我在 Arch Linux 上设置了一个 PPTPD 服务器。如果我使用服务器的本地 IP(192.168.1.107)连接到 VPN,它可以正常工作,但如果我使用外部 IP 地址连接到 VPN,则客户端会出现错误 619。任何帮助都将不胜感激!
tcpdump port 1723
使用外部IP连接时的输出:
[root@EthanServer ~]# tcpdump port 1723
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp0s26f7u5, link-type EN10MB (Ethernet), capture size 262144 bytes
21:11:29.628860 IP c-[REDACTED].hsd1.va.comcast.net.50872 > EthanMiner.pptp: Flags [S], seq 2563111310, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
21:11:29.628944 IP EthanMiner.pptp > c-[REDACTED].hsd1.va.comcast.net.50872: Flags [S.], seq 4238964418, ack 2563111311, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
21:11:29.681978 IP c-[REDACTED].hsd1.va.comcast.net.50872 > EthanMiner.pptp: Flags [.], ack 1, win 256, length 0
21:11:29.682728 IP c-[REDACTED].hsd1.va.comcast.net.50872 > EthanMiner.pptp: Flags [P.], seq 1:157, ack 1, win 256, length 156: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(0) HOSTNAME() VENDOR(Microsoft)
21:11:29.682758 IP EthanMiner.pptp > c-[REDACTED].hsd1.va.comcast.net.50872: Flags [.], ack 157, win 237, length 0
21:11:29.684101 IP EthanMiner.pptp > c-[REDACTED].hsd1.va.comcast.net.50872: Flags [P.], seq 1:157, ack 157, win 237, length 156: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP() BEARER_CAP() MAX_CHAN(1) FIRM_REV(1) HOSTNAME(local) VENDOR(linux)
21:11:29.708106 IP c-[REDACTED].hsd1.va.comcast.net.50872 > EthanMiner.pptp: Flags [P.], seq 157:325, ack 157, win 256, length 168: pptp CTRL_MSGTYPE=OCRQ CALL_ID(50872) CALL_SER_NUM(3) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) PHONE_NO() SUB_ADDR()
21:11:29.708875 IP EthanMiner.pptp > c-[REDACTED].hsd1.va.comcast.net.50872: Flags [P.], seq 157:189, ack 325, win 245, length 32: pptp CTRL_MSGTYPE=OCRP CALL_ID(3072) PEER_CALL_ID(50872) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(100000000) RECV_WIN(64) PROC_DELAY(0) PHY_CHAN_ID(0)
21:11:29.738730 IP c-[REDACTED].hsd1.va.comcast.net.50872 > EthanMiner.pptp: Flags [P.], seq 325:349, ack 189, win 255, length 24: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(3072) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
21:11:29.788018 IP EthanMiner.pptp > c-[REDACTED].hsd1.va.comcast.net.50872: Flags [.], ack 349, win 245, length 0
21:11:30.057607 IP c-[REDACTED].hsd1.va.comcast.net.50872 > EthanMiner.pptp: Flags [P.], seq 325:349, ack 189, win 255, length 24: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(3072) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
21:11:30.057642 IP EthanMiner.pptp > c-[REDACTED].hsd1.va.comcast.net.50872: Flags [.], ack 349, win 245, options [nop,nop,sack 1 {325:349}], length 0
21:11:59.762429 IP EthanMiner.pptp > c-[REDACTED].hsd1.va.comcast.net.50872: Flags [F.], seq 189, ack 349, win 245, length 0
21:11:59.938132 IP c-[REDACTED].hsd1.va.comcast.net.50872 > EthanMiner.pptp: Flags [.], ack 190, win 255, length 0
21:11:59.941496 IP c-[REDACTED].hsd1.va.comcast.net.50872 > EthanMiner.pptp: Flags [F.], seq 349, ack 190, win 255, length 0
21:11:59.941532 IP EthanMiner.pptp > c-[REDACTED].hsd1.va.comcast.net.50872: Flags [.], ack 350, win 245, length 0
journalctl -xe
使用外部IP连接时的输出:
Feb 19 21:22:14 EthanServer pptpd[16355]: MGR: Maximum of 100 connections reduced to 16, not enough IP addresses given
Feb 19 21:22:14 EthanServer pptpd[16355]: MGR: Manager process started
Feb 19 21:22:14 EthanServer pptpd[16355]: MGR: Maximum of 16 connections available
Feb 19 21:22:14 EthanServer polkitd[12139]: Unregistered Authentication Agent for unix-process:16339:52723033 (system bus name :1.43, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale C) (disconnected from bus)
Feb 19 21:22:47 EthanServer pptpd[16366]: CTRL: Client 73.132.19.146 control connection started
Feb 19 21:22:47 EthanServer pptpd[16366]: CTRL: Starting call (launching pppd, opening GRE)
Feb 19 21:22:47 EthanServer pppd[16367]: pppd 2.4.7 started by root, uid 0
Feb 19 21:22:47 EthanServer pppd[16367]: Using interface ppp0
Feb 19 21:22:47 EthanServer pppd[16367]: Connect: ppp0 <--> /dev/pts/1
Feb 19 21:23:17 EthanServer pppd[16367]: LCP: timeout sending Config-Requests
Feb 19 21:23:17 EthanServer pppd[16367]: Connection terminated.
Feb 19 21:23:17 EthanServer pppd[16367]: Modem hangup
Feb 19 21:23:17 EthanServer pppd[16367]: Exit.
Feb 19 21:23:17 EthanServer pptpd[16366]: GRE: read(fd=6,buffer=611740,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Feb 19 21:23:17 EthanServer pptpd[16366]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Feb 19 21:23:17 EthanServer pptpd[16366]: CTRL: Reaping child PPP[16367]
Feb 19 21:23:17 EthanServer pptpd[16366]: CTRL: Client 73.132.19.146 control connection finished
Feb 19 21:23:17 EthanServer kernel: device wlp0s26f7u5 entered promiscuous mode
Feb 19 21:23:23 EthanServer kernel: device wlp0s26f7u5 left promiscuous mode
内容/etc/pptpd.conf
:
[root@EthanServer ~]# cat /etc/pptpd.conf
# Read man pptpd.conf, see samples in /usr/share/doc/pptpd
# and write your pptpd configuration here
option /etc/ppp/options.pptpd
localip 192.168.1.107
remoteip 192.168.1.240-255
内容/etc/ppp/options.pptpd
[root@EthanServer ~]# cat /etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nolog
ms-dns 8.8.8.8
ms-dns 8.8.4.4