我配置了一个可以正常工作的 pptpd+pppd 服务器,目前已成功连接了两个 Windows 7 客户端。但是,当我尝试连接 Linux 客户端时,服务器和客户端都收到一个非常奇怪的交换,以“对等方拒绝验证”结尾。
这是来自服务器的日志:
pppd[8205]: using channel 51
pppd[8205]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[8205]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfNak id=0x1 <auth pap>]
pppd[8205]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP EchoReq id=0x0 magic=0x20b0750f]
pppd[8205]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[8205]: rcvd [LCP EchoReq id=0x0 magic=0x23d6bed3]
pppd[8205]: rcvd [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[8205]: sent [LCP TermAck id=0x3]
pppd[8205]: rcvd [LCP TermAck id=0x3]
pptpd[8204]: CTRL: Reaping child PPP[8205]
这是来自客户端的日志:
pppd[12077]: pppd options in effect:
pppd[12077]: debug # (from command line)
pppd[12077]: holdoff 10 # (from /etc/ppp/peers/home1)
pppd[12077]: persist # (from /etc/ppp/peers/home1)
pppd[12077]: dump # (from command line)
pppd[12077]: require-mschap-v2 # (from /etc/ppp/peers/home1)
pppd[12077]: refuse-pap # (from /etc/ppp/peers/home1)
pppd[12077]: refuse-mschap # (from /etc/ppp/peers/home1)
pppd[12077]: name <redacted> # (from /etc/ppp/peers/home1)
pppd[12077]: remotename <redacted> # (from /etc/ppp/peers/home1)
pppd[12077]: # (from /etc/ppp/options)
pppd[12077]: pty pptp <redacted> --nolaunchpppd # (from /etc/ppp/peers/home1)
pppd[12077]: crtscts # (from /etc/ppp/options)
pppd[12077]: # (from /etc/ppp/options)
pppd[12077]: asyncmap 0 # (from /etc/ppp/options)
pppd[12077]: lcp-echo-failure 4 # (from /etc/ppp/options)
pppd[12077]: lcp-echo-interval 30 # (from /etc/ppp/options)
pppd[12077]: hide-password # (from /etc/ppp/options)
pppd[12077]: proxyarp # (from /etc/ppp/options)
pppd[12077]: nobsdcomp # (from /etc/ppp/peers/home1)
pppd[12077]: nodeflate # (from /etc/ppp/peers/home1)
pppd[12077]: nomppe # (from /etc/ppp/peers/home1)
pppd[12077]: noipx # (from /etc/ppp/options)
pppd[12078]: pppd 2.4.5 started by <redacted>, uid 0
pppd[12078]: using channel 12
pppd[12078]: Using interface ppp0
pppd[12078]: Connect: ppp0 <--> /dev/pts/14
pptp[12079]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
pptp[12086]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
pppd[12078]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pptp[12086]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 1920).
pppd[12078]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[12078]: No auth is possible
pppd[12078]: sent [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[12078]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[12078]: sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[12078]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[12078]: rcvd [LCP ConfNak id=0x1 <auth pap>]
pppd[12078]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[12078]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[12078]: sent [LCP EchoReq id=0x0 magic=0x23d6bed3]
pppd[12078]: peer refused to authenticate: terminating link
pppd[12078]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[12078]: rcvd [LCP EchoReq id=0x0 magic=0x20b0750f]
pppd[12078]: rcvd [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[12078]: sent [LCP TermAck id=0x3]
pppd[12078]: rcvd [LCP TermAck id=0x3]
pppd[12078]: Connection terminated.
我真的很困惑这些行(来自服务器日志):
pppd[8205]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[8205]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfNak id=0x1 <auth pap>]
pppd[8205]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
如果我没看错的话,服务器请求 mschap-v2 身份验证,然后客户端拒绝(为什么?);之后客户端请求 mschap-v2 身份验证,然后服务器拒绝 pap(wtf?)导致双方都无需身份验证并且连接失败。
有人可以解释一下这里发生了什么吗?
答案1
弄清楚了。
问题在于在客户端为 pppd 提供了“auth”和“require-mschap-v2”选项。显然,只需将服务器端配置为请求身份验证,而将客户端配置为不请求任何类型的身份验证。发生的情况是,客户端要求服务器进行身份验证,但失败了。
答案2
我希望我的经历能帮助到其他到达这里的人。
当我遇到这种沟通尝试时,我发现最常见的问题根源是:
pppd[8205]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[8205]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfNak id=0x1 <auth pap>]
pppd[8205]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
... GRE 数据包未正确到达目的地。
请注意日志中的sent和rcvd行:存在某种通信,但还不够。
许多路由器不允许GRE 数据包(PPTP 上强制要求)才能跨越它们,但是大多数都有一些选项可以启用/禁用它。
就我的情况(NetGear Genie CG3100D 电缆调制解调器)而言,你可以通过以下方法解决:
Advanced --> Advanced Configuration --> Services -> PPTP PassThrough