我在 Virtual Box 上安装了 2 个 Ubuntu 64 位虚拟机。它们的名称和 IP 地址如下所示。我正在尝试在两台机器之间建立 PPPoE 连接。
nas 192.168.129.130 (This machine runs the PPPoE server)
home 192.168.129.37 (This machine runs the PPPoE client)
nas(网络接入服务器)上的相关配置文件如下所示。
/etc/ppp/pppoe 服务器选项
require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
defaultroute
noipdefault
/etc/ppp/chap-秘密
#client server secret IP addresses
home * "godfather" *
nas * "godfather" *
/etc/ppp/ip地址池
192.168.129.20-40
/etc/ppp/pppoe_start
PPPOE_IFACE="eth0"
PPPOE_IFACE_ADDR="192.168.129.31"
#Start PPPoE Server
sleep 5
pppoe-server -C isp -L $PPPOE_IFACE_ADDR -p /etc/ppp/ipaddress_pool -I $PPPOE_IFACE -m 1412
/etc/ppp/pppoe_stop
killall pppoe-server
主页(客户端)上的相关配置文件如下所示。
/etc/ppp/chap_secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
nas * "godfather" *
home * "godfather" *
/etc/ppp/peers/myisp
plugin rp-pppoe.so
eth0
user root
我使用以下命令启动 PPPoE 服务器。
sudo /etc/ppp/pppoe_start
我使用以下命令启动客户端
sudo pppd call myisp
我在 eth0 上运行 tcpdump 来查看 PADI、PADO、PADR、PADS 和 PADT。在 nas 服务器上运行的 tcpdump 的输出如下所示。
sudo tcpdump -i eth0 -n 以太协议 0x8863'||' 以太协议 0x8864 [sudo] karthik 的密码:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:47:25.173507 PPPoE PADI [Service-Name] [Host-Uniq 0xCF0A0000]
12:47:25.173609 PPPoE PADO [AC-Name "nzhmlbld06l"] [Service-Name] [AC-Cookie 0x18F0FDB21859639108D61444C8A611F4D2080000] [Host-Uniq 0xCF0A0000]
12:47:25.173661 PPPoE PADO [AC-Name "isp"] [Service-Name] [AC-Cookie 0xF07AE7E13B3BDFACCCE03C14A0A60C7D49090000] [Host-Uniq 0xCF0A0000]
12:47:25.173777 PPPoE PADR [Service-Name] [Host-Uniq 0xCF0A0000] [AC-Cookie 0x18F0FDB21859639108D61444C8A611F4D2080000]
12:47:25.174239 PPPoE PADS [ses 0xa] [Service-Name] [Host-Uniq 0xCF0A0000]
12:47:25.174929 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 1, length 21
12:47:26.180431 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 1, length 16
12:47:26.180676 PPPoE [ses 0xa] LCP, Conf-Ack (0x02), id 1, length 16
12:47:28.177393 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 1, length 21
12:47:28.179020 PPPoE [ses 0xa] LCP, Conf-Reject (0x04), id 1, length 11
12:47:28.179295 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 2, length 16
12:47:28.181036 PPPoE [ses 0xa] LCP, Conf-Ack (0x02), id 2, length 16
12:47:28.181045 PPPoE [ses 0xa] LCP, Echo-Request (0x09), id 0, length 10
12:47:28.181464 PPPoE [ses 0xa] LCP, Echo-Request (0x09), id 0, length 10
12:47:28.181638 PPPoE [ses 0xa] LCP, Term-Request (0x05), id 3, length 34
12:47:28.182984 PPPoE [ses 0xa] LCP, Echo-Reply (0x0a), id 0, length 10
12:47:28.182992 PPPoE [ses 0xa] LCP, Term-Ack (0x06), id 3, length 6
12:47:31.217784 PPPoE PADT [ses 0xa] [Generic-Error "RP-PPPoE: Child pppd process terminated"]
我无法理解为什么会打印“Generic-Error“RP-PPPoE:子 pppd 进程终止”错误消息。我的配置有问题吗?如能提供任何建议或指示,我将不胜感激。
我已经为客户端和服务器添加了调试转储,这是我在客户端上获得的 /var/log/syslog。
Aug 19 08:42:22 home pppd[2183]: Plugin rp-pppoe.so loaded.
Aug 19 08:42:22 home pppd[2183]: pppd options in effect:
Aug 19 08:42:22 home pppd[2183]: debug#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: dump#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: plugin rp-pppoe.so#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: +chap#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: user root#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: asyncmap 0#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: lcp-echo-failure 4#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: lcp-echo-interval 30#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: hide-password#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: noipx#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2184]: pppd 2.4.5 started by root, uid 0
Aug 19 08:42:22 home pppd[2184]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Aug 19 08:42:22 home pppd[2184]: dst ff:ff:ff:ff:ff:ff src 8:0:27:21:a9:d
Aug 19 08:42:22 home pppd[2184]: [service-name] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 51
Aug 19 08:42:22 home pppd[2184]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 08:42:22 home pppd[2184]: [AC-name nzhmlbld06l] [service-name] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Send PPPOE Discovery V1T1 PADR session 0x0 length 36
Aug 19 08:42:22 home pppd[2184]: dst c8:60:0:ca:eb:83 src 8:0:27:21:a9:d
Aug 19 08:42:22 home pppd[2184]: [service-name] [host-uniq 88 08 00 00] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 43
Aug 19 08:42:22 home pppd[2184]: dst 8:0:27:21:a9:d src 8:0:27:50:1d:d3
Aug 19 08:42:22 home pppd[2184]: [AC-name isp] [service-name] [AC-cookie ff 29 7b e4 ad 78 bd 39 db 78 61 ff f7 92 ff 0c f2 0a 00 00] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Recv PPPOE Discovery V1T1 PADS session 0x15 length 12
Aug 19 08:42:22 home pppd[2184]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 08:42:22 home pppd[2184]: [service-name] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: PADS: Service-Name: ''
Aug 19 08:42:22 home pppd[2184]: PPP session is 21
Aug 19 08:42:22 home pppd[2184]: Connected to c8:60:00:ca:eb:83 via interface eth0
Aug 19 08:42:22 home pppd[2184]: using channel 4
Aug 19 08:42:22 home pppd[2184]: Using interface ppp0
Aug 19 08:42:22 home pppd[2184]: Connect: ppp0 <--> eth0
Aug 19 08:42:22 home pppd[2184]: sent [LCP ConfReq id=0x1 <mru 1492> <auth chap MD5> <magic 0x936c3d3f>]
Aug 19 08:42:22 home NetworkManager[521]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 08:42:22 home NetworkManager[521]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Aug 19 08:42:23 home pppd[2184]: rcvd [LCP ConfReq id=0x1 <auth pap> <magic 0x4c48e2bb>]
Aug 19 08:42:23 home pppd[2184]: sent [LCP ConfAck id=0x1 <auth pap> <magic 0x4c48e2bb>]
Aug 19 08:42:25 home pppd[2184]: sent [LCP ConfReq id=0x1 <mru 1492> <auth chap MD5> <magic 0x936c3d3f>]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP ConfRej id=0x1 <auth chap MD5>]
Aug 19 08:42:25 home pppd[2184]: sent [LCP ConfReq id=0x2 <mru 1492> <magic 0x936c3d3f>]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP ConfAck id=0x2 <mru 1492> <magic 0x936c3d3f>]
Aug 19 08:42:25 home pppd[2184]: sent [LCP EchoReq id=0x0 magic=0x936c3d3f]
Aug 19 08:42:25 home pppd[2184]: peer refused to authenticate: terminating link
Aug 19 08:42:25 home pppd[2184]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP EchoReq id=0x0 magic=0x4c48e2bb]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP EchoRep id=0x0 magic=0x4c48e2bb]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP TermAck id=0x3]
Aug 19 08:42:25 home pppd[2184]: Connection terminated.
Aug 19 08:42:25 home avahi-daemon[523]: Withdrawing workstation service for ppp0.
Aug 19 08:42:25 home NetworkManager[521]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 08:42:25 home pppd[2184]: Exit.
我现在已将我的 /etc/ppp/pap-secrets 文件修改为如下所示。
# INBOUND connections
# Every regular user can use PPP and has to use passwords from /etc/passwd
karthik * "godfather" *
#karthik * "godfather" *
#home * "godfather" *
# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
# other accounts that should not be able to use pppd!
guest hostname "*" -
master hostname "*" -
#root hostname "*" -
support hostname "*" -
stats hostname "*" -
服务器上的 /etc/ppp/pap-secrets 文件如下所示。
# OUTBOUND connections
# Here you should add your userid password to connect to your providers via
# PAP. The * means that the password is to be used for ANY host you connect
# to. Thus you do not have to worry about the foreign machine name. Just
# replace password with your password.
# If you have different providers with different passwords then you better
# remove the following
* "godfather"
我还将 /etc/ppp/peers/myisp 中的用户从 root 更改为 karthik。从调试消息(/var/log/syslog)中,我在客户端上获得以下内容。
Aug 19 11:24:55 home pppd[2920]: Plugin rp-pppoe.so loaded.
Aug 19 11:24:55 home pppd[2920]: pppd options in effect:
Aug 19 11:24:55 home pppd[2920]: debug#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: dump#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: plugin rp-pppoe.so#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: noauth#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: user karthik#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: asyncmap 0#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: lcp-echo-failure 4#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: lcp-echo-interval 30#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: show-password#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: noipx#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2921]: pppd 2.4.5 started by root, uid 0
Aug 19 11:24:55 home pppd[2921]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Aug 19 11:24:55 home pppd[2921]: dst ff:ff:ff:ff:ff:ff src 8:0:27:21:a9:d
Aug 19 11:24:55 home pppd[2921]: [service-name] [host-uniq 69 0b 00 00]
Aug 19 11:24:55 home pppd[2921]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 51
Aug 19 11:24:55 home pppd[2921]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 11:24:55 home pppd[2921]: [AC-name nzhmlbld06l] [service-name] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00] [host-uniq 69 0b 00 00]
Aug 19 11:24:55 home pppd[2921]: Send PPPOE Discovery V1T1 PADR session 0x0 length 36
Aug 19 11:24:55 home pppd[2921]: dst c8:60:0:ca:eb:83 src 8:0:27:21:a9:d
Aug 19 11:24:55 home pppd[2921]: [service-name] [host-uniq 69 0b 00 00] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00]
Aug 19 11:24:55 home pppd[2921]: Recv PPPOE Discovery V1T1 PADS session 0x12 length 12
Aug 19 11:24:55 home pppd[2921]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 11:24:55 home pppd[2921]: [service-name] [host-uniq 69 0b 00 00]
Aug 19 11:24:55 home pppd[2921]: PADS: Service-Name: ''
Aug 19 11:24:55 home pppd[2921]: PPP session is 18
Aug 19 11:24:55 home pppd[2921]: Connected to c8:60:00:ca:eb:83 via interface eth0
Aug 19 11:24:55 home pppd[2921]: using channel 61
Aug 19 11:24:55 home NetworkManager[626]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 11:24:55 home NetworkManager[626]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Aug 19 11:24:55 home pppd[2921]: Using interface ppp0
Aug 19 11:24:55 home pppd[2921]: Connect: ppp0 <--> eth0
Aug 19 11:24:55 home pppd[2921]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xd1bab5a5>]
Aug 19 11:24:56 home pppd[2921]: rcvd [LCP ConfReq id=0x1 <auth pap> <magic 0x7d403be7>]
Aug 19 11:24:56 home pppd[2921]: sent [LCP ConfAck id=0x1 <auth pap> <magic 0x7d403be7>]
Aug 19 11:24:58 home pppd[2921]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xd1bab5a5>]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0xd1bab5a5>]
Aug 19 11:24:58 home pppd[2921]: sent [LCP EchoReq id=0x0 magic=0xd1bab5a5]
Aug 19 11:24:58 home pppd[2921]: sent [PAP AuthReq id=0x1 user="karthik" password="godfather"]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP EchoReq id=0x0 magic=0x7d403be7]
Aug 19 11:24:58 home pppd[2921]: sent [LCP EchoRep id=0x0 magic=0xd1bab5a5]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP EchoRep id=0x0 magic=0x7d403be7]
Aug 19 11:24:58 home pppd[2921]: rcvd [PAP AuthNak id=0x1 "Login incorrect"]
Aug 19 11:24:58 home pppd[2921]: Remote message: Login incorrect
Aug 19 11:24:58 home pppd[2921]: PAP authentication failed
Aug 19 11:24:58 home pppd[2921]: sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP TermReq id=0x2 "Authentication failed"]
Aug 19 11:24:58 home pppd[2921]: sent [LCP TermAck id=0x2]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP TermAck id=0x2]
Aug 19 11:24:58 home pppd[2921]: Connection terminated.
Aug 19 11:24:58 home avahi-daemon[628]: Withdrawing workstation service for ppp0.
Aug 19 11:24:58 home NetworkManager[626]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 11:24:58 home pppd[2921]: Exit.
从日志来看,客户端似乎正在向服务器发送正确的用户名和密码。但是服务器由于某种原因无法使用秘密“godfather”对用户 karthik 进行身份验证。我怀疑服务器上的 pap-secrets 文件配置存在一些错误。但无法弄清楚是什么。有人可以指出我正确的方向吗?
答案1
解释是“对等方拒绝验证”。它由您的客户端的 pppd 记录,因此服务器是它所指的对等方。
PPP 本质上不是客户端-服务器协议。它是对称的。这意味着连接的每一端都可以要求另一端进行身份验证。在类似 ISP 的配置中,身份验证是单向的。客户端向服务器证明其身份,但服务器不会向客户端证明其身份。
如果要使用这种类型的设置,则必须为客户端的 pppd 提供选项noauth,告诉它不需要服务器进行身份验证。将其添加到/etc/ppp/peers/myisp应该可以做到。
如果您想进行双向验证,这也是可行的。
更新
由于您已发布最新日志,因此新问题是选项login。login意味着客户端的 PAP 密码应与系统用户数据库中的用户密码(即/etc/passwd和朋友)相匹配。如果您尝试通过 专门定义密码pap-secrets,请删除该login选项。