CentOS5(64bit)でpptpd

更新日 2017-01-11 (水) 19:30:28

iptable(ファイアウォール)の設定

  • /etc/sysconfig/iptables
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT ←追加
-A INPUT -i lo -j ACCEPT   ←追加
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT ←確認なければ追加

-A INPUT -p gre -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1723 -j ACCEPT ←追加

-A INPUT -m state --state NEW -m tcp -p tcp --dport 5080 -j ACCEPT
  • クライアント接続時ログ(/var/log/messages)

接続成功時

Jan  8 19:57:18 gw2 pptpd[1860]: CTRL: Client 180.131.111.189 control connection started
Jan  8 19:57:18 gw2 pptpd[1860]: CTRL: Starting call (launching pppd, opening GRE)
Jan  8 19:57:18 gw2 kernel: conntrack: generic helper won't handle protocol 47. Please consider loading the specific helper module.
Jan  8 19:57:18 gw2 pppd[1861]: Warning: can't open options file /root/.ppprc: Permission denied
Jan  8 19:57:18 gw2 pppd[1861]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Jan  8 19:57:18 gw2 pppd[1861]: pptpd-logwtmp: $Version$
Jan  8 19:57:18 gw2 kernel: PPP generic driver version 2.4.2
Jan  8 19:57:18 gw2 pppd[1861]: pppd 2.4.5 started by root, uid 0
Jan  8 19:57:18 gw2 pppd[1861]: Using interface ppp0
Jan  8 19:57:18 gw2 pppd[1861]: Connect: ppp0 <--> /dev/pts/1
Jan  8 19:57:18 gw2 pptpd[1860]: GRE: Bad checksum from pppd.
Jan  8 19:57:20 gw2 pppd[1861]: peer from calling number 180.131.111.189 authorized
Jan  8 19:57:20 gw2 pppd[1861]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
Jan  8 19:57:20 gw2 kernel: PPP MPPE Compression module registered
Jan  8 19:57:20 gw2 pppd[1861]: MPPE 128-bit stateless compression enabled
Jan  8 19:57:23 gw2 pppd[1861]: found interface eth0 for proxy arp
Jan  8 19:57:23 gw2 pppd[1861]: local  IP address 192.168.31.1
Jan  8 19:57:23 gw2 pppd[1861]: remote IP address 192.168.31.121
Jan  8 19:57:23 gw2 pppd[1861]: pptpd-logwtmp.so ip-up ppp0 okada-p 180.131.111.189
Jan  8 19:57:23 gw2 pppd[1895]: Can't execute /etc/ppp/ip-up: Permission denied

インストール

http://poptop.sourceforge.net/yum/stable/packages/からpptpd-1.3.4-1.rhel5.1.x86_64.rpmをDownlaod

vine4.xにインストールするときはpptpd-1.3.4-1.rhel3.i386.rpmを使用すれば 同じようにインストールできた。

# rpm -ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm

マシン構成

eth1      Link encap:Ethernet  HWaddr 00:00:21:DD:DE:CE
          inet addr:10.1.5.217  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::200:21ff:fedd:dece/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:270436 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29742 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:63947788 (60.9 MiB)  TX bytes:3462243 (3.3 MiB)

eth1:0    Link encap:Ethernet  HWaddr 00:00:21:DD:DE:CE
          inet addr:192.168.40.1  Bcast:192.168.40.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

設定

以下の3つのファイルを設定する

/etc/pptpd.conf

option /etc/ppp/options.pptpd  <==オプション記述ファイルの指定(確認)

##debug
debug      <==デバッグモードにしておく接続の様子がわかる。

# (Recommended)
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245

localip 192.168.40.1  <=pptpサーバのインターフェイスになるIP
remoteip 192.168.40.201-220   <=pptpクライアントに配布するIPアドレス範囲

/etc/ppp/options.pptpd

name pptpd   <==サーバネーム

# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
##debug
debug     <==デバッグモードにしておく接続の様子がわかる。

# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
##dump
dump     <==デバッグモードにしておく接続の様子がわかる。

/etc/ppp/chap-secrets

接続するユーザおよびパスワードと接続許可アドレスを指定する

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
####### redhat-config-network will overwrite this part!!! (begin) ##########
####### redhat-config-network will overwrite this part!!! (end) ############
 
okada  pptpd   [パスワード]     *  <==「*」ですべて許可
      ^^^options.pptpdのサーバネーム

起動

# /etc/rc.d/init.d/pptpd start

再起動

# /etc/rc.d/init.d/pptpd restart-kill

注)接続がうまくいかなくなったときはrestart-killをしただけでは以下のようなppp0のネットワークが残るので、そのときはstopさせてstartさせる

$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.30.202  0.0.0.0         255.255.255.255 UH        0 0          0 ppp0

そしてそのときは/var/log/messagesに以下のlogがあるかも

Jan 12 20:58:45 localhost pptpd[5907]: CTRL: Client xxx.xxx.xx.xxx control connection started
Jan 12 20:58:46 localhost pptpd[5907]: CTRL: Starting call (launching pppd, opening GRE)
Jan 12 20:58:46 localhost pppd[5908]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Jan 12 20:58:46 localhost pppd[5908]: pppd 2.4.4 started by root, uid 0
Jan 12 20:58:46 localhost pppd[5908]: Using interface ppp0
Jan 12 20:58:46 localhost pppd[5908]: Connect: ppp0 <--> /dev/pts/1
Jan 12 20:59:16 localhost pppd[5908]: LCP: timeout sending Config-Requests
Jan 12 20:59:16 localhost pppd[5908]: Connection terminated.
Jan 12 20:59:16 localhost pppd[5908]: Modem hangup
Jan 12 20:59:16 localhost pppd[5908]: Exit.
Jan 12 20:59:16 localhost pptpd[5907]: GRE: read(fd=6,buffer=611860,len=8196)
from PTY failed: status = -1 error = Input/output error, usually caused by
unexpected termination of pppd, check option syntax and pppd logs
Jan 12 20:59:16 localhost pptpd[5907]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Jan 12 20:59:16 localhost pptpd[5907]: CTRL: Client xxx.xxx.xx.xxx control
connection finished

IPが2つのときforwardの確認

# cat /proc/sys/net/ipv4/ip_forward
1

必要なら

# echo 1 > /proc/sys/net/ipv4/ip_forward

Windowsからの接続

pptp接続で

ユーザ名:okada
パスワード:*****

defalutゲートウェイをpptpにしないようにTCP/IPの詳細設定で
「リモートネットワークでデフォルトゲートウェイを使う」のチェックを外す

log

/var/log/messages

接続時

Jan  8 15:16:52 localhost pptpd[19101]: CTRL: Client 10.99.99.104 control connection started
Jan  8 15:16:52 localhost pptpd[19101]: CTRL: Starting call (launching pppd, opening GRE)
Jan  8 15:16:52 localhost pppd[19102]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Jan  8 15:16:52 localhost pppd[19102]: pptpd-logwtmp: $Version$
Jan  8 15:16:52 localhost pppd[19102]: pppd options in effect:
Jan  8 15:16:52 localhost pppd[19102]: debug            # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: nologfd          # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: dump             # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: plugin /usr/lib64/pptpd/pptpd-logwtmp.so         # (from command line)
Jan  8 15:16:52 localhost pppd[19102]: require-mschap-v2                # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: refuse-pap               # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: refuse-chap              # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: refuse-mschap            # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: name pptpd               # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: pptpd-original-ip 10.99.99.104           # (from command line)
Jan  8 15:16:52 localhost pppd[19102]: 115200           # (from command line)
Jan  8 15:16:52 localhost pppd[19102]: lock             # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: local            # (from command line)
Jan  8 15:16:52 localhost pppd[19102]: novj             # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: novjccomp                # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: ipparam 10.99.99.104             # (from command line)
Jan  8 15:16:52 localhost pppd[19102]: nodefaultroute           # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: proxyarp         # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: 192.168.40.1:192.168.40.201              # (from command line)
Jan  8 15:16:52 localhost pppd[19102]: nobsdcomp                # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: require-mppe-128         # (from /etc/ppp/options.pptpd)
Jan  8 15:16:52 localhost pppd[19102]: pppd 2.4.4 started by root, uid 0
Jan  8 15:16:52 localhost pppd[19102]: Using interface ppp0
Jan  8 15:16:52 localhost pppd[19102]: Connect: ppp0 <--> /dev/pts/6
Jan  8 15:16:52 localhost pptpd[19101]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jan  8 15:16:52 localhost pppd[19102]: MPPE 128-bit stateless compression enabled
Jan  8 15:16:54 localhost pppd[19102]: found interface eth1 for proxy arp
Jan  8 15:16:54 localhost pppd[19102]: local  IP address 192.168.40.1
Jan  8 15:16:54 localhost pppd[19102]: remote IP address 192.168.40.201
Jan  8 15:16:54 localhost pppd[19102]: pptpd-logwtmp.so ip-up ppp0 okada 10.99.99.104
Jan  8 15:16:56 localhost setroubleshoot:      SELinux is
preventing /usr/sbin/pppd (pppd_t) "write" access to wtmp (wtmp_t).      For
complete SELinux messages. run sealert -l 30ea44bd-6549-4baa-b00b-7c6388bbfdca

切断時

Jan  8 14:45:39 localhost pppd[8407]: LCP terminated by peer (^Dj1^G^@<M-
Mt^@^@^@^@)
Jan  8 14:45:39 localhost pppd[8407]: Connect time 3.0 minutes.
Jan  8 14:45:39 localhost pppd[8407]: Sent 0 bytes, received 15626 bytes.
Jan  8 14:45:39 localhost pppd[8407]: Modem hangup
Jan  8 14:45:39 localhost pppd[8407]: Connection terminated.
Jan  8 14:45:40 localhost pppd[8407]: Exit.
Jan  8 14:45:40 localhost pptpd[8406]: CTRL: Client 10.99.99.100 control 
connection finished
Jan  8 14:45:41 localhost setroubleshoot:      SELinux is  
preventing /usr/sbin/pppd (pppd_t) "write" access to wtmp (wtmp_t).      For
complete SELinux messages. run sealert -l 30ea44bd-6549-4baa-b00b-7c6388bbfdca

サーバから接続様子の確認
2台のクライアントからの接続様子それぞれに割り振られたIPが192.168.40.201と192.168.40.202

$ /sbin/ifconfig ppp0
ppp0      リンク方法:Point-to-Pointプロトコル
          inetアドレス:192.168.40.1 P-t-P:192.168.40.201  マスク:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
          RXパケット:46 エラー:0 損失:0 オーバラン:0 フレーム:0
          TXパケット:8 エラー:0 損失:0 オーバラン:0 キャリア:0
          衝突(Collisions):0 TXキュー長:3
          RX bytes:4788 (4.6 Kb)  TX bytes:92 (92.0 b)

$ /sbin/ifconfig ppp1
ppp1      リンク方法:Point-to-Pointプロトコル
          inetアドレス:192.168.40.1 P-t-P:192.168.40.202  マスク:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
          RXパケット:36 エラー:0 損失:0 オーバラン:0 フレーム:0
          TXパケット:8 エラー:0 損失:0 オーバラン:0 キャリア:0
          衝突(Collisions):0 TXキュー長:3
          RX bytes:3940 (3.8 Kb)  TX bytes:92 (92.0 b)

$ /sbin/ifconfig ppp2
ppp2: error fetching interface information: デバイスが見つかりません

またセキュリティ上chapms-v2のみを使用し、暗号かも128ビットのmppeの確認をプロパティの詳細から確認する

WindowsXP
pptpd.png

Windows Vista
pptpd2.png

Android(6.x)で接続

  • 設定⇒もっと見る⇒VPN

android_pptp.jpg


添付ファイル: fileandroid_pptp.jpg 30件 [詳細] filepptpd2.png 117件 [詳細] filepptpd.png 155件 [詳細]

トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2017-01-11 (水) 19:30:28 (465d)