错误619
环境如下:
CentOS (pptp服务器)公网IP win7(PPTP客户端)内网IP
使用客户端连接服务器时,报网络错误619.
使用手机wifi热点,client连接热点后再使用vpn,报错误619.
在centos服务器上查看日志,统一错误如下:
Aug 31 11:07:36 pptpd[9162]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Aug 31 11:07:36 pptpd[9162]: CTRL: Client 14.16.135.232 control connection finished
Aug 31 11:07:47 pptpd[9214]: CTRL: Client 14.16.135.232 control connection started
Aug 31 11:07:47 pptpd[9214]: CTRL: Starting call (launching pppd, opening GRE)
Aug 31 11:07:47 pppd[9215]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Aug 31 11:07:47 pppd[9215]: pppd 2.4.5 started by root, uid 0
Aug 31 11:07:47 pppd[9215]: Using interface ppp0
Aug 31 11:07:47 pppd[9215]: Connect: ppp0 <--> /dev/pts/1
Aug 31 11:07:47 NetworkManager[640]: <info> (ppp0): new Generic device (carrier: UNKNOWN, driver: 'unknown', ifindex: 20) 问题1
Aug 31 11:08:17 pppd[9215]: LCP: timeout sending Config-Requests 问题2
Aug 31 11:08:17 pppd[9215]: Connection terminated.
Aug 31 11:08:17 pppd[9215]: Modem hangup
Aug 31 11:08:17 pppd[9215]: Exit.
Aug 31 11:08:17 pptpd[9214]: GRE: read(fd=6,buffer=7f234b1cb480,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Aug 31 11:08:17 pptpd[9214]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Aug 31 11:08:17 pptpd[9214]: CTRL: Client 14.16.135.232 control connection finished
问题还在定位中,记录一下
问题跟踪如下:
1)对于问题1, 关掉 networkmanager 即可。
sudo systemctl NetwokManager stop
2)对于问题2,更改配置文件 /etc/ppp/options.pptpd, 屏蔽不用的方式,添加允许的方式
# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
# {{{
#refuse-pap
#refuse-chap
#refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#require-mppe-128
require-chap #t添加允许的方式
# }}}
修改后,连接仍然没有成功,server端异常日志如下:
Aug 31 13:41:40 testhostname0001 pptpd[15464]: CTRL: Client 14.16.135.232 control connection started
Aug 31 13:41:40 testhostname0001 pptpd[15464]: CTRL: Starting call (launching pppd, opening GRE)
Aug 31 13:41:40 testhostname0001 pppd[15465]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Aug 31 13:41:40 testhostname0001 pppd[15465]: pppd 2.4.5 started by root, uid 0
Aug 31 13:41:40 testhostname0001 pppd[15465]: Using interface ppp0
Aug 31 13:41:40 testhostname0001 pppd[15465]: Connect: ppp0 <--> /dev/pts/2
Aug 31 13:42:10 testhostname0001 pppd[15465]: LCP: timeout sending Config-Requests 问题1
Aug 31 13:42:10 testhostname0001 pppd[15465]: Connection terminated.
Aug 31 13:42:10 testhostname0001 pppd[15465]: Modem hangup
Aug 31 13:42:10 testhostname0001 pppd[15465]: Exit.
Aug 31 13:42:10 testhostname0001 pptpd[15464]: GRE: read(fd=6,buffer=7f559256a480,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Aug 31 13:42:10 testhostname0001 pptpd[15464]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Aug 31 13:42:10 testhostname0001 pptpd[15464]: CTRL: Client 14.16.135.232 control connection finished
说明问题仍然没有解决,继续更改:
百度得知:
LCP: timeout sending Config-Requests很多人在拨VPN的时候卡在验证用户名和密码,然后会出现619的错误,这种错误90%以上是由于客户端到服务器的网络中有设备不支持GRE协议或NAT-T造成的,最常见的是由于客户端的路由器等不支持造成的,在更换以后立马能拨上VPN。而这种错误在服务端的日志也有体现。例如
下面是双方加解密不一致的:
LCP terminated by peer (^O^XH-^@<M-Mt^@^@^@^@) |
还有其他问题可去这里排查:
http://pptpclient.sourceforge.net/howto-diagnosis.phtml
由于client端和sever端都存在这个问题,因此按照网上的方法,更改了client端(ubuntu):
1)添加 nf_conntrack_pptp nf_conntrack_proto_gre 模块
sudo modprobe nf_conntrack_pptp
2) 添加 nat模块
sudo modprobe ip_nat_pptp
3)开启silent模式
修改/etc/ppp/options文件
# With this option, pppd will not transmit LCP packets to initiate a
# connection until a valid LCP packet is received from the peer (as for
# the "passive" option with old versions of pppd).
silent
然后client端问题解决,由于server端采用的是centos,没有找到相关文件,因此server端仍然有此问题。
备注: 有用URL: https://askubuntu.com/questions/269399/failed-to-connect-to-pptp-vpn-server-on-ubuntu
=====================================
更新:
centos 服务器端错误更改:
修改/etc/ppp/options
添加 “silent” 即可。
