最後更新: 2014-11-24
目錄
- 安裝
- Usage
- pptpsetup - 建立 client 的設定
- 相關的設定檔
- pon
- poff
- plog
- pppstats
- Route lan traffic
- All Traffic Through Tunnel
- 自動加 route
- Debug
安裝
# Debian: pptp-linux
apt-get install pptp-linux
# Centos: pptp-setup
yum install pptp-setup
依賴: pptp ppp
獲得:
- /usr/sbin/pptp
- /usr/sbin/pptpsetup
Usage:
pptp hostname [pptp-options] [pppd-options]
pptpsetup - 建立 client 的設定
pptpsetup 幫助建立 /etc/ppp/peers/TUNNEL 及保存 password 在 /etc/ppp/chap-secrets 內
Example:
pptpsetup --create <TUNNEL> --server <SERVER> --username <USERNAME> --password <PASSWORD> [--encrypt]
# 這裡的是 pppd 的 Option 來 !! # # written by pptpsetup pty "pptp <YOUR_SERVER_IP> --nolaunchpppd" # Use this connection as the default route. #defaultroute # 由 pptp server 提供 IP # Assumes that your IP address is allocated dynamically by the ISP. noipdefault # 自然設定 IP #<local_IP_address>:<remote_IP_address> # 192.168.123.201: # Makes pppd "dial again" when the connection is lost. persist lock # # Do not ask the remote to authenticate. noauth nobsdcomp nodeflate remotename office # 對應 chap-secrets 的 server name test # 對應 chap-secrets 的 client ipparam office # connect 後 interface 會叫 ppp9 unit 9 require-mppe-128
查看:
ps
root 29482 0.0 0.0 21844 1228 pts/2 S 17:19 0:00 /usr/sbin/pppd call home root 29483 0.0 0.0 4176 580 pts/2 S 17:19 0:00 sh -c pptp datahunter.org --nolaunchpppd root 29485 0.0 0.0 12496 948 pts/2 S 17:19 0:00 pptp datahunter.org --nolaunchpppd root 29493 0.0 0.0 12496 368 pts/2 S 17:19 0:00 pptp datahunter.org --nolaunchpppd
log
Nov 20 17:37:51 server pppd[27366]: pppd 2.4.5 started by root, uid 0 Nov 20 17:37:51 server pppd[27366]: Using interface ppp0 Nov 20 17:37:51 server pppd[27366]: Connect: ppp0 <--> /dev/pts/6 Nov 20 17:37:55 server pppd[27366]: CHAP authentication succeeded Nov 20 17:37:55 server pppd[27366]: MPPE 128-bit stateless compression enabled Nov 20 17:37:55 server pppd[27366]: local IP address 192.168.123.202 Nov 20 17:37:55 server pppd[27366]: remote IP address 192.168.123.1
刪除:
pptpsetup --delete <TUNNEL>
相關的設定檔
# ptions common to all tunnels
/etc/ppp/options.pptp
# pw file
/etc/ppp/chap-secrets
# client server secret IP addresses
# pppd 的 option 來
/etc/ppp/peers/$TUNNEL
# Do not launch pppd but use stdin as the network connection.n pty "pptp datahunter.org --nolaunchpppd" # create a UUCP-style lock file, ensure exclusive access to the device lock # Do not ask the remote to authenticate. noauth # Disables BSD-Compress compression nobsdcomp # Disables Deflate compression (deflate 0) nodeflate # pppd will use lines in the secrets files name datahunter # name of the remote system remotename home # Provides the 6th parameter to the ip-up, ip-pre-up and ip-down scripts ipparam home
pon
pon [isp-name] <--- default: /etc/ppp/peers/provider
- -r redialed after it is dropped
- -c compression.
- -d toggles the state of pppd's debug option
Feb 18 17:03:56 server pppd[7545]: CHAP authentication succeeded Feb 18 17:03:56 server pppd[7545]: LCP terminated by peer (MPPE required but cannot negotiate MPPE key length) Feb 18 17:03:57 server pppd[7545]: Modem hangup
# 以下一句亦得
pppd call <pptpserver>
require-mppe-128
Feb 18 17:35:37 server pppd[9049]: pppd 2.4.5 started by root, uid 0 Feb 18 17:35:37 server pppd[9049]: Using interface ppp0 Feb 18 17:35:37 server pppd[9049]: Connect: ppp0 <--> /dev/pts/7 Feb 18 17:35:41 server pppd[9049]: CHAP authentication succeeded Feb 18 17:35:41 server pppd[9049]: MPPE 128-bit stateless compression enabled Feb 18 17:35:41 server pppd[9049]: local IP address 192.168.88.151 Feb 18 17:35:41 server pppd[9049]: remote IP address 192.168.123.1
# Disables the default behaviour when no local IP address is specified (default 是用 hostname 去問 DNS 拿 ip 的)
- noipdefault
- local_IP_address:remote_IP_address
Compress
deflate nr,nt # maximum window size of 2**nr bytes
poff [isp-name]
/etc/ppp/peers/isp-name
plog
plog # /var/log/ppp.log
設定:
/etc/syslog.conf
local2.* -/var/log/ppp.log
pppstats
pppstats
IN PACK VJCOMP VJUNC VJERR | OUT PACK VJCOMP VJUNC NON-VJ 0 0 0 0 0 | 0 0 0 0 0
Route lan traffic
當 pptp 起後, 那是 p-t-p connection 來
ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.123.201 P-t-P:192.168.123.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1446 Metric:1
RX packets:15 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2126 (2.0 KiB) TX bytes:62 (62.0 B)
如果想去到對方的 network, 那就要加以下一條 route
route add -net 192.168.123.0/24 dev ppp0
All Traffic Through Tunnel
# SERVER = PPTP SERVER
# PRIMARY = eth0
route add -host ${SERVER} dev ${PRIMARY}
route del default ${PRIMARY}
route add default dev ${TUNNEL}
自動加 route
當 pptp 起後, 它會執行 /etc/ppp/ip-up 內的 script 檔
/etc/ppp/ip-up 有以下內容:
# PP_IFACE="$1"
# PPP_TTY="$2"
# PPP_SPEED="$3"
# PPP_LOCAL="$4"
# PPP_REMOTE="$5"
# PPP_IPPARAM="$6"
run-parts /etc/ppp/ip-up.d \
--arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
/etc/ppp/ip-up.d/home <-- script 的名並不重要.
#!/bin/sh
ifname=$1 # the interface name used by pppd (e.g. ppp3)
case "$ifname" in
ppp9)
/sbin/route add -net 192.168.123.0/24 dev $ifname
;;
esac
exit 0;
Debug
pon home debug dump nodetach
成功列子:
using channel 55
Using interface ppp0
Connect: ppp0 <--> /dev/pts/6
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e15983a> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x944d973> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x944d973> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e15983a> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e15983a> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0x4e15983a]
rcvd [LCP EchoReq id=0x0 magic=0x944d973]
sent [LCP EchoRep id=0x0 magic=0x4e15983a]
rcvd [CHAP Challenge id=0x46 <??>, name = "*"]
sent [CHAP Response id=0x46 <??>, name = "datahunter"]
rcvd [LCP ConfReq id=0x2 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x33947cec> <pcomp> <accomp>]
sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xe5a97d96> <pcomp> <accomp>]
sent [LCP ConfAck id=0x2 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x33947cec> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e15983a> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0xe5a97d96> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0xe5a97d96]
rcvd [LCP EchoReq id=0x0 magic=0x33947cec]
sent [LCP EchoRep id=0x0 magic=0xe5a97d96]
rcvd [CHAP Challenge id=0xc <8c4cc7031707e3b5965fee96a685c5a7>, name = "*"]
sent [CHAP Response id=0xc <??>, name = "datahunter"]
rcvd [LCP EchoRep id=0x0 magic=0x33947cec]
rcvd [CHAP Success id=0xc "S=8B4FA3E6E8592E27F6C396BA05D3E7213FAA2531 M=Access granted"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x1 <mppe +H +M +S +L -D -C>]
sent [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.88.151>]
rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.123.2>]
sent [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 192.168.123.2>]
rcvd [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 192.168.88.151>]
local IP address 192.168.88.151
remote IP address 192.168.123.2
Script /etc/ppp/ip-up started (pid 24963)
Script /etc/ppp/ip-up finished (pid 24963), status = 0x0
個案
沒有以下設定
- require-mppe-128
Sep 24 13:10:28 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]
Sep 24 13:10:31 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]
Sep 24 13:10:34 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]
Sep 24 13:10:37 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]
Sep 24 13:10:40 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]
Sep 24 13:10:43 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]