只需在服务器上安装Ubuntu 13.10,并configuration了PPTP VPN。 一切正常,直到另一个对端断开他的VPN连接。
我可以通过将我的iPhone连接到VPN来持续模拟这种情况,每当我从我的iPhone上断开VPN时,VPN就会为所有人解脱。
这是服务器的日志文件:
Nov 28 01:14:51 thilak pppd[1620]: pppd 2.4.5 started by thilak, uid 0 Nov 28 01:14:51 thilak pppd[1620]: Using interface ppp0 Nov 28 01:14:51 thilak pppd[1620]: Connect: ppp0 <--> /dev/pts/2 Nov 28 01:14:51 thilak pptpd[1619]: GRE: Bad checksum from pppd. Nov 28 01:14:54 thilak pppd[1620]: peer from calling number 106.51.51.20 authorized Nov 28 01:14:55 thilak pppd[1620]: MPPE 128-bit stateless compression enabled Nov 28 01:14:55 thilak pppd[1620]: Cannot determine ethernet address for proxy ARP Nov 28 01:14:55 thilak pppd[1620]: local IP address 198.211.113.34 Nov 28 01:14:55 thilak pppd[1620]: remote IP address 10.10.0.2 Nov 28 01:17:01 thilak CRON[1648]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Nov 28 01:26:29 thilak pptpd[1677]: CTRL: Client 106.51.51.20 control connection started Nov 28 01:26:29 thilak pptpd[1677]: CTRL: Starting call (launching pppd, opening GRE) Nov 28 01:26:29 thilak pppd[1678]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Nov 28 01:26:29 thilak pppd[1678]: pppd 2.4.5 started by thilak, uid 0 Nov 28 01:26:29 thilak pppd[1678]: Using interface ppp1 Nov 28 01:26:29 thilak pppd[1678]: Connect: ppp1 <--> /dev/pts/3 Nov 28 01:26:29 thilak pptpd[1677]: GRE: Bad checksum from pppd. Nov 28 01:26:32 thilak pppd[1678]: peer from calling number 106.51.51.20 authorized Nov 28 01:26:33 thilak pppd[1678]: MPPE 128-bit stateless compression enabled Nov 28 01:26:33 thilak pppd[1678]: Cannot determine ethernet address for proxy ARP Nov 28 01:26:33 thilak pppd[1678]: local IP address 198.211.113.34 Nov 28 01:26:33 thilak pppd[1678]: remote IP address 10.10.0.4 Nov 28 01:27:14 thilak pppd[1678]: LCP terminated by peer (MPPE disabled) Nov 28 01:27:14 thilak pppd[1678]: Connect time 0.7 minutes. Nov 28 01:27:14 thilak pppd[1678]: Sent 44172 bytes, received 16425 bytes. Nov 28 01:27:14 thilak pptpd[1677]: CTRL: EOF or bad error reading ctrl packet length. Nov 28 01:27:14 thilak pptpd[1677]: CTRL: couldn't read packet header (exit) Nov 28 01:27:14 thilak pptpd[1677]: CTRL: CTRL read failed Nov 28 01:27:14 thilak pptpd[1677]: CTRL: Reaping child PPP[1678] Nov 28 01:27:14 thilak pppd[1678]: Hangup (SIGHUP) Nov 28 01:27:14 thilak pppd[1678]: Modem hangup Nov 28 01:27:14 thilak pppd[1678]: Connection terminated. Nov 28 01:27:14 thilak pptpd[1619]: GRE: read(fd=7,buffer=7f38314b8460,len=8260) from network failed: status = -1 error = Protocol not available Nov 28 01:27:14 thilak pptpd[1619]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6) Nov 28 01:27:14 thilak pptpd[1619]: CTRL: Reaping child PPP[1620] Nov 28 01:27:14 thilak pppd[1620]: Hangup (SIGHUP) Nov 28 01:27:14 thilak pppd[1620]: Modem hangup Nov 28 01:27:14 thilak pppd[1620]: Connect time 12.4 minutes. Nov 28 01:27:14 thilak pppd[1620]: Sent 19431067 bytes, received 7005368 bytes. Nov 28 01:27:14 thilak pppd[1620]: MPPE disabled Nov 28 01:27:14 thilak pppd[1620]: Connection terminated. Nov 28 01:27:14 thilak pppd[1678]: Exit. Nov 28 01:27:14 thilak pptpd[1677]: CTRL: Client 106.51.51.20 control connection finished Nov 28 01:27:14 thilak pppd[1620]: Exit. Nov 28 01:27:14 thilak pptpd[1619]: CTRL: 任何想法发生了什么?
你应该尝试设置不同的本地IP连接,如下所示:
localip 172.20.1.1-100 remoteip 172.20.1.101-200
另外,设置你的文件墙规则:
# accept incoming control connections via conntrack iptables -A INPUT -p tcp --dport 1723 -m conntrack --ctstate NEW -j ACCEPT # accept GRE protocol iptables -A INPUT -p gre -j ACCEPT # allow packet forwarding from VPN subnet with TCP max segment size tune iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS --clamp-mss-to-pmtu
并请发布您的pptpd.conf和pptpd-options文件