CentOS5(64bit)でpptpd †更新日 2017-01-11 (水) 19:30:28
iptable(ファイアウォール)の設定 †
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT ←追加 -A INPUT -i lo -j ACCEPT ←追加 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT ←確認なければ追加 -A INPUT -p gre -j ACCEPT -A OUTPUT -p gre -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 1723 -j ACCEPT ←追加 -A INPUT -m state --state NEW -m tcp -p tcp --dport 5080 -j ACCEPT
接続成功時 Jan 8 19:57:18 gw2 pptpd[1860]: CTRL: Client 180.131.111.189 control connection started Jan 8 19:57:18 gw2 pptpd[1860]: CTRL: Starting call (launching pppd, opening GRE) Jan 8 19:57:18 gw2 kernel: conntrack: generic helper won't handle protocol 47. Please consider loading the specific helper module. Jan 8 19:57:18 gw2 pppd[1861]: Warning: can't open options file /root/.ppprc: Permission denied Jan 8 19:57:18 gw2 pppd[1861]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded. Jan 8 19:57:18 gw2 pppd[1861]: pptpd-logwtmp: $Version$ Jan 8 19:57:18 gw2 kernel: PPP generic driver version 2.4.2 Jan 8 19:57:18 gw2 pppd[1861]: pppd 2.4.5 started by root, uid 0 Jan 8 19:57:18 gw2 pppd[1861]: Using interface ppp0 Jan 8 19:57:18 gw2 pppd[1861]: Connect: ppp0 <--> /dev/pts/1 Jan 8 19:57:18 gw2 pptpd[1860]: GRE: Bad checksum from pppd. Jan 8 19:57:20 gw2 pppd[1861]: peer from calling number 180.131.111.189 authorized Jan 8 19:57:20 gw2 pppd[1861]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received Jan 8 19:57:20 gw2 kernel: PPP MPPE Compression module registered Jan 8 19:57:20 gw2 pppd[1861]: MPPE 128-bit stateless compression enabled Jan 8 19:57:23 gw2 pppd[1861]: found interface eth0 for proxy arp Jan 8 19:57:23 gw2 pppd[1861]: local IP address 192.168.31.1 Jan 8 19:57:23 gw2 pppd[1861]: remote IP address 192.168.31.121 Jan 8 19:57:23 gw2 pppd[1861]: pptpd-logwtmp.so ip-up ppp0 okada-p 180.131.111.189 Jan 8 19:57:23 gw2 pppd[1895]: Can't execute /etc/ppp/ip-up: Permission denied インストール †http://poptop.sourceforge.net/yum/stable/packages/からpptpd-1.3.4-1.rhel5.1.x86_64.rpmをDownlaod vine4.xにインストールするときはpptpd-1.3.4-1.rhel3.i386.rpmを使用すれば 同じようにインストールできた。 # rpm -ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm マシン構成 eth1 Link encap:Ethernet HWaddr 00:00:21:DD:DE:CE inet addr:10.1.5.217 Bcast:10.255.255.255 Mask:255.0.0.0 inet6 addr: fe80::200:21ff:fedd:dece/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:270436 errors:0 dropped:0 overruns:0 frame:0 TX packets:29742 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:63947788 (60.9 MiB) TX bytes:3462243 (3.3 MiB) eth1:0 Link encap:Ethernet HWaddr 00:00:21:DD:DE:CE inet addr:192.168.40.1 Bcast:192.168.40.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 設定 †以下の3つのファイルを設定する /etc/pptpd.conf option /etc/ppp/options.pptpd <==オプション記述ファイルの指定(確認) ##debug debug <==デバッグモードにしておく接続の様子がわかる。 # (Recommended) #localip 192.168.0.1 #remoteip 192.168.0.234-238,192.168.0.245 # or #localip 192.168.0.234-238,192.168.0.245 #remoteip 192.168.1.234-238,192.168.1.245 localip 192.168.40.1 <=pptpサーバのインターフェイスになるIP remoteip 192.168.40.201-220 <=pptpクライアントに配布するIPアドレス範囲 /etc/ppp/options.pptpd name pptpd <==サーバネーム # Enable connection debugging facilities. # (see your syslog configuration for where pppd sends to) ##debug debug <==デバッグモードにしておく接続の様子がわかる。 # Print out all the option values which have been set. # (often requested by mailing list to verify options) ##dump dump <==デバッグモードにしておく接続の様子がわかる。 /etc/ppp/chap-secrets 接続するユーザおよびパスワードと接続許可アドレスを指定する # Secrets for authentication using CHAP # client server secret IP addresses ####### redhat-config-network will overwrite this part!!! (begin) ########## ####### redhat-config-network will overwrite this part!!! (end) ############ okada pptpd [パスワード] * <==「*」ですべて許可 ^^^options.pptpdのサーバネーム 起動 †# /etc/rc.d/init.d/pptpd start 再起動 †# /etc/rc.d/init.d/pptpd restart-kill 注)接続がうまくいかなくなったときはrestart-killをしただけでは以下のようなppp0のネットワークが残るので、そのときはstopさせてstartさせる $ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.30.202 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 そしてそのときは/var/log/messagesに以下のlogがあるかも Jan 12 20:58:45 localhost pptpd[5907]: CTRL: Client xxx.xxx.xx.xxx control connection started Jan 12 20:58:46 localhost pptpd[5907]: CTRL: Starting call (launching pppd, opening GRE) Jan 12 20:58:46 localhost pppd[5908]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded. Jan 12 20:58:46 localhost pppd[5908]: pppd 2.4.4 started by root, uid 0 Jan 12 20:58:46 localhost pppd[5908]: Using interface ppp0 Jan 12 20:58:46 localhost pppd[5908]: Connect: ppp0 <--> /dev/pts/1 Jan 12 20:59:16 localhost pppd[5908]: LCP: timeout sending Config-Requests Jan 12 20:59:16 localhost pppd[5908]: Connection terminated. Jan 12 20:59:16 localhost pppd[5908]: Modem hangup Jan 12 20:59:16 localhost pppd[5908]: Exit. Jan 12 20:59:16 localhost pptpd[5907]: GRE: read(fd=6,buffer=611860,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs Jan 12 20:59:16 localhost pptpd[5907]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Jan 12 20:59:16 localhost pptpd[5907]: CTRL: Client xxx.xxx.xx.xxx control connection finished IPが2つのときforwardの確認 # cat /proc/sys/net/ipv4/ip_forward 1 必要なら # echo 1 > /proc/sys/net/ipv4/ip_forward Windowsからの接続 †pptp接続で ユーザ名:okada パスワード:***** defalutゲートウェイをpptpにしないようにTCP/IPの詳細設定で log †/var/log/messages 接続時 Jan 8 15:16:52 localhost pptpd[19101]: CTRL: Client 10.99.99.104 control connection started Jan 8 15:16:52 localhost pptpd[19101]: CTRL: Starting call (launching pppd, opening GRE) Jan 8 15:16:52 localhost pppd[19102]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded. Jan 8 15:16:52 localhost pppd[19102]: pptpd-logwtmp: $Version$ Jan 8 15:16:52 localhost pppd[19102]: pppd options in effect: Jan 8 15:16:52 localhost pppd[19102]: debug # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: nologfd # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: dump # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: plugin /usr/lib64/pptpd/pptpd-logwtmp.so # (from command line) Jan 8 15:16:52 localhost pppd[19102]: require-mschap-v2 # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: refuse-pap # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: refuse-chap # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: refuse-mschap # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: name pptpd # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: pptpd-original-ip 10.99.99.104 # (from command line) Jan 8 15:16:52 localhost pppd[19102]: 115200 # (from command line) Jan 8 15:16:52 localhost pppd[19102]: lock # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: local # (from command line) Jan 8 15:16:52 localhost pppd[19102]: novj # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: novjccomp # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: ipparam 10.99.99.104 # (from command line) Jan 8 15:16:52 localhost pppd[19102]: nodefaultroute # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: proxyarp # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: 192.168.40.1:192.168.40.201 # (from command line) Jan 8 15:16:52 localhost pppd[19102]: nobsdcomp # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: require-mppe-128 # (from /etc/ppp/options.pptpd) Jan 8 15:16:52 localhost pppd[19102]: pppd 2.4.4 started by root, uid 0 Jan 8 15:16:52 localhost pppd[19102]: Using interface ppp0 Jan 8 15:16:52 localhost pppd[19102]: Connect: ppp0 <--> /dev/pts/6 Jan 8 15:16:52 localhost pptpd[19101]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jan 8 15:16:52 localhost pppd[19102]: MPPE 128-bit stateless compression enabled Jan 8 15:16:54 localhost pppd[19102]: found interface eth1 for proxy arp Jan 8 15:16:54 localhost pppd[19102]: local IP address 192.168.40.1 Jan 8 15:16:54 localhost pppd[19102]: remote IP address 192.168.40.201 Jan 8 15:16:54 localhost pppd[19102]: pptpd-logwtmp.so ip-up ppp0 okada 10.99.99.104 Jan 8 15:16:56 localhost setroubleshoot: SELinux is preventing /usr/sbin/pppd (pppd_t) "write" access to wtmp (wtmp_t). For complete SELinux messages. run sealert -l 30ea44bd-6549-4baa-b00b-7c6388bbfdca 切断時 Jan 8 14:45:39 localhost pppd[8407]: LCP terminated by peer (^Dj1^G^@<M- Mt^@^@^@^@) Jan 8 14:45:39 localhost pppd[8407]: Connect time 3.0 minutes. Jan 8 14:45:39 localhost pppd[8407]: Sent 0 bytes, received 15626 bytes. Jan 8 14:45:39 localhost pppd[8407]: Modem hangup Jan 8 14:45:39 localhost pppd[8407]: Connection terminated. Jan 8 14:45:40 localhost pppd[8407]: Exit. Jan 8 14:45:40 localhost pptpd[8406]: CTRL: Client 10.99.99.100 control connection finished Jan 8 14:45:41 localhost setroubleshoot: SELinux is preventing /usr/sbin/pppd (pppd_t) "write" access to wtmp (wtmp_t). For complete SELinux messages. run sealert -l 30ea44bd-6549-4baa-b00b-7c6388bbfdca サーバから接続様子の確認 $ /sbin/ifconfig ppp0 ppp0 リンク方法:Point-to-Pointプロトコル inetアドレス:192.168.40.1 P-t-P:192.168.40.201 マスク:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1 RXパケット:46 エラー:0 損失:0 オーバラン:0 フレーム:0 TXパケット:8 エラー:0 損失:0 オーバラン:0 キャリア:0 衝突(Collisions):0 TXキュー長:3 RX bytes:4788 (4.6 Kb) TX bytes:92 (92.0 b) $ /sbin/ifconfig ppp1 ppp1 リンク方法:Point-to-Pointプロトコル inetアドレス:192.168.40.1 P-t-P:192.168.40.202 マスク:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1 RXパケット:36 エラー:0 損失:0 オーバラン:0 フレーム:0 TXパケット:8 エラー:0 損失:0 オーバラン:0 キャリア:0 衝突(Collisions):0 TXキュー長:3 RX bytes:3940 (3.8 Kb) TX bytes:92 (92.0 b) $ /sbin/ifconfig ppp2 ppp2: error fetching interface information: デバイスが見つかりません またセキュリティ上chapms-v2のみを使用し、暗号かも128ビットのmppeの確認をプロパティの詳細から確認する Android(6.x)で接続 †
|