搭建pptp服务器测试搭建pptp 服务器问题
最近试着搭建一个基于pptp的VPN服务器,从WINXP拨号过去建立连接都没有问题了,
但是就是用这条VPN上不了网,也就是不能链接外网,初步怀疑是路由或者转发配置
的问题,但是不知道需要在哪里配置,有大侠知道的告诉一下啊,呵呵。
环境:
pptp服务器:centos 5, 一个网卡,eth0:外网IP XXX.XXX.XXX.XXX
客户端:WINXP
现象:
pptp服务器建立连接前:
iptables 关掉了
>>netstat -nap |grep pptp
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 28144/pptpd
>>cat /etc/pptpd.conf
ppp /usr/sbin/pppd
debug
option /etc/ppp/options.pptpd
localip 10.0.0.254
remoteip 10.0.0.1-253
>>cat /etc/ppp/options.pptpd
auth
lock
debug
proxyarp
#nodefaultroute
name scorpio
multilink
refuse-pap
refuse-chap
refuse-mschap
refuse-eap
refuse-mschap-v2
require-mppe
#ms-wins
#ms-dns
dump
logfile /var/log/pptpd.log
通过XP的客户端vpn拨号,连接建立过程正常:
>>cat /var/log/pptpd.log
pppd options in effect:
debug # (from /etc/ppp/options.pptpd)
logfile /var/log/pptpd.log # (from /etc/ppp/options.pptpd)
dump # (from /etc/ppp/options.pptpd)
multilink # (from /etc/ppp/options.pptpd)
auth # (from /etc/ppp/options.pptpd)
refuse-pap # (from /etc/ppp/options.pptpd)
refuse-chap # (from /etc/ppp/options.pptpd)
refuse-mschap # (from /etc/ppp/options.pptpd)
refuse-mschap-v2 # (from /etc/ppp/options.pptpd)
refuse-eap # (from /etc/ppp/options.pptpd)
name scorpio # (from /etc/ppp/options.pptpd)
115200 # (from command line)
lock # (from /etc/ppp/options.pptpd)
local # (from command line)
ipparam 124.64.82.8 # (from command line)
proxyarp # (from /etc/ppp/options.pptpd)
10.0.0.254:10.0.0.1 # (from command line)
require-mppe # (from /etc/ppp/options.pptpd)
using channel 16
Starting negotiation on /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth eap> <magic 0xce2828da> <pcomp> <accomp> <mrru 1500> <endpoint [MAC:EF:17:37:2E:77:72]>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x210c489c> <pcomp> <accomp> <callback CBCP>]
sent [LCP ConfRej id=0x0 <callback CBCP>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x210c489c> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x210c489c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth eap> <magic 0xce2828da> <pcomp> <accomp> <mrru 1500> <endpoint [MAC:EF:17:37:2E:77:72]>]
rcvd [LCP ConfRej id=0x1 <mrru 1500> <endpoint [MAC:EF:17:37:2E:77:72]>]
sent [LCP ConfReq id=0x2 <asyncmap 0x0> <auth eap> <magic 0xce2828da> <pcomp> <accomp>]
rcvd [LCP ConfNak id=0x2 <auth chap MS-v2>]
sent [LCP ConfReq id=0x3 <asyncmap 0x0> <auth chap MS-v2> <magic 0xce2828da> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x3 <asyncmap 0x0> <auth chap MS-v2> <magic 0xce2828da> <pcomp> <accomp>]
sent [CHAP Challenge id=0xd9 <17cf0de142345e74fa1ff6b462a49651>, name = "xxxx"]
rcvd [LCP Ident id=0x2 magic=0x210c489c "MSRASV5.10"]
rcvd [LCP Ident id=0x3 magic=0x210c489c "MSRAS-0-QEEBAO"]
rcvd [CHAP Response id=0xd9 <e333de8d8061df17fb1ce112434f83a800000000000000000ae1df3b9b265dbd6e0a011d6840014d33e00964c152c5c100>, name = "xxxx"]
sent [CHAP Success id=0xd9 "S=071B7B2683A4DC5A0EA71DFCE3857B3F4B77C881 M=Access granted"]
Using interface ppp0
sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L -D +C>]
sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x5 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
sent [IPCP TermAck id=0x5]
rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 10.0.0.254>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 10.0.0.254>]
rcvd [IPCP ConfAck id=0x2 <addr 10.0.0.254>]
rcvd [IPCP ConfReq id=0x7 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
sent [IPCP ConfRej id=0x7 <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
rcvd [IPCP ConfReq id=0x8 <addr 0.0.0.0>]
sent [IPCP ConfNak id=0x8 <addr 10.0.0.1>]
rcvd [IPCP ConfReq id=0x9 <addr 10.0.0.1>]
sent [IPCP ConfAck id=0x9 <addr 10.0.0.1>]
Cannot determine ethernet address for proxy ARP
local IP address 10.0.0.254
remote IP address 10.0.0.1
Script /etc/ppp/ip-up started (pid 31704)
Script /etc/ppp/ip-up finished (pid 31704), status = 0x0
>>ifconfig
eth0 Link encap:Ethernet HWaddr EF:17:37:2E:77:72
inet addr:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.XXX Mask:XXX.XXX.XXX.XXX
inet6 addr: XXX.XXX.XXX.XXX/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34931510 errors:0 dropped:0 overruns:0 frame:0
TX packets:35663307 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3025720615 (2.8 GiB) TX bytes:2946169872 (2.7 GiB)
Base address:0x2000 Memory:88180000-881a0000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:56576 errors:0 dropped:0 overruns:0 frame:0
TX packets:56576 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4679721 (4.4 MiB) TX bytes:4679721 (4.4 MiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.0.0.254 P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:3167 (3.0 KiB) TX bytes:118 (118.0 b)
>>route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.1 * 255.255.255.255 UH 0 0 0 ppp0
XXX.XXX.XXX.0 * 255.255.255.192 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default XXX.XXX.XXX.1 0.0.0.0 UG 0 0 0 eth0
>>cat /proc/sys/net/ipv4/ip_forward
1
>>iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination