我正在尝试使用运行 Ubuntu 10.04 的笔记本电脑连接到我的公司 VPN。这是一台公司笔记本电脑,但由于我选择运行 Linux 而不是“合适的”操作系统,因此我几乎只能靠自己来完成这些工作。通常情况下,这没问题,因为我几乎总是能成功 - 但这个问题已经困扰了我好几个星期了。
问题是我无法从家庭网络访问 VPN。我使用 Gnome 网络管理器界面配置 PPTP 连接,但无论我选择哪种选项组合、域\用户名格式、加密选项或身份验证方法,我都会得到完全相同的行为,基本上就是等待 10 秒钟,然后出现失败消息。
我检查了/var/log/daemon.log:
Aug 15 22:27:46 pc770-ubu NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...
Aug 15 22:27:46 pc770-ubu NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 4595
Aug 15 22:27:46 pc770-ubu NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections
Aug 15 22:27:50 pc770-ubu NetworkManager: <info> VPN plugin state changed: 3
Aug 15 22:27:50 pc770-ubu NetworkManager: <info> VPN connection 'VPN' (Connect) reply received.
Aug 15 22:27:50 pc770-ubu NetworkManager: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 15 22:27:50 pc770-ubu NetworkManager: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Aug 15 22:27:50 pc770-ubu pptp[4602]: nm-pptp-service-4595 log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Aug 15 22:27:50 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Aug 15 22:27:50 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Aug 15 22:27:50 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Aug 15 22:27:51 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Aug 15 22:27:51 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Aug 15 22:27:51 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 17382).
[ ** TEN SECOND DELAY ** ]
Aug 15 22:28:21 pc770-ubu NetworkManager: <info> VPN plugin failed: 1
Aug 15 22:28:21 pc770-ubu NetworkManager: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 15 22:28:21 pc770-ubu pptp[4602]: nm-pptp-service-4595 warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error
Aug 15 22:28:21 pc770-ubu pptp[4602]: nm-pptp-service-4595 warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
Aug 15 22:28:21 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[callmgr_main:pptp_callmgr.c:234]: Closing connection (unhandled)
Aug 15 22:28:21 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Aug 15 22:28:21 pc770-ubu pptp[4609]: nm-pptp-service-4595 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
Aug 15 22:28:21 pc770-ubu NetworkManager: <info> VPN plugin failed: 1
Aug 15 22:28:21 pc770-ubu NetworkManager: <info> VPN plugin failed: 1
Aug 15 22:28:21 pc770-ubu NetworkManager: <info> VPN plugin state changed: 6
Aug 15 22:28:21 pc770-ubu NetworkManager: <info> VPN plugin state change reason: 0
Aug 15 22:28:21 pc770-ubu NetworkManager: <WARN> connection_state_changed(): Could not process the request because no VPN connection was active.
Aug 15 22:28:34 pc770-ubu NetworkManager: <debug> [1281868114.002900] ensure_killed(): waiting for vpn service pid 4595 to exit
Aug 15 22:28:34 pc770-ubu NetworkManager: <debug> [1281868114.002975] ensure_killed(): vpn service pid 4595 cleaned up
我无法确定如何在此日志中启用额外的调试信息,因此我手动为 pppd 创建了一个非常相似的配置,然后使用“pon”启动它(我还验证了这个手动配置做当我在公司防火墙内时连接到 VPN):
$ sudo pon vpn debug dump logfd 2 nodetach
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
linkname vpn # (from /etc/ppp/peers/vpn)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
refuse-pap # (from /etc/ppp/options.pptp)
refuse-chap # (from /etc/ppp/options.pptp)
refuse-mschap # (from /etc/ppp/options.pptp)
refuse-eap # (from /etc/ppp/options.pptp)
name gnet\\dantliff # (from /etc/ppp/peers/vpn)
remotename vpn # (from /etc/ppp/peers/vpn)
# (from /etc/ppp/options.pptp)
pty pptp ***.***.***.*** --nolaunchpppd # (from /etc/ppp/peers/vpn)
crtscts # (from /etc/ppp/options)
# (from /etc/ppp/options)
asyncmap 0 # (from /etc/ppp/options)
lcp-echo-failure 4 # (from /etc/ppp/options)
lcp-echo-interval 30 # (from /etc/ppp/options)
hide-password # (from /etc/ppp/options)
ipparam vpn # (from /etc/ppp/peers/vpn)
proxyarp # (from /etc/ppp/options)
usepeerdns # (from /etc/ppp/peers/vpn)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
require-mppe # (from /etc/ppp/peers/vpn)
noipx # (from /etc/ppp/options)
using channel 7
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78e7bd1c> <pcomp> <accomp>]
LCP: timeout sending Config-Requests
Connection terminated.
Modem hangup
Waiting for 1 child processes...
script pptp ***.***.***.*** --nolaunchpppd , pid 4631
Script pptp ***.***.***.*** --nolaunchpppd finished (pid 4631), status = 0x0
我运行 Wireshark 来观察流量,似乎没有 LCP 回复返回到客户端。
更多信息:
笔记本电脑通过 WiFi 接入点(桥接模式)连接到互联网,然后通过 ADSL 路由器连接到互联网。ADSL 路由器和接入点上启用了 PPTP 直通。
如果我使用以太网电缆将笔记本电脑连接到 ADSL(以消除 WiFi),则没有任何改善。
另一台笔记本电脑(运行 Mac OSX)可以通过 WiFi 或电缆连接到 VPN。
另一个客户端Windows7能够通过电缆连接到VPN。
iPhone 可以通过 WiFi 连接到 VPN。
这台笔记本电脑是能够从公司防火墙内部连接到 VPN。
所以我有另外三台能够连接到目标 PPTP VPN 的设备,但有一台笔记本电脑无法连接,除非我将笔记本电脑移到目标网络内,它才能连接。
有什么想法我还可以尝试吗?我尝试过有条不紊地选择各种 VPN 选项,但结果没有任何变化。我还阅读了几篇 Ubuntu 论坛帖子,建议关闭 EAP,但这也无济于事。我现在不知道如何解决这个问题,接下来会发生什么?管理层会告诉我“我们告诉过你”,放弃 Linux 并改用 Windows 等“合适”的操作系统,而我真的不想这样做。
答案1
从未找到解决方案 – 而是改用 OpenVPN,并且运行良好。
答案2
我遇到了同样的问题,我想我已经解决了。我已取消选中“仅将此连接用于其网络上的资源”(单击 IPv4 设置选项卡上的路由)。一旦我删除此选项,我的连接就能够通过隧道进入我的 VPN。我在 PPTP 高级选项屏幕中的设置如下... 除 MSCHAPv2 外,所有身份验证选项均未选中。
MSCHAPv2 - not checked *
MPPE - checked *
Security - All Available *
Allow stateful encryption - not checked *
The following 3 options - checked *
ECHO packets - not checked *
我希望这最终能对你有所帮助并且你能够保留你的 Ubuntu 安装!
抢
答案3
我正在运行 Ubuntu 10.04,我设置了 2 个 VPN 连接,一个连接到我的办公室,一个连接到我客户的办公室。到我办公室的连接不起作用,但到我客户办公室的连接起作用。
我相信问题出在 Microsoft Server 上。
答案4
我得出结论,导致此问题的原因是我所连接的网络,而不是我自己的笔记本电脑或工作场所 VPN 中的任何内容。(AirPort Wi-Fi 丢弃与 VPN 相关的数据包?呃!)
这个帖子我自己的观察也支持这个结论。
最后我意识到我已经选中了 Tracking/NAT helpers 下的 GRE/PPTP 框(在 Tomato WebGUI 中,转到 Advanced->Conntrack/Netfilter,然后向下滚动到 Tracking/NAT helpers)但默认状态未选中。
所以我取消选中它,VPN 又开始工作了!