /etc/ppp/options)
        # (from /etc/ppp/options)
asyncmap 0      # (from /etc/ppp/options)
lcp-echo-failure 4      # (from /etc/ppp/options)
lcp-echo-interval 30        # (from /etc/ppp/options)
hide-password       # (from /etc/ppp/options)
ipparam MYVPN       # (from /etc/ppp/peers/MYVPN)
nobsdcomp       # (from /etc/ppp/peers/MYVPN)
nodeflate       # (from /etc/ppp/peers/MYVPN)
noipx       # (from /etc/ppp/options)
using channel 27
Using interface ppp1
Connect: ppp1 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MD5> <magic 0x27f847d4> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:f8.7d.55.9e.60.00.42.53.ac.37.23.b6.c9.f4.6d.2f.00.00.00.00]> < 17 04 01 00>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 01 00>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MD5> <magic 0x27f847d4> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:f8.7d.55.9e.60.00.42.53.ac.37.23.b6.c9.f4.6d.2f.00.00.00.00]> < 17 04 01 00>]
sent [LCP ConfRej id=0x1 <callback CBCP> <mrru 1614> < 17 04 01 00>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x4 <mru 1400> <auth chap MD5> <magic 0x27f847d4> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:f8.7d.55.9e.60.00.42.53.ac.37.23.b6.c9.f4.6d.2f.00.00.00.00]> < 17 04 01 00>]
sent [LCP ConfRej id=0x4 <callback CBCP> <mrru 1614> < 17 04 01 00>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x6 <mru 1400> <auth chap MD5> <magic 0x27f847d4> <pcomp> <accomp> <endpoint [local:f8.7d.55.9e.60.00.42.53.ac.37.23.b6.c9.f4.6d.2f.00.00.00.00]>]
sent [LCP ConfAck id=0x6 <mru 1400> <auth chap MD5> <magic 0x27f847d4> <pcomp> <accomp> <endpoint [local:f8.7d.55.9e.60.00.42.53.ac.37.23.b6.c9.f4.6d.2f.00.00.00.00]>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x9 <mru 1400> <auth chap MD5> <magic 0x27f847d4> <pcomp> <accomp> <endpoint [local:f8.7d.55.9e.60.00.42.53.ac.37.23.b6.c9.f4.6d.2f.00.00.00.00]>]
sent [LCP ConfAck id=0x9 <mru 1400> <auth chap MD5> <magic 0x27f847d4> <pcomp> <accomp> <endpoint [local:f8.7d.55.9e.60.00.42.53.ac.37.23.b6.c9.f4.6d.2f.00.00.00.00]>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e812c17> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0xc <mru 1400> <auth chap MD5> <magic 0x27f847d4> <pcomp> <accomp> <endpoint [local:f8.7d.55.9e.60.00.42.53.ac.37.23.b6.c9.f4.6d.2f.00.00.00.00]>]
sent [LCP ConfAck id=0xc <mru 1400> <auth chap MD5> <magic 0x27f847d4> <pcomp> <accomp> <endpoint [local:f8.7d.55.9e.60.00.42.53.ac.37.23.b6.c9.f4.6d.2f.00.00.00.00]>]
LCP: timeout sending Config-Requests
Connection terminated.
Modem hangup
Waiting for 1 child processes...
  script pptp xxx.xxx.xx.xxx --nolaunchpppd, pid 6815
Script pptp xxx.xxx.xx.xxx --nolaunchpppd finished (pid 6815), status = 0x0

答案1

我在 VPN 上遇到了完全相同的问题,该问题在 Ubuntu 14.04 LTS 上安装 Utopic HWE 内核 3.16.0 后开始出现。

经过研究我找到了问题的根本原因:

Using interface ppp0
Connect: ppp0 <--> /dev/pts/4
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic0x792e9abe> <pcomp> <accomp>]  
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x792e9abe> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x792e9abe> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x792e9abe> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x792e9abe> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x792e9abe> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x792e9abe> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x792e9abe> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x792e9abe> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x792e9abe> <pcomp> <accomp>]
LCP: timeout sending Config-Requests
Connection terminated.
Modem hangup

根本原因是启动时没有加载两个必需的 netfilter 内核模块:

nf_conntrack_pptp
nf_conntrack_proto_gre

解决方法:加载nf_conntrack_pptp模块,后者是其依赖项,会自动加载。

sudo modprobe nf_conntrack_pptp

参考:

答案2

我在 Google 上搜索了一段时间的“LCP:发送配置请求超时”,但找不到解决方案。有些帖子说这与路由器设置有关,但我的 MAC 和安卓手机连接没有问题,所以这不是我的路由器的问题。

在仔细研究了 ppp 设置后,我找到了适合我的解决方案。编辑 /etc/ppp/options,启用选项 silent,然后问题就解决了。

    # With this option, pppd will not transmit LCP packets to initiate a
    # connection until a valid LCP packet is received from the peer (as for
    # the "passive" option with old versions of pppd).
    silent

我使用 Ubuntu 12.04,并从 GUI 设置 VPN

答案3

对于大多数发行版,您必须为某些 PPTP/VPN 服务器加载nf_conntrack_pptpnf_conntrack_proto_gre内核模块。这可以通过以下方式完成:

$ sudo modprobe nf_conntrack_pptp

nf_conntrack_proto_gre作为依赖项自动加载nf_conntrack_pptp

答案4

其他解决方案都没用,但我找到了另一个解决方案。遇到了同样的错误,尝试连接但超时了。

调试

我照做了$ tail -f /var/log/syslog,看到了大约 10 行这样的消息:

4 月 21 日 22:20:37 用户 PC 内核:[3008.652602] [UFW BLOCK] IN=wlxxxxxxxxxxxx OUT= MAC=00:a0:a0:00:00:00:a0:a0:a0:00:00:00:00:00 SRC=111.222.333.444 DST=111.222.333.444 LEN=54 TOS=0x00 PREC=0x00 TTL=59 ID=43069 PROTO=47

然后出现失败消息

4 月 21 日 22:20:38 tp pppd[5082]: LCP: 发送配置请求超时

使固定

由于我看到 [UFW BLOCK],我发现 UFW(防火墙)正在阻止传入流量。然后使用以下命令向 UFW 添加规则以允许来自我的 VPN 客户端的流量:

$ sudo ufw allow proto gre from [ip_of_pptp_server]
$ sudo service ufw restart

然后我尝试重新连接 PPTP VPN,并且成功了。

相关内容