首頁 » 所有內容

linux pptp client

由 datahunter 在 二, 26/02/2013 - 00:47 發表

最後更新: 2014-11-24

 

目錄

  • 安裝
  • Usage
  • pptpsetup - 建立 client 的設定
  • 相關的設定檔
  • pon
  • poff
  • plog
  • pppstats
  • Route lan traffic
  • All Traffic Through Tunnel
  • 自動加 route
  • Debug

 

安裝

# Debian: pptp-linux

apt-get install pptp-linux

# Centos: pptp-setup

yum install pptp-setup

依賴: pptp ppp

獲得:

  • /usr/sbin/pptp
  • /usr/sbin/pptpsetup

Usage:

pptp hostname [pptp-options] [pppd-options]

 

pptpsetup - 建立 client 的設定

 

pptpsetup 幫助建立 /etc/ppp/peers/TUNNEL 及保存 password 在 /etc/ppp/chap-secrets 內

Example:

pptpsetup --create <TUNNEL> --server <SERVER> --username <USERNAME> --password <PASSWORD> [--encrypt]

# 這裡的是 pppd 的 Option 來 !!
#
# written by pptpsetup
pty "pptp <YOUR_SERVER_IP> --nolaunchpppd"

# Use this connection as the default route.
#defaultroute


# 由 pptp server 提供 IP
# Assumes that your IP address is allocated dynamically by the ISP.
noipdefault
# 自然設定 IP
#<local_IP_address>:<remote_IP_address>
# 192.168.123.201:


# Makes pppd "dial again" when the connection is lost.
persist

lock

# # Do not ask the remote to authenticate.
noauth

nobsdcomp
nodeflate

remotename office             # 對應 chap-secrets 的 server
name test                     # 對應 chap-secrets 的 client

ipparam office


# connect 後 interface 會叫 ppp9
unit 9


require-mppe-128

 

查看:

ps

root     29482  0.0  0.0  21844  1228 pts/2    S    17:19   0:00 /usr/sbin/pppd call home
root     29483  0.0  0.0   4176   580 pts/2    S    17:19   0:00 sh -c pptp datahunter.org --nolaunchpppd
root     29485  0.0  0.0  12496   948 pts/2    S    17:19   0:00 pptp datahunter.org --nolaunchpppd
root     29493  0.0  0.0  12496   368 pts/2    S    17:19   0:00 pptp datahunter.org --nolaunchpppd

log

Nov 20 17:37:51 server pppd[27366]: pppd 2.4.5 started by root, uid 0
Nov 20 17:37:51 server pppd[27366]: Using interface ppp0
Nov 20 17:37:51 server pppd[27366]: Connect: ppp0 <--> /dev/pts/6
Nov 20 17:37:55 server pppd[27366]: CHAP authentication succeeded
Nov 20 17:37:55 server pppd[27366]: MPPE 128-bit stateless compression enabled
Nov 20 17:37:55 server pppd[27366]: local  IP address 192.168.123.202
Nov 20 17:37:55 server pppd[27366]: remote IP address 192.168.123.1

 

刪除:

pptpsetup --delete <TUNNEL>

 

 

相關的設定檔

 

# ptions common to all tunnels

/etc/ppp/options.pptp 

 

# pw file

/etc/ppp/chap-secrets

# client        server           secret                  IP addresses

# pppd 的 option 來

/etc/ppp/peers/$TUNNEL

# Do not launch pppd but use stdin as the network connection.n
pty "pptp datahunter.org --nolaunchpppd"
# create a UUCP-style lock file, ensure exclusive access to the device
lock
# Do not ask the remote to authenticate.
noauth
# Disables BSD-Compress compression
nobsdcomp
# Disables  Deflate  compression (deflate 0)
nodeflate
# pppd will use lines in the secrets files
name datahunter
# name of the remote system
remotename home
# Provides the 6th parameter to the ip-up, ip-pre-up  and  ip-down  scripts
ipparam home

 

pon

pon  [isp-name]         <--- default: /etc/ppp/peers/provider

  • -r  redialed after it is dropped
  • -c  compression.
  • -d  toggles the state of pppd's debug option
Feb 18 17:03:56 server pppd[7545]: CHAP authentication succeeded
Feb 18 17:03:56 server pppd[7545]: LCP terminated by peer (MPPE required but cannot negotiate MPPE key length)
Feb 18 17:03:57 server pppd[7545]: Modem hangup

 

# 以下一句亦得

pppd call <pptpserver>

 

require-mppe-128

Feb 18 17:35:37 server pppd[9049]: pppd 2.4.5 started by root, uid 0
Feb 18 17:35:37 server pppd[9049]: Using interface ppp0
Feb 18 17:35:37 server pppd[9049]: Connect: ppp0 <--> /dev/pts/7
Feb 18 17:35:41 server pppd[9049]: CHAP authentication succeeded
Feb 18 17:35:41 server pppd[9049]: MPPE 128-bit stateless compression enabled
Feb 18 17:35:41 server pppd[9049]: local  IP address 192.168.88.151
Feb 18 17:35:41 server pppd[9049]: remote IP address 192.168.123.1

 

# Disables the default behaviour when no local IP address is specified (default 是用 hostname 去問 DNS 拿 ip 的)

  • noipdefault
  • local_IP_address:remote_IP_address

Compress

deflate nr,nt
# maximum window size of 2**nr bytes

 

 

poff [isp-name]

 

/etc/ppp/peers/isp-name

 

plog

 

plog                      # /var/log/ppp.log

設定:

/etc/syslog.conf

local2.*       -/var/log/ppp.log

 

pppstats

pppstats

      IN   PACK VJCOMP  VJUNC  VJERR  |      OUT   PACK VJCOMP  VJUNC NON-VJ
       0      0      0      0      0  |        0      0      0      0      0

 

Route lan traffic

 

當 pptp 起後, 那是 p-t-p connection 來

ifconfig ppp0

ppp0      Link encap:Point-to-Point Protocol
          inet addr:192.168.123.201  P-t-P:192.168.123.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1446  Metric:1
          RX packets:15 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:2126 (2.0 KiB)  TX bytes:62 (62.0 B)

如果想去到對方的 network, 那就要加以下一條 route

route add -net 192.168.123.0/24 dev ppp0

 

All Traffic Through Tunnel

# SERVER = PPTP SERVER
# PRIMARY = eth0
route add -host ${SERVER} dev ${PRIMARY}
route del default ${PRIMARY}
route add default dev ${TUNNEL}

 

自動加 route

 

當 pptp 起後, 它會執行 /etc/ppp/ip-up 內的 script 檔

/etc/ppp/ip-up 有以下內容:

# PP_IFACE="$1"
# PPP_TTY="$2"
# PPP_SPEED="$3"
# PPP_LOCAL="$4"
# PPP_REMOTE="$5"
# PPP_IPPARAM="$6"

run-parts /etc/ppp/ip-up.d \
  --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"

 

/etc/ppp/ip-up.d/home        <-- script 的名並不重要.

#!/bin/sh

ifname=$1        # the interface name used by pppd (e.g. ppp3)

case "$ifname" in
    ppp9)
        /sbin/route add -net 192.168.123.0/24 dev $ifname
        ;;
esac

exit 0;

 

Debug

 

pon home debug dump nodetach

成功列子:

using channel 55
Using interface ppp0
Connect: ppp0 <--> /dev/pts/6
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e15983a> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x944d973> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x944d973> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e15983a> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e15983a> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0x4e15983a]
rcvd [LCP EchoReq id=0x0 magic=0x944d973]
sent [LCP EchoRep id=0x0 magic=0x4e15983a]
rcvd [CHAP Challenge id=0x46 <??>, name = "*"]
sent [CHAP Response id=0x46 <??>, name = "datahunter"]
rcvd [LCP ConfReq id=0x2 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x33947cec> <pcomp> <accomp>]
sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xe5a97d96> <pcomp> <accomp>]
sent [LCP ConfAck id=0x2 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x33947cec> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e15983a> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0xe5a97d96> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0xe5a97d96]
rcvd [LCP EchoReq id=0x0 magic=0x33947cec]
sent [LCP EchoRep id=0x0 magic=0xe5a97d96]
rcvd [CHAP Challenge id=0xc <8c4cc7031707e3b5965fee96a685c5a7>, name = "*"]
sent [CHAP Response id=0xc <??>, name = "datahunter"]
rcvd [LCP EchoRep id=0x0 magic=0x33947cec]
rcvd [CHAP Success id=0xc "S=8B4FA3E6E8592E27F6C396BA05D3E7213FAA2531 M=Access granted"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x1 <mppe +H +M +S +L -D -C>]
sent [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.88.151>]
rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.123.2>]
sent [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 192.168.123.2>]
rcvd [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 192.168.88.151>]
local  IP address 192.168.88.151
remote IP address 192.168.123.2
Script /etc/ppp/ip-up started (pid 24963)
Script /etc/ppp/ip-up finished (pid 24963), status = 0x0

 

個案

沒有以下設定

  • require-mppe-128
Sep 24 13:10:28 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]
Sep 24 13:10:31 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]
Sep 24 13:10:34 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]
Sep 24 13:10:37 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]
Sep 24 13:10:40 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]
Sep 24 13:10:43 server pppd[22067]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x320e9edf> <pcomp> <accomp>]

 

 

»
  • 瀏覽次數: 5560

Creative Commons license icon Creative Commons license icon